EDIT: first goto OP of this thread for latest news: http://forum.xda-developers.com/showthread.php?t=828534
Note: first check if your phone is locked at all. Obvious, but some forget it.
Goto dialer and type: *#7465625#
Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode
Just found another way of doing it
Someone needs to do it. Thanks.
In a DOS box (phone does! need to be routed)
See for temporary rooting EDIT2 below!
- adb shell
- su
- cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
- exit (2x)
- adb pull /sdcard/bml5.img
- now open in hex editor on PC (like xvi32)
- find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)
- my unlock code is at #1282C0A
- put locked sim in phone, boot and enter code from above
I did reboot twice without any problems. Also checked other bml5 images found on xda.
All have the unlock code in it !!! If your phone is not SP locked you will have 000000
instead of provider code in the same block.
That is perso.txt but 00 are FF.
In perso.txt from stl5:
In bml5.img
Dunno where to hex search for in bml5. Perhaps FF FF FF FF FF FF FF FF 30 30 30 30 30 30
30 30 ?
EDIT: find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)
Let me know.
Cheers
EDIT:
The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
VFAT. Only by stl5 device. But that is dangerous as we have seen before.
You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
So for now you have to do with the FSR_STL file and search in it for your unlock code.
More on Samsungs FLASH system: http://forum.xda-developers.com/showthread.php?t=801223
EDIT2:
For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
- download RageAndAdb.zip from attachement and unpack
- put rageagainstthecage ELF executable in user writeable part of your phone:
1) adb push rageagainstthecage /data/local/tmp
2) adb shell
3) cd /data/local/tmp
4) chmod 777 rageagainstthecage
5) ./rageagainstthecage
- back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
- start adb shell again
- now you are superuser on your phone
- continue with bml5 dump as written above
Samsung USB drivers can be found here: http://forum.xda-developers.com/show...86&postcount=6
Note: first check if your phone is locked at all. Obvious, but some forget it.
Goto dialer and type: *#7465625#
Note: if you cannot write to sdcard: stop Kies or make sure your card is not in Mass Storage Mode
Just found another way of doing it
Someone needs to do it. Thanks.In a DOS box (phone does! need to be routed)
See for temporary rooting EDIT2 below!
- adb shell
- su
- cat /dev/bml5>/sdcard/bml5.img (BE-EM-EL-FIVE is about 25 Mb)
- exit (2x)
- adb pull /sdcard/bml5.img
- now open in hex editor on PC (like xvi32)
- find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)
- my unlock code is at #1282C0A
- put locked sim in phone, boot and enter code from above
I did reboot twice without any problems. Also checked other bml5 images found on xda.
All have the unlock code in it !!! If your phone is not SP locked you will have 000000
instead of provider code in the same block.
That is perso.txt but 00 are FF.
In perso.txt from stl5:
Code:
00 00 00 00 00 00 00 00 00 00 36 31 34 39 33 36 = 61493638 (my unlock code) 33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33 35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03 05 03 05 05
Code:
FF FF FF FF FF FF FF FF FF FF 36 31 34 39 33 36 = 61493638 (my unlock code) 33 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 39 32 34 32 37 33 35 38 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 30 30 30 30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 03 05 03 05 05
30 30 ?
EDIT: find the proper block with hex search:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 FF FF FF FF FF FF FF FF FF FF FF FF FF FF (2 times)
Scroll a few pages of FF's down until you see the first number (unlock code)
Let me know.
Cheers
EDIT:
The img file starts with FSR_STL. The STL5 VFAT BLOCK is in here but not accessible as
VFAT. Only by stl5 device. But that is dangerous as we have seen before.
You can find the start of the VFAT table (MSWIN4.1) in the FSR_STL (offset #153000)
Alst the size of the FRS_STL is 25 Mb, the STL/VFAT image is only 7.4 Mb.
So for now you have to do with the FSR_STL file and search in it for your unlock code.
More on Samsungs FLASH system: http://forum.xda-developers.com/showthread.php?t=801223
EDIT2:
For getting BML5 container you must root your phone. But you can easily do a temporarily root with these instructions. You do need adb.exe
- download RageAndAdb.zip from attachement and unpack
- put rageagainstthecage ELF executable in user writeable part of your phone:
1) adb push rageagainstthecage /data/local/tmp
2) adb shell
3) cd /data/local/tmp
4) chmod 777 rageagainstthecage
5) ./rageagainstthecage
- back at your pc open windows task manager (Ctrl+Shft+Esc) and kill adb process
- start adb shell again
- now you are superuser on your phone
- continue with bml5 dump as written above
Samsung USB drivers can be found here: http://forum.xda-developers.com/show...86&postcount=6
No comments:
Post a Comment