I’ve been a big fan of unlocked GSM phones since my first one back in 2009. I’ve also been through a surprising number of different phone since then, but all of them have been 2nd (or 3rd) hand and have been a good price for a phone that still has lots of use left in it. My latest phone the Samsung Galaxy S Vibrant (i9000m) is no different, but it came to me locked to Bell.
I purchased the i9000m knowing it could be easily unlocked if you had the right magic. With the stock firmware, if you don’t have the phone unlocked you’ll see what’s pictured at the top of this post when you install a SIM card.
It turns out the forums have a great how to guide, with pointers to an app on the Android Market if you’re afraid of a little bit of hex editing. It should go without saying that I selected the hex editing route. I’ll describe the steps I used here, but all credit to the folks in the forums for figuring this out.
I will assume that you’ve rooted your i9000m and you’re not incapable of using a hex editor.
Step 1: We’re going to copy some non-volatile memory off the phone that contains the ‘lock’. Perform the following commands on the phone (probably via ADB).
$ su
# cat /efs/nv_data.bin >> /sdcard/nv_data.bin
Now copy that file onto your PC for editing. Make a backup of the original before step 2.
Step 2: Edit that file, I used hexedit on Ubuntu. The lock bit is inside of the byte at 0x181469 in the file. See the green circle below, change that 01 into a 00 and save the file.
Starting at offset 0x181468 you should see the series of digits: ff 01 00 00 00 00 46 46
The XDA post describes it as follows:
There are 5 different types of locks in 5 different bytes
the FF byte should be left alone
the first byte after the FF is the network lock
the next byte is the network subset lock
the next byte is the sp lock
the next byte is the cp lock
the last byte appears to be a data lock.
the 46 46 should be left alone
Step 3: Use the modified file to update your phone. Let’s assume you copied the modified file to /sdcard/nv_data.bin on the phone, and again the commands below are executed on the phone.
$ su
# rm /efs/nv_data.bin
# rm /efs/nv_data.bin.md5
# cat /sdcard/nv_data.bin >> /efs/nv_data.bin
# chmod 755 /efs/nv_data.bin
# chown radio.radio /efs/nv_data.bin || chown 1001.1001 /efs/nv_data.bin
# reboot
That’s it, you’re unlocked. The unlock should persist across ROM (firmware) changes.
References: a great article with pointers to valuable information on the i9000 series.
HI
I followed the steps – but here’s something I came across:
looking for 0x181468 – i found this series instead
“FF 00 00 00 00 00 50 92”
Was I following the correct tutorial?
is the first 00 being already there means I’m unlocked?
Thanks a lot!
It appears you are unlocked, does the phone not accept other non-Bell SIM cards?
I found my lock codes at a slightly different location. If you search for 00 00 46 46 you will find the right segment.
Peter, I wonder if you were confusing hex offsets with decimal offsets?
The location 0x181468 is a hex value – that would be 157808 in decimal.
Please, please make sure you have backups (several). My advice for anyone running into trouble is to stop, go back and re-read the steps, then carefully start again. Bashing around can only cause problems.
hi i was wondering how would a person who is really not good with codes and phone stuff like this unlock a phone? i have a bell vibrant i90000 and want to get it unlocked but it costs more than i can afford right now. is there a way for “dummies” i guess to unlock a phone????
In any reasonably large city there are local shops that will unlock most phones for $20 – $40, as the Galaxy i9000 is easy to unlock I’d expect this to not be a big deal. Call around. Search some of the local for sale websites.
To unlock the i9000 you need to be rooted, and then perform the unlock. Neither of these things are “for dummies”, sorry.
Thank you sooo much that was too easy to do, i thought that it was gonna be some difficult like when rooting my galaxy but not even close, thanks man!!!