Category: How To

Unlocking Samsung Galaxy S Vibrant (Bell)

I’ve been a big fan of unlocked GSM phones since my first one back in 2009. I’ve also been through a surprising number of different phone since then, but all of them have been 2nd (or 3rd) hand and have been a good price for a phone that still has lots of use left in it. My latest phone the Samsung Galaxy S Vibrant (i9000m) is no different, but it came to me locked to Bell.

I purchased the i9000m knowing it could be easily unlocked if you had the right magic. With the stock firmware, if you don’t have the phone unlocked you’ll see what’s pictured at the top of this post when you install a SIM card.

It turns out the forums have a great how to guide, with pointers to an app on the Android Market if you’re afraid of a little bit of hex editing. It should go without saying that I selected the hex editing route. I’ll describe the steps I used here, but  all credit to the folks in the forums for figuring this out.

I will assume that you’ve rooted your i9000m and you’re not incapable of using a hex editor.

Step 1: We’re going to copy some non-volatile memory off the phone that contains the ‘lock’. Perform the following commands on the phone (probably via ADB).

$ su
# cat /efs/nv_data.bin >> /sdcard/nv_data.bin

Now copy that file onto your PC for editing. Make a backup of the original before step 2.

Step 2: Edit that file, I used hexedit on Ubuntu. The lock bit is inside of the byte at 0x181469 in the file. See the green circle below, change that 01 into a 00 and save the file.

Starting at offset 0x181468 you should see the series of digits: ff 01 00 00 00 00 46 46

The XDA post describes it as follows:

There are 5 different types of locks in 5 different bytes

the FF byte should be left alone
the first byte after the FF is the network lock
the next byte is the network subset lock
the next byte is the sp lock
the next byte is the cp lock
the last byte appears to be a data lock.
the 46 46 should be left alone

Step 3: Use the modified file to update your phone. Let’s assume you copied the modified file to /sdcard/nv_data.bin on the phone, and again the commands below are executed on the phone.

$ su
# rm /efs/nv_data.bin
# rm /efs/nv_data.bin.md5
# cat /sdcard/nv_data.bin >> /efs/nv_data.bin
# chmod 755 /efs/nv_data.bin
# chown radio.radio /efs/nv_data.bin || chown 1001.1001 /efs/nv_data.bin
# reboot

That’s it, you’re unlocked. The unlock should persist across ROM (firmware) changes.

References: a great article with pointers to valuable information on the i9000 series.

How To: Migrate from Raid1 to Raid5

Recently I discovered that the iPhoto data was actually stuffed under a deleted user that existed as part of the Mac migration process, this meant it wasn’t being seen by my rsnapshot backup of the active user directory. Fixing the location of the iPhoto library was relatively easy to do, but having an extra 130GB of data to back up immediately ran me into storage problems.

I had setup a RAID1 system using two 1TB volumes, I had decided to split the 1TB mirrored volume into 300Gb/700Gb so I could limit the space used by backups to 300Gb. In hindsight this was a silly idea, and it also made the migration process more complicated. If I had placed the 300Gb volume second, it might have been feasible to move that data somewhere then expand the 700Gb volume to fill the remainder of the drive – but I had put the 300Gb volume first. One day someone will write the utility to allow you to shift the start of a volume to the left (towards the start of a drive).

Instead of sticking with a RAID1 setup, I decided to move to RAID5. While there is a little less redundancy with RAID5, the additional flexibility seems like a good trade off to me at this point. I’ll avoid getting into the religious debate over which type of RAID you should use, or if RAID makes sense at all with large sized drives. Also there are some good off the shelf solutions now such as Drobo or QNAP.

With a project like this it is a good idea to make a plan in advance, then log your steps as you go along. Migration of 100’s of Gb of data will take time, lots of time. I did the work over about 5 days, some of it while on a trip outside the country (remote access!). Here was my plan:

  1. install new drive – ensure system is happy
  2. break mirrored set – run in degraded mode
  3. repartition new drive & unused mirrored drive
  4. create degraded raid 5 (2 drives only)
  5. copy data from degraded mirror onto degraded raid5
  6. decommission degraded mirror & repartition
  7. add volume to raid5 set

I also was careful to check that the new volume had the same capacity as the other two having been bit by that in the past. (I used fdisk -l /dev/sde to get the stats of the drive) Continue reading “How To: Migrate from Raid1 to Raid5”

BlackBerry Bold 9700: JVM Error 102

My brother in-law’s BlackBerry 9700 suffered a new problem this time JVM Error 102. A quick google search turns up more 600,000 results – so this is I assume a pretty common problem. In his case it seems entirely random – he had it plugged in to charge and when he went to unplug it, it was stuck on an all white screen with JVM Error 102 with one choice: reboot. It seemed the device was stuck in a reboot cycle, always hitting the same error.

I followed the instructions on this page, but I’ll also repeat them here to cover exactly what I did. Sadly this requires a Windows machine (I used XP).

If you don’t already have the BlackBerry Desktop Software installed and running, you’ll need that. If you’ve never had the BlackBerry connected to your Windows machine, it may also need to install some USB drivers, my Windows XP was able to figure out what was needed automatically. Hopefully you’ll be in a state as shown in the picture at the top of this post, able to see the device but not able to do anything.

Now you need the JL_cmder utility. The utility is just a script driving the JavaLoader program. With the BlackBerry Desktop Software running, also run this script. If you are having trouble with this part, I’d advise you to stop trying to solve this yourself and get some help. You’ll need to be comfortable with command line programs to succeed.

If you see some output like the following when using JL_cmder:

RIM Wireless Handheld Java Loader
Copyright 2001-2007 Research In Motion Limited
Connecting to device...debug: HRESULT error dur
ing Open: 80040154
Error: unable to open port

Then you’ve probably failed as I had to install the BlackBerry Desktop Software, or it isn’t running, or you’ve got a driver problem, or maybe there is a more serious problem with your BlackBerry. Once I had installed and was running the BlackBerry Desktop Software this problem went away for me.

Now you want to grab the eventlog. This will open a notepad with the contents of your log. In my case there had been many failed boots, so the error was repeated many times. Here is the last complete entry:

guid:0x97C9F5F641D25E5F time: Wed Dec 31 19:00:00 1969 severity:0 type:2 app:System data:System Startup
guid:0x97C9F5F641D25E5F time: Wed Dec 31 19:00:00 1969 severity:0 type:2 app:System data:VM:FSNHv=1
guid:0x97C9F5F641D25E5F time: Wed Dec 31 19:00:00 1969 severity:0 type:2 app:System data:VM:CVER=5.0.0.351
guid:0x97C9F5F641D25E5F time: Wed Dec 31 19:00:00 1969 severity:0 type:2 app:System data:VM:PSIDv=266951
guid:0x97C9F5F641D25E5F time: Wed Dec 31 19:00:00 1969 severity:0 type:2 app:System data:CMM: verifyHash failed for net_rim_device_apps_games_wordmole_graphics_480x360-6(3437)
guid:0x97C9F5F641D25E5F time: Wed Dec 31 19:00:00 1969 severity:0 type:2 app:System data:VM:+BORK
guid:0x97C9F5F641D25E5F time: Wed Dec 31 19:00:00 1969 severity:0 type:2 app:System data:JVM Error 102
guid:0x97C9F5F641D25E5F time: Wed Dec 31 19:00:00 1969 severity:0 type:2 app:System data:Invalid code in filesystem
guid:0x97C9F5F641D25E5F time: Wed Dec 31 19:00:00 1969 severity:0 type:2 app:System data:JVM:INFOp=21e0b6b1,a='5.0.0.351',o='5.1.0.98',h=4001507

You can see there is a verifyHash failure in the log, I’ve marked the file name of the offending file in bold (your log won’t have the bold marking in it – that’s your job, to identify the problematic file). So there isn’t any good reason this file was corrupted and not another, but luckily it is clearly a non-critical file. I was amused by the appearance of the Unix epoc in the log file.

Now that we know what the problem is, we’ll just remove the file. I’ll stress that the filename is going to be unique to your problem. Reading the error log is a critical step. Using a command shell we’ll execute the following:

JavaLoader.exe -u erase -f net_rim_device_apps_games_wordmole_graphics_480x360-6

Doing this caused the device to reboot. If it doesn’t reboot on it’s own, you might need to manually reboot/reset the device. That’s it you’re done – you should have a working BlackBerry at this point.

Follow up steps – you should synchronize with the desktop software to back up your device. It may be wise to push a firmware upgrade to the device, even the same version you had (assuming you were fully up to date) – this will replace all other files which may have been corrupted. I didn’t do this, but I’d hope the desktop software makes this a straight-forward process.