Develop Bugs

HTC p3300 problem

I sd installed a factory rom, and after reboot, it stops at a O2 welcome screen, so aparently it was a O2 wm6 rom. Is there any way to repair it.
I can enter bootloader and i have ipl 3.04.0001 spl 3.04.0000
I tried to install HTC_P3300_WWE_3.13.405.1_4.1.13.44_02.94.90_Ship_R but i get INVALID VENDER ID error. i tried sd flash but doesn't start

ca anyone give me a link to htc p3300 wm5 factory rom?

41 52 54 45 31 30 30 30 30 00 00 00 00 00 00 00 ARTE10000.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
48 54 43 5F 5F 48 31 30 00 00 00 00 00 00 00 00 HTC__H10........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..............
cid HTC__H10
which rom should I install?

Update rom problem - bootloader only

I sd installed a factory rom, and after reboot, it stops at a O2 welcome screen, so aparently it was a O2 wm6 rom. Is there any way to repair it.
I can enter bootloader and i have ipl 3.04.0001 spl 3.04.0000
my CID is ARTE1000 an I tried to install this HTC_1.12.405.01_026790_WWE_SHIP. I verified with hex edit and this rom is ARTE1000 but still i get INVALID VENDER ID
why?

Hello
Hello Hello Hello Hello

41 52 54 45 31 30 30 30 30 00 00 00 00 00 00 00 ARTE10000.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
48 54 43 5F 5F 48 31 30 00 00 00 00 00 00 00 00 HTC__H10........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..............
cid HTC__H10
which rom should I install?

topic closed
I used the original rom and it worked H__10 is norwegian

[GUIDE] How to get xoom cdma version running on other CDMA EvDO network

（There may be something missed in the following steps. if u got problem, feel free to feedback）
It works on Xoom CDMA 3.0/3.1 version.
after upgrade to 3.1, the pppd configuration file was reset , so we should redo step 2.13 to get 3G connection
1.Preparing
1.1 AN & AAA
AN & AAA can be understood as the user name and password of EvDO network.
AN： you can get AN from your phone through cdmaworkshop or QPST or QXDM。
AAA：you can get AAA from some phone by using cdmaworkshop，such as HTC EVO 4G。maybe you can get AAA from provider also.
in this post, i assume the AN is "[email protected]".
1.2 SID & NID
System ID & Network ID of provider, which can be found by search engine.
1.3 Tools
installing cdmaworkshop and "HW virtual serial port"(HWVSP) on Windows OS.
In HWVSP, uncheck the "nvt enabled" option to disable nvt(Network Virtual Terminal, rfc2217), or you would be unable to connect to xoom. (thanks lesjaw for pointing this out)
If you can read chinese, I would prefer VSPM instead of HWVSP to create virtual serial port, because VSPM is much faster.
It has free version, can be download at http://www.powerip.net/product_VSPM.htm.
1.4 important tips
before the change, write down or backup the original data for recovering case
2.Hacking
2.1 switching xoom to DIAG mode
hold on VOL-UP & VOL_DOWN button, then press power button for about 5 seconds, until you see the following text on the upper-left corner:
Code:
Powering on BP
Cold-booting Linux
Reading ODM fuse:1
(PS: you can do this at any time, no need to turn off xoom.)
2.2 making xoom and Windows PC connected
Method 1：through USB cable
after connecting xoom and PC by USB cable, you could get a network card named "Motorola USB Networking Driver", and the PC would get IP 192.168.16.1, xoom get IP 192.168.16.2
Method2：through WiFi
Connect xoom & PC to the same WiFi network.
2.3 creating DIAG port on Windows PC
run "HW virtual serial port" or other virtual port tool , create a virtual serial port to
IP：192.168.16.2(USB Method) or XXX.XXX.XXX.XXX(xoom WiFi address）
port： 11008
2.4 connect to diag port
run CDMAWorkshop, or other crack tool ,such as QPST, select the virtual serial port created at step 2.3 as DIAG port.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
2.5 write PRL
write the correct PRL into xoom by using CDMAWorkshop or other crack tool.
2.6 change MDN
Dir_Number(MDN):change Dir_Number to the first 10 digits of AN
you can also change MDN at step 2.12.
2.7 change AN
we can not modify AN through CDMA workshop or QPST directly.
to changing AN, we have to write some NV items, including 8040,8041,8042,8043,8091.
Backup nv items:
reading nv-items 8040,8041,8042,8043,8091 through cdmaworkshop
Modify nv items:
item 8040,8041,8042,8043,8091 are all the same.
change them to end part of AN exclude first 10 digits. in this case, it's "[email protected]".
you need to change the string into ASCII code (for example,35 36 37 38 39 40 6D 79 63 64 6D 61 2E 63 6E)
Write nv items
the following is content of sample, you can change it, then write back to xoom through CDMAWorkshop.
Code:
[NV items]
[Complete items - 5, Items size - 128]
08040 (0x1F68) - OK
35 36 37 38 39 40 6D 79 63 64 6D 61 2E 63 6E 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
08041 (0x1F69) - OK
35 36 37 38 39 40 6D 79 63 64 6D 61 2E 63 6E 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
08042 (0x1F6A) - OK
35 36 37 38 39 40 6D 79 63 64 6D 61 2E 63 6E 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
08043 (0x1F6B) - OK
35 36 37 38 39 40 6D 79 63 64 6D 61 2E 63 6E 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
08091 (0x1F9B) - OK
35 36 37 38 39 40 6D 79 63 64 6D 61 2E 63 6E 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2.8 confirm update of AN
in CDMAworkshop, check HDR Username at EVDO tab.
2.10 change IP Behaviour to "Simple IP"
you can do this by CDMAWorkshop or QPST.
2.11 change AAA
Method 1：at CDMA workshop EVDO tab, input AAA(HDR pass), then write into Xoom.
Method 2：write NV item 1192 through CDMAWorkshop, the sample AAA is 123456.
Code:
[NV items]
[Complete items - 1]
01192 (0x04A8) - OK
06 31 32 33 34 35 36 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
(06: password length, 31 32 33 34 35 36: password ASCII code）
2.12 change SID,NID
run motorola field test util in DIAG mode.
the command is:
Code:
am start -a android.intent.action.MAIN -n com.motorola.modemutil/.FieldMenu
then change to the SID,NID of Provider in "Program Menu".
you should take it carefully, just update the fields you really understand.
(if you haven't changed MDN yet, you can change it in passing).
you can run the command in terminal emulator, or by android SDK.
(Tips: to run it on adb shell, first download an app named "adbwireless".
turn on wifi, connect pc and xoom to the same wifi AP.
run adbwireless, turn on adb via wifi.
it shows IP: port, such as 192.168.X.X: 5555.
at windows command prompt, run
Code:
adb connect IP: PORT
then run
Code:
adb shell
)
2.13 modify android pppd configuration file
this step maybe isn't necessary.
you should need to do this if you still can not get 3g connection after above steps.
to do this step, you need to root xoom first.
please see other post about how to root xoom.
Code:
adb remount
adb pull /system/etc/ppp/peers/pppd-ril.options
make a backup of pppd-ril.options file.
change
Code:
user [email protected]
password NotUsed
to your ppp dial-up username and password.
in china, it's
Code:
user [email protected]
password vnet.mobi
save the change, run
Code:
adb push pppd-ril.options /system/etc/ppp/peers
after these operations, you should see 3g icon on the bottom-right corner.

Hi Hawk, do you need to root before you do this? Thanks.

Also, do we have to change ESN of the xoom in CHina in order to get evdo? Thank you!

ljwnow said:
Also, do we have to change ESN of the xoom in CHina in order to get evdo? Thank you!
Click to expand...
Click to collapse
if you just want to using EvDO, then you should ignore ESN modifing.
in fact, i'm using factory ESN of xoom now.
btw, there is no way being found to change ESN of xoom. you need to change ESN on the provider side to get 1x network working.
for ur first question, i think rooting is not necessary for EvDO hacking.
evenif without rooting, we can still run the offical programming app made by motorola which i mentioned it at the end of the post.
Sent from my Xoom using XDA App

hawk2k8 said:
if you just want to using EvDO, then you should ignore ESN modifing.
in fact, i'm using factory ESN of xoom now.
btw, there is no way being found to change ESN of xoom. you need to change ESN on the provider side to get 1x network working.
for ur first question, i think rooting is not necessary for EvDO hacking.
evenif without rooting, we can still run the offical programming app made by motorola which i mentioned it at the end of the post.
Sent from my Xoom using XDA App
Click to expand...
Click to collapse
Thanks for your reply. Would you also post a guide for enabling voice and 1x, please? Thank you.

ljwnow said:
Thanks for your reply. Would you also post a guide for enabling voice and 1x, please? Thank you.
Click to expand...
Click to collapse
I have tried the hidden emergency caller, it told me voice is disabled.
I found some SIP UI built-in, so maybe we can see a integrated VoIP caller on android tablet in the near future.
To enable 1x service, we should change ESN on the provider side to the factory ESN of xoom, then get the changed AKEY from provider, and write it into xoom. It succeeded on Motorola Droid X .

Hawk, great find..
but i step 2.7 Writing NV Item, i always got "Phone Does Not Answer"
i use Motorola USB Network to connect my PC to Xoom.
i use www.whiterabbit.org/android to convert nv asci file..
what is AAA? does it mean AKEY?
update :
Finally i succeed write 4 NV Items..
but in NAM, i still got SID/NID error, here is the log
Write MIN1... Success
Write MIN2... Success
Write Directory number... Success
Write Banner... Success
Write NAM name... Success
Write MCC... Success
Write MNC... Success
Write SID/NID pairs... Failed
Write Primary channels... Success
Write Secondary channels... Success
Write SCM... Success
Write SCI... Skipped
Write Accolc... Success
Write Current NAM... Success
Write True IMSI... Success
Write PRL status... Success
Write System selection... Success
Write Otapa status... Success
Click to expand...
Click to collapse
QPST always give unspecified error if i open Service Programing, the phone does connect (i can see it in QPST Configuration), i use QPST 2.7 323 version, any advice?

lesjaw said:
Hawk, great find..
but i step 2.7 Writing NV Item, i always got "Phone Does Not Answer"
i use Motorola USB Network to connect my PC to Xoom.
i use www.whiterabbit.org/android to convert nv asci file..
what is AAA? does it mean AKEY?
Click to expand...
Click to collapse
http://www.whiterabbit.org/android/ is great, but some of his items are not necessary for xoom. we should just need item 8040,8041,8042,8043, which is being used to generate AN by radio firmware.
i haven't met "Phone Does Not Answer" message by using CDMAWorkshop to write these nv_items, maybe you can try to write one item at one time to avoid it.
"what is AAA? does it mean AKEY?"
CDMA network has 2 services, the one is high-speed EvDO(data-only) service ,the other is low-speed data-voice sharing 1x service.
AAA is HDR(High Data Rate) password, being used in EvDO service for Authentication,Accounting and Authorization.
AKEY is being used in CDMA-1X network, for voice and 1x service.

lesjaw said:
but in NAM, i still got SID/NID error, here is the log
QPST always give unspecified error if i open Service Programing, the phone does connect (i can see it in QPST Configuration), i use QPST 2.7 323 version, any advice?
Click to expand...
Click to collapse
oh, i forgot it. I changed SID/NID successfully only in motorola programming app. (guide is updated)
and QPST 2.7.323 can not connect to xoom, you should upgrade it.QPST 2.7.355 should work.

3g iusacell/unefon CDMA or telcel GSM what work?
Hi hawk2k8:
My xoom is MZ600 Im live in Mexico
Can use your procedure for use my carrier 3g telcel GSM?
o
Maybe buy sim 3g the iusacell o Unefon CDMA?
Please helpme
Regards

m4tr1s said:
Hi hawk2k8:
My xoom is MZ600 Im live in Mexico
Can use your procedure for use my carrier 3g telcel GSM?
o
Maybe buy sim 3g the iusacell o Unefon CDMA?
Please helpme
Regards
Click to expand...
Click to collapse
No sir, this is for CDMA only.

hawk2k8 said:
oh, i forgot it. I changed SID/NID successfully only in motorola programming app. (guide is updated)
and QPST 2.7.323 can not connect to xoom, you should upgrade it.QPST 2.7.355 should work.
Click to expand...
Click to collapse
i still dont have luck with QPST 2.7.355, have tried QPST 2.7.363 too, it does connect but always time out when tried to read phone
any other sugested application?

lesjaw said:
i still dont have luck with QPST 2.7.355, have tried QPST 2.7.363 too, it does connect but always time out when tried to read phone
any other sugested application?
Click to expand...
Click to collapse
I'm having a similar issue. I am using HW Virtual Serial Port 2.5.10 and QPST 2.7 B3.55. What happens is the USB link is created but the device shows up as "No Phone" in QPST. I am about to try CDMA Ware in a sec.

deflon said:
I'm having a similar issue. I am using HW Virtual Serial Port 2.5.10 and QPST 2.7 B3.55. What happens is the USB link is created but the device shows up as "No Phone" in QPST. I am about to try CDMA Ware in a sec.
Click to expand...
Click to collapse
2.7.363 does recognize my number.. but i still got time out error after pressing "read Phone" button..
CDMA WS give me this for NV item 1192
[NV Items]
[Complete items - 0]
1192 (0x04A8) - Access denied
Click to expand...
Click to collapse
i still can't understand this
2.11 change AAA
Method 1：at CDMA workshop EVDO tab, input AAA, then write into Xoom.
Method 2：write NV item 1192 through CDMAWorkshop, the sample AAA is 123456.
Click to expand...
Click to collapse
my evdo and 1x password carier is my MEID, let said 99000074221234
what should i edit in this ?
[NV items]
[Complete items - 1]
01192 (0x04A8) - OK
06 31 32 33 34 35 36 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Click to expand...
Click to collapse

lesjaw said:
2.7.363 does recognize my number.. but i still got time out error after pressing "read Phone" button..
CDMA WS give me this for NV item 1192
i still can't understand this
my evdo and 1x password carier is my MEID, let said 99000074221234
what should i edit in this ?
Click to expand...
Click to collapse
Just realized you are using CDMA WS now and not QPST. I just bought the software but awaiting the key =(

Mode Diag
When put mode Diag my Xoom
Powering on BP
Cold-booting Linux
Reading ODM fuse:1
After 5 - 10 sec, the xoom auto boot normal
What is the problem, my xoom is rooted

m4tr1s said:
When put mode Diag my Xoom
Powering on BP
Cold-booting Linux
Reading ODM fuse:1
After 5 - 10 sec, the xoom auto boot normal
What is the problem, my xoom is rooted
Click to expand...
Click to collapse
that's normal, just continue the step of the procedure to inject ur carrier

lesjaw said:
2.7.363 does recognize my number.. but i still got time out error after pressing "read Phone" button..
CDMA WS give me this for NV item 1192
i still can't understand this
my evdo and 1x password carier is my MEID, let said 99000074221234
what should i edit in this ?
Click to expand...
Click to collapse
I tested QPST 2.7.355 on windows 7 just a moment ago.
to slow down the connection between xoom and pc, i created a virtual port via WiFi.
it worked without any error, although the reading speed was a bit slow.
NV-item 1192 is Write-only, can not be read out.
for AAA=99000074221234, item 1192 should be
Code:
[NV items]
[Complete items - 1]
01192 (0x04A8) - OK
0E 39 39 30 30 30 30 37 34 32 32 31 32 33 34 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E : password length , 14 in decimal
39 39 30 30 30 30 37 34 32 32 31 32 33 34 : your password
BTW: i have updated the guide, it missed the last step for pppd configuration.

aarrgghh, I have tried 3 different wifi (access point) qpst service programing still didn't work, but qpst file explorer does can read the phone..the only thing left is NV item for UserName and password now..hiks..phone has signal and show 1x data but its status is connecting ..never get connected..
Update my mistake..QPST does work, i must disable NVT Enabled in HWVSP setting
Sent from my Xoom using XDA Premium App

lesjaw said:
aarrgghh, I have tried 3 different wifi (access point) qpst service programing still didn't work, but qpst file explorer does can read the phone..the only thing left is NV item for UserName and password now..hiks..phone has signal and show 1x data but its status is connecting ..never get connected..
Update my mistake..QPST does work, i must disable NVT Enabled in HWVSP setting
Sent from my Xoom using XDA Premium App
Click to expand...
Click to collapse
Thanks lesjaw I was able to connect to the xoom using QPST after disabling NVT.

Research on tags file... and tweaks ;-)

Hi guys,
i started some research a while ago on the internal structure of flash memory on the G9 series.
Especially the parts that are involved to tell the kernel how to behave on different models.
I am talking about the FTAG section, a.k.a tags.
To get a better idea on how this file is organized, i need to compare different tags files from the rawfs section of our devices.
This is where i need your help.
Please copy the file /mnt/rawfs/tags and post it here.
It's only 512 bytes in size, so you might rename it to tags_model.bin and post it here.
I mostly would need the tags from the turbo models:
- A80G9 turbo
- A101G9 turbo
RAM size does'nt matter but would be nice to mark it, if you got a 1GByte device.
EDIT:
Here's what i tried to figure out so far (A80G9 with 8GB)...
EDIT2:
now with the turbo flag and other additional flags...
Code:
05 00 00 00
01 00 00 00
34 12 A0 FE FEATURE_LIST_MAGIC=0xFEA01234
01 00 00 00 FEATURE_LIST_REV=0x00000001
feature_tag_header
00 00 00 00 size=0x0
13 00 00 00 tag=0x00000013
02 00 00 00 41 38 30 53 FTAG_PRODUCT_NAME=A80G
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
A8 13 00 00 id=0x000013A8=5032
06 00 00 00 FTAG_PRODUCT_ZONE
03 00 00 00 FTAG_PRODUCT_SERIAL_NUMBER
67 12 00 00 00 00 00 00 serial=0x00001267=4711
00 00 00 00 00 00 00 00
04 00 00 00
04 00 00 00 FTAG_PRODUCT_MAC_ADDRESS
11 12 13 14 15 11 00 00 addr=11 12 13 14 15 11
03 00 00 00 ???
10 00 00 00 FTAG_BOARD_PCB_REVISION
05 00 00 00 revision=0x5
1A 00 00 00
12 00 00 00 FTAG_SDRAM
65 6C 70 69 vendor=elpida
64 61 00 00 00 00 00 00 00 00 00 00
45 44 42 34 product=EDB4064B2PB
30 36 34 42 32 50 42 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 type=0x0
00 00 00 00 revision=0x0
00 00 00 00 flags=0x0
90 01 00 00 clock=0x00000190=400
00 00 00 00 param_0
00 00 00 00 param_1
00 00 00 00 param_2
00 00 00 00 param_3
00 00 00 00 param_4
00 00 00 00 param_5
00 00 00 00 param_6
00 00 00 00 param_7
03 00 00 00 ???
13 00 00 00 FTAG_PMIC
01 00 00 00 FTAG_PMIC_TPS62361
04 00 00 00 flags=0x00000004
20 00 00 00 FTAG_SERIAL_PORT
01 00 00 00 uart_id=0x00000001
40 42 0F 00 speed=0x000F4240=1000000
05 00 00 00 ???
01 00 01 00 FTAG_HAS_GPIO_VOLUME_KEYS
2B 00 00 00 gpio_vol_up=0x0000002B
2C 00 00 00 gpio_vol_down=0x0000002C
00 00 00 00 flags=0x0
0F 00 00 00
18 00 01 00 FTAG_SCREEN
43 4D 49 00 00 00 00 00 00 00 00 00 vendor=CMI
00 00 00 00
00 00 00 00 type=0x0
00 00 00 00 revision=0x0
00 00 00 00 vcom=0x0
C8 00 00 00 backlight=0x000000C8=200
00 00 00 00 00 00 00 00 00 00 00 00 reserved
00 00 00 00 00 00 00 00
03 00 00 00 ???
14 00 00 00 FTAG_TURBO
01 00 00 00 flag=0x1
07 00 00 00 ???
06 00 00 00 ???
30 00 00 00 ??? ;set to 0x31 on A101S
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
As i said the file is 512 Bytes in size and i tried to group the FTAGS based on the header from the kernel (/arch/arm/include/asm/feature_list.h).
Some entries make no sense yet... but if you post some of your files.
BTW, as you might see there's no turbo flag on my device yet
Thanks a lot in advance!
Regards,
scholbert

Hi!
Here's the tag file of my archos:
Model: Archos 80G9 1.5GHz 1GByte RAM 16GByte

hmm
remote object '/mnt/rawfs/tags' does not exist

Shano56 said:
hmm
remote object '/mnt/rawfs/tags' does not exist
Click to expand...
Click to collapse
su ftw
I'll provide A101s tags file (512 MB 1 GHz) tomorrow
BTW- max cpu clock is determined by cpu microcode, kernel checks this AFAIK
Sent from my Archos Gen9 101

Psh I hate that android needs su to copy a file scholbert I might flash rooted firmware later, do you need A80G9 omap4460, 1gb ram, 8gb flash?

Shano56 said:
Psh I hate that android needs su to copy a file
Click to expand...
Click to collapse
This is not user accessible location after all
Tags file attached

...coooool !!!
Hey,
thanks a lot for the feedback and the tags files.
Of course you need root access to access /mnt/rawfs.
I forgot to mention that obviously...
gen_scheisskopf said:
BTW- max cpu clock is determined by cpu microcode, kernel checks this AFAIK
Click to expand...
Click to collapse
Yupp that's how it mainly works out... but there's also an effect of the FTAG_TURBO on stock kernel, if we speak about clocking.
That's why i started this investigations.
Those device that came equipped with OMAP4430 high perforamnce version but got standard 1GHz could be easily transformed to turbo version by exchanging the flags file, i guess. No need to use a custom kernel, here.
Root access would be required though.
I'll check that out in the next days and describe the procedure here, if there's some interest.
Quallenauge said:
Here's the tag file of my archos:
Model: Archos 80G9 1.5GHz 1GByte RAM 16GByte
Click to expand...
Click to collapse
Thanks a lot for this file.
As you see in the attached pic, your device got the turbo flag set.
On the left it's my 1GHz device, on the right it's your 1.5GHz.
BTW, which processor is inside your device?
I guess it's a 4460, isn't it?
Anyway the arrangement of the turbo flag was, what i looked for in the first place.
There are other settings which could be interesting as well...
Stay tuned!
scholbert

scholbert said:
I guess it's a 4460, isn't it?
Click to expand...
Click to collapse
It has to be- 4430 Turbo models were clocked at 1.2GHz (and had 512MB ram)

Here is my contribution to your research.
This comes from a 101G9 1.5ghz Turbo with 512mb ram. It says board version A101S-V5 (T1) and omap version 4460 ES1.1 if that helps.

gen_scheisskopf said:
It has to be- 4430 Turbo models were clocked at 1.2GHz (and had 512MB ram)
Click to expand...
Click to collapse
Yes, indeed! It is a 4460 ES1.1 CPU.

DIY turbo tablet
Hey,
good news everyone. I was able to replace my standard tags file with a turbo one
It just worked...
Now my standard device is clocked at 1.2GHz right away, even with stock kernel
It's a little bit tricky though and if you like your device tuned up most please follow surdu_petru's way and use his overclock kernel.
First i found out that the tags file varies a little bit even on devices of the same series.
Seems to be related to the avboot version used on the pad.
Anyway, tags file is located in the 771st block of mmcblk0.
All steps could be done using Android terminal program. You'll need root access.
The rawfs partition should be unmounted first, to not confuse the kernel in any way.
Afterwards there's only 512bytes to be replaced and voilà
If you like more info please tell me, but beware... if something goes wrong you might easily brick your tablet.
EDIT:
The device now shows up as A80S-V5 (T1) in Settings->About tablet->Board version.
I guess this stands for turbo version 1 ([email protected], 512MB RAM)
Could anyone confirm this on a "real" turbo device?
What other versions are known?
Cheers,
scholbert

scholbert said:
Hey,
good news everyone. I was able to replace my standard tags file with a turbo one
It just worked...
Now my standard device is clocked at 1.2GHz right away, even with stock kernel
It's a little bit tricky though and if you like your device tuned up most please follow surdu_petru's way and use his overclock kernel.
First i found out that the tags file varies a little bit even on devices of the same series.
Seems to be related to the avboot version used on the pad.
Anyway, tags file is located in the 771st block of mmcblk0.
All steps could be done using Android terminal program. You'll need root access.
The rawfs partition should be unmounted first, to not confuse the kernel in any way.
Afterwards there's only 512bytes to be replaced and voilà
If you like more info please tell me, but beware... if something goes wrong you might easily brick your tablet.
EDIT:
The device now shows up as A80S-V5 (T1) in Settings->About tablet->Board version.
I guess this stands for turbo version 1 ([email protected], 512MB RAM)
Could anyone confirm this on a "real" turbo device?
What other versions are known?
Cheers,
scholbert
Click to expand...
Click to collapse
Did you have a chance to compare A101S tags files?
Sent from my Archos Gen9 101

Hi gen_scheisskopf!
gen_scheisskopf said:
Did you have a chance to compare A101S tags files?
Click to expand...
Click to collapse
Basically no problem it's the same thing for the A101S.
As you posted a tags file from a A101S, i guess it's from your tablet.
Problem is this:
http://forum.xda-developers.com/showpost.php?p=27648801&postcount=17
Especially the second part related to the A101...
I supsect the missing core regulator being the cause for some instabilities on some A101S, while overclocking.
So if we tweak your tags file to identify the board as turbo, it will boot with 1.2GHz as well. If this fails, you're in a boot loop which would be hard to fix...
Have you tried surdu_petru's overclock kernel already?
Is your tablet stable at 1.2GHz?
If it runs stable at 1.2GHz we could try tweaking tags...
Regards,
scholbert

scholbert said:
Problem is this:
http://forum.xda-developers.com/showpost.php?p=27648801&postcount=17
Especially the second part related to the A101...
Click to expand...
Click to collapse
Yes, I've seen this.
Is there a possibility to determine onboard hardware (power regulator) using board revision (V5 in my case) or it is the same for all devices?
I didn't check if .aos updates make changes to tags file (they can change params file for sure- plugins)
scholbert said:
I supsect the missing core regulator being the cause for some instabilities on some A101S, while overclocking.
So if we tweak your tags file to identify the board as turbo, it will boot with 1.2GHz as well. If this fails, you're in a boot loop which would be hard to fix...
Click to expand...
Click to collapse
That's why I'm asking before doing anything
scholbert said:
Have you tried surdu_petru's overclock kernel already?
Is your tablet stable at 1.2GHz?
If it runs stable at 1.2GHz we could try tweaking tags...
Regards,
scholbert
Click to expand...
Click to collapse
I still use 3.2.80 firmware, my Gen9 doesn't "like" ICS/3.x kernel (runs much hotter than on 2.6.3x, random system hangs and last but not least- vibrator support not included). And TBH I don't need overclocking but if there would be an option to underclock it without SetCPU/No Frills CPU Control....

scholbert said:
The device now shows up as A80S-V5 (T1) in Settings->About tablet->Board version.
I guess this stands for turbo version 1 ([email protected], 512MB RAM)
Could anyone confirm this on a "real" turbo device?
What other versions are known?
Cheers,
scholbert
Click to expand...
Click to collapse
Yes, mine is A80S-V5 (T1) aka "80 G9 250GB hdd".

DragosP2010 said:
Yes, mine is A80S-V5 (T1) aka "80 G9 250GB hdd".
Click to expand...
Click to collapse
Nice... little strange though... HDD version should be a A80H-V5 (T1)
Is it a turbo version?
Which processor?
Would you mind posting the tags file?
See first posts.
Regards,
scholbert

gen_scheisskopf said:
Yes, I've seen this.
Is there a possibility to determine onboard hardware (power regulator) using board revision (V5 in my case) or it is the same for all devices?
Click to expand...
Click to collapse
To be honest, i'm not sure if the board revision truly indicates, which parts are soldered on the mainboard.
AFAIK V5 boards are very common... and as far as i can tell A80S and A101S mainboards are nearly the same.
The TPS62361B is controlled by I2C, so maybe you find something in kernel messages or sysfs.
You can tell for sure if you got your device dismantled
gen_scheisskopf said:
I didn't check if .aos updates make changes to tags file (they can change params file for sure- plugins)
Click to expand...
Click to collapse
AFAIK the tags file is left untouched during updates.
It is set by factory and scholbert only
gen_scheisskopf said:
I still use 3.2.80 firmware, my Gen9 doesn't "like" ICS/3.x kernel (runs much hotter than on 2.6.3x, random system hangs and last but not least- vibrator support not included). And TBH I don't need overclocking but if there would be an option to underclock it without SetCPU/No Frills CPU Control....
Click to expand...
Click to collapse
Mmmh strange stuff... maybe it's not the best hardware.
For underclocking the tags file should be left untouched...
Regards,
scholbert

scholbert said:
To be honest, i'm not sure if the board revision truly indicates, which parts are soldered on the mainboard.
AFAIK V5 boards are very common... and as far as i can tell A80S and A101S mainboards are nearly the same.
The TPS62361B is controlled by I2C, so maybe you find something in kernel messages or sysfs.
You can tell for sure if you got your device dismantled
Click to expand...
Click to collapse
I can't do it now- charger died and I don't know if RMA will require charger only or charger AND tablet...
/sysfs/devices/i2c/1-0048/name says twl6030.
scholbert said:
Mmmh strange stuff... maybe it's not the best hardware.
Click to expand...
Click to collapse
Or kernel was made primarily for omap4460 (honeycomb seems to be made for omap4430 judging by defconfigs)

A80S-V5 (T1)
Using the Archos 80G9 Turbo 1,5ghz and 1gb ram

scholbert said:
Nice... little strange though... HDD version should be a A80H-V5 (T1)
Is it a turbo version?
Which processor?
Click to expand...
Click to collapse
Sorry, sorry... Yes, it's turbo, it's hdd AND it's A80H
Would you mind posting the tags file?
See first posts.
Regards,
scholbert
Click to expand...
Click to collapse
Maybe on the evening or tomorrow.

[FIX/UNLOCK] Bell (Canada) I747M SIM Lock/Unlock USB / ESM NVRAM Comparison/Analysis

Hi Folks,
Just thought I'd throw this out here, I spent a good portion of my day digging through forums, ussd/mmi codes, tools, and hex editors trying to find a way to SIM Unlock my Bell S3 (I747M). I eventually 'gave in' and paid an eBay seller $8.00 to unlock my phone through a remote control application and USB network redirector (Successfully, although I never did get the actual SPC code from him even though I asked several times).
For security and isolation reasons I used a clean Windows 7 VM in VMware Workstation 8 with just the Samsung Drivers (from mskip's S3 toolkit (Qualcomm version) -- THANK YOU!!), the remote control tool, and the usb redirector to allow the remote 'tech' to do his work.
I ran a USB Logger tool (from the same vendor that makes the redirector) outside the VM on my host PC and had it capture the complete unlocking process from initial USB plug-in to post-unlock power-off.
I also grabbed images of the EFS partition (using dd) and the NVRAM (with QPST Tools) before and after the unlocking process.
I would expect the most 'useful' to furthering the secret of this unlock would be the delta of the NVRAM images, but alas while I have carefully looked it over a couples times, I don't see anything that looks to be the 'smoking gun'. I will follow-up this post with the relevant snippets as I'm sure there are many of you that may have more experience digging through this than I. Perhaps if someone else can send/post a similar delta, seeing the 'mutual' differences may again shed light on which areas to focus on in further detail.
Analyzing the USB communications may also give us a better understanding of if there are commands or processes we can use in making our own tool to remove this SIM lock.
FWIW, I'm using wxHexEditor for the dump comparisons.

NVRAM Hex Diff #1
Here's the first block with a few changes:
Before:
Code:
000608 00 00 00 00 00 00 00 00 00 00 00 00 B0 24 47 D3 .............$G.
000624 82 CD CD 01 0A 00 00 00 00 82 00 00 00 00 00 00 ................
000640 46 00 69 00 6C 00 65 00 5F 00 56 00 65 00 72 00 F.i.l.e._.V.e.r.
000656 73 00 69 00 6F 00 6E 00 00 00 00 00 00 00 00 00 s.i.o.n.........
000672 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000688 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000704 1A 00 02 01 02 00 00 00 FF FF FF FF FF FF FF FF ................
000720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000736 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000752 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 ................
000768 30 00 30 00 30 00 30 00 34 00 30 00 36 00 39 00 0.0.0.0.4.0.6.9.
000784 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000816 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000832 12 00 01 00 FF FF FF FF FF FF FF FF 03 00 00 00 ................
000848 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000864 00 00 00 00 D0 B2 9E A0 82 CD CD 01 40 13 46 D3 [email protected]
000880 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
000896 64 00 65 00 66 00 61 00 75 00 6C 00 74 00 00 00 d.e.f.a.u.l.t...
000912 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000928 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000944 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000960 10 00 01 01 FF FF FF FF FF FF FF FF 04 00 00 00 ................
000976 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000992 00 00 00 00 D0 B2 9E A0 82 CD CD 01 B0 B3 44 D3 ..............D.
001008 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
001024 06 .
After:
Code:
000608 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="Red"]00 A6 22 2A[/COLOR] ............[COLOR="red"].."*[/COLOR]
000624 [COLOR="red"]DE[/COLOR] CD CD 01 0A 00 00 00 00 82 00 00 00 00 00 00 [COLOR="red"].[/COLOR]...............
000640 46 00 69 00 6C 00 65 00 5F 00 56 00 65 00 72 00 F.i.l.e._.V.e.r.
000656 73 00 69 00 6F 00 6E 00 00 00 00 00 00 00 00 00 s.i.o.n.........
000672 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000688 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000704 1A 00 02 01 02 00 00 00 FF FF FF FF FF FF FF FF ................
000720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000736 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000752 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 ................
000768 30 00 30 00 30 00 30 00 34 00 30 00 36 00 39 00 0.0.0.0.4.0.6.9.
000784 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000816 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000832 12 00 01 00 FF FF FF FF FF FF FF FF 03 00 00 00 ................
000848 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000864 00 00 00 00 [COLOR="red"]30 8F 77 FD DD[/COLOR] CD CD 01 [COLOR="red"]80 6D 21 2A[/COLOR] ....[COLOR="red"]0.w..[/COLOR]...[COLOR="red"].m!*[/COLOR]
000880 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="red"].[/COLOR]...............
000896 64 00 65 00 66 00 61 00 75 00 6C 00 74 00 00 00 d.e.f.a.u.l.t...
000912 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000928 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000944 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000960 10 00 01 01 FF FF FF FF FF FF FF FF 04 00 00 00 ................
000976 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000992 00 00 00 00 [COLOR="Red"]30 8F 77 FD DD[/COLOR] CD CD 01 [COLOR="red"]00 35 20 2A[/COLOR] ....[COLOR="red"]0.w..[/COLOR]...[COLOR="red"].5 *[/COLOR]
001008 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="red"].[/COLOR]...............
001024 06 .
http: //secure.eix.ca/s3/nvram1.png

Here's the second block:
Before:
Code:
001536 52 00 6F 00 6F 00 74 00 20 00 45 00 6E 00 74 00 R.o.o.t. .E.n.t.
001552 72 00 79 00 00 00 00 00 00 00 00 00 00 00 00 00 r.y.............
001568 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001584 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001600 16 00 05 00 FF FF FF FF FF FF FF FF 01 00 00 00 ................
001616 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001632 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="Red"][B]60 6C 91 A0[/B][/COLOR] ............[COLOR="Red"][B]`l..[/B][/COLOR]
001648 [COLOR="Red"][B]82[/B][/COLOR] CD CD 01 05 00 00 00 40 00 00 00 00 00 00 00 [COLOR="Red"][B].[/B][/COLOR][email protected]
After
Code:
001536 52 00 6F 00 6F 00 74 00 20 00 45 00 6E 00 74 00 R.o.o.t. .E.n.t.
001552 72 00 79 00 00 00 00 00 00 00 00 00 00 00 00 00 r.y.............
001568 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001584 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001600 16 00 05 00 FF FF FF FF FF FF FF FF 01 00 00 00 ................
001616 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001632 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="Red"][B]50 E4 61 FD[/B][/COLOR] ............[COLOR="Red"][B]P.a.[/B][/COLOR]
001648 [COLOR="Red"][B]DD[/B][/COLOR] CD CD 01 05 00 00 00 40 00 00 00 00 00 00 00 [COLOR="Red"][B].[/B][/COLOR][email protected]

Wow.. What your doing must be impressive. I have no idea what you just said lol
Sent from my SGH-I747 using xda app-developers app

Here's the Third Block:
Before:
Code:
003584 4E 00 56 00 5F 00 4E 00 55 00 4D 00 42 00 45 00 N.V._.N.U.M.B.E.
003600 52 00 45 00 44 00 5F 00 49 00 54 00 45 00 4D 00 R.E.D._.I.T.E.M.
003616 53 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............
003632 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003648 24 00 01 01 07 00 00 00 05 00 00 00 10 00 00 00 $...............
003664 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003680 00 00 00 00 30 96 B5 A0 82 CD CD 01 50 B3 B2 CF ....0.......P...
003696 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
003712 4D 00 6F 00 62 00 69 00 6C 00 65 00 5F 00 50 00 M.o.b.i.l.e._.P.
003728 72 00 6F 00 70 00 65 00 72 00 74 00 79 00 5F 00 r.o.p.e.r.t.y._.
003744 49 00 6E 00 66 00 6F 00 00 00 00 00 00 00 00 00 I.n.f.o.........
003760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003776 2A 00 02 01 FF FF FF FF 09 00 00 00 FF FF FF FF *...............
003792 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003808 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003824 00 00 00 00 02 00 00 00 46 00 00 00 00 00 00 00 ........F.......
003840 46 00 65 00 61 00 74 00 75 00 72 00 65 00 5F 00 F.e.a.t.u.r.e._.
003856 4D 00 61 00 73 00 6B 00 00 00 00 00 00 00 00 00 M.a.s.k.........
003872 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003888 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003904 1A 00 02 00 FF FF FF FF FF FF FF FF FF FF FF FF ................
003920 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003936 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003952 00 00 00 00 01 00 00 00 38 00 00 00 00 00 00 00 ........8.......
003968 45 00 46 00 53 00 5F 00 42 00 61 00 63 00 6B 00 E.F.S._.B.a.c.k.
003984 75 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 u.p.............
004000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004016 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004032 16 00 01 01 08 00 00 00 06 00 00 00 0E 00 00 00 ................
004048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004064 00 00 00 00 B0 F0 BA CF 82 CD CD 01 B0 42 42 D3 .............BB.
004080 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004096 4E 00 56 00 5F 00 49 00 74 00 65 00 6D 00 73 00 N.V._.I.t.e.m.s.
004112 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004128 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004144 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004160 12 00 01 00 FF FF FF FF FF FF FF FF 0C 00 00 00 ................
004176 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004192 00 00 00 00 50 52 D7 CF 82 CD CD 01 20 CE 11 D1 ....PR...... ...
004208 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004224 50 00 72 00 6F 00 76 00 69 00 73 00 69 00 6F 00 P.r.o.v.i.s.i.o.
004240 6E 00 69 00 6E 00 67 00 5F 00 49 00 74 00 65 00 n.i.n.g._.I.t.e.
004256 6D 00 5F 00 46 00 69 00 6C 00 65 00 73 00 00 00 m._.F.i.l.e.s...
004272 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004288 30 00 01 00 FF FF FF FF FF FF FF FF 0A 00 00 00 0...............
004304 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004320 00 00 00 00 80 38 DA CF 82 CD CD 01 80 15 48 D0 .....8........H.
004336 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004352 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004368 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004384 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004416 10 00 01 01 FF FF FF FF 0B 00 00 00 42 01 00 00 ............B...
004432 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004448 00 00 00 00 80 38 DA CF 82 CD CD 01 80 15 48 D0 .....8........H.
004464 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004480 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
004496 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004512 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004528 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004544 12 00 01 00 FF FF FF FF FF FF FF FF 35 01 00 00 ............5...
004560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004576 00 00 00 00 80 38 DA CF 82 CD CD 01 80 15 48 D0 .....8........H.
004592 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004608 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004624 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004656 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004672 10 00 01 01 FF FF FF FF 0D 00 00 00 03 01 00 00 ................
004688 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004704 00 00 00 00 50 52 D7 CF 82 CD CD 01 20 CE 11 D1 ....PR...... ...
004720 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004736 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
004752 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004768 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004784 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004800 12 00 01 00 FF FF FF FF FF FF FF FF B5 00 00 00 ................
004816 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004832 00 00 00 00 50 52 D7 CF 82 CD CD 01 20 CE 11 D1 ....PR...... ...
004848 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004864 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004880 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004896 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004912 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004928 10 00 01 01 FF FF FF FF 0F 00 00 00 63 00 00 00 ............c...
004944 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004960 00 00 00 00 B0 F0 BA CF 82 CD CD 01 B0 42 42 D3 .............BB.
004976 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004992 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
005008 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005024 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005056 12 00 01 00 FF FF FF FF FF FF FF FF 21 00 00 00 ............!...
005072 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005088 00 00 00 00 B0 F0 BA CF 82 CD CD 01 B0 42 42 D3 .............BB.
005104 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
005120 FE FF FF FF FE FF FF FF 03 00 00 00 FE FF FF FF ................
After:
Code:
003584 4E 00 56 00 5F 00 4E 00 55 00 4D 00 42 00 45 00 N.V._.N.U.M.B.E.
003600 52 00 45 00 44 00 5F 00 49 00 54 00 45 00 4D 00 R.E.D._.I.T.E.M.
003616 53 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............
003632 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003648 24 00 01 01 07 00 00 00 05 00 00 00 10 00 00 00 $...............
003664 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003680 00 00 00 00 [COLOR="Red"]A0 4F C4 FD DD[/COLOR] CD CD 01 [COLOR="red"]20 3F 6D 26[/COLOR] ....[COLOR="red"].O...[/COLOR]...[COLOR="red"] ?m&[/COLOR]
003696 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="red"].[/COLOR]...............
003712 4D 00 6F 00 62 00 69 00 6C 00 65 00 5F 00 50 00 M.o.b.i.l.e._.P.
003728 72 00 6F 00 70 00 65 00 72 00 74 00 79 00 5F 00 r.o.p.e.r.t.y._.
003744 49 00 6E 00 66 00 6F 00 00 00 00 00 00 00 00 00 I.n.f.o.........
003760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003776 2A 00 02 01 FF FF FF FF 09 00 00 00 FF FF FF FF *...............
003792 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003808 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003824 00 00 00 00 02 00 00 00 46 00 00 00 00 00 00 00 ........F.......
003840 46 00 65 00 61 00 74 00 75 00 72 00 65 00 5F 00 F.e.a.t.u.r.e._.
003856 4D 00 61 00 73 00 6B 00 00 00 00 00 00 00 00 00 M.a.s.k.........
003872 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003888 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003904 1A 00 02 00 FF FF FF FF FF FF FF FF FF FF FF FF ................
003920 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003936 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003952 00 00 00 00 01 00 00 00 38 00 00 00 00 00 00 00 ........8.......
003968 45 00 46 00 53 00 5F 00 42 00 61 00 63 00 6B 00 E.F.S._.B.a.c.k.
003984 75 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 u.p.............
004000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004016 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004032 16 00 01 01 08 00 00 00 06 00 00 00 0E 00 00 00 ................
004048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004064 00 00 00 00 [COLOR="red"]C0 DC 7F 26 DE[/COLOR] CD CD 01 [COLOR="red"]00 C4 1D 2A[/COLOR] .......&.......*
004080 [COLOR="red"] DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004096 4E 00 56 00 5F 00 49 00 74 00 65 00 6D 00 73 00 N.V._.I.t.e.m.s.
004112 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004128 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004144 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004160 12 00 01 00 FF FF FF FF FF FF FF FF 0C 00 00 00 ................
004176 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004192 00 00 00 00 [COLOR="red"]60 3E 9C 26 DE[/COLOR] CD CD 01 [COLOR="red"]E0 49 DD 27[/COLOR] ....`>.&.....I.'
004208 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004224 50 00 72 00 6F 00 76 00 69 00 73 00 69 00 6F 00 P.r.o.v.i.s.i.o.
004240 6E 00 69 00 6E 00 67 00 5F 00 49 00 74 00 65 00 n.i.n.g._.I.t.e.
004256 6D 00 5F 00 46 00 69 00 6C 00 65 00 73 00 00 00 m._.F.i.l.e.s...
004272 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004288 30 00 01 00 FF FF FF FF FF FF FF FF 0A 00 00 00 0...............
004304 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004320 00 00 00 00 [COLOR="red"]A0 4B 9F 26 DE[/COLOR] CD CD 01 [COLOR="red"]E0 1E FF 26[/COLOR] .....K.&.......&
004336 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004352 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004368 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004384 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004416 10 00 01 01 FF FF FF FF 0B 00 00 00 42 01 00 00 ............B...
004432 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004448 00 00 00 00 [COLOR="red"]A0 4B 9F 26 DE[/COLOR] CD CD 01 [COLOR="red"]E0 1E FF 26[/COLOR] .....K.&.......&
004464 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004480 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
004496 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004512 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004528 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004544 12 00 01 00 FF FF FF FF FF FF FF FF 35 01 00 00 ............5...
004560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004576 00 00 00 00 [COLOR="red"]A0 4B 9F 26 DE[/COLOR] CD CD 01 [COLOR="red"]E0 1E FF 26[/COLOR] .....K.&.......&
004592 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004608 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004624 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004656 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004672 10 00 01 01 FF FF FF FF 0D 00 00 00 03 01 00 00 ................
004688 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004704 00 00 00 00 [COLOR="red"]60 3E 9C 26 DE[/COLOR] CD CD 01 [COLOR="red"]E0 49 DD 27[/COLOR] ....`>.&.....I.'
004720 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004736 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
004752 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004768 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004784 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004800 12 00 01 00 FF FF FF FF FF FF FF FF B5 00 00 00 ................
004816 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004832 00 00 00 00 [COLOR="red"]70 65 9C 26 DE[/COLOR] CD CD 01[COLOR="red"] E0 49 DD 27[/COLOR] ....pe.&.....I.'
004848 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004864 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004880 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004896 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004912 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004928 10 00 01 01 FF FF FF FF 0F 00 00 00 63 00 00 00 ............c...
004944 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004960 00 00 00 00 [COLOR="red"]C0 DC 7F 26 DE[/COLOR] CD CD 01 [COLOR="red"]00 C4 1D 2A[/COLOR] .......&.......*
004976 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004992 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
005008 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005024 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005056 12 00 01 00 FF FF FF FF FF FF FF FF 21 00 00 00 ............!...
005072 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005088 00 00 00 00 C0 DC 7F 26 DE CD CD 01 00 C4 1D 2A .......&.......*
005104 DE CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
005120 FE FF FF FF FE FF FF FF 03 00 00 00 FE FF FF FF ................

Deoxlar said:
Wow.. What your doing must be impressive. I have no idea what you just said lol
Sent from my SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
Thanks, although I don't think it's that impressive, or I would have figured this out by now.
I'll post the last 4 sections tomorrow, it's getting really late here.

This could possibly lead to a genuine unlock for everyone. I'll unlock my device soon as I'll be traveling next month. I'll upload some hex values later.

This guy here has an app to unlock samsung phones. It doesn't support our model yet he eventually wants to add support for it. Maybe get in contact with him and try to speed things along he might be able to make more sense odd what you've got posted here
http://forum.xda-developers.com/showthread.php?t=1846451
Sent from my SGH-I747M using xda premium

Here's the 4th block:
Before:
Code:
008624 00 00 00 00 00 00 00 00 88 00 01 00 59 07 00 00 ............Y...
008640 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008656 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008672 00 80 E5 16 C5 14 CD 11 B3 0E 1D 0C 11 0A 49 07 ..............I.
008688 [COLOR="DeepSkyBlue"]43[/COLOR] 04 CF 03 [COLOR="DeepSkyBlue"]49[/COLOR] 03 8B 02 CF 01 3F 01 [COLOR="DeepSkyBlue"]A3[/COLOR] 00 [COLOR="DeepSkyBlue"]09[/COLOR] 00 [COLOR="DeepSkyBlue"]C[/COLOR]...[COLOR="DeepSkyBlue"]I[/COLOR].....?.[COLOR="DeepSkyBlue"].[/COLOR].[COLOR="DeepSkyBlue"].[/COLOR].
008704 [COLOR="DeepSkyBlue"]6D[/COLOR] FF [COLOR="DeepSkyBlue"]C7[/COLOR] FE 2D FE 8B FD DD FC 65 FC EF FB 3B FB [COLOR="DeepSkyBlue"]m[/COLOR].[COLOR="DeepSkyBlue"].[/COLOR].-.....e...;.
008720 83 FA 01 FA 7F F9 03 F9 81 F8 3D F5 05 F3 75 F0 ..........=...u.
008736 8B ED EB EB 61 EA 00 80 00 80 00 80 00 80 00 80 ....a...........
008752 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008768 88 00 01 00 5B 07 00 00 7B 01 00 00 00 00 00 00 ....[...{.......
After
Code:
008624 00 00 00 00 00 00 00 00 88 00 01 00 59 07 00 00 ............Y...
008640 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008656 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008672 00 80 E5 16 C5 14 CD 11 B3 0E 1D 0C 11 0A 49 07 ..............I.
008688 [B][COLOR="Red"]45[/COLOR][/B] 04 CF 03 [COLOR="red"][B]47[/B][/COLOR] 03 8B 02 CF 01 3F 01 [COLOR="red"][B]A5[/B][/COLOR] 00 [COLOR="red"][B]0B[/B][/COLOR] 00 [COLOR="red"][B]E[/B][/COLOR]...[COLOR="red"][B]G[/B][/COLOR].....?.[B][COLOR="red"].[/COLOR][/B].[COLOR="red"][B].[/B][/COLOR].
008704 [COLOR="Red"][B]6F[/B][/COLOR] FF [COLOR="red"][B]CB[/B][/COLOR] FE 2D FE 8B FD DD FC 65 FC EF FB 3B FB [COLOR="red"][B]o[/B][/COLOR].[COLOR="red"][B].[/B][/COLOR].-.....e...;.
008720 83 FA 01 FA 7F F9 03 F9 81 F8 3D F5 05 F3 75 F0 ..........=...u.
008736 8B ED EB EB 61 EA 00 80 00 80 00 80 00 80 00 80 ....a...........
008752 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008768 88 00 01 00 5B 07 00 00 7B 01 00 00 00 00 00 00 ....[...{.......
---------------------------------------------------------------------------------------------------------
and 5th Block:
Before:
Code:
043984 00 00 00 00 00 00 00 00 88 00 01 00 D2 02 00 00 ................
044000 03 00 00 00 09 00 00 00 00 04 03 02 06 01 00 07 ................
044016 05 09 08 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044032 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044064 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044096 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044112 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044128 88 00 01 00 D3 02 00 00 03 00 02 03 08 08 00 26 ...............&
044144 04 00 00 10 00 00 00 00 00 00 00 63 2F BA 04 A0 ...........c/...
044160 17 00 00 C1 00 00 00 03 00 02 03 08 08 00 3F 04 ..............?.
044176 00 00 10 00 00 00 00 00 00 00 8B 52 BA 04 90 17 ...........R....
044192 00 00 00 00 00 00 03 01 00 03 04 01 00 4B 02 00 .............K..
044208 00 01 00 00 00 00 00 00 00 09 00 00 00 30 0A 00 .............0..
044224 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ."..............
044240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044256 00 00 00 00 00 00 00 00 88 00 01 00 E1 02 00 00 ................
044272 03 01 00 03 04 01 00 53 11 00 00 10 00 00 00 00 .......S........
044288 00 00 00 09 00 00 00 30 0A 00 00 22 00 00 00 03 .......0..."....
044304 01 00 03 04 01 00 64 02 00 00 01 00 00 00 00 00 ......d.........
044320 00 00 09 00 00 00 30 0A 00 00 22 00 00 00 03 00 ......0...".....
044336 02 03 08 08 00 32 02 00 00 01 00 00 00 00 00 00 .....2..........
044352 00 AB 6A BA 04 10 0C 00 00 00 00 00 00 00 00 00 ..j.............
044368 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044384 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044400 88 00 01 00 E2 02 00 00 03 01 00 03 04 01 00 1E ................
044416 11 00 00 10 00 00 00 00 00 00 00 C6 15 9D 06 30 ...............0
044432 0A 00 00 0B 00 00 00 03 00 02 03 08 08 00 19 02 ................
044448 00 00 01 00 00 00 00 00 00 00 43 5E BA 04 90 17 ..........C^....
044464 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044480 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044496 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044512 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044528 00 00 00 00 00 00 00 00 88 00 01 00 E3 02 00 00 ................
044544 03 00 02 03 08 08 00 00 02 00 00 01 00 00 00 00 ................
044560 00 00 00 92 43 BA 04 10 0E 00 00 00 00 00 00 03 ....C...........
044576 00 02 03 08 08 00 4B 02 00 00 01 00 00 00 00 00 ......K.........
044592 00 00 E3 37 BA 04 10 0C 00 00 00 00 00 00 00 00 ...7............
044608 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
After
Code:
043984 00 00 00 00 00 00 00 00 88 00 01 00 D2 02 00 00 ................
044000 [COLOR="Red"][B]09[/B][/COLOR] 00 00 00 09 00 00 00 00 [COLOR="red"][B]02 09 05 07 08[/B][/COLOR] 00 [COLOR="red"][B]04[/B][/COLOR] ................
044016 [B][COLOR="red"]03 06 01[/COLOR][/B] 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044032 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044064 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044096 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044112 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044128 88 00 01 00 D3 02 00 00 03 [COLOR="red"][B]01 00[/B][/COLOR] 03 [COLOR="red"][B]02 06[/B][/COLOR] 00 [COLOR="red"][B]7D[/B][/COLOR] ...............}
044144 [COLOR="red"][B]02[/B][/COLOR] 00 00 [COLOR="red"][B]01[/B][/COLOR] 00 00 00 00 00 00 00 [COLOR="red"][B]09 00 00 00 80[/B][/COLOR] ................
044160 [COLOR="red"][B]07[/B][/COLOR] 00 00 [COLOR="red"][B]22[/B][/COLOR] 00 00 00 03 00 02 03 08 08 00 3F 04 ..."..........?.
044176 00 00 10 00 00 00 00 00 00 00 8B 52 BA 04 90 17 ...........R....
044192 00 00 00 00 00 00 03 01 00 03 04 01 00 4B 02 00 .............K..
044208 00 01 00 00 00 00 00 00 00 [COLOR="Red"][B]ED 09 D4 0D 00 1B[/B][/COLOR] 00 ................
044224 00 [COLOR="red"][B]00[/B][/COLOR] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044256 00 00 00 00 00 00 00 00 88 00 01 00 E1 02 00 00 ................
044272 03 01 00 03 04 01 00 53 11 00 00 10 00 00 00 00 .......S........
044288 00 00 00 09 00 00 00 30 0A 00 00 22 00 00 00 03 .......0..."....
044304 01 00 03 04 01 00 64 02 00 00 01 00 00 00 00 00 ......d.........
044320 00 00 09 00 00 00 30 0A 00 00 22 00 00 00 03 01 ......0...".....
044336 [COLOR="red"][B] 00[/B][/COLOR] 03 [COLOR="red"][B]04 01[/B][/COLOR] 00 [COLOR="red"][B]1F 11[/B][/COLOR] 00 00 [COLOR="red"][B]10[/B][/COLOR] 00 00 00 00 00 00 ................
044352 00 [COLOR="red"][B]39 50 D4 0D 00 1B[/B][/COLOR] 00 00 [COLOR="red"][B]22[/B][/COLOR] 00 00 00 00 00 00 .9P......"......
044368 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044384 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044400 88 00 01 00 E2 02 00 00 03 01 00 03 04 01 00 1E ................
044416 11 00 00 10 00 00 00 00 00 00 00 C6 15 9D 06 30 ...............0
044432 0A 00 00 0B 00 00 00 03 [COLOR="red"][B]01 00[/B][/COLOR] 03 [COLOR="red"][B]04 01[/B][/COLOR] 00 [COLOR="red"][B]6A 11[/B][/COLOR] ..............j.
044448 00 00 [COLOR="red"][B]10 [/B][/COLOR]00 00 00 00 00 00 00 [COLOR="red"][B]09 00 00 00 80 1B[/B][/COLOR] ................
044464 00 00 [COLOR="red"][B]22[/B][/COLOR] 00 00 00 00 00 00 00 00 00 00 00 00 00 ..".............
044480 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044496 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044512 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044528 00 00 00 00 00 00 00 00 88 00 01 00 E3 02 00 00 ................
044544 03 [COLOR="red"][B]01 00[/B][/COLOR] 03 [COLOR="red"][B]04 01[/B][/COLOR] 00 [COLOR="red"][B]51 11[/B][/COLOR] 00 00 [COLOR="red"][B]10[/B][/COLOR] 00 00 00 00 .......Q........
044560 00 00 00 [COLOR="red"][B]09 00 00 00 00 1B[/B][/COLOR] 00 00 [COLOR="red"][B]22[/B][/COLOR] 00 00 00 03 ..........."....
044576 [COLOR="red"][B]01 00[/B][/COLOR] 03 [COLOR="red"][B]04 01[/B][/COLOR] 00 [COLOR="red"][B]06 11[/B][/COLOR] 00 00 [COLOR="red"][B]10[/B][/COLOR] 00 00 00 00 00 ................
044592 00 00 [COLOR="red"][B]33 50 D4 0D 00 1B[/B][/COLOR] 00 00 00 00 00 00 00 00 ..3P............
044608 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Generated by wxHexEditor

Here's the 6th Block:
Before:
Code:
048352 7F 00 13 00 14 88 00 13 00 14 56 03 13 F0 62 86 ..........V...b.
048368 00 13 00 14 52 03 13 F0 62 8B 00 13 00 14 3D 00 ....R...b.....=.
048384 64 F0 00 41 00 64 F0 00 D5 01 64 F0 10 01 01 64 d..A.d....d....d
048400 F0 00 78 00 64 F0 10 B9 03 64 F0 02 C5 01 64 F0 ..x.d....d....d.
048416 10 46 00 64 F0 00 CD 01 64 F0 10 7C 00 64 F0 10 .F.d....d..|.d..
048432 C0 01 64 F0 10 72 00 64 F0 10 D3 01 64 F0 10 06 ..d..r.d....d...
048448 01 64 F0 00 08 01 64 F0 00 C3 01 64 F0 10 48 00 .d....d....d..H.
048464 64 F0 00 D7 01 64 F0 10 B6 01 64 F0 10 00 00 00 d....d....d.....
048480 88 00 01 00 D8 13 01 00 7F 00 13 00 14 88 00 13 ................
048496 00 14 56 03 13 F0 62 86 00 13 00 14 52 03 13 F0 ..V...b.....R...
048512 62 8B 00 13 00 14 3D 00 64 F0 00 41 00 64 F0 00 b.....=.d..A.d..
048528 D5 01 64 F0 10 01 01 64 F0 00 78 00 64 F0 10 B9 ..d....d..x.d...
048544 03 64 F0 02 C5 01 64 F0 10 46 00 64 F0 00 CD 01 .d....d..F.d....
048560 64 F0 10 7C 00 64 F0 10 C0 01 64 F0 10 72 00 64 d..|.d....d..r.d
048576 F0 10 D3 01 64 F0 10 06 01 64 F0 00 08 01 64 F0 ....d....d....d.
048592 00 C3 01 64 F0 10 48 00 64 F0 00 D7 01 64 F0 10 ...d..H.d....d..
048608 B6 01 64 F0 10 00 00 00 88 00 01 00 D9 13 00 00 ..d.............
048624 CB 01 64 F0 10 63 00 64 F0 10 76 00 64 F0 10 40 [email protected]
048640 00 64 F0 00 CF 01 64 F0 10 F9 00 64 F0 00 BD 01 .d....d....d....
048656 64 F0 10 D4 01 64 F0 10 7A 00 64 F0 10 D2 01 64 d....d..z.d....d
048672 F0 10 D1 01 64 F0 10 D9 01 64 F0 10 6F 00 64 F0 ....d....d..o.d.
048688 10 4B 00 64 F0 00 43 00 64 F0 00 3F 00 64 F0 00 .K.d..C.d..?.d..
048704 09 01 64 F0 00 0F 01 64 F0 00 44 00 64 F0 00 71 ..d....d..D.d..q
048720 00 64 F0 10 39 00 64 F0 00 BB 01 64 F0 10 FC 00 .d..9.d....d....
048736 64 F0 00 0E 01 64 F0 00 C7 01 64 F0 10 00 00 00 d....d....d.....
048752 88 00 01 00 D9 13 01 00 CB 01 64 F0 10 63 00 64 ..........d..c.d
048768 F0 10 76 00 64 F0 10 40 00 64 F0 00 CF 01 64 F0 [email protected]
048784 10 F9 00 64 F0 00 BD 01 64 F0 10 D4 01 64 F0 10 ...d....d....d..
048800 7A 00 64 F0 10 D2 01 64 F0 10 D1 01 64 F0 10 D9 z.d....d....d...
048816 01 64 F0 10 6F 00 64 F0 10 4B 00 64 F0 00 43 00 .d..o.d..K.d..C.
048832 64 F0 00 3F 00 64 F0 00 09 01 64 F0 00 0F 01 64 d..?.d....d....d
048848 F0 00 44 00 64 F0 00 71 00 64 F0 10 39 00 64 F0 ..D.d..q.d..9.d.
048864 00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01 64 F0 00 ...d....d....d..
048880 C7 01 64 F0 10 00 00 00 88 00 01 00 DA 13 00 00 ..d.............
048896 0C 01 64 F0 00 3B 00 64 F0 00 BA 01 64 F0 10 42 ..d..;.d....d..B
048912 00 64 F0 00 C2 01 64 F0 10 79 00 64 F0 10 74 00 .d....d..y.d..t.
048928 64 F0 10 6F 02 00 F1 10 95 02 00 F1 10 A1 02 03 d..o............
048944 02 27 7F 02 03 02 27 EC 00 03 02 27 5C 03 03 02 .'....'....'\...
048960 27 42 03 03 02 27 3D 00 64 F0 00 41 00 64 F0 00 'B...'=.d..A.d..
048976 D5 01 64 F0 10 01 01 64 F0 00 78 00 64 F0 10 B9 ..d....d..x.d...
048992 03 64 F0 02 C5 01 64 F0 10 46 00 64 F0 00 CD 01 .d....d..F.d....
049008 64 F0 10 7C 00 64 F0 10 C0 01 64 F0 10 00 00 00 d..|.d....d.....
049024 88 00 01 00 DA 13 01 00 0C 01 64 F0 00 3B 00 64 ..........d..;.d
049040 F0 00 BA 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0 ....d..B.d....d.
049056 10 79 00 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10 .y.d..t.d..o....
049072 95 02 00 F1 10 A1 02 03 02 27 7F 02 03 02 27 EC .........'....'.
049088 00 03 02 27 5C 03 03 02 27 42 03 03 02 27 3D 00 ...'\...'B...'=.
049104 64 F0 00 41 00 64 F0 00 D5 01 64 F0 10 01 01 64 d..A.d....d....d
049120 F0 00 78 00 64 F0 10 B9 03 64 F0 02 C5 01 64 F0 ..x.d....d....d.
049136 10 46 00 64 F0 00 CD 01 64 F0 10 7C 00 64 F0 10 .F.d....d..|.d..
049152 C0 01 64 F0 10 00 00 00 88 00 01 00 DB 13 00 00 ..d.............
049168 72 00 64 F0 10 D3 01 64 F0 10 06 01 64 F0 00 08 r.d....d....d...
049184 01 64 F0 00 C3 01 64 F0 10 48 00 64 F0 00 D7 01 .d....d..H.d....
049200 64 F0 10 B6 01 64 F0 10 CB 01 64 F0 10 63 00 64 d....d....d..c.d
049216 F0 10 76 00 64 F0 10 40 00 64 F0 00 CF 01 64 F0 [email protected]
049232 10 F9 00 64 F0 00 BD 01 64 F0 10 D4 01 64 F0 10 ...d....d....d..
049248 7A 00 64 F0 10 D2 01 64 F0 10 D1 01 64 F0 10 D9 z.d....d....d...
049264 01 64 F0 10 6F 00 64 F0 10 4B 00 64 F0 00 43 00 .d..o.d..K.d..C.
049280 64 F0 00 3F 00 64 F0 00 09 01 64 F0 00 00 00 00 d..?.d....d.....
049296 88 00 01 00 DB 13 01 00 72 00 64 F0 10 D3 01 64 ........r.d....d
049312 F0 10 06 01 64 F0 00 08 01 64 F0 00 C3 01 64 F0 ....d....d....d.
049328 10 48 00 64 F0 00 D7 01 64 F0 10 B6 01 64 F0 10 .H.d....d....d..
049344 CB 01 64 F0 10 63 00 64 F0 10 76 00 64 F0 10 40 [email protected]
049360 00 64 F0 00 CF 01 64 F0 10 F9 00 64 F0 00 BD 01 .d....d....d....
049376 64 F0 10 D4 01 64 F0 10 7A 00 64 F0 10 D2 01 64 d....d..z.d....d
049392 F0 10 D1 01 64 F0 10 D9 01 64 F0 10 6F 00 64 F0 ....d....d..o.d.
049408 10 4B 00 64 F0 00 43 00 64 F0 00 3F 00 64 F0 00 .K.d..C.d..?.d..
049424 09 01 64 F0 00 00 00 00 88 00 01 00 DC 13 00 00 ..d.............
049440 0F 01 64 F0 00 44 00 64 F0 00 71 00 64 F0 10 39 ..d..D.d..q.d..9
049456 00 64 F0 00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01 .d....d....d....
049472 64 F0 00 C7 01 64 F0 10 0C 01 64 F0 00 3B 00 64 d....d....d..;.d
049488 F0 00 BA 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0 ....d..B.d....d.
049504 10 79 00 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10 .y.d..t.d..o....
049520 95 02 00 F1 10 FF FF FF FF FF FF FF FF FF FF FF ................
After: (color coding still in progress - manual process)
Code:
048352 [COLOR="Red"]70 02[/COLOR] 13 [COLOR="red"]F0 62 B3[/COLOR] 00 13 00 14 [COLOR="red"]B8 00 [/COLOR]13 [COLOR="red"]00 14 44[/COLOR] p...b..........D
048368 [COLOR="red"]03[/COLOR] 13 00 14 [COLOR="red"]40[/COLOR] 03 13 [COLOR="red"]00 14 B1[/COLOR] 00 13 00 14 [COLOR="red"]B5[/COLOR] 00 [email protected]
048384 [COLOR="red"]13 00 14 BC[/COLOR] 00 [COLOR="red"]13 00 14 75 02 13[/COLOR] F0 [COLOR="red"]62 72 02 13 [/COLOR] ........u...br..
048400 F0 [COLOR="red"]62[/COLOR] 78[COLOR="red"] 02 13 [/COLOR]F0 [COLOR="red"]62 B7 00 13 00 14 B9 00 13 00[/COLOR] .bx...b.........
048416 [COLOR="red"]14 B0[/COLOR] 00 [COLOR="red"]13 00 14 73 02 13[/COLOR] F0 [COLOR="red"]62 46 03 13 00 14[/COLOR] ......s...bF....
048432 3A 03 13 00 14 79 02 13 F0 62 BD 00 13 00 14 43 :....y...b.....C
048448 03 13 00 14 41 03 13 00 14 3F 03 13 00 14 3E 03 ....A....?....>.
048464 13 00 14 39 03 13 00 14 BA 00 13 00 14 00 00 00 ...9............
048480 88 00 01 00 D8 13 01 00 70 02 13 F0 62 B3 00 13 ........p...b...
048496 00 14 B8 00 13 00 14 44 03 13 00 14 40 03 13 00 [email protected]
048512 14 B1 00 13 00 14 B5 00 13 00 14 BC 00 13 00 14 ................
048528 75 02 13 F0 62 72 02 13 F0 62 78 02 13 F0 62 B7 u...br...bx...b.
048544 00 13 00 14 B9 00 13 00 14 B0 00 13 00 14 73 02 ..............s.
048560 13 F0 62 46 03 13 00 14 3A 03 13 00 14 79 02 13 ..bF....:....y..
048576 F0 62 BD 00 13 00 14 43 03 13 00 14 41 03 13 00 .b.....C....A...
048592 14 3F 03 13 00 14 3E 03 13 00 14 39 03 13 00 14 .?....>....9....
048608 BA 00 13 00 14 00 00 00 88 00 01 00 D9 13 00 00 ................
048624 B6 00 13 00 14 38 03 13 00 14 3C 03 13 00 14 B4 .....8....<.....
048640 00 13 00 14 7C 02 13 F0 62 AF 00 13 00 14 45 03 ....|...b.....E.
048656 13 00 14 7B 02 13 F0 62 74 02 13 F0 62 7F 00 13 ...{...bt...b...
048672 00 14 88 00 13 00 14 56 03 13 F0 62 86 00 13 00 .......V...b....
048688 14 52 03 13 F0 62 8B 00 13 00 14 3D 00 64 F0 00 .R...b.....=.d..
048704 41 00 64 F0 00 D5 01 64 F0 10 01 01 64 F0 00 78 A.d....d....d..x
048720 00 64 F0 10 B9 03 64 F0 02 C5 01 64 F0 10 46 00 .d....d....d..F.
048736 64 F0 00 CD 01 64 F0 10 7C 00 64 F0 10 00 00 00 d....d..|.d.....
048752 88 00 01 00 D9 13 01 00 B6 00 13 00 14 38 03 13 .............8..
048768 00 14 3C 03 13 00 14 B4 00 13 00 14 7C 02 13 F0 ..<.........|...
048784 62 AF 00 13 00 14 45 03 13 00 14 7B 02 13 F0 62 b.....E....{...b
048800 74 02 13 F0 62 7F 00 13 00 14 88 00 13 00 14 56 t...b..........V
048816 03 13 F0 62 86 00 13 00 14 52 03 13 F0 62 8B 00 ...b.....R...b..
048832 13 00 14 3D 00 64 F0 00 41 00 64 F0 00 D5 01 64 ...=.d..A.d....d
048848 F0 10 01 01 64 F0 00 78 00 64 F0 10 B9 03 64 F0 ....d..x.d....d.
048864 02 C5 01 64 F0 10 46 00 64 F0 00 CD 01 64 F0 10 ...d..F.d....d..
048880 7C 00 64 F0 10 00 00 00 88 00 01 00 DA 13 00 00 |.d.............
048896 C0 01 64 F0 10 72 00 64 F0 10 D3 01 64 F0 10 06 ..d..r.d....d...
048912 01 64 F0 00 08 01 64 F0 00 C3 01 64 F0 10 48 00 .d....d....d..H.
048928 64 F0 00 D7 01 64 F0 10 B6 01 64 F0 10 CB 01 64 d....d....d....d
048944 F0 10 63 00 64 F0 10 76 00 64 F0 10 40 00 64 F0 [email protected]
048960 00 CF 01 64 F0 10 F9 00 64 F0 00 BD 01 64 F0 10 ...d....d....d..
048976 D4 01 64 F0 10 7A 00 64 F0 10 D2 01 64 F0 10 D1 ..d..z.d....d...
048992 01 64 F0 10 D9 01 64 F0 10 6F 00 64 F0 10 4B 00 .d....d..o.d..K.
049008 64 F0 00 43 00 64 F0 00 3F 00 64 F0 00 00 00 00 d..C.d..?.d.....
049024 88 00 01 00 DA 13 01 00 C0 01 64 F0 10 72 00 64 ..........d..r.d
049040 F0 10 D3 01 64 F0 10 06 01 64 F0 00 08 01 64 F0 ....d....d....d.
049056 00 C3 01 64 F0 10 48 00 64 F0 00 D7 01 64 F0 10 ...d..H.d....d..
049072 B6 01 64 F0 10 CB 01 64 F0 10 63 00 64 F0 10 76 ..d....d..c.d..v
049088 00 64 F0 10 40 00 64 F0 00 CF 01 64 F0 10 F9 00 [email protected]
049104 64 F0 00 BD 01 64 F0 10 D4 01 64 F0 10 7A 00 64 d....d....d..z.d
049120 F0 10 D2 01 64 F0 10 D1 01 64 F0 10 D9 01 64 F0 ....d....d....d.
049136 10 6F 00 64 F0 10 4B 00 64 F0 00 43 00 64 F0 00 .o.d..K.d..C.d..
049152 3F 00 64 F0 00 00 00 00 88 00 01 00 DB 13 00 00 ?.d.............
049168 09 01 64 F0 00 0F 01 64 F0 00 44 00 64 F0 00 71 ..d....d..D.d..q
049184 00 64 F0 10 39 00 64 F0 00 BB 01 64 F0 10 FC 00 .d..9.d....d....
049200 64 F0 00 0E 01 64 F0 00 C7 01 64 F0 10 0C 01 64 d....d....d....d
049216 F0 00 3B 00 64 F0 00 BA 01 64 F0 10 42 00 64 F0 ..;.d....d..B.d.
049232 00 C2 01 64 F0 10 79 00 64 F0 10 74 00 64 F0 10 ...d..y.d..t.d..
049248 6F 02 00 F1 10 95 02 00 F1 10 A1 02 03 02 27 7F o.............'.
049264 02 03 02 27 EC 00 03 02 27 5C 03 03 02 27 42 03 ...'....'\...'B.
049280 03 02 27 3F 00 64 F0 00 09 01 64 F0 00 00 00 00 ..'?.d....d.....
049296 88 00 01 00 DB 13 01 00 09 01 64 F0 00 0F 01 64 ..........d....d
049312 F0 00 44 00 64 F0 00 71 00 64 F0 10 39 00 64 F0 ..D.d..q.d..9.d.
049328 00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01 64 F0 00 ...d....d....d..
049344 C7 01 64 F0 10 0C 01 64 F0 00 3B 00 64 F0 00 BA ..d....d..;.d...
049360 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0 10 79 00 .d..B.d....d..y.
049376 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10 95 02 00 d..t.d..o.......
049392 F1 10 A1 02 03 02 27 7F 02 03 02 27 EC 00 03 02 ......'....'....
049408 27 5C 03 03 02 27 42 03 03 02 27 3F 00 64 F0 00 '\...'B...'?.d..
049424 09 01 64 F0 00 00 00 00 88 00 01 00 DC 13 00 00 ..d.............
049440 0F 01 64 F0 00 44 00 64 F0 00 71 00 64 F0 10 39 ..d..D.d..q.d..9
049456 00 64 F0 00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01 .d....d....d....
049472 64 F0 00 C7 01 64 F0 10 0C 01 64 F0 00 3B 00 64 d....d....d..;.d
049488 F0 00 BA 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0 ....d..B.d....d.
049504 10 79 00 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10 .y.d..t.d..o....
049520 95 02 00 F1 10 FF FF FF FF FF FF FF FF FF FF FF ................

OP I have been in contact with Spock12 on this thread he might be able to help out if he can find a US & Varients on ebay for cheep...
Hopeful he can get this work it would be Fantastic for us > US & Variants GS3 I747- I747M

Waiting that somebody posts it's nvram dump (or that I find a device), did you try to make another dump of your nvram and compare it once again with those you already have ? It might help to discriminate some areas found by the first diff.
Edit : Also I've seen a thread called "free SIM unlock n7105", seems that a hidden Samsung menu allows note 2 unlocking. As its really easy to use, perhaps somebody should ask them to make a nvram dump before/after so that we have more material to work on (assuming the simlock is located in the same place)

i have to ask. what is the point of unlocking a phone ? should i have mine unlocked ?

sedwards1969 said:
i have to ask. what is the point of unlocking a phone ? should i have mine unlocked ?
Click to expand...
Click to collapse
So that you can put another carrier SIM in your phone. Mine is locked to at&t so if I travel abroad I can't use another service. Further more, if I sell it, I can only offer to other at&t users which reduces it's value.
Sent from my SGH-T999 using Tapatalk 2

This method is confirmed working to unlock your phone from the samsung hidden menu
http://forum.xda-developers.com/showthread.php?t=2014982
Its for a note 2 but give it a shot sgs3 still has the same menu and all the same options
Sent from my SGH-I747M using xda premium

thatsupnow said:
This method is confirmed working to unlock your phone from the samsung hidden menu
http://forum.xda-developers.com/showthread.php?t=2014982
Its for a note 2 but give it a shot sgs3 still has the same menu and all the same options
Sent from my SGH-I747M using xda premium
Click to expand...
Click to collapse
Doesn't work.
Maybe it will work when we get JB update on Monday.
Sent from my SGH-I747M

thatsupnow said:
This method is confirmed working to unlock your phone from the samsung hidden menu
http://forum.xda-developers.com/showthread.php?t=2014982
Its for a note 2 but give it a shot sgs3 still has the same menu and all the same options
Sent from my SGH-I747M using xda premium
Click to expand...
Click to collapse
Wanted to report in this thread that the above link sim unlocked my att i747. I tried numerous sims and was never prompted for the sim unlock code. I tried a verizon sim, tmobile sim, simple mobile sim. Great find !!! Thank you. I believe that it is important to follow instructions to the t. It says "wait 30 seconds" at one point and "wait one minute" at another. Just my two cents and confirmation.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2

yulet said:
Doesn't work.
Maybe it will work when we get JB update on Monday.
Sent from my SGH-I747M
Click to expand...
Click to collapse
make sure your on bone stock rom, that's what alot of other users are saying
Sent from my SGH-I747M using xda premium

thatsupnow said:
make sure your on bone stock rom, that's what alot of other users are saying
Sent from my SGH-I747M using xda premium
Click to expand...
Click to collapse
I re-flashed TELUS ROM, didn't work. Then I tried stock AT&T ROM, same result.

thatsupnow said:
make sure your on bone stock rom, that's what alot of other users are saying
Sent from my SGH-I747M using xda premium
Click to expand...
Click to collapse
Yes. Im on stock LH9. Worked for me.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
I tested before proccedure and got the "enter unlock code" then after...I had data and voice. I tried 2 sims. One tmobile and the other a simple mobile. I even stuck in a verizon sim and had 4 bars on unknown network but in service. This was in Yuma Az.