• XDA Forums have been migrated to XenForo. We are aware of several issues including missing threads, logins not working, and more. To discuss, use this thread.
  • If you are experiencing issues logging in, we moved to a new and more secure software and older account passwords were not able to be migrated. We recommend trying to reset your password, then contacting us if there are issues.

Unlock your Samsung i5500 (Where is my /efs?) [UPDATE]

tweakradje

New member
Mar 18, 2005
1,044
530
0
Android
sites.google.com
ALL PHONES HAVE BEEN BRICKED USING THE DD METHOD, SOME WITH STL5 METHOD, NONE WITH BML5 METHOD

EDIT 22 apr 2013: use stock ROM, Helroz made this on the appstore. If you have newer Galaxy try this from Doky

EDIT 7 nov 2011: BML5 method guide: http://forum.xda-developers.com/showthread.php?t=1335548

EDIT 10 oct 2011: Relock experience?: http://forum.xda-developers.com/showpost.php?p=18294355&postcount=421

EDIT 31 aug 2011: Now Supersafe (BML5) method: http://forum.xda-developers.com/showpost.php?p=17148825&postcount=334

EDIT 18 march 2011: Unsafe (STL5) method: http://forum.xda-developers.com/showpost.php?p=12099386&postcount=6


!!! THIS IS STILL EXPERIMENTAL !!! (OLD STUFF, please disregard)

Before you do anything read the whole thread. It is still unclear why some phones were bricked
----------------------------------------------------------------------------

Hi, Can anyone help me with this question? I have never had the original SIM card in it. Does that help?

Finally i have I5500XWJJ6 rom installed, rooted the phone and used "adb shell su" to get into the shell. Now I cannot find the /efs file system? Why not?
I am looking for the nv_data.bin :)

Did something change with the newer firmwares?

Read somewhere that it is /dev/bml11
I copied it with dd if=/dev/bml11 of=/sdcard/bml11.img Then it only shows SER in the editor.

With getprop I get (some numbers are deleted for privacy :) what can be set with setprop?
Code:
# getprop
getprop
[ro.secure]: [1]
[ro.allow.mock.location]: [0]
[ro.debuggable]: [0]
[persist.service.adb.enable]: [1]
[ro.factorytest]: [0]
[ro.serialno]: []
[ro.bootmode]: [unknown]
[ro.baseband]: [unknown]
[ro.carrier]: [unknown]
[ro.bootloader]: [unknown]
[ro.hardware]: [GT-I5500]
[ro.revision]: [0]
[ro.emmc]: [0]
[wifi.interface]: [wlan0]
[ro.build.id]: [ERE27]
[ro.build.display.id]: [ERE27]
[ro.build.version.incremental]: [XWJJ6]
[ro.build.version.sdk]: [7]
[ro.build.version.codename]: [REL]
[ro.build.version.release]: [2.1-update1]
[ro.build.date]: [Thu Oct 21 18:41:03 KST 2010]
[ro.build.date.utc]: [1287654063]
[ro.build.type]: [user]
[ro.build.user]: [root]
[ro.build.host]: [SE-S611]
[ro.build.tags]: [test-keys]
[ro.product.model]: [GT-I5500]
[ro.product.brand]: [Samsung]
[ro.product.name]: [GT-I5500]
[ro.product.device]: [GT-I5500]
[ro.product.board]: [GT-I5500]
[ro.product.cpu.abi]: [armeabi]
[ro.product.manufacturer]: [Samsung]
[ro.product.locale.language]: [en]
[ro.product.locale.region]: [GB]
[ro.wifi.channels]: []
[ro.board.platform]: [msm7k]
[ro.build.PDA]: [I5500XWJJ6]
[ro.build.hidden_ver]: [I5500XWJJ6]
[ro.build.changelist]: [650697]
[ro.build.product]: [GT-I5500]
[ro.build.description]: [GT-I5500-user 2.1-update1 ERE27 XWJJ6 release-keys]
[ro.build.fingerprint]: [Samsung/GT-I5500/GT-I5500/GT-I5500:2.1-update1/ERE27/XWJJ6:user/release-keys]
[rild.libpath]: [/system/lib/libsec-ril.so]
[rild.libargs]: [-d /dev/smd0]
[persist.rild.nitz_plmn]: []
[persist.rild.nitz_long_ons_0]: []
[persist.rild.nitz_long_ons_1]: []
[persist.rild.nitz_long_ons_2]: []
[persist.rild.nitz_long_ons_3]: []
[persist.rild.nitz_short_ons_0]: []
[persist.rild.nitz_short_ons_1]: []
[persist.rild.nitz_short_ons_2]: []
[persist.rild.nitz_short_ons_3]: []
[DEVICE_PROVISIONED]: [1]
[debug.sf.hw]: [0]
[ro.sf.lcd_density]: [120]
[dalvik.vm.heapsize]: [24m]
[ro.url.legal]: [http://www.google.com/intl/%s/mobile/android/basic/phone-legal.html]
[ro.url.legal.android_privacy]: [http://www.google.com/intl/%s/mobile/android/basic/privacy.html]
[ro.com.google.locationfeatures]: [1]
[ro.setupwizard.mode]: [DISABLED]
[ro.com.google.gmsversion]: [2.1_r10]
[ro.config.alarm_alert]: [Alarm_Classic.ogg]
[ro.opengles.version]: [131072]
[net.bt.name]: [Android]
[net.change]: [net.dnschange]
[ro.config.sync]: [yes]
[dalvik.vm.stack-trace-file]: [/data/anr/traces.txt]
[ro.com.google.clientidbase]: [android-samsung]
[ro.com.google.clientidbase.yt]: [android-samsung]
[ro.com.google.clientidbase.am]: [android-samsung]
[ro.com.google.clientidbase.vs]: [android-samsung]
[ro.com.google.clientidbase.gmm]: [android-samsung]
[ro.csc.homescreen.defaultscreen]: [0]
[ro.csc.homescreen.screencount]: [7]
[ro.config.notification_sound]: [OnTheHunt.ogg]
[ro.config.ringtone]: [Club_Cubano.ogg]
[persist.sys.country]: [NL]
[persist.sys.localevar]: []
[persist.sys.timezone]: [Europe/Amsterdam]
[persist.sys.language]: [nl]
[audioflinger.bootsnd]: [0]
[ro.FOREGROUND_APP_ADJ]: [0]
[ro.VISIBLE_APP_ADJ]: [1]
[ro.SECONDARY_SERVER_ADJ]: [2]
[ro.BACKUP_APP_ADJ]: [2]
[ro.HOME_APP_ADJ]: [4]
[ro.HIDDEN_APP_MIN_ADJ]: [7]
[ro.CONTENT_PROVIDER_ADJ]: [14]
[ro.EMPTY_APP_ADJ]: [15]
[ro.FOREGROUND_APP_MEM]: [1536]
[ro.VISIBLE_APP_MEM]: [2048]
[ro.SECONDARY_SERVER_MEM]: [4096]
[ro.BACKUP_APP_MEM]: [4096]
[ro.HOME_APP_MEM]: [4096]
[ro.HIDDEN_APP_MEM]: [5120]
[ro.CONTENT_PROVIDER_MEM]: [6144]
[ro.EMPTY_APP_MEM]: [8960]
[net.tcp.buffersize.default]: [4096,87380,110208,4096,16384,110208]
[net.tcp.buffersize.wifi]: [4095,87380,110208,4096,16384,110208]
[net.tcp.buffersize.umts]: [4094,87380,110208,4096,16384,110208]
[net.tcp.buffersize.edge]: [4093,26280,35040,4096,16384,35040]
[net.tcp.buffersize.gprs]: [4092,8760,11680,4096,8760,11680]
[init.svc.playlogo]: [stopped]
[init.svc.servicemanager]: [running]
[init.svc.vold]: [running]
[init.svc.debuggerd]: [running]
[init.svc.ril-daemon]: [running]
[init.svc.DR-daemon]: [running]
[init.svc.mobex-daemon]: [running]
[init.svc.cnd]: [restarting]
[init.svc.zygote]: [running]
[init.svc.media]: [running]
[init.svc.dbus]: [running]
[init.svc.wlan_tool]: [stopped]
[init.svc.installd]: [running]
[init.svc.keystore]: [running]
[init.svc.memsicd]: [stopped]
[init.svc.adbd]: [running]
[wlan.driver.status]: [ok]
[ril.dataoff_nwk_op]: [false]
[ro.csc.country_code]: [Russia]
[ro.csc.sales_code]: [SER]
[ril.ICC_TYPE]: [2]
[ril.rildReset]: [1]
[debug.sf.nobootanimation]: [0]
[EXTERNAL_STORAGE_STATE]: [mounted]
[init.svc.bootanim]: [stopped]
[ril.lac]: [0066]
[ril.cid]: [02bd45d9]
[hw.keyboards.65537.devname]: [europa_keypad0]
[hw.keyboards.0.devname]: [europa_headset]
[sys.settings_secure_version]: [10]
[init.svc.wpa_supplicant]: [running]
[sys.settings_system_version]: [41]
[dev.bootcomplete]: [1]
[dhcp.wlan0.result]: [ok]
[init.svc.dhcpcd]: [running]
[dhcp.wlan0.pid]: [18943]
[ro.runtime.started]: [1288831305799]
[dhcp.wlan0.reason]: [BOUND]
[gsm.version.ril-impl]: [Samsung RIL(IPC) v2.0]
[dhcp.wlan0.dns1]: [192.168.1.254]
[dhcp.wlan0.dns2]: []
[gsm.sim.operator.numeric]: []
[gsm.sim.operator.alpha]: []
[gsm.sim.operator.iso-country]: []
[gsm.eons.name]: []
[dhcp.wlan0.dns3]: []
[dhcp.wlan0.dns4]: []
[gsm.sim.state]: [SIM_SERVICE_PROVIDER_LOCKED]
[gsm.current.phone-type]: [1]
[dhcp.wlan0.ipaddress]: [192.168.1.94]
[dhcp.wlan0.gateway]: [192.168.1.254]
[dhcp.wlan0.mask]: [255.255.255.0]
[dhcp.wlan0.leasetime]: [86400]
[dhcp.wlan0.server]: [192.168.1.254]
[net.dns1]: [192.168.1.254]
[net.dnschange]: [39]
[ril.prl_num]: [0]
[ril.sw_ver]: [I5500XWJG3]
[ril.hw_ver]: [MP 0.700]
[ril.rfcal_date]: [2010.09.18]
[ril.product_code]: [GT-I5500YKAVDP]
[ril.model_id]: []
[ril.bt_macaddr]: [101DC0D3380F]
[ril.wifi_macaddr]: [10:1D:C0:D3:38:10]
[ril.IMEI]: [.........263228]
[gsm.wifiConnected.active]: [true]
[dev.bootdone]: [1]
[init.svc.qcom-post-boot]: [stopped]
[gsm.version.baseband]: [I5500XWJG3]
[gsm.STK_SETUP_MENU]: [Fun & info]
[gsm.STK_USER_SESSION]: [0]
[ril.ecclist]: [112,911,112,911]
[gsm.network.type]: [UMTS]
[gsm.operator.alpha]: []
[gsm.operator.numeric]: [20404]
[gsm.operator.iso-country]: [nl]
[gsm.operator.isroaming]: [false]
[ril.rildSerial]: [..........g4kzu1ox]
[gsm.sim.state]: [SIM_SERVICE_PROVIDER_LOCKED] is what I don't want to see :)

Mount table:
Code:
# mount
mount
rootfs / rootfs ro 0 0
tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
/dev/stl14 /cache rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/stl13 /data rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/stl12 /system rfs ro,vfat,log_off,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1000,gid=1015,fmask=0702,dmask=0602,allow_utime=0020,codepage=cp437,iocharset=is
o8859-1,shortname=mixed,utf8 0 0
Already looked in /init.rc for some efs reference but not found.

Should I look into the ril app for some refrences to efs?

Cheers

EDIT1: Already got more http://forum.samdroid.net/f28/complete-imei-restore-how-1817/#post28598
 
Last edited:

tweakradje

New member
Mar 18, 2005
1,044
530
0
Android
sites.google.com
I do have a character device (terminal?) /dev/ttyEFS0

Can one do anything with that?

With the adb logcat -b radio I got the log file for the ril/radio.
My attention was drawn to /system/etc/spn-conf.xml and after googling I found this file:
Code:
<?xml version="1.0" encoding="utf-8"?>
<spnOverrides>
<!-- @Author: HTC Shawn Ku @Date: 2010/02/23 
 This is a list for operator specific SPNs.
 We will use below SPN for instead if numeric is matched.
 Format is listed as below:
 <spnOverrides
 numeric="MCC+MNC"
 spn="SPN Name"/>
-->
 <spnOverride numeric="44020" spn="SoftBank"/>
</spnOverrides>
For my own sim that would be t-mobile NL: 20416 T-Mobile

Does that mean that I can override my locked provider?
I will try.

An interesting piece from the log radio file (also attached)
Code:
D/RILJ    ( 1325): < iccIO:  0x90 0x0 0000000a2fe2040000ffff01020002
D/RILJ    ( 1325): [0008]< SIM_IO IccIoResponse sw1:0x90 sw2:0x0
D/RILJ    ( 1325): [0013]> iccIO: SIM_IO 0xb0 0x2fe2  path: 3F00,0,0,10
I/RILJ    ( 1325): num:1 lock_type:3 lock_key:1 num_of_retry:3
D/RILJ    ( 1325): [0009]< LOCK_INFO [email protected]
I/RILJ    ( 1325): num:1 lock_type:9 lock_key:3 num_of_retry:3
D/RILJ    ( 1325): [0010]< LOCK_INFO [email protected]
D/RILJ    ( 1325): [0011]< GET_SIM_STATUS [email protected]
I/GSM     ( 1325): PIN1 Status PINSTATE_ENABLED_NOT_VERIFIEDPIN2 Status PINSTATE_UNKNOWN
I/GSM     ( 1325): Neither PIN2 nor PUK2 is blocked.
E/GSM     ( 1325): updateStateProperty() : PIN_REQUIRED
D/RILJ    ( 1325): [0014]> iccIO: SIM_IO 0xc0 0x6fb7  path: 3F007F105F3A,0,0,15
D/GSM     ( 1325): [IccCard] Notify SIM pin or puk locked.
D/GSM     ( 1325): [IccCard] Broadcasting intent ACTION_SIM_STATE_CHANGED LOCKED reason PIN
D/RILJ    ( 1325): [0012]< QUERY_FACILITY_LOCK {1}
D/RILJ    ( 1325): < iccIO:  0x90 0x0 981302360010773977ff
D/RILJ    ( 1325): [0013]< SIM_IO IccIoResponse sw1:0x90 sw2:0x0
D/RILJ    ( 1325): < iccIO:  0x90 0x0 0000005a6fb7040000ffff01020112
D/RILJ    ( 1325): [0014]< SIM_IO IccIoResponse sw1:0x90 sw2:0x0
D/GSM     ( 1325): [IccCard] Query facility lock : true
D/RILJ    ( 1325): [0015]> iccIO: SIM_IO 0xb2 0x6fb7  path: 3F007F105F3A,1,4,18
D/GSM     ( 1325): iccid: 893120630001779377
D/GSM     ( 1325): checkSimChanged enter
I/GSM     ( 1325): old iccid is 893120630001779377  current is 893120630001779377
D/RILJ    ( 1325): < iccIO:  0x90 0x0 ffffffffffffffffffffffffffffffffffff
D/RILJ    ( 1325): [0015]< SIM_IO IccIoResponse sw1:0x90 sw2:0x0
D/RILJ    ( 1325): [0016]> iccIO: SIM_IO 0xb2 0x6fb7  path: 3F007F105F3A,2,4,18
D/RILJ    ( 1325): < iccIO:  0x90 0x0 ffffffffffffffffffffffffffffffffffff
D/RILJ    ( 1325): [0016]< SIM_IO IccIoResponse sw1:0x90 sw2:0x0
D/RILJ    ( 1325): [0017]> iccIO: SIM_IO 0xb2 0x6fb7  path: 3F007F105F3A,3,4,18
D/RILJ    ( 1325): < iccIO:  0x90 0x0 ffffffffffffffffffffffffffffffffffff
D/RILJ    ( 1325): [0017]< SIM_IO IccIoResponse sw1:0x90 sw2:0x0
D/RILJ    ( 1325): [0018]> iccIO: SIM_IO 0xb2 0x6fb7  path: 3F007F105F3A,4,4,18
D/RILJ    ( 1325): < iccIO:  0x90 0x0 ffffffffffffffffffffffffffffffffffff
D/RILJ    ( 1325): [0018]< SIM_IO IccIoResponse sw1:0x90 sw2:0x0
D/RILJ    ( 1325): [0019]> iccIO: SIM_IO 0xb2 0x6fb7  path: 3F007F105F3A,5,4,18
D/RILJ    ( 1325): < iccIO:  0x90 0x0 ffffffffffffffffffffffffffffffffffff
D/RILJ    ( 1325): [0019]< SIM_IO IccIoResponse sw1:0x90 sw2:0x0
Anyone knows what "iccid: 893120630001779377" is. I tried it as unlock code but no avail.
Unlock codes ar always 8 numbers.

From the COM8 (in my system) I get the following info.
Code:
ATI
Manufacturer: SAMSUNG ELECTRONICS CORPORATION
Model: GT-I5500
Revision: I5500XWJG3
IMEI: 359763034......
+GCAP: +CGSM,+DS,+ES
Cheers
 

Attachments

Last edited:

tweakradje

New member
Mar 18, 2005
1,044
530
0
Android
sites.google.com
Okay. It is quiet here but lets continue. Now I found the service menu of the phone.

*#*#197328640#*#* (works on more phones?)

MAIN MENU
[1] DEBUG SCREEN
[2] VERSION INFORMATION
[3] UMTS RF NV
[4] GSM RF NV
[5] AUDIO
[6] COMMON
[7] QXDM LOGGING

When entering into COMMON sub menu I have

[1] FTM
[2] DEBUG INFO
[3] RF SCANNING
[4] DIAG CONFIG
[5] WCDMA SET CHANNEL
[6] NV REBUILD
[7] FACTORY TEST
[8] FORCE SLEEP
[9] GPS

NV in the menu's stand for Non Volatile RAM I suppose.

Menus control can be clicked or use the menu button for BACK

2Bcontinued...
 

tweakradje

New member
Mar 18, 2005
1,044
530
0
Android
sites.google.com
Some codes for typing in from the firmware:

Code:
#*2886#
*#*#28346#*#*
*#0*#		lcd test
*#0002*28346#	
*#0002*28347#
*#0011#
*#0228#
*#0283#
*#0289#
*#03#		NAND Flash uniek nummer (80590001238648)
*#0368#		FM Radio test
*#0588#		Proximity test
*#0589#	
*#0599#
*#06#
*#0673#		MelodyTest
*#07#		Test History
*#0782#		PDA RTC Get
*#0842#		Vibration Test
*#1*#		
*#1111#		
*#1234#		Version
*#1472365#	Gps2 setup
*#147852#	
*#1478963#	Test app settings
*#1575#		Gps setup
*#197328640#	Main Menu Service Mode
*#2222#		
*#2263#		
*#22736224#	Acc calibration
*#232331#	BT Test
*#232332#	BT On
*#232337#	BT Mac	
*#232338#	WLAN Mac
*#232339#	WLAN Engineering mode Tx Rx Status
*#2424#
*#2454#		Ram dump mode (ARM9) take battery out
*#2580#		Integrity control
*#2663#		Touch screen version
*#2664#		Little paint programm
*#272*		
*#273283*255*3282*#	Data create, fill up sms phonebook callog etc
*#273283*255*663282*#	Data create, fill user/systemspace image mp3 video voice memo
*#2767*2878#		servicemode nothin?
*#3214789#		GcfMode settings
*#32489#		Ciphering control
*#3264#			Ram version
*#3282*727336*#		overview data usage
*#34971539#		
*#367#
*#3695147#
*#369852#		
*#4238378#	GCF settings
*#42663#	Brightness setting	
*#44336#	Internal version build time changelist
*#46744674#
*#4736767*738#	Acc sensor min/max
*#4986*2650468#	Version
*#526#		WLAN test
*#528#		WLAN tes
*#6854123#	
*#6984125*#
*#7263867*6633# RAM Dump mode Enable/disable
*#7284#		DIAG config serial/usb	
*#7298#
*#7412365#
*#742690#
*#745#		Sec Ril Dump !!! log en mms settings
*#746#		Debug Dump
*#7465625#
*#7594#		Enable Shutdown on End call Long press
*#7780#		Standaard gegevens herstellen
*#80#		Factory Test
*#865625#	
*#872564#	USB (DM) Logging En/Disable CP AP CP+AP
*#9090#		DIAG config serial/usb	
*#9900#		SysDump RIL Ramdump mode Off

*2767*3855#	factory reset !!!
*2767*4387264636#	Sellout SMS PCode Mode:Test
*2767*738767633#
*2767*73876766#
*2767*7387677763#
*2767*7387678378#

*7465625*27*#
*7465625*638*#
*7465625*77*#
*7465625*782*#

#7465625*27*#
#7465625*638*#
#7465625*77*#
#7465625*782*#
 

giri.rao

New member
Dec 6, 2010
1
0
0
Hi, Can anyone help me with this question? I have never had the original SIM card in it. Does that help?

Finally i have I5500XWJJ6 rom installed, rooted the phone and used "adb shell su" to get into the shell. Now I cannot find the /efs file system? Why not?
I am looking for the nv_data.bin :)

Did something change with the newer firmwares?

Read somewhere that it is /dev/bml11
I copied it with dd if=/dev/bml11 of=/sdcard/bml11.img Then it only shows SER in the editor.

With getprop I get (some numbers are deleted for privacy :) what can be set with setprop?
Code:
# getprop
getprop
[ro.secure]: [1]
[ro.allow.mock.location]: [0]
[ro.debuggable]: [0]
[persist.service.adb.enable]: [1]
[ro.factorytest]: [0]
[ro.serialno]: []
[ro.bootmode]: [unknown]
[ro.baseband]: [unknown]
[ro.carrier]: [unknown]
[ro.bootloader]: [unknown]
[ro.hardware]: [GT-I5500]
[ro.revision]: [0]
[ro.emmc]: [0]
[wifi.interface]: [wlan0]
[ro.build.id]: [ERE27]
[ro.build.display.id]: [ERE27]
[ro.build.version.incremental]: [XWJJ6]
[ro.build.version.sdk]: [7]
[ro.build.version.codename]: [REL]
[ro.build.version.release]: [2.1-update1]
[ro.build.date]: [Thu Oct 21 18:41:03 KST 2010]
[ro.build.date.utc]: [1287654063]
[ro.build.type]: [user]
[ro.build.user]: [root]
[ro.build.host]: [SE-S611]
[ro.build.tags]: [test-keys]
[ro.product.model]: [GT-I5500]
[ro.product.brand]: [Samsung]
[ro.product.name]: [GT-I5500]
[ro.product.device]: [GT-I5500]
[ro.product.board]: [GT-I5500]
[ro.product.cpu.abi]: [armeabi]
[ro.product.manufacturer]: [Samsung]
[ro.product.locale.language]: [en]
[ro.product.locale.region]: [GB]
[ro.wifi.channels]: []
[ro.board.platform]: [msm7k]
[ro.build.PDA]: [I5500XWJJ6]
[ro.build.hidden_ver]: [I5500XWJJ6]
[ro.build.changelist]: [650697]
[ro.build.product]: [GT-I5500]
[ro.build.description]: [GT-I5500-user 2.1-update1 ERE27 XWJJ6 release-keys]
[ro.build.fingerprint]: [Samsung/GT-I5500/GT-I5500/GT-I5500:2.1-update1/ERE27/XWJJ6:user/release-keys]
[rild.libpath]: [/system/lib/libsec-ril.so]
[rild.libargs]: [-d /dev/smd0]
[persist.rild.nitz_plmn]: []
[persist.rild.nitz_long_ons_0]: []
[persist.rild.nitz_long_ons_1]: []
[persist.rild.nitz_long_ons_2]: []
[persist.rild.nitz_long_ons_3]: []
[persist.rild.nitz_short_ons_0]: []
[persist.rild.nitz_short_ons_1]: []
[persist.rild.nitz_short_ons_2]: []
[persist.rild.nitz_short_ons_3]: []
[DEVICE_PROVISIONED]: [1]
[debug.sf.hw]: [0]
[ro.sf.lcd_density]: [120]
[dalvik.vm.heapsize]: [24m]
[ro.url.legal]: []
[ro.url.legal.android_privacy]: []
[ro.com.google.locationfeatures]: [1]
[ro.setupwizard.mode]: [DISABLED]
[ro.com.google.gmsversion]: [2.1_r10]
[ro.config.alarm_alert]: [Alarm_Classic.ogg]
[ro.opengles.version]: [131072]
[net.bt.name]: [Android]
[net.change]: [net.dnschange]
[ro.config.sync]: [yes]
[dalvik.vm.stack-trace-file]: [/data/anr/traces.txt]
[ro.com.google.clientidbase]: [android-samsung]
[ro.com.google.clientidbase.yt]: [android-samsung]
[ro.com.google.clientidbase.am]: [android-samsung]
[ro.com.google.clientidbase.vs]: [android-samsung]
[ro.com.google.clientidbase.gmm]: [android-samsung]
[ro.csc.homescreen.defaultscreen]: [0]
[ro.csc.homescreen.screencount]: [7]
[ro.config.notification_sound]: [OnTheHunt.ogg]
[ro.config.ringtone]: [Club_Cubano.ogg]
[persist.sys.country]: [NL]
[persist.sys.localevar]: []
[persist.sys.timezone]: [Europe/Amsterdam]
[persist.sys.language]: [nl]
[audioflinger.bootsnd]: [0]
[ro.FOREGROUND_APP_ADJ]: [0]
[ro.VISIBLE_APP_ADJ]: [1]
[ro.SECONDARY_SERVER_ADJ]: [2]
[ro.BACKUP_APP_ADJ]: [2]
[ro.HOME_APP_ADJ]: [4]
[ro.HIDDEN_APP_MIN_ADJ]: [7]
[ro.CONTENT_PROVIDER_ADJ]: [14]
[ro.EMPTY_APP_ADJ]: [15]
[ro.FOREGROUND_APP_MEM]: [1536]
[ro.VISIBLE_APP_MEM]: [2048]
[ro.SECONDARY_SERVER_MEM]: [4096]
[ro.BACKUP_APP_MEM]: [4096]
[ro.HOME_APP_MEM]: [4096]
[ro.HIDDEN_APP_MEM]: [5120]
[ro.CONTENT_PROVIDER_MEM]: [6144]
[ro.EMPTY_APP_MEM]: [8960]
[net.tcp.buffersize.default]: [4096,87380,110208,4096,16384,110208]
[net.tcp.buffersize.wifi]: [4095,87380,110208,4096,16384,110208]
[net.tcp.buffersize.umts]: [4094,87380,110208,4096,16384,110208]
[net.tcp.buffersize.edge]: [4093,26280,35040,4096,16384,35040]
[net.tcp.buffersize.gprs]: [4092,8760,11680,4096,8760,11680]
[init.svc.playlogo]: [stopped]
[init.svc.servicemanager]: [running]
[init.svc.vold]: [running]
[init.svc.debuggerd]: [running]
[init.svc.ril-daemon]: [running]
[init.svc.DR-daemon]: [running]
[init.svc.mobex-daemon]: [running]
[init.svc.cnd]: [restarting]
[init.svc.zygote]: [running]
[init.svc.media]: [running]
[init.svc.dbus]: [running]
[init.svc.wlan_tool]: [stopped]
[init.svc.installd]: [running]
[init.svc.keystore]: [running]
[init.svc.memsicd]: [stopped]
[init.svc.adbd]: [running]
[wlan.driver.status]: [ok]
[ril.dataoff_nwk_op]: [false]
[ro.csc.country_code]: [Russia]
[ro.csc.sales_code]: [SER]
[ril.ICC_TYPE]: [2]
[ril.rildReset]: [1]
[debug.sf.nobootanimation]: [0]
[EXTERNAL_STORAGE_STATE]: [mounted]
[init.svc.bootanim]: [stopped]
[ril.lac]: [0066]
[ril.cid]: [02bd45d9]
[hw.keyboards.65537.devname]: [europa_keypad0]
[hw.keyboards.0.devname]: [europa_headset]
[sys.settings_secure_version]: [10]
[init.svc.wpa_supplicant]: [running]
[sys.settings_system_version]: [41]
[dev.bootcomplete]: [1]
[dhcp.wlan0.result]: [ok]
[init.svc.dhcpcd]: [running]
[dhcp.wlan0.pid]: [18943]
[ro.runtime.started]: [1288831305799]
[dhcp.wlan0.reason]: [BOUND]
[gsm.version.ril-impl]: [Samsung RIL(IPC) v2.0]
[dhcp.wlan0.dns1]: [192.168.1.254]
[dhcp.wlan0.dns2]: []
[gsm.sim.operator.numeric]: []
[gsm.sim.operator.alpha]: []
[gsm.sim.operator.iso-country]: []
[gsm.eons.name]: []
[dhcp.wlan0.dns3]: []
[dhcp.wlan0.dns4]: []
[gsm.sim.state]: [SIM_SERVICE_PROVIDER_LOCKED]
[gsm.current.phone-type]: [1]
[dhcp.wlan0.ipaddress]: [192.168.1.94]
[dhcp.wlan0.gateway]: [192.168.1.254]
[dhcp.wlan0.mask]: [255.255.255.0]
[dhcp.wlan0.leasetime]: [86400]
[dhcp.wlan0.server]: [192.168.1.254]
[net.dns1]: [192.168.1.254]
[net.dnschange]: [39]
[ril.prl_num]: [0]
[ril.sw_ver]: [I5500XWJG3]
[ril.hw_ver]: [MP 0.700]
[ril.rfcal_date]: [2010.09.18]
[ril.product_code]: [GT-I5500YKAVDP]
[ril.model_id]: []
[ril.bt_macaddr]: [101DC0D3380F]
[ril.wifi_macaddr]: [10:1D:C0:D3:38:10]
[ril.IMEI]: [.........263228]
[gsm.wifiConnected.active]: [true]
[dev.bootdone]: [1]
[init.svc.qcom-post-boot]: [stopped]
[gsm.version.baseband]: [I5500XWJG3]
[gsm.STK_SETUP_MENU]: [Fun & info]
[gsm.STK_USER_SESSION]: [0]
[ril.ecclist]: [112,911,112,911]
[gsm.network.type]: [UMTS]
[gsm.operator.alpha]: []
[gsm.operator.numeric]: [20404]
[gsm.operator.iso-country]: [nl]
[gsm.operator.isroaming]: [false]
[ril.rildSerial]: [..........g4kzu1ox]
[gsm.sim.state]: [SIM_SERVICE_PROVIDER_LOCKED] is what I don't want to see :)
Did you try the setprop on the gsm.sim.state by setting it to null/empty.
 

tweakradje

New member
Mar 18, 2005
1,044
530
0
Android
sites.google.com
SP unlock your i5500 (probably more)

EDIT: Phones has been bricked with this stl5 method. Do use supersafe bml5 method.
http://forum.xda-developers.com/showpost.php?p=17148825&postcount=334

Since I can't give up on this one I digged a little further into my i5500 memory.

Guess what? I f.ckin did it. Big hoora. I'am good I know ;) Thank you!

Code:
- root your phone
- adb shell
- su
- cd /
- mount -o remount,rw -t rootfs rootfs / (or do it before adb with root explorer)
- mkdir /efs
- mount -o nosuid,ro,nodev -t vfat /dev/block/stl5 /efs
- cat /efs/mits/perso.txt
- umount /efs
- reboot
EDIT: stl5 is es-tee-el-five (like STL5)

EDIT: /efs on the Galaxy the /etc/fstab says: mount rfs /dev/block/stl5 /efs nosuid nodev check=no

You will see some numbers: In my case 20404 for Vodafone NL.
Then you will see your SP unlock code followed by some 000000000 codes and another
code. Write the first one (and second just in case) down.

Shut down the phone and put it a "locked" sim. Start your phone, input the pin, and when asked for a unlock code give it the first code. Your phone is now unlocked.

Cheers

EDIT:
Rooting: http://blog.23corner.com/2010/08/30/universal-androot-1-6-2-beta-5/
Rooting newer roms: http://forum.xda-developers.com/showthread.php?t=803682. Need reboot after.
Adb and USB drivers: see attachement

EDIT: possible fix for bad imei after doing above procedure:
http://forum.xda-developers.com/showpost.php?p=15408191&postcount=4

EDIT: nice tutorial for my method - http://forum.xda-developers.com/showthread.php?p=16597429
 
Last edited:

rlewis2737

New member
Mar 12, 2011
2
0
0
Since I can't give up on this one I digged a little further into my i5500 memory.

Guess what? I f.ckin did it. Big hoora. I'am good I know ;) Thank you!

- adb shell
- su
- mount root rw (did it with root explorer)
- mkdir /efs
- mount -t vfat /dev/block/stl5 /efs
- cat /efs/mits/perso.txt

You will see some numbers: In my case 20404 for Vodafone NL.
Then you will see your SP unlock code followed by some 000000000 codes and another
code. Write the first one (and second just in case) down.

Shut down the phone and put it a "locked" sim. Start your phone, input the pin, and when asked for a unlock code give it the first code. Your phone is now unlocked.

Cheers
Mine is a bunch of 01234567s
 

tweakradje

New member
Mar 18, 2005
1,044
530
0
Android
sites.google.com
using dd command on stl5 is bricking the phone: UNSAFE METHOD

Ok. For good comparison I attached both perso.txt: before and after unlock.
Perhaps that helps. My network was locked to 20404 and the unlock code is 61493638
and there is another code in the file: 92427358 but I don't know what that one does.

Perhaps it is better practise to follow this road for getting the codes:
- adb shell
- su
- dd if=/dev/block/stl5 of=/sdcard/stl5.rfs bs=4096

Then use winimage or similar to examine /sdcard/stl5.rfs as FAT16 image file.

Cheers
 

Attachments

Last edited:
  • Like
Reactions: padre629

tweakradje

New member
Mar 18, 2005
1,044
530
0
Android
sites.google.com
Root explorer is a program I installed. It has a "Mount R/W" button for the root.
But you can also use a complete other folder that is already mounted rw.
Type command mount in adb shell. Think /data is rw mounted.
So create /data/efs folder and mount -t vfat /dev/block/stl5 /data/efs

Cheers
 

kill3r000

New member
Aug 12, 2009
54
5
0
Constanta
For my problem this cmd worked:

mount -o remount,rw /data /system

Let's see if it really works for me 2.

After doing all the steps, my phone cannot turn on Phone, Wifi, cannot do any kind of format, install a new firmware (does not go to step 2 - pass the CS, even if odin reports it Passed). Half bricked it!
 
Last edited:

kill3r000

New member
Aug 12, 2009
54
5
0
Constanta
I already did that. No effect, because my WIFI, data, network connections and all audio (don't know about music) do not respond in any way, so, now, my great phone is at Vodafone Romania for repairs. Hope they did not notice any meddling with the firmware and re-flash it to it's original state. It didn't matter if i inserted another network sim or the one registered.
 
Last edited:

BlocK240

New member
Mar 17, 2011
51
3
0
Thanks for this useful info, tweakradje.

Albeit I had run into the same problem as kill3r000, I managed to restore my phone back on track by simply running dd if=/sdcard/stl5.rfs of=/dev/block/stl5.

It ain't relevant at all, but when I retrieved the stl5.rfs from the phone I just did it from a root terminal on the phone, not via adb.

Anyways, thanks again for helping me unlock my phone. :)

kill3r000, daca aia de la vodafone iti cer bani, nu le da si ia-ti telefonu' ca si eu tot de la voda il am si aceeasi figura mi-a facut-o.
 
  • Like
Reactions: kill3r000

kill3r000

New member
Aug 12, 2009
54
5
0
Constanta
How come i didn't think of backtracking that command? :(( I suppose i was too tired of trying endless methods.

Block240 - Multumesc mult de tot pentru sprijin. Asa am sa fac. Mai tii minte cam cat ti-au cerut? Niste maralni.
Pe mine m-au sunat de la Regenersis ca il mai tin pentru mai multe teste amanuntite :p Pe bune... Va hotarati cat sa taxeze (nici nu se mai pune problema; deja au hotarat: IESIT DIN GARANTIE scrie pe saracutul meu)!
 
Mar 17, 2011
38
13
8
SAFE METHOD

Ok. For good comparison I attached both perso.txt: before and after unlock.
Perhaps that helps. My network was locked to 20404 and the unlock code is 61493638
and there is another code in the file: 92427358 but I don't know what that one does.

Perhaps it is better practise to follow this road for getting the codes:
- adb shell
- su
- dd if=/dev/block/stl5 of=/sdcard/stl5.rfs

Then use winimage or similar to examine /sdcard/stl5.rfs as FAT16 image file.

Cheers
Worked like a charm!
Thank you very much for this. Finally, 2.2. ;)
 

robilaur

New member
Mar 14, 2011
65
2
0
Hy ... Block can u make a little tutorial for Romania Vodafone users ...step by step or can u contact me on PM and tell me exact steps

Multumesc,
 

kill3r000

New member
Aug 12, 2009
54
5
0
Constanta
It's better, IF he or other wants to do that, to post it on the topic so can others see it. When i'll have it back from service (if they want money for repairs) i'll try again and then i will ask somebody here for a little tutorial for all this not happend again.
(Multe) Multumiri anticipate!
 

BlocK240

New member
Mar 17, 2011
51
3
0
How come i didn't think of backtracking that command? :(( I suppose i was too tired of trying endless methods.

Block240 - Multumesc mult de tot pentru sprijin. Asa am sa fac. Mai tii minte cam cat ti-au cerut? Niste maralni.
Pe mine m-au sunat de la Regenersis ca il mai tin pentru mai multe teste amanuntite :p Pe bune... Va hotarati cat sa taxeze (nici nu se mai pune problema; deja au hotarat: IESIT DIN GARANTIE scrie pe saracutul meu)!
Nu am ajuns in punctul in care sa trimit telefonul la garantie. Am stat o noapte sa-i scriu diferite ROM-uri si sa-i sterg efs-ul pana mi-am amintit si multumit ca aveam stl5.rfs si pe calculator si pe /sdcard. Fiind un utilizator cat de cat obisnuit cu unix-urile, mi-am dat seama ca un dd salveaza bit cu bit totul. Acum daca as sti si de ce or aparea figurile astea cand e citit efs-ul as fi un om fericit.

Nonetheless, there's nothing special regarding VF Ro users or any other network carriers. I just followed these steps:
Code:
su
dd if=/dev/block/stl5 of=/sdcard/stl5.rfs
Copied the stl5.rfs on my computer, opened it up with WinImage (obviously, any other application that can read FAT images would work just as good) and went to /mits/perso.txt.
It's full of gibberish, but do keep in mind that the 8-digit number is the unlock code. Note it down on a paper or something, power down the phone, get its sim out, power it on (don't insert any other sim). Mine went to ARM11 recovery mode (shows the samsung logo and says that on the top left). Should it do that, just throw the battery out and back in, then power it up again. The phone will boot up normally and now run
Code:
su
dd if=/sdcard/stl5.rfs of=/dev/block/stl5
wait for it to end, power down the phone, insert a sim that would send the phone in its network locked mode, and se that 8-digit number. That's all about it, you now have an unlocked gt-i5500.

Thank you again, tweakradje.

(dati o bere :) )
 
Last edited:
  • Like
Reactions: kill3r000
Our Apps
Get our official app! (coming soon)
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone