{"id":1021,"date":"2011-12-07T22:08:00","date_gmt":"2011-12-08T02:08:00","guid":{"rendered":"https:\/\/lowtek.ca\/roo\/?p=1021"},"modified":"2011-12-03T22:40:20","modified_gmt":"2011-12-04T02:40:20","slug":"unlocking-samsung-i9000m","status":"publish","type":"post","link":"https:\/\/lowtek.ca\/roo\/2011\/unlocking-samsung-i9000m\/","title":{"rendered":"Unlocking Samsung Galaxy S Vibrant (Bell)"},"content":{"rendered":"

\"\"<\/a><\/p>\n

I’ve been a big fan of unlocked<\/a> GSM phones since my first one back in 2009. I’ve also been through a surprising number of different phone since then, but all of them have been 2nd (or 3rd) hand and have been a good price for a phone that still has lots of use left in it. My latest phone the Samsung Galaxy S Vibrant (i9000m)<\/a> is no different, but it came to me locked to Bell<\/a>.<\/p>\n

I purchased the i9000m knowing it could be easily unlocked if you had the right magic. With the stock firmware, if you don’t have the phone unlocked you’ll see what’s pictured at the top of this post when you install a SIM card.<\/p>\n

It turns out the forums have a great how to guide<\/a>, with pointers to an app on the Android Market<\/a> if you’re afraid of a little bit of hex editing. It should go without saying that I selected the hex editing route. I’ll describe the steps I used here, but \u00a0all credit to the folks in the forums for figuring this out<\/a>.<\/p>\n

I will assume that you’ve rooted<\/a> your i9000m and you’re not incapable of using a hex editor<\/a>.<\/p>\n

Step 1<\/strong>: We’re going to copy some non-volatile<\/a> memory off the phone that contains the ‘lock’. Perform the following commands on the phone (probably via ADB<\/a>).<\/p>\n

$ su
\n# cat \/efs\/nv_data.bin >> \/sdcard\/nv_data.bin
\n<\/code><\/p>\n

Now copy that file onto your PC for editing.\u00a0Make a backup of the original before step 2.<\/p>\n

Step 2<\/strong>: Edit that file, I used hexedit on Ubuntu<\/a>. The lock bit is inside of the byte at\u00a00x181469<\/code> in the file. See the green circle below, change that 01<\/code> into a 00<\/code> and save the file.<\/p>\n

\"\"<\/a><\/p>\n

Starting at offset\u00a00x181468<\/code> you should see the series of digits:\u00a0ff 01 00 00 00 00 46 46<\/code><\/p>\n

The XDA post describes it as follows:<\/p>\n

There are 5 different types of locks in 5 different bytes<\/p>\n

the FF byte should be left alone
\nthe first byte after the FF is the network lock
\nthe next byte is the network subset lock
\nthe next byte is the sp lock
\nthe next byte is the cp lock
\nthe last byte appears to be a data lock.
\nthe 46 46 should be left alone<\/p><\/blockquote>\n

Step 3<\/strong>: Use the modified file to update your phone. Let’s assume you copied the modified file to \/sdcard\/nv_data.bin on the phone, and again the commands below are executed on the phone.<\/p>\n

$ su
\n# rm \/efs\/nv_data.bin
\n# rm \/efs\/nv_data.bin.md5
\n# cat \/sdcard\/nv_data.bin >> \/efs\/nv_data.bin
\n# chmod 755 \/efs\/nv_data.bin
\n# chown radio.radio \/efs\/nv_data.bin || chown 1001.1001 \/efs\/nv_data.bin
\n# reboot
\n<\/code><\/p>\n

That’s it, you’re unlocked. The unlock should persist across ROM (firmware) changes.<\/p>\n

References: a great article<\/a> with pointers to valuable information on the i9000 series.<\/p>\n","protected":false},"excerpt":{"rendered":"

I’ve been a big fan of unlocked GSM phones since my first one back in 2009. I’ve also been through a surprising number of different phone since then, but all of them have been 2nd (or 3rd) hand and have been a good price for a phone that still has lots of use left in … Continue reading “Unlocking Samsung Galaxy S Vibrant (Bell)”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,11,12],"tags":[],"class_list":["post-1021","post","type-post","status-publish","format-standard","hentry","category-android","category-gadgets","category-how-to"],"_links":{"self":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts\/1021","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/comments?post=1021"}],"version-history":[{"count":5,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts\/1021\/revisions"}],"predecessor-version":[{"id":1028,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts\/1021\/revisions\/1028"}],"wp:attachment":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/media?parent=1021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/categories?post=1021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/tags?post=1021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}