Develop Bugs

[ASK] Link2SD for galaxy W

I wanna ask,
is galaxy w need link2sd installed?
what setting that would be good if installing link2sd?

Actually it depends on how much applications you want being installed on your phone but yes it worths installing it for at least 5 reasons:
Being able to mount to your computer your SD cards using the debug mode without stopping the applications that you should have moved to the SD card using the native App2SD.
Not being limited by the size of the /data partition because of the *.dex files generated for the dalvik cache.
You can move any kind of applications even those that are not movable to SD!
Link2SD includes free utilities like conversion of system application to user application (and vice versa) that you'll have to pay for with other solutions like Titanium Backup.
Avoiding slow downs because of the loop mounts created (Just run the "mount" command from an adb shell or terminal and you'll see).
Indeed I noticed a global slow down of my phone after I've started getting more and more applications being installed and beside I'm using some other tool to avoid push services and other unwanted background processes to be started by some applications, I've come to the conclusion that too many loop mounts because of the native App2SD is not good either (I suspect it takes over the RAM).
Actually the Link2SD FAQ will give you all the good reasons why to use it:
http://www.link2sd.info/faq
Recommendations:
I'd like to also share share my experience (I may move the following to another thread):
Recommend microSD cards:
Regarding the microSD card you can use even a 32 GB class 10.
The ones I recommend (32 GB class 10) are Samsung, SanDisk, Transcend (Those Transcend ones made in Korea are logically made by Samsung, the ones made in China are made by SanDisk).
Partitionning and formatting:
The tough part is the partitioning and formatting.
Out of the box, all the microSD cards are partitioned and formatted so that they are aligned with their erase block size (it can be 8 MiB, 12 MiB...)
Thus you'll have to consult so you'll know the erase block size:
the Linaro flash card survey:
https://wiki.linaro.org/WorkingGroups/Kernel/Projects/FlashCardSurvey
the corresponding flashbench mailing list
http://lists.linaro.org/mailman/listinfo/flashbench-results
You can also use the flashbench tool to figure it out.
The problem is that you cannot create or resize the FAT32 partition using Windows (even with minitool partition or paragon partition manager), nor with Linux by using gparted or other because you won't get your partitions aligned with the erase blocks and thus you'll get bad performances and faster wearing of your card.
Backup:
Before formatting do a raw backup of the first 16 MiB (for the partitions table and the FAT32 description) using busybox dd on the phone itself or dd on Linux.
For example on the phone:
dd if=/dev/block/mmcblk1 of=/sdcard/mmcblk1-orig-1st-16MiB.img bs=4M count=4
Also you must keep using the default cluster size of 32 kiB because of optimization done at the level of Android and because smaller cluster size will mean more memory taken from the RAM - Actually the FAT is loaded in the RAM, so you must keep it not too big.
Formulas:
Then decide how much you need for the Link2SD partition - You can start with 1 GiB or so, personally I use about 2 GiB. You can check how much space is taken by the asec images to decide...
Now here comes some math (The formulas are to be used in LibreOffice Calc):
Partitioning:
We need to define the new size for the FAT32 partition at the beginning so it is aligned with the erase block size and so that the File Allocation Tables are located between the special offsets (especially true with SanDisk - for example the FAT must be located between the offsets at 4 MiB and 12 MiB, that's why most SD card have 4 MiB unpartitioned free space at the beginning).
Code:
new_fat32_partition_size = MROUND(whole_microsd_size - wanted_link2sd_partition_size + fat32_start_offset ; erase_block_size) - fat32_start_offset
With:
whole_microsd_size: The actual total size of the card - You can get it using fdisk.
wanted_link2sd_partition_size: The size you'd like for the Link2SD partition.
fat32_start_offset: The offset where the 1st FAT32 partition starts.
erase_block_size: The erase block size.
So for example for a SanDisk microSDHC 32 GB Class 10, we have an erase block size of 12 MiB (actually 3 times 4 MiB) and a FAT description that has to start at the offset at 4 MiB and then next erase block that starts at the offset at 12 MiB.
Therefore you'll have:
Code:
new_fat32_partition_size = MROUND(30,101,504 kiB - 1,061,376 kiB + 4,194,304 kiB ; erase_block_size) - 12 582 912 kiB = 30,101,504 kiB
Therefore using fdisk you should get something like the following when printing the partitions (p) - Don't forget to disable the DOS compatibility flag and use the sector as the unit:
Code:
Disk /dev/mmcblk0: 31.9 GB, 31914983424 bytes
4 heads, 16 sectors/track, 973968 cylinders, total 62333952 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x9a064f9d
Device Boot Start End Blocks Id System
/dev/mmcblk0p1 8192 60211199 30101504 c W95 FAT32 (LBA)
/dev/mmcblk0p2 60211200 62333951 1061376 83 Linux
FAT32 formatting:
In order to use mkdosfs 3.0.9 or later with the right amount of reserved sectors so the root directory and data will start exactly at the next erase block offset.
The idea is to make so that the FATs ends exactly before that offset, but for that we need to know the size of one FAT.
Here is the formula based on mkdosfs source code, to calculate that needed number of reserved sectors:
Code:
total_number_of_sectors = total_number_of_blocks * block_size / sector_size
number_of_sectors_for_fats_and_data = total_number_of_sectors - MROUND(default_number_of_reserved_sectors ; cluster_size)
number_of_clusters = (number_of_sectors_for_fats_and_data * sector_size + number_of_fats * 8) / (cluster_size * sector_size + number_of_fats * 4)
fat_size = MROUND(CEILING((number_of_clusters + 2) * 4 / sector_size ; 1) ; cluster_size)
root_directory_offset = default_number_of_reserved_sectors + number_of_fats * fat_size
aligned_root_directory_offset = MROUND(root_directory_offset ; erase_block_size * 1024^2 / sector_size)
number_of_reserved_sectors = aligned_root_directory_offset - root_directory_offset + default_number_of_reserved_sectors
With:
sector_size: 512 bytes (Standard value)
block_size: 1,024 bytes (Standard value)
total_number_of_blocks: new_fat32_partition_size in kiB
default_number_of_reserved_sectors: 64 (can be 32)
cluster_size: 64 sectors (i.e. 32 kiB)
number_of_fats: 2 (Standard value)
So for example for that same card you'll get:
Code:
total_number_of_sectors = 60,203,008
number_of_reserved_sectors = 1,664
Therefore here is the command to format the FAT32 partition:
Code:
$> sudo mkdosfs -F 32 -s 64 -R 1664 -n EXTERNAL_SD -v /dev/mmcblk0p1
mkdosfs 3.0.9 (31 Jan 2010)
/dev/mmcblk0p1 has 4 heads and 16 sectors per track,
logical sector size is 512,
using 0xf8 media descriptor, with 60203008 sectors;
file system has 2 32-bit FATs and 64 sectors per cluster.
FAT size is 7360 sectors, and provides 940416 clusters.
There are 1664 reserved sectors.
Volume ID is 8aa89e36, volume label EXTERNAL_SD.
You can see that each FAT takes less than 3.6 MiB, so with 2 FATs and the reserved sector the FAT description takes less than 8 MiB.
You can then check using hexdump if indeed the root directory starts at the the 12 MiB offset (knowing that the partition begin at the 4 MiB offset - indeed 12 = 4 + 8).
For that let's read the first 13 MiB of the card:
Code:
$> sudo hd -n $[13*1024*1024] /dev/mmcblk0
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 82 |................|
000001c0 03 00 0c f8 95 a3 00 20 00 00 00 a0 96 03 00 f8 |....... ........|
000001d0 96 a3 83 1b f3 28 00 c0 96 03 00 64 20 00 00 00 |.....(.....d ...|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00400000 eb 58 90 6d 6b 64 6f 73 66 73 00 00 02 40 80 06 |[email protected]|
00400010 02 00 00 00 00 f8 00 00 10 00 04 00 00 00 00 00 |................|
00400020 00 a0 96 03 c0 1c 00 00 00 00 00 00 02 00 00 00 |................|
00400030 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00400040 00 00 29 e5 a5 dc 46 45 58 54 45 52 4e 41 4c 5f |..)...FEXTERNAL_|
00400050 53 44 46 41 54 33 32 20 20 20 0e 1f be 77 7c ac |SDFAT32 ...w|.|
00400060 22 c0 74 0b 56 b4 0e bb 07 00 cd 10 5e eb f0 32 |".t.V.......^..2|
00400070 e4 cd 16 cd 19 eb fe 54 68 69 73 20 69 73 20 6e |.......This is n|
00400080 6f 74 20 61 20 62 6f 6f 74 61 62 6c 65 20 64 69 |ot a bootable di|
00400090 73 6b 2e 20 20 50 6c 65 61 73 65 20 69 6e 73 65 |sk. Please inse|
004000a0 72 74 20 61 20 62 6f 6f 74 61 62 6c 65 20 66 6c |rt a bootable fl|
004000b0 6f 70 70 79 20 61 6e 64 0d 0a 70 72 65 73 73 20 |oppy and..press |
004000c0 61 6e 79 20 6b 65 79 20 74 6f 20 74 72 79 20 61 |any key to try a|
004000d0 67 61 69 6e 20 2e 2e 2e 20 0d 0a 00 00 00 00 00 |gain ... .......|
004000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
004001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00400200 52 52 61 41 00 00 00 00 00 00 00 00 00 00 00 00 |RRaA............|
00400210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
004003e0 00 00 00 00 72 72 41 61 7e 59 0e 00 03 00 00 00 |....rrAa~Y......|
004003f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00400400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00400c00 eb 58 90 6d 6b 64 6f 73 66 73 00 00 02 40 80 06 |[email protected]|
00400c10 02 00 00 00 00 f8 00 00 10 00 04 00 00 00 00 00 |................|
00400c20 00 a0 96 03 c0 1c 00 00 00 00 00 00 02 00 00 00 |................|
00400c30 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00400c40 00 00 29 e5 a5 dc 46 45 58 54 45 52 4e 41 4c 5f |..)...FEXTERNAL_|
00400c50 53 44 46 41 54 33 32 20 20 20 0e 1f be 77 7c ac |SDFAT32 ...w|.|
00400c60 22 c0 74 0b 56 b4 0e bb 07 00 cd 10 5e eb f0 32 |".t.V.......^..2|
00400c70 e4 cd 16 cd 19 eb fe 54 68 69 73 20 69 73 20 6e |.......This is n|
00400c80 6f 74 20 61 20 62 6f 6f 74 61 62 6c 65 20 64 69 |ot a bootable di|
00400c90 73 6b 2e 20 20 50 6c 65 61 73 65 20 69 6e 73 65 |sk. Please inse|
00400ca0 72 74 20 61 20 62 6f 6f 74 61 62 6c 65 20 66 6c |rt a bootable fl|
00400cb0 6f 70 70 79 20 61 6e 64 0d 0a 70 72 65 73 73 20 |oppy and..press |
00400cc0 61 6e 79 20 6b 65 79 20 74 6f 20 74 72 79 20 61 |any key to try a|
00400cd0 67 61 69 6e 20 2e 2e 2e 20 0d 0a 00 00 00 00 00 |gain ... .......|
00400ce0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00400df0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00400e00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
004d0000 f8 ff ff 0f ff ff ff 0f f8 ff ff 0f ff ff ff 0f |................|
004d0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00868000 f8 ff ff 0f ff ff ff 0f f8 ff ff 0f ff ff ff 0f |................|
00868010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00c00000 45 58 54 45 52 4e 41 4c 5f 53 44 08 00 00 52 b3 |EXTERNAL_SD...R.|
We can see that indeed the root partition starts at the offset 0x00c00000 which is 12 MiB!
Also note that 0x00400000 is the 4 MiB offset, the beginning of the FAT32 partition...
You can try the hexdump against the backup you did and you'll see that the factory formatting is also with a number of reserved sector so that the root directory is aligned. For example I've found the root directory at the 12 MiB offset (of course) and for that they use 1,170 reserved sector (I've decoded the hexdump to get that value) which matches the formula. They also set 8,192 hidden sectors - that's more for compatibility with some cameras, we don't care here...
Link2SD formatting:
I use ext4 for that partition, I've got inspiration from http://blogofterje.wordpress.com/2012/01/14/optimizing-fs-on-sd-card/, however I'm not sure if indeed using the stride and the stripe-width options is really needed:
Code:
[FONT=Courier New]$ sudo mkfs.ext4 -O ^has_journal -E stride=4,stripe-width=512 -b 4096 -L Link2SD /dev/mmcblk0p2
mke2fs 1.41.14 (22-Dec-2010)
Filesystem label=Link2SD
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=4 blocks, Stripe width=512 blocks
66384 inodes, 265344 blocks
13267 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=272629760
9 block groups
32768 blocks per group, 32768 fragments per group
7376 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 30 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.[/FONT]
Anyway I consider the Link2SD partition is going to be used much more for read than write and we need the same file system that is used on the other partitions of the phone (i.e. ext4).
I hope it's not too complicated and that will help
Some other references:
http://android.bytearrays.com/android/align-your-sdcard-fat-and-ext-partition/
http://www.bradfordembedded.com/2011/12/format-an-sd-card-with-8-mib-aligned-partitions/
http://www.olpcnews.com/forum/index.php?topic=4993.0
http://www.patriotmemory.com/forums...ite-speed-by-aligning-FAT32&p=41521#post41521
http://forum.xda-developers.com/showthread.php?t=1224408

What a long and completed answer
I'll read and try to understand the way one-by-one. Thanks for sharing your knowledge!
Sent from my GT-I8150 using Tapatalk 2

v0rt3x said:
Actually it depends on how much applications you want being installed on your phone but yes it worths installing it for at least 5 reasons:
Being able to mount to your computer your SD cards using the debug mode without stopping the applications that you should have moved to the SD card using the native App2SD.
Not being limited by the size of the /data partition because of the *.dex files generated for the dalvik cache.
You can move any kind of applications even those that are not movable to SD!
Link2SD includes free utilities like conversion of system application to user application (and vice versa) that you'll have to pay for with other solutions like Titanium Backup.
Avoiding slow downs because of the loop mounts created (Just run the "mount" command from an adb shell or terminal and you'll see).
Indeed I noticed a global slow down of my phone after I've started getting more and more applications being installed and beside I'm using some other tool to avoid push services and other unwanted background processes to be started by some applications, I've come to the conclusion that too many loop mounts because of the native App2SD is not good either (I suspect it takes over the RAM).
Actually the Link2SD FAQ will give you all the good reasons why to use it:
http://www.link2sd.info/faq
Recommendations:
I'd like to also share share my experience (I may move the following to another thread):
Recommend microSD cards:
Regarding the microSD card you can use even a 32 GB class 10.
The ones I recommend (32 GB class 10) are Samsung, SanDisk, Transcend (Those Transcend ones made in Korea are logically made by Samsung, the ones made in China are made by SanDisk).
Partitionning and formatting:
The tough part is the partitioning and formatting.
Out of the box, all the microSD cards are partitioned and formatted so that they are aligned with their erase block size (it can be 8 MiB, 12 MiB...)
Thus you'll have to consult so you'll know the erase block size:
the Linaro flash card survey:
https://wiki.linaro.org/WorkingGroups/Kernel/Projects/FlashCardSurvey
the corresponding flashbench mailing list
http://lists.linaro.org/mailman/listinfo/flashbench-results
You can also use the flashbench tool to figure it out.
The problem is that you cannot create or resize the FAT32 partition using Windows (even with minitool partition or paragon partition manager), nor with Linux by using gparted or other because you won't get your partitions aligned with the erase blocks and thus you'll get bad performances and faster wearing of your card.
Backup:
Before formatting do a raw backup of the first 16 MiB (for the partitions table and the FAT32 description) using busybox dd on the phone itself or dd on Linux.
For example on the phone:
dd if=/dev/block/mmcblk1 of=/sdcard/mmcblk1-orig-1st-16MiB.img bs=4M count=4
Also you must keep using the default cluster size of 32 kiB because of optimization done at the level of Android and because smaller cluster size will mean more memory taken from the RAM - Actually the FAT is loaded in the RAM, so you must keep it not too big.
Formulas:
Then decide how much you need for the Link2SD partition - You can start with 1 GiB or so, personally I use about 2 GiB. You can check how much space is taken by the asec images to decide...
Now here comes some math (The formulas are to be used in LibreOffice Calc):
Partitioning:
We need to define the new size for the FAT32 partition at the beginning so it is aligned with the erase block size and so that the File Allocation Tables are located between the special offsets (especially true with SanDisk - for example the FAT must be located between the offsets at 4 MiB and 12 MiB, that's why most SD card have 4 MiB unpartitioned free space at the beginning).
Code:
new_fat32_partition_size = MROUND(whole_microsd_size - wanted_link2sd_partition_size + fat32_start_offset ; erase_block_size) - fat32_start_offset
With:
whole_microsd_size: The actual total size of the card - You can get it using fdisk.
wanted_link2sd_partition_size: The size you'd like for the Link2SD partition.
fat32_start_offset: The offset where the 1st FAT32 partition starts.
erase_block_size: The erase block size.
So for example for a SanDisk microSDHC 32 GB Class 10, we have an erase block size of 12 MiB (actually 3 times 4 MiB) and a FAT description that has to start at the offset at 4 MiB and then next erase block that starts at the offset at 12 MiB.
Therefore you'll have:
Code:
new_fat32_partition_size = MROUND(30,101,504 kiB - 1,061,376 kiB + 4,194,304 kiB ; erase_block_size) - 12 582 912 kiB = 30,101,504 kiB
Therefore using fdisk you should get something like the following when printing the partitions (p) - Don't forget to disable the DOS compatibility flag and use the sector as the unit:
Code:
Disk /dev/mmcblk0: 31.9 GB, 31914983424 bytes
4 heads, 16 sectors/track, 973968 cylinders, total 62333952 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x9a064f9d
Device Boot Start End Blocks Id System
/dev/mmcblk0p1 8192 60211199 30101504 c W95 FAT32 (LBA)
/dev/mmcblk0p2 60211200 62333951 1061376 83 Linux
FAT32 formatting:
In order to use mkdosfs 3.0.9 or later with the right amount of reserved sectors so the root directory and data will start exactly at the next erase block offset.
The idea is to make so that the FATs ends exactly before that offset, but for that we need to know the size of one FAT.
Here is the formula based on mkdosfs source code, to calculate that needed number of reserved sectors:
Code:
total_number_of_sectors = total_number_of_blocks * block_size / sector_size
number_of_sectors_for_fats_and_data = total_number_of_sectors - MROUND(default_number_of_reserved_sectors ; cluster_size)
number_of_clusters = (number_of_sectors_for_fats_and_data * sector_size + number_of_fats * 8) / (cluster_size * sector_size + number_of_fats * 4)
fat_size = MROUND(CEILING((number_of_clusters + 2) * 4 / sector_size ; 1) ; cluster_size)
root_directory_offset = default_number_of_reserved_sectors + number_of_fats * fat_size
aligned_root_directory_offset = MROUND(root_directory_offset ; erase_block_size * 1024^2 / sector_size)
number_of_reserved_sectors = aligned_root_directory_offset - root_directory_offset + default_number_of_reserved_sectors
With:
sector_size: 512 bytes (Standard value)
block_size: 1,024 bytes (Standard value)
total_number_of_blocks: new_fat32_partition_size in kiB
default_number_of_reserved_sectors: 64 (can be 32)
cluster_size: 64 sectors (i.e. 32 kiB)
number_of_fats: 2 (Standard value)
So for example for that same card you'll get:
Code:
total_number_of_sectors = 60,203,008
number_of_reserved_sectors = 1,664
Therefore here is the command to format the FAT32 partition:
Code:
$> sudo mkdosfs -F 32 -s 64 -R 1664 -n EXTERNAL_SD -v /dev/mmcblk0p1
mkdosfs 3.0.9 (31 Jan 2010)
/dev/mmcblk0p1 has 4 heads and 16 sectors per track,
logical sector size is 512,
using 0xf8 media descriptor, with 60203008 sectors;
file system has 2 32-bit FATs and 64 sectors per cluster.
FAT size is 7360 sectors, and provides 940416 clusters.
There are 1664 reserved sectors.
Volume ID is 8aa89e36, volume label EXTERNAL_SD.
You can see that each FAT takes less than 3.6 MiB, so with 2 FATs and the reserved sector the FAT description takes less than 8 MiB.
You can then check using hexdump if indeed the root directory starts at the the 12 MiB offset (knowing that the partition begin at the 4 MiB offset - indeed 12 = 4 + 8).
For that let's read the first 13 MiB of the card:
Code:
$> sudo hd -n $[13*1024*1024] /dev/mmcblk0
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 82 |................|
000001c0 03 00 0c f8 95 a3 00 20 00 00 00 a0 96 03 00 f8 |....... ........|
000001d0 96 a3 83 1b f3 28 00 c0 96 03 00 64 20 00 00 00 |.....(.....d ...|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00400000 eb 58 90 6d 6b 64 6f 73 66 73 00 00 02 40 80 06 |[email protected]|
00400010 02 00 00 00 00 f8 00 00 10 00 04 00 00 00 00 00 |................|
00400020 00 a0 96 03 c0 1c 00 00 00 00 00 00 02 00 00 00 |................|
00400030 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00400040 00 00 29 e5 a5 dc 46 45 58 54 45 52 4e 41 4c 5f |..)...FEXTERNAL_|
00400050 53 44 46 41 54 33 32 20 20 20 0e 1f be 77 7c ac |SDFAT32 ...w|.|
00400060 22 c0 74 0b 56 b4 0e bb 07 00 cd 10 5e eb f0 32 |".t.V.......^..2|
00400070 e4 cd 16 cd 19 eb fe 54 68 69 73 20 69 73 20 6e |.......This is n|
00400080 6f 74 20 61 20 62 6f 6f 74 61 62 6c 65 20 64 69 |ot a bootable di|
00400090 73 6b 2e 20 20 50 6c 65 61 73 65 20 69 6e 73 65 |sk. Please inse|
004000a0 72 74 20 61 20 62 6f 6f 74 61 62 6c 65 20 66 6c |rt a bootable fl|
004000b0 6f 70 70 79 20 61 6e 64 0d 0a 70 72 65 73 73 20 |oppy and..press |
004000c0 61 6e 79 20 6b 65 79 20 74 6f 20 74 72 79 20 61 |any key to try a|
004000d0 67 61 69 6e 20 2e 2e 2e 20 0d 0a 00 00 00 00 00 |gain ... .......|
004000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
004001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00400200 52 52 61 41 00 00 00 00 00 00 00 00 00 00 00 00 |RRaA............|
00400210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
004003e0 00 00 00 00 72 72 41 61 7e 59 0e 00 03 00 00 00 |....rrAa~Y......|
004003f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00400400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00400c00 eb 58 90 6d 6b 64 6f 73 66 73 00 00 02 40 80 06 |[email protected]|
00400c10 02 00 00 00 00 f8 00 00 10 00 04 00 00 00 00 00 |................|
00400c20 00 a0 96 03 c0 1c 00 00 00 00 00 00 02 00 00 00 |................|
00400c30 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00400c40 00 00 29 e5 a5 dc 46 45 58 54 45 52 4e 41 4c 5f |..)...FEXTERNAL_|
00400c50 53 44 46 41 54 33 32 20 20 20 0e 1f be 77 7c ac |SDFAT32 ...w|.|
00400c60 22 c0 74 0b 56 b4 0e bb 07 00 cd 10 5e eb f0 32 |".t.V.......^..2|
00400c70 e4 cd 16 cd 19 eb fe 54 68 69 73 20 69 73 20 6e |.......This is n|
00400c80 6f 74 20 61 20 62 6f 6f 74 61 62 6c 65 20 64 69 |ot a bootable di|
00400c90 73 6b 2e 20 20 50 6c 65 61 73 65 20 69 6e 73 65 |sk. Please inse|
00400ca0 72 74 20 61 20 62 6f 6f 74 61 62 6c 65 20 66 6c |rt a bootable fl|
00400cb0 6f 70 70 79 20 61 6e 64 0d 0a 70 72 65 73 73 20 |oppy and..press |
00400cc0 61 6e 79 20 6b 65 79 20 74 6f 20 74 72 79 20 61 |any key to try a|
00400cd0 67 61 69 6e 20 2e 2e 2e 20 0d 0a 00 00 00 00 00 |gain ... .......|
00400ce0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00400df0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00400e00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
004d0000 f8 ff ff 0f ff ff ff 0f f8 ff ff 0f ff ff ff 0f |................|
004d0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00868000 f8 ff ff 0f ff ff ff 0f f8 ff ff 0f ff ff ff 0f |................|
00868010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00c00000 45 58 54 45 52 4e 41 4c 5f 53 44 08 00 00 52 b3 |EXTERNAL_SD...R.|
We can see that indeed the root partition starts at the offset 0x00c00000 which is 12 MiB!
Also note that 0x00400000 is the 4 MiB offset, the beginning of the FAT32 partition...
You can try the hexdump against the backup you did and you'll see that the factory formatting is also with a number of reserved sector so that the root directory is aligned. For example I've found the root directory at the 12 MiB offset (of course) and for that they use 1,170 reserved sector (I've decoded the hexdump to get that value) which matches the formula. They also set 8,192 hidden sectors - that's more for compatibility with some cameras, we don't care here...
Link2SD formatting:
I use ext4 for that partition, I've got inspiration from http://blogofterje.wordpress.com/2012/01/14/optimizing-fs-on-sd-card/, however I'm not sure if indeed using the stride and the stripe-width options is really needed:
Code:
[FONT=Courier New]$ sudo mkfs.ext4 -O ^has_journal -E stride=4,stripe-width=512 -b 4096 -L Link2SD /dev/mmcblk0p2
mke2fs 1.41.14 (22-Dec-2010)
Filesystem label=Link2SD
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=4 blocks, Stripe width=512 blocks
66384 inodes, 265344 blocks
13267 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=272629760
9 block groups
32768 blocks per group, 32768 fragments per group
7376 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 30 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.[/FONT]
Anyway I consider the Link2SD partition is going to be used much more for read than write and we need the same file system that is used on the other partitions of the phone (i.e. ext4).
I hope it's not too complicated and that will help
Some other references:
http://android.bytearrays.com/android/align-your-sdcard-fat-and-ext-partition/
http://www.bradfordembedded.com/2011/12/format-an-sd-card-with-8-mib-aligned-partitions/
http://www.olpcnews.com/forum/index.php?topic=4993.0
http://www.patriotmemory.com/forums...ite-speed-by-aligning-FAT32&p=41521#post41521
http://forum.xda-developers.com/showthread.php?t=1224408
Click to expand...
Click to collapse
what a nice answer... It's too complicated, but I think I can understand overall of that.. thanks mate

USB storage
Galaxy W has an internal USB Storage. Link2sd failed to move apps that have big database or library (like sygic) to the external memory but instead it was moved to the internal USB storage. How do I make Link2sd to move all the large apps to the external memory? Thanks in advance

Scootster said:
Galaxy W has an internal USB Storage. Link2sd failed to move apps that have big database or library (like sygic) to the external memory but instead it was moved to the internal USB storage. How do I make Link2sd to move all the large apps to the external memory? Thanks in advance
Click to expand...
Click to collapse
Swap the storage so that your external_sd will change place with the internal storage
Pressing "Thanks" button will be much appreciated if user's posts useful for you

swapped memory
reddvilzz said:
Swap the storage so that your external_sd will change place with the internal storage
Pressing "Thanks" button will be much appreciated if user's posts useful for you
Click to expand...
Click to collapse
I swapped memory before this but the phone perform not very good. It lagged very much in switching from one task to another.
If memory was to swapped, then there is no use for Link2sd isn't it? because all apps were installed directly to. external memory. Does memory card needs to be in 2 partition?

No, swapped ish juz useless trick and could break ur sd card.

Dwama said:
No, swapped ish juz useless trick and could break ur sd card.
Click to expand...
Click to collapse
What are you talking about?
There are 2 meanings of the word 'swap' for the W:
The 1st meaning is creating a swapfile and/or swap partition.
The 2nd meaning is to change the mount points of the internal SD and the external SD so that Android thought the external SD is the internal one (mounted at /sdcard) and the internal SD gets mounted to the external point ( /sdcard/external_sd)
The 1st meaning is the dangerous one. The 2nd meaning is instead very useful.
-- xda app / CM9b3 / DXKL1 / Galaxy W --

[FIX/UNLOCK] Bell (Canada) I747M SIM Lock/Unlock USB / ESM NVRAM Comparison/Analysis

Hi Folks,
Just thought I'd throw this out here, I spent a good portion of my day digging through forums, ussd/mmi codes, tools, and hex editors trying to find a way to SIM Unlock my Bell S3 (I747M). I eventually 'gave in' and paid an eBay seller $8.00 to unlock my phone through a remote control application and USB network redirector (Successfully, although I never did get the actual SPC code from him even though I asked several times).
For security and isolation reasons I used a clean Windows 7 VM in VMware Workstation 8 with just the Samsung Drivers (from mskip's S3 toolkit (Qualcomm version) -- THANK YOU!!), the remote control tool, and the usb redirector to allow the remote 'tech' to do his work.
I ran a USB Logger tool (from the same vendor that makes the redirector) outside the VM on my host PC and had it capture the complete unlocking process from initial USB plug-in to post-unlock power-off.
I also grabbed images of the EFS partition (using dd) and the NVRAM (with QPST Tools) before and after the unlocking process.
I would expect the most 'useful' to furthering the secret of this unlock would be the delta of the NVRAM images, but alas while I have carefully looked it over a couples times, I don't see anything that looks to be the 'smoking gun'. I will follow-up this post with the relevant snippets as I'm sure there are many of you that may have more experience digging through this than I. Perhaps if someone else can send/post a similar delta, seeing the 'mutual' differences may again shed light on which areas to focus on in further detail.
Analyzing the USB communications may also give us a better understanding of if there are commands or processes we can use in making our own tool to remove this SIM lock.
FWIW, I'm using wxHexEditor for the dump comparisons.

NVRAM Hex Diff #1
Here's the first block with a few changes:
Before:
Code:
000608 00 00 00 00 00 00 00 00 00 00 00 00 B0 24 47 D3 .............$G.
000624 82 CD CD 01 0A 00 00 00 00 82 00 00 00 00 00 00 ................
000640 46 00 69 00 6C 00 65 00 5F 00 56 00 65 00 72 00 F.i.l.e._.V.e.r.
000656 73 00 69 00 6F 00 6E 00 00 00 00 00 00 00 00 00 s.i.o.n.........
000672 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000688 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000704 1A 00 02 01 02 00 00 00 FF FF FF FF FF FF FF FF ................
000720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000736 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000752 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 ................
000768 30 00 30 00 30 00 30 00 34 00 30 00 36 00 39 00 0.0.0.0.4.0.6.9.
000784 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000816 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000832 12 00 01 00 FF FF FF FF FF FF FF FF 03 00 00 00 ................
000848 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000864 00 00 00 00 D0 B2 9E A0 82 CD CD 01 40 13 46 D3 [email protected]
000880 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
000896 64 00 65 00 66 00 61 00 75 00 6C 00 74 00 00 00 d.e.f.a.u.l.t...
000912 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000928 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000944 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000960 10 00 01 01 FF FF FF FF FF FF FF FF 04 00 00 00 ................
000976 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000992 00 00 00 00 D0 B2 9E A0 82 CD CD 01 B0 B3 44 D3 ..............D.
001008 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
001024 06 .
After:
Code:
000608 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="Red"]00 A6 22 2A[/COLOR] ............[COLOR="red"].."*[/COLOR]
000624 [COLOR="red"]DE[/COLOR] CD CD 01 0A 00 00 00 00 82 00 00 00 00 00 00 [COLOR="red"].[/COLOR]...............
000640 46 00 69 00 6C 00 65 00 5F 00 56 00 65 00 72 00 F.i.l.e._.V.e.r.
000656 73 00 69 00 6F 00 6E 00 00 00 00 00 00 00 00 00 s.i.o.n.........
000672 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000688 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000704 1A 00 02 01 02 00 00 00 FF FF FF FF FF FF FF FF ................
000720 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000736 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000752 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 ................
000768 30 00 30 00 30 00 30 00 34 00 30 00 36 00 39 00 0.0.0.0.4.0.6.9.
000784 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000816 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000832 12 00 01 00 FF FF FF FF FF FF FF FF 03 00 00 00 ................
000848 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000864 00 00 00 00 [COLOR="red"]30 8F 77 FD DD[/COLOR] CD CD 01 [COLOR="red"]80 6D 21 2A[/COLOR] ....[COLOR="red"]0.w..[/COLOR]...[COLOR="red"].m!*[/COLOR]
000880 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="red"].[/COLOR]...............
000896 64 00 65 00 66 00 61 00 75 00 6C 00 74 00 00 00 d.e.f.a.u.l.t...
000912 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000928 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000944 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000960 10 00 01 01 FF FF FF FF FF FF FF FF 04 00 00 00 ................
000976 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000992 00 00 00 00 [COLOR="Red"]30 8F 77 FD DD[/COLOR] CD CD 01 [COLOR="red"]00 35 20 2A[/COLOR] ....[COLOR="red"]0.w..[/COLOR]...[COLOR="red"].5 *[/COLOR]
001008 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="red"].[/COLOR]...............
001024 06 .
http: //secure.eix.ca/s3/nvram1.png

Here's the second block:
Before:
Code:
001536 52 00 6F 00 6F 00 74 00 20 00 45 00 6E 00 74 00 R.o.o.t. .E.n.t.
001552 72 00 79 00 00 00 00 00 00 00 00 00 00 00 00 00 r.y.............
001568 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001584 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001600 16 00 05 00 FF FF FF FF FF FF FF FF 01 00 00 00 ................
001616 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001632 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="Red"][B]60 6C 91 A0[/B][/COLOR] ............[COLOR="Red"][B]`l..[/B][/COLOR]
001648 [COLOR="Red"][B]82[/B][/COLOR] CD CD 01 05 00 00 00 40 00 00 00 00 00 00 00 [COLOR="Red"][B].[/B][/COLOR][email protected]
After
Code:
001536 52 00 6F 00 6F 00 74 00 20 00 45 00 6E 00 74 00 R.o.o.t. .E.n.t.
001552 72 00 79 00 00 00 00 00 00 00 00 00 00 00 00 00 r.y.............
001568 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001584 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001600 16 00 05 00 FF FF FF FF FF FF FF FF 01 00 00 00 ................
001616 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001632 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="Red"][B]50 E4 61 FD[/B][/COLOR] ............[COLOR="Red"][B]P.a.[/B][/COLOR]
001648 [COLOR="Red"][B]DD[/B][/COLOR] CD CD 01 05 00 00 00 40 00 00 00 00 00 00 00 [COLOR="Red"][B].[/B][/COLOR][email protected]

Wow.. What your doing must be impressive. I have no idea what you just said lol
Sent from my SGH-I747 using xda app-developers app

Here's the Third Block:
Before:
Code:
003584 4E 00 56 00 5F 00 4E 00 55 00 4D 00 42 00 45 00 N.V._.N.U.M.B.E.
003600 52 00 45 00 44 00 5F 00 49 00 54 00 45 00 4D 00 R.E.D._.I.T.E.M.
003616 53 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............
003632 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003648 24 00 01 01 07 00 00 00 05 00 00 00 10 00 00 00 $...............
003664 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003680 00 00 00 00 30 96 B5 A0 82 CD CD 01 50 B3 B2 CF ....0.......P...
003696 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
003712 4D 00 6F 00 62 00 69 00 6C 00 65 00 5F 00 50 00 M.o.b.i.l.e._.P.
003728 72 00 6F 00 70 00 65 00 72 00 74 00 79 00 5F 00 r.o.p.e.r.t.y._.
003744 49 00 6E 00 66 00 6F 00 00 00 00 00 00 00 00 00 I.n.f.o.........
003760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003776 2A 00 02 01 FF FF FF FF 09 00 00 00 FF FF FF FF *...............
003792 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003808 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003824 00 00 00 00 02 00 00 00 46 00 00 00 00 00 00 00 ........F.......
003840 46 00 65 00 61 00 74 00 75 00 72 00 65 00 5F 00 F.e.a.t.u.r.e._.
003856 4D 00 61 00 73 00 6B 00 00 00 00 00 00 00 00 00 M.a.s.k.........
003872 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003888 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003904 1A 00 02 00 FF FF FF FF FF FF FF FF FF FF FF FF ................
003920 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003936 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003952 00 00 00 00 01 00 00 00 38 00 00 00 00 00 00 00 ........8.......
003968 45 00 46 00 53 00 5F 00 42 00 61 00 63 00 6B 00 E.F.S._.B.a.c.k.
003984 75 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 u.p.............
004000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004016 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004032 16 00 01 01 08 00 00 00 06 00 00 00 0E 00 00 00 ................
004048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004064 00 00 00 00 B0 F0 BA CF 82 CD CD 01 B0 42 42 D3 .............BB.
004080 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004096 4E 00 56 00 5F 00 49 00 74 00 65 00 6D 00 73 00 N.V._.I.t.e.m.s.
004112 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004128 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004144 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004160 12 00 01 00 FF FF FF FF FF FF FF FF 0C 00 00 00 ................
004176 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004192 00 00 00 00 50 52 D7 CF 82 CD CD 01 20 CE 11 D1 ....PR...... ...
004208 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004224 50 00 72 00 6F 00 76 00 69 00 73 00 69 00 6F 00 P.r.o.v.i.s.i.o.
004240 6E 00 69 00 6E 00 67 00 5F 00 49 00 74 00 65 00 n.i.n.g._.I.t.e.
004256 6D 00 5F 00 46 00 69 00 6C 00 65 00 73 00 00 00 m._.F.i.l.e.s...
004272 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004288 30 00 01 00 FF FF FF FF FF FF FF FF 0A 00 00 00 0...............
004304 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004320 00 00 00 00 80 38 DA CF 82 CD CD 01 80 15 48 D0 .....8........H.
004336 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004352 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004368 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004384 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004416 10 00 01 01 FF FF FF FF 0B 00 00 00 42 01 00 00 ............B...
004432 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004448 00 00 00 00 80 38 DA CF 82 CD CD 01 80 15 48 D0 .....8........H.
004464 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004480 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
004496 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004512 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004528 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004544 12 00 01 00 FF FF FF FF FF FF FF FF 35 01 00 00 ............5...
004560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004576 00 00 00 00 80 38 DA CF 82 CD CD 01 80 15 48 D0 .....8........H.
004592 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004608 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004624 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004656 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004672 10 00 01 01 FF FF FF FF 0D 00 00 00 03 01 00 00 ................
004688 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004704 00 00 00 00 50 52 D7 CF 82 CD CD 01 20 CE 11 D1 ....PR...... ...
004720 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004736 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
004752 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004768 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004784 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004800 12 00 01 00 FF FF FF FF FF FF FF FF B5 00 00 00 ................
004816 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004832 00 00 00 00 50 52 D7 CF 82 CD CD 01 20 CE 11 D1 ....PR...... ...
004848 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004864 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004880 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004896 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004912 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004928 10 00 01 01 FF FF FF FF 0F 00 00 00 63 00 00 00 ............c...
004944 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004960 00 00 00 00 B0 F0 BA CF 82 CD CD 01 B0 42 42 D3 .............BB.
004976 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004992 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
005008 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005024 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005056 12 00 01 00 FF FF FF FF FF FF FF FF 21 00 00 00 ............!...
005072 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005088 00 00 00 00 B0 F0 BA CF 82 CD CD 01 B0 42 42 D3 .............BB.
005104 82 CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
005120 FE FF FF FF FE FF FF FF 03 00 00 00 FE FF FF FF ................
After:
Code:
003584 4E 00 56 00 5F 00 4E 00 55 00 4D 00 42 00 45 00 N.V._.N.U.M.B.E.
003600 52 00 45 00 44 00 5F 00 49 00 54 00 45 00 4D 00 R.E.D._.I.T.E.M.
003616 53 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............
003632 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003648 24 00 01 01 07 00 00 00 05 00 00 00 10 00 00 00 $...............
003664 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003680 00 00 00 00 [COLOR="Red"]A0 4F C4 FD DD[/COLOR] CD CD 01 [COLOR="red"]20 3F 6D 26[/COLOR] ....[COLOR="red"].O...[/COLOR]...[COLOR="red"] ?m&[/COLOR]
003696 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 [COLOR="red"].[/COLOR]...............
003712 4D 00 6F 00 62 00 69 00 6C 00 65 00 5F 00 50 00 M.o.b.i.l.e._.P.
003728 72 00 6F 00 70 00 65 00 72 00 74 00 79 00 5F 00 r.o.p.e.r.t.y._.
003744 49 00 6E 00 66 00 6F 00 00 00 00 00 00 00 00 00 I.n.f.o.........
003760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003776 2A 00 02 01 FF FF FF FF 09 00 00 00 FF FF FF FF *...............
003792 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003808 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003824 00 00 00 00 02 00 00 00 46 00 00 00 00 00 00 00 ........F.......
003840 46 00 65 00 61 00 74 00 75 00 72 00 65 00 5F 00 F.e.a.t.u.r.e._.
003856 4D 00 61 00 73 00 6B 00 00 00 00 00 00 00 00 00 M.a.s.k.........
003872 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003888 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003904 1A 00 02 00 FF FF FF FF FF FF FF FF FF FF FF FF ................
003920 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003936 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003952 00 00 00 00 01 00 00 00 38 00 00 00 00 00 00 00 ........8.......
003968 45 00 46 00 53 00 5F 00 42 00 61 00 63 00 6B 00 E.F.S._.B.a.c.k.
003984 75 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 u.p.............
004000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004016 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004032 16 00 01 01 08 00 00 00 06 00 00 00 0E 00 00 00 ................
004048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004064 00 00 00 00 [COLOR="red"]C0 DC 7F 26 DE[/COLOR] CD CD 01 [COLOR="red"]00 C4 1D 2A[/COLOR] .......&.......*
004080 [COLOR="red"] DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004096 4E 00 56 00 5F 00 49 00 74 00 65 00 6D 00 73 00 N.V._.I.t.e.m.s.
004112 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004128 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004144 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004160 12 00 01 00 FF FF FF FF FF FF FF FF 0C 00 00 00 ................
004176 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004192 00 00 00 00 [COLOR="red"]60 3E 9C 26 DE[/COLOR] CD CD 01 [COLOR="red"]E0 49 DD 27[/COLOR] ....`>.&.....I.'
004208 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004224 50 00 72 00 6F 00 76 00 69 00 73 00 69 00 6F 00 P.r.o.v.i.s.i.o.
004240 6E 00 69 00 6E 00 67 00 5F 00 49 00 74 00 65 00 n.i.n.g._.I.t.e.
004256 6D 00 5F 00 46 00 69 00 6C 00 65 00 73 00 00 00 m._.F.i.l.e.s...
004272 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004288 30 00 01 00 FF FF FF FF FF FF FF FF 0A 00 00 00 0...............
004304 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004320 00 00 00 00 [COLOR="red"]A0 4B 9F 26 DE[/COLOR] CD CD 01 [COLOR="red"]E0 1E FF 26[/COLOR] .....K.&.......&
004336 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004352 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004368 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004384 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004416 10 00 01 01 FF FF FF FF 0B 00 00 00 42 01 00 00 ............B...
004432 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004448 00 00 00 00 [COLOR="red"]A0 4B 9F 26 DE[/COLOR] CD CD 01 [COLOR="red"]E0 1E FF 26[/COLOR] .....K.&.......&
004464 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004480 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
004496 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004512 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004528 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004544 12 00 01 00 FF FF FF FF FF FF FF FF 35 01 00 00 ............5...
004560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004576 00 00 00 00 [COLOR="red"]A0 4B 9F 26 DE[/COLOR] CD CD 01 [COLOR="red"]E0 1E FF 26[/COLOR] .....K.&.......&
004592 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004608 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004624 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004656 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004672 10 00 01 01 FF FF FF FF 0D 00 00 00 03 01 00 00 ................
004688 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004704 00 00 00 00 [COLOR="red"]60 3E 9C 26 DE[/COLOR] CD CD 01 [COLOR="red"]E0 49 DD 27[/COLOR] ....`>.&.....I.'
004720 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004736 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
004752 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004768 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004784 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004800 12 00 01 00 FF FF FF FF FF FF FF FF B5 00 00 00 ................
004816 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004832 00 00 00 00 [COLOR="red"]70 65 9C 26 DE[/COLOR] CD CD 01[COLOR="red"] E0 49 DD 27[/COLOR] ....pe.&.....I.'
004848 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004864 45 00 46 00 53 00 5F 00 44 00 69 00 72 00 00 00 E.F.S._.D.i.r...
004880 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004896 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004912 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004928 10 00 01 01 FF FF FF FF 0F 00 00 00 63 00 00 00 ............c...
004944 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004960 00 00 00 00 [COLOR="red"]C0 DC 7F 26 DE[/COLOR] CD CD 01 [COLOR="red"]00 C4 1D 2A[/COLOR] .......&.......*
004976 [COLOR="red"]DE[/COLOR] CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
004992 45 00 46 00 53 00 5F 00 44 00 61 00 74 00 61 00 E.F.S._.D.a.t.a.
005008 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005024 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005056 12 00 01 00 FF FF FF FF FF FF FF FF 21 00 00 00 ............!...
005072 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
005088 00 00 00 00 C0 DC 7F 26 DE CD CD 01 00 C4 1D 2A .......&.......*
005104 DE CD CD 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
005120 FE FF FF FF FE FF FF FF 03 00 00 00 FE FF FF FF ................

Deoxlar said:
Wow.. What your doing must be impressive. I have no idea what you just said lol
Sent from my SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
Thanks, although I don't think it's that impressive, or I would have figured this out by now.
I'll post the last 4 sections tomorrow, it's getting really late here.

This could possibly lead to a genuine unlock for everyone. I'll unlock my device soon as I'll be traveling next month. I'll upload some hex values later.

This guy here has an app to unlock samsung phones. It doesn't support our model yet he eventually wants to add support for it. Maybe get in contact with him and try to speed things along he might be able to make more sense odd what you've got posted here
http://forum.xda-developers.com/showthread.php?t=1846451
Sent from my SGH-I747M using xda premium

Here's the 4th block:
Before:
Code:
008624 00 00 00 00 00 00 00 00 88 00 01 00 59 07 00 00 ............Y...
008640 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008656 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008672 00 80 E5 16 C5 14 CD 11 B3 0E 1D 0C 11 0A 49 07 ..............I.
008688 [COLOR="DeepSkyBlue"]43[/COLOR] 04 CF 03 [COLOR="DeepSkyBlue"]49[/COLOR] 03 8B 02 CF 01 3F 01 [COLOR="DeepSkyBlue"]A3[/COLOR] 00 [COLOR="DeepSkyBlue"]09[/COLOR] 00 [COLOR="DeepSkyBlue"]C[/COLOR]...[COLOR="DeepSkyBlue"]I[/COLOR].....?.[COLOR="DeepSkyBlue"].[/COLOR].[COLOR="DeepSkyBlue"].[/COLOR].
008704 [COLOR="DeepSkyBlue"]6D[/COLOR] FF [COLOR="DeepSkyBlue"]C7[/COLOR] FE 2D FE 8B FD DD FC 65 FC EF FB 3B FB [COLOR="DeepSkyBlue"]m[/COLOR].[COLOR="DeepSkyBlue"].[/COLOR].-.....e...;.
008720 83 FA 01 FA 7F F9 03 F9 81 F8 3D F5 05 F3 75 F0 ..........=...u.
008736 8B ED EB EB 61 EA 00 80 00 80 00 80 00 80 00 80 ....a...........
008752 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008768 88 00 01 00 5B 07 00 00 7B 01 00 00 00 00 00 00 ....[...{.......
After
Code:
008624 00 00 00 00 00 00 00 00 88 00 01 00 59 07 00 00 ............Y...
008640 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008656 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008672 00 80 E5 16 C5 14 CD 11 B3 0E 1D 0C 11 0A 49 07 ..............I.
008688 [B][COLOR="Red"]45[/COLOR][/B] 04 CF 03 [COLOR="red"][B]47[/B][/COLOR] 03 8B 02 CF 01 3F 01 [COLOR="red"][B]A5[/B][/COLOR] 00 [COLOR="red"][B]0B[/B][/COLOR] 00 [COLOR="red"][B]E[/B][/COLOR]...[COLOR="red"][B]G[/B][/COLOR].....?.[B][COLOR="red"].[/COLOR][/B].[COLOR="red"][B].[/B][/COLOR].
008704 [COLOR="Red"][B]6F[/B][/COLOR] FF [COLOR="red"][B]CB[/B][/COLOR] FE 2D FE 8B FD DD FC 65 FC EF FB 3B FB [COLOR="red"][B]o[/B][/COLOR].[COLOR="red"][B].[/B][/COLOR].-.....e...;.
008720 83 FA 01 FA 7F F9 03 F9 81 F8 3D F5 05 F3 75 F0 ..........=...u.
008736 8B ED EB EB 61 EA 00 80 00 80 00 80 00 80 00 80 ....a...........
008752 00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80 ................
008768 88 00 01 00 5B 07 00 00 7B 01 00 00 00 00 00 00 ....[...{.......
---------------------------------------------------------------------------------------------------------
and 5th Block:
Before:
Code:
043984 00 00 00 00 00 00 00 00 88 00 01 00 D2 02 00 00 ................
044000 03 00 00 00 09 00 00 00 00 04 03 02 06 01 00 07 ................
044016 05 09 08 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044032 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044064 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044096 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044112 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044128 88 00 01 00 D3 02 00 00 03 00 02 03 08 08 00 26 ...............&
044144 04 00 00 10 00 00 00 00 00 00 00 63 2F BA 04 A0 ...........c/...
044160 17 00 00 C1 00 00 00 03 00 02 03 08 08 00 3F 04 ..............?.
044176 00 00 10 00 00 00 00 00 00 00 8B 52 BA 04 90 17 ...........R....
044192 00 00 00 00 00 00 03 01 00 03 04 01 00 4B 02 00 .............K..
044208 00 01 00 00 00 00 00 00 00 09 00 00 00 30 0A 00 .............0..
044224 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ."..............
044240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044256 00 00 00 00 00 00 00 00 88 00 01 00 E1 02 00 00 ................
044272 03 01 00 03 04 01 00 53 11 00 00 10 00 00 00 00 .......S........
044288 00 00 00 09 00 00 00 30 0A 00 00 22 00 00 00 03 .......0..."....
044304 01 00 03 04 01 00 64 02 00 00 01 00 00 00 00 00 ......d.........
044320 00 00 09 00 00 00 30 0A 00 00 22 00 00 00 03 00 ......0...".....
044336 02 03 08 08 00 32 02 00 00 01 00 00 00 00 00 00 .....2..........
044352 00 AB 6A BA 04 10 0C 00 00 00 00 00 00 00 00 00 ..j.............
044368 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044384 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044400 88 00 01 00 E2 02 00 00 03 01 00 03 04 01 00 1E ................
044416 11 00 00 10 00 00 00 00 00 00 00 C6 15 9D 06 30 ...............0
044432 0A 00 00 0B 00 00 00 03 00 02 03 08 08 00 19 02 ................
044448 00 00 01 00 00 00 00 00 00 00 43 5E BA 04 90 17 ..........C^....
044464 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044480 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044496 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044512 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044528 00 00 00 00 00 00 00 00 88 00 01 00 E3 02 00 00 ................
044544 03 00 02 03 08 08 00 00 02 00 00 01 00 00 00 00 ................
044560 00 00 00 92 43 BA 04 10 0E 00 00 00 00 00 00 03 ....C...........
044576 00 02 03 08 08 00 4B 02 00 00 01 00 00 00 00 00 ......K.........
044592 00 00 E3 37 BA 04 10 0C 00 00 00 00 00 00 00 00 ...7............
044608 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
After
Code:
043984 00 00 00 00 00 00 00 00 88 00 01 00 D2 02 00 00 ................
044000 [COLOR="Red"][B]09[/B][/COLOR] 00 00 00 09 00 00 00 00 [COLOR="red"][B]02 09 05 07 08[/B][/COLOR] 00 [COLOR="red"][B]04[/B][/COLOR] ................
044016 [B][COLOR="red"]03 06 01[/COLOR][/B] 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044032 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044048 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044064 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044096 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044112 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044128 88 00 01 00 D3 02 00 00 03 [COLOR="red"][B]01 00[/B][/COLOR] 03 [COLOR="red"][B]02 06[/B][/COLOR] 00 [COLOR="red"][B]7D[/B][/COLOR] ...............}
044144 [COLOR="red"][B]02[/B][/COLOR] 00 00 [COLOR="red"][B]01[/B][/COLOR] 00 00 00 00 00 00 00 [COLOR="red"][B]09 00 00 00 80[/B][/COLOR] ................
044160 [COLOR="red"][B]07[/B][/COLOR] 00 00 [COLOR="red"][B]22[/B][/COLOR] 00 00 00 03 00 02 03 08 08 00 3F 04 ..."..........?.
044176 00 00 10 00 00 00 00 00 00 00 8B 52 BA 04 90 17 ...........R....
044192 00 00 00 00 00 00 03 01 00 03 04 01 00 4B 02 00 .............K..
044208 00 01 00 00 00 00 00 00 00 [COLOR="Red"][B]ED 09 D4 0D 00 1B[/B][/COLOR] 00 ................
044224 00 [COLOR="red"][B]00[/B][/COLOR] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044256 00 00 00 00 00 00 00 00 88 00 01 00 E1 02 00 00 ................
044272 03 01 00 03 04 01 00 53 11 00 00 10 00 00 00 00 .......S........
044288 00 00 00 09 00 00 00 30 0A 00 00 22 00 00 00 03 .......0..."....
044304 01 00 03 04 01 00 64 02 00 00 01 00 00 00 00 00 ......d.........
044320 00 00 09 00 00 00 30 0A 00 00 22 00 00 00 03 01 ......0...".....
044336 [COLOR="red"][B] 00[/B][/COLOR] 03 [COLOR="red"][B]04 01[/B][/COLOR] 00 [COLOR="red"][B]1F 11[/B][/COLOR] 00 00 [COLOR="red"][B]10[/B][/COLOR] 00 00 00 00 00 00 ................
044352 00 [COLOR="red"][B]39 50 D4 0D 00 1B[/B][/COLOR] 00 00 [COLOR="red"][B]22[/B][/COLOR] 00 00 00 00 00 00 .9P......"......
044368 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044384 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044400 88 00 01 00 E2 02 00 00 03 01 00 03 04 01 00 1E ................
044416 11 00 00 10 00 00 00 00 00 00 00 C6 15 9D 06 30 ...............0
044432 0A 00 00 0B 00 00 00 03 [COLOR="red"][B]01 00[/B][/COLOR] 03 [COLOR="red"][B]04 01[/B][/COLOR] 00 [COLOR="red"][B]6A 11[/B][/COLOR] ..............j.
044448 00 00 [COLOR="red"][B]10 [/B][/COLOR]00 00 00 00 00 00 00 [COLOR="red"][B]09 00 00 00 80 1B[/B][/COLOR] ................
044464 00 00 [COLOR="red"][B]22[/B][/COLOR] 00 00 00 00 00 00 00 00 00 00 00 00 00 ..".............
044480 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044496 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044512 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
044528 00 00 00 00 00 00 00 00 88 00 01 00 E3 02 00 00 ................
044544 03 [COLOR="red"][B]01 00[/B][/COLOR] 03 [COLOR="red"][B]04 01[/B][/COLOR] 00 [COLOR="red"][B]51 11[/B][/COLOR] 00 00 [COLOR="red"][B]10[/B][/COLOR] 00 00 00 00 .......Q........
044560 00 00 00 [COLOR="red"][B]09 00 00 00 00 1B[/B][/COLOR] 00 00 [COLOR="red"][B]22[/B][/COLOR] 00 00 00 03 ..........."....
044576 [COLOR="red"][B]01 00[/B][/COLOR] 03 [COLOR="red"][B]04 01[/B][/COLOR] 00 [COLOR="red"][B]06 11[/B][/COLOR] 00 00 [COLOR="red"][B]10[/B][/COLOR] 00 00 00 00 00 ................
044592 00 00 [COLOR="red"][B]33 50 D4 0D 00 1B[/B][/COLOR] 00 00 00 00 00 00 00 00 ..3P............
044608 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Generated by wxHexEditor

Here's the 6th Block:
Before:
Code:
048352 7F 00 13 00 14 88 00 13 00 14 56 03 13 F0 62 86 ..........V...b.
048368 00 13 00 14 52 03 13 F0 62 8B 00 13 00 14 3D 00 ....R...b.....=.
048384 64 F0 00 41 00 64 F0 00 D5 01 64 F0 10 01 01 64 d..A.d....d....d
048400 F0 00 78 00 64 F0 10 B9 03 64 F0 02 C5 01 64 F0 ..x.d....d....d.
048416 10 46 00 64 F0 00 CD 01 64 F0 10 7C 00 64 F0 10 .F.d....d..|.d..
048432 C0 01 64 F0 10 72 00 64 F0 10 D3 01 64 F0 10 06 ..d..r.d....d...
048448 01 64 F0 00 08 01 64 F0 00 C3 01 64 F0 10 48 00 .d....d....d..H.
048464 64 F0 00 D7 01 64 F0 10 B6 01 64 F0 10 00 00 00 d....d....d.....
048480 88 00 01 00 D8 13 01 00 7F 00 13 00 14 88 00 13 ................
048496 00 14 56 03 13 F0 62 86 00 13 00 14 52 03 13 F0 ..V...b.....R...
048512 62 8B 00 13 00 14 3D 00 64 F0 00 41 00 64 F0 00 b.....=.d..A.d..
048528 D5 01 64 F0 10 01 01 64 F0 00 78 00 64 F0 10 B9 ..d....d..x.d...
048544 03 64 F0 02 C5 01 64 F0 10 46 00 64 F0 00 CD 01 .d....d..F.d....
048560 64 F0 10 7C 00 64 F0 10 C0 01 64 F0 10 72 00 64 d..|.d....d..r.d
048576 F0 10 D3 01 64 F0 10 06 01 64 F0 00 08 01 64 F0 ....d....d....d.
048592 00 C3 01 64 F0 10 48 00 64 F0 00 D7 01 64 F0 10 ...d..H.d....d..
048608 B6 01 64 F0 10 00 00 00 88 00 01 00 D9 13 00 00 ..d.............
048624 CB 01 64 F0 10 63 00 64 F0 10 76 00 64 F0 10 40 [email protected]
048640 00 64 F0 00 CF 01 64 F0 10 F9 00 64 F0 00 BD 01 .d....d....d....
048656 64 F0 10 D4 01 64 F0 10 7A 00 64 F0 10 D2 01 64 d....d..z.d....d
048672 F0 10 D1 01 64 F0 10 D9 01 64 F0 10 6F 00 64 F0 ....d....d..o.d.
048688 10 4B 00 64 F0 00 43 00 64 F0 00 3F 00 64 F0 00 .K.d..C.d..?.d..
048704 09 01 64 F0 00 0F 01 64 F0 00 44 00 64 F0 00 71 ..d....d..D.d..q
048720 00 64 F0 10 39 00 64 F0 00 BB 01 64 F0 10 FC 00 .d..9.d....d....
048736 64 F0 00 0E 01 64 F0 00 C7 01 64 F0 10 00 00 00 d....d....d.....
048752 88 00 01 00 D9 13 01 00 CB 01 64 F0 10 63 00 64 ..........d..c.d
048768 F0 10 76 00 64 F0 10 40 00 64 F0 00 CF 01 64 F0 [email protected]
048784 10 F9 00 64 F0 00 BD 01 64 F0 10 D4 01 64 F0 10 ...d....d....d..
048800 7A 00 64 F0 10 D2 01 64 F0 10 D1 01 64 F0 10 D9 z.d....d....d...
048816 01 64 F0 10 6F 00 64 F0 10 4B 00 64 F0 00 43 00 .d..o.d..K.d..C.
048832 64 F0 00 3F 00 64 F0 00 09 01 64 F0 00 0F 01 64 d..?.d....d....d
048848 F0 00 44 00 64 F0 00 71 00 64 F0 10 39 00 64 F0 ..D.d..q.d..9.d.
048864 00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01 64 F0 00 ...d....d....d..
048880 C7 01 64 F0 10 00 00 00 88 00 01 00 DA 13 00 00 ..d.............
048896 0C 01 64 F0 00 3B 00 64 F0 00 BA 01 64 F0 10 42 ..d..;.d....d..B
048912 00 64 F0 00 C2 01 64 F0 10 79 00 64 F0 10 74 00 .d....d..y.d..t.
048928 64 F0 10 6F 02 00 F1 10 95 02 00 F1 10 A1 02 03 d..o............
048944 02 27 7F 02 03 02 27 EC 00 03 02 27 5C 03 03 02 .'....'....'\...
048960 27 42 03 03 02 27 3D 00 64 F0 00 41 00 64 F0 00 'B...'=.d..A.d..
048976 D5 01 64 F0 10 01 01 64 F0 00 78 00 64 F0 10 B9 ..d....d..x.d...
048992 03 64 F0 02 C5 01 64 F0 10 46 00 64 F0 00 CD 01 .d....d..F.d....
049008 64 F0 10 7C 00 64 F0 10 C0 01 64 F0 10 00 00 00 d..|.d....d.....
049024 88 00 01 00 DA 13 01 00 0C 01 64 F0 00 3B 00 64 ..........d..;.d
049040 F0 00 BA 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0 ....d..B.d....d.
049056 10 79 00 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10 .y.d..t.d..o....
049072 95 02 00 F1 10 A1 02 03 02 27 7F 02 03 02 27 EC .........'....'.
049088 00 03 02 27 5C 03 03 02 27 42 03 03 02 27 3D 00 ...'\...'B...'=.
049104 64 F0 00 41 00 64 F0 00 D5 01 64 F0 10 01 01 64 d..A.d....d....d
049120 F0 00 78 00 64 F0 10 B9 03 64 F0 02 C5 01 64 F0 ..x.d....d....d.
049136 10 46 00 64 F0 00 CD 01 64 F0 10 7C 00 64 F0 10 .F.d....d..|.d..
049152 C0 01 64 F0 10 00 00 00 88 00 01 00 DB 13 00 00 ..d.............
049168 72 00 64 F0 10 D3 01 64 F0 10 06 01 64 F0 00 08 r.d....d....d...
049184 01 64 F0 00 C3 01 64 F0 10 48 00 64 F0 00 D7 01 .d....d..H.d....
049200 64 F0 10 B6 01 64 F0 10 CB 01 64 F0 10 63 00 64 d....d....d..c.d
049216 F0 10 76 00 64 F0 10 40 00 64 F0 00 CF 01 64 F0 [email protected]
049232 10 F9 00 64 F0 00 BD 01 64 F0 10 D4 01 64 F0 10 ...d....d....d..
049248 7A 00 64 F0 10 D2 01 64 F0 10 D1 01 64 F0 10 D9 z.d....d....d...
049264 01 64 F0 10 6F 00 64 F0 10 4B 00 64 F0 00 43 00 .d..o.d..K.d..C.
049280 64 F0 00 3F 00 64 F0 00 09 01 64 F0 00 00 00 00 d..?.d....d.....
049296 88 00 01 00 DB 13 01 00 72 00 64 F0 10 D3 01 64 ........r.d....d
049312 F0 10 06 01 64 F0 00 08 01 64 F0 00 C3 01 64 F0 ....d....d....d.
049328 10 48 00 64 F0 00 D7 01 64 F0 10 B6 01 64 F0 10 .H.d....d....d..
049344 CB 01 64 F0 10 63 00 64 F0 10 76 00 64 F0 10 40 [email protected]
049360 00 64 F0 00 CF 01 64 F0 10 F9 00 64 F0 00 BD 01 .d....d....d....
049376 64 F0 10 D4 01 64 F0 10 7A 00 64 F0 10 D2 01 64 d....d..z.d....d
049392 F0 10 D1 01 64 F0 10 D9 01 64 F0 10 6F 00 64 F0 ....d....d..o.d.
049408 10 4B 00 64 F0 00 43 00 64 F0 00 3F 00 64 F0 00 .K.d..C.d..?.d..
049424 09 01 64 F0 00 00 00 00 88 00 01 00 DC 13 00 00 ..d.............
049440 0F 01 64 F0 00 44 00 64 F0 00 71 00 64 F0 10 39 ..d..D.d..q.d..9
049456 00 64 F0 00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01 .d....d....d....
049472 64 F0 00 C7 01 64 F0 10 0C 01 64 F0 00 3B 00 64 d....d....d..;.d
049488 F0 00 BA 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0 ....d..B.d....d.
049504 10 79 00 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10 .y.d..t.d..o....
049520 95 02 00 F1 10 FF FF FF FF FF FF FF FF FF FF FF ................
After: (color coding still in progress - manual process)
Code:
048352 [COLOR="Red"]70 02[/COLOR] 13 [COLOR="red"]F0 62 B3[/COLOR] 00 13 00 14 [COLOR="red"]B8 00 [/COLOR]13 [COLOR="red"]00 14 44[/COLOR] p...b..........D
048368 [COLOR="red"]03[/COLOR] 13 00 14 [COLOR="red"]40[/COLOR] 03 13 [COLOR="red"]00 14 B1[/COLOR] 00 13 00 14 [COLOR="red"]B5[/COLOR] 00 [email protected]
048384 [COLOR="red"]13 00 14 BC[/COLOR] 00 [COLOR="red"]13 00 14 75 02 13[/COLOR] F0 [COLOR="red"]62 72 02 13 [/COLOR] ........u...br..
048400 F0 [COLOR="red"]62[/COLOR] 78[COLOR="red"] 02 13 [/COLOR]F0 [COLOR="red"]62 B7 00 13 00 14 B9 00 13 00[/COLOR] .bx...b.........
048416 [COLOR="red"]14 B0[/COLOR] 00 [COLOR="red"]13 00 14 73 02 13[/COLOR] F0 [COLOR="red"]62 46 03 13 00 14[/COLOR] ......s...bF....
048432 3A 03 13 00 14 79 02 13 F0 62 BD 00 13 00 14 43 :....y...b.....C
048448 03 13 00 14 41 03 13 00 14 3F 03 13 00 14 3E 03 ....A....?....>.
048464 13 00 14 39 03 13 00 14 BA 00 13 00 14 00 00 00 ...9............
048480 88 00 01 00 D8 13 01 00 70 02 13 F0 62 B3 00 13 ........p...b...
048496 00 14 B8 00 13 00 14 44 03 13 00 14 40 03 13 00 [email protected]
048512 14 B1 00 13 00 14 B5 00 13 00 14 BC 00 13 00 14 ................
048528 75 02 13 F0 62 72 02 13 F0 62 78 02 13 F0 62 B7 u...br...bx...b.
048544 00 13 00 14 B9 00 13 00 14 B0 00 13 00 14 73 02 ..............s.
048560 13 F0 62 46 03 13 00 14 3A 03 13 00 14 79 02 13 ..bF....:....y..
048576 F0 62 BD 00 13 00 14 43 03 13 00 14 41 03 13 00 .b.....C....A...
048592 14 3F 03 13 00 14 3E 03 13 00 14 39 03 13 00 14 .?....>....9....
048608 BA 00 13 00 14 00 00 00 88 00 01 00 D9 13 00 00 ................
048624 B6 00 13 00 14 38 03 13 00 14 3C 03 13 00 14 B4 .....8....<.....
048640 00 13 00 14 7C 02 13 F0 62 AF 00 13 00 14 45 03 ....|...b.....E.
048656 13 00 14 7B 02 13 F0 62 74 02 13 F0 62 7F 00 13 ...{...bt...b...
048672 00 14 88 00 13 00 14 56 03 13 F0 62 86 00 13 00 .......V...b....
048688 14 52 03 13 F0 62 8B 00 13 00 14 3D 00 64 F0 00 .R...b.....=.d..
048704 41 00 64 F0 00 D5 01 64 F0 10 01 01 64 F0 00 78 A.d....d....d..x
048720 00 64 F0 10 B9 03 64 F0 02 C5 01 64 F0 10 46 00 .d....d....d..F.
048736 64 F0 00 CD 01 64 F0 10 7C 00 64 F0 10 00 00 00 d....d..|.d.....
048752 88 00 01 00 D9 13 01 00 B6 00 13 00 14 38 03 13 .............8..
048768 00 14 3C 03 13 00 14 B4 00 13 00 14 7C 02 13 F0 ..<.........|...
048784 62 AF 00 13 00 14 45 03 13 00 14 7B 02 13 F0 62 b.....E....{...b
048800 74 02 13 F0 62 7F 00 13 00 14 88 00 13 00 14 56 t...b..........V
048816 03 13 F0 62 86 00 13 00 14 52 03 13 F0 62 8B 00 ...b.....R...b..
048832 13 00 14 3D 00 64 F0 00 41 00 64 F0 00 D5 01 64 ...=.d..A.d....d
048848 F0 10 01 01 64 F0 00 78 00 64 F0 10 B9 03 64 F0 ....d..x.d....d.
048864 02 C5 01 64 F0 10 46 00 64 F0 00 CD 01 64 F0 10 ...d..F.d....d..
048880 7C 00 64 F0 10 00 00 00 88 00 01 00 DA 13 00 00 |.d.............
048896 C0 01 64 F0 10 72 00 64 F0 10 D3 01 64 F0 10 06 ..d..r.d....d...
048912 01 64 F0 00 08 01 64 F0 00 C3 01 64 F0 10 48 00 .d....d....d..H.
048928 64 F0 00 D7 01 64 F0 10 B6 01 64 F0 10 CB 01 64 d....d....d....d
048944 F0 10 63 00 64 F0 10 76 00 64 F0 10 40 00 64 F0 [email protected]
048960 00 CF 01 64 F0 10 F9 00 64 F0 00 BD 01 64 F0 10 ...d....d....d..
048976 D4 01 64 F0 10 7A 00 64 F0 10 D2 01 64 F0 10 D1 ..d..z.d....d...
048992 01 64 F0 10 D9 01 64 F0 10 6F 00 64 F0 10 4B 00 .d....d..o.d..K.
049008 64 F0 00 43 00 64 F0 00 3F 00 64 F0 00 00 00 00 d..C.d..?.d.....
049024 88 00 01 00 DA 13 01 00 C0 01 64 F0 10 72 00 64 ..........d..r.d
049040 F0 10 D3 01 64 F0 10 06 01 64 F0 00 08 01 64 F0 ....d....d....d.
049056 00 C3 01 64 F0 10 48 00 64 F0 00 D7 01 64 F0 10 ...d..H.d....d..
049072 B6 01 64 F0 10 CB 01 64 F0 10 63 00 64 F0 10 76 ..d....d..c.d..v
049088 00 64 F0 10 40 00 64 F0 00 CF 01 64 F0 10 F9 00 [email protected]
049104 64 F0 00 BD 01 64 F0 10 D4 01 64 F0 10 7A 00 64 d....d....d..z.d
049120 F0 10 D2 01 64 F0 10 D1 01 64 F0 10 D9 01 64 F0 ....d....d....d.
049136 10 6F 00 64 F0 10 4B 00 64 F0 00 43 00 64 F0 00 .o.d..K.d..C.d..
049152 3F 00 64 F0 00 00 00 00 88 00 01 00 DB 13 00 00 ?.d.............
049168 09 01 64 F0 00 0F 01 64 F0 00 44 00 64 F0 00 71 ..d....d..D.d..q
049184 00 64 F0 10 39 00 64 F0 00 BB 01 64 F0 10 FC 00 .d..9.d....d....
049200 64 F0 00 0E 01 64 F0 00 C7 01 64 F0 10 0C 01 64 d....d....d....d
049216 F0 00 3B 00 64 F0 00 BA 01 64 F0 10 42 00 64 F0 ..;.d....d..B.d.
049232 00 C2 01 64 F0 10 79 00 64 F0 10 74 00 64 F0 10 ...d..y.d..t.d..
049248 6F 02 00 F1 10 95 02 00 F1 10 A1 02 03 02 27 7F o.............'.
049264 02 03 02 27 EC 00 03 02 27 5C 03 03 02 27 42 03 ...'....'\...'B.
049280 03 02 27 3F 00 64 F0 00 09 01 64 F0 00 00 00 00 ..'?.d....d.....
049296 88 00 01 00 DB 13 01 00 09 01 64 F0 00 0F 01 64 ..........d....d
049312 F0 00 44 00 64 F0 00 71 00 64 F0 10 39 00 64 F0 ..D.d..q.d..9.d.
049328 00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01 64 F0 00 ...d....d....d..
049344 C7 01 64 F0 10 0C 01 64 F0 00 3B 00 64 F0 00 BA ..d....d..;.d...
049360 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0 10 79 00 .d..B.d....d..y.
049376 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10 95 02 00 d..t.d..o.......
049392 F1 10 A1 02 03 02 27 7F 02 03 02 27 EC 00 03 02 ......'....'....
049408 27 5C 03 03 02 27 42 03 03 02 27 3F 00 64 F0 00 '\...'B...'?.d..
049424 09 01 64 F0 00 00 00 00 88 00 01 00 DC 13 00 00 ..d.............
049440 0F 01 64 F0 00 44 00 64 F0 00 71 00 64 F0 10 39 ..d..D.d..q.d..9
049456 00 64 F0 00 BB 01 64 F0 10 FC 00 64 F0 00 0E 01 .d....d....d....
049472 64 F0 00 C7 01 64 F0 10 0C 01 64 F0 00 3B 00 64 d....d....d..;.d
049488 F0 00 BA 01 64 F0 10 42 00 64 F0 00 C2 01 64 F0 ....d..B.d....d.
049504 10 79 00 64 F0 10 74 00 64 F0 10 6F 02 00 F1 10 .y.d..t.d..o....
049520 95 02 00 F1 10 FF FF FF FF FF FF FF FF FF FF FF ................

OP I have been in contact with Spock12 on this thread he might be able to help out if he can find a US & Varients on ebay for cheep...
Hopeful he can get this work it would be Fantastic for us > US & Variants GS3 I747- I747M

Waiting that somebody posts it's nvram dump (or that I find a device), did you try to make another dump of your nvram and compare it once again with those you already have ? It might help to discriminate some areas found by the first diff.
Edit : Also I've seen a thread called "free SIM unlock n7105", seems that a hidden Samsung menu allows note 2 unlocking. As its really easy to use, perhaps somebody should ask them to make a nvram dump before/after so that we have more material to work on (assuming the simlock is located in the same place)

i have to ask. what is the point of unlocking a phone ? should i have mine unlocked ?

sedwards1969 said:
i have to ask. what is the point of unlocking a phone ? should i have mine unlocked ?
Click to expand...
Click to collapse
So that you can put another carrier SIM in your phone. Mine is locked to at&t so if I travel abroad I can't use another service. Further more, if I sell it, I can only offer to other at&t users which reduces it's value.
Sent from my SGH-T999 using Tapatalk 2

This method is confirmed working to unlock your phone from the samsung hidden menu
http://forum.xda-developers.com/showthread.php?t=2014982
Its for a note 2 but give it a shot sgs3 still has the same menu and all the same options
Sent from my SGH-I747M using xda premium

thatsupnow said:
This method is confirmed working to unlock your phone from the samsung hidden menu
http://forum.xda-developers.com/showthread.php?t=2014982
Its for a note 2 but give it a shot sgs3 still has the same menu and all the same options
Sent from my SGH-I747M using xda premium
Click to expand...
Click to collapse
Doesn't work.
Maybe it will work when we get JB update on Monday.
Sent from my SGH-I747M

thatsupnow said:
This method is confirmed working to unlock your phone from the samsung hidden menu
http://forum.xda-developers.com/showthread.php?t=2014982
Its for a note 2 but give it a shot sgs3 still has the same menu and all the same options
Sent from my SGH-I747M using xda premium
Click to expand...
Click to collapse
Wanted to report in this thread that the above link sim unlocked my att i747. I tried numerous sims and was never prompted for the sim unlock code. I tried a verizon sim, tmobile sim, simple mobile sim. Great find !!! Thank you. I believe that it is important to follow instructions to the t. It says "wait 30 seconds" at one point and "wait one minute" at another. Just my two cents and confirmation.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2

yulet said:
Doesn't work.
Maybe it will work when we get JB update on Monday.
Sent from my SGH-I747M
Click to expand...
Click to collapse
make sure your on bone stock rom, that's what alot of other users are saying
Sent from my SGH-I747M using xda premium

thatsupnow said:
make sure your on bone stock rom, that's what alot of other users are saying
Sent from my SGH-I747M using xda premium
Click to expand...
Click to collapse
I re-flashed TELUS ROM, didn't work. Then I tried stock AT&T ROM, same result.

thatsupnow said:
make sure your on bone stock rom, that's what alot of other users are saying
Sent from my SGH-I747M using xda premium
Click to expand...
Click to collapse
Yes. Im on stock LH9. Worked for me.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
I tested before proccedure and got the "enter unlock code" then after...I had data and voice. I tried 2 sims. One tmobile and the other a simple mobile. I even stuck in a verizon sim and had 4 bars on unknown network but in service. This was in Yuma Az.

Goal: S-off HOX (TEGRA3)

Hey guys, as i said above, i want to get the HOX+ S-off'd (and maybe the HOX if it's not already, not checked) if anyone has idea's and so on, run through on this thread lets get this ball rolling!!
Moderator Warning
Keep discussions speisifc to the goal of getting S-off on the device. All other discussions will be deleted.

IHTC One X+ Infos will be adapted to this as soon as possible.
Names for the devices are:
Model ID: PM35110
Model Name: S728e
aka One X+
Model ID: PJ46100 aka
Model Name: S720e
aka One X​
So as the title says, we're facing the problem of not having S-OFF yet, although the One X (S720e) has been released nine months ago. The One X+ is newer but since it has the same processor family, it's accountable to this project. It's possible to unlock the bootloader via HTCdev but it doesn't gives us S-OFF. The Unlock via HTCdev gives us only partially control over Bootloader and Recovery. Since it's release date, some great Devs including Xmoo, Football, Mike1986 and more tried to disable the security check. Unfortunatly without a solution for the masses. Also the One X+ (S728e) is relatively new on the market, so THIS is maybe the first thread in the world regarding S-OFF on the S728e Unlike on other HTC phones, on which hardware solutions like the XTC-Clip, or software solutions like revolutionary or any similar software did the job, on the One X they're not going to work. At the moment the only known method is the official HTC's way.
Ways to set the devices S-OFF​
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
--------------DIAG + JAVCARD Route--------------​
Infos I could gather. At the moment these infos are only valid for the S720e:
monx® said:
Basically u need adb/android SDK before proceed.
[WITH ROOT ACCESS]
[+] Dump/copy boot.img
Code:
Command prompt :
> adb shell
> su
> dd if=/dev/block/mmcblk0p4 of=/sdcard/boot.img
More partition/img availabe to dump. Will update later.
[WITHOUT ROOT ACCESS]
Currently only /system is usable
1) Android SDK (just need adb)
2) Download busybox
3) Command prompt :
> adb push busybox /data/local/busybox
> adb shell
> cd /sdcard/
> chmod 755 /data/local/busybox
> /data/local/busybox tar cvf sysdump.tar /system
4) Ignore tar: error exit delayed from previous errors'. Is done correctly.
----------------------------------------------------------------------
Just finished dumped my semi-virgin One X system partition from SEA WWE stock ROM .
The file would be OneX_SEA_WWE_1.26.707.2_SYSTEM_DUMP.zip 558.3 MB
Click to expand...
Click to collapse
Radio (The Radiomodule on S720e is an Intel X-Gold 626 chip [XMM6260]) location (xmoo's post Radio) Documentation of the Radio chip and direct download:
xmoo; said:
Mike found out Radio is probably: \system\etc\QUO_6260.fls.clean
7.96MB
Commands located in QUO_6260.fls.clean
CALIB_NVM
DYNAMIC_NVM
STATIC_NVM
SEC_DATA
PSI_RAM
If I could believe the following:
Found the same commands in a datasheet: "MSM3000Qualcomm, Inc.MOBILE STATION MODEM"
http://www.datasheetarchive.com/MSM3000-datasheet.html
So guess we got the Radio located!
Click to expand...
Click to collapse
Possible Hboot location (blubber's post Hboot):
blubber; said:
xmoo; said:
How do you know this?
/EBT does not excist on my phone.
mmcblk0p2 -> /dev/block/platform/sdhci-tegra.3/by-name/WDM
mmcblk0p16 -> /dev/block/platform/sdhci-tegra.3/by-name/DUM
mmcblk0p17 -> /dev/block/platform/sdhci-tegra.3/by-name/MSC
mmcblk0p20 -> /dev/block/platform/sdhci-tegra.3/by-name/PDT
Click to expand...
Click to collapse
of course it does not exist as i have written a few times before!
it is not accessible with a stock kernel!
i know it is there:
Code:
130|[email protected]:/ # hexdump -C /dev/block/mmcblk0|grep EBT
000000e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
and the EBT partition does contain the bootloader!
Click to expand...
Click to collapse
CID Check needs to be bypassed (xmoo's post CID check)
xmoo said:
Guys, the diag files have "CIDNUM: 11111111" in it.
Can't change it cause the file gets corrupted.
So only way to boot it up is by passing the CID check.
This is were the Smartcard or Goldcard comes in.
We tried the one from http://psas.revskills.de/?q=goldcard with no success.
I remember for some devices you had to change 00 to 11, or something like that.
Maybe this has to be done for this device aswell. Also I remember something that SDHC cards were not supported, or they are... been a long time ago.
So your help is need.
Create a goldcard which works.
Remember to test it like this: http://forum.xda-developers.com/show....php?t=1714056
Thank you.
Click to expand...
Click to collapse
Partiton list (Football's post Partition list)
Football said:
After intensive digging in some stuff I have found this. This is whole partition list for One X with all addresses and lengths of partitions...
Code:
[partition]
name=BCT
id=2
start_location=0x00
size=0x400000
[partition]
name=PT
id=3
start_location=0x400000
size=0x200000
[partition]
name=EBT
id=4
type=bootloader
start_location=0x600000
size=0x400000
[partition]
name=DIA
id=5
type=bootloader
start_location=0xA00000
size=0x400000
[partition] (Board Information)
name=BIF
id=6
start_location=0xE00000
size=0x200000
[partition]
name=GP1
id=7
start_location=0x1000000
size=0x200000
### WLAN firmware ###
[partition]
name=WLN
id=8
start_location=0x1200000
size=0x600000
#filename=wlan.img
### WLAN Data + MFG Data ###
[partition]
name=WDM
id=9
start_location=0x1800000
size=0x200000
filename=WDM.img
### Radio Calibration Data ###
[partition]
name=RCA
id=10
filesystem_type=ext3
start_location=0x1A00000
size=0x600000
### Linux Kernel OS ###
[partition]
name=LNX
id=11
start_location=0x2000000
size=0x800000
filename=boot.img
### Recovery ###
[partition]
name=SOS
id=12
start_location=0x2800000
size=0x800000
filename=recovery.img
### PG1FS ###
[partition]
name=PG1
id=13
start_location=0x3000000
size=0x1000000
### PG2FS ###
[partition]
name=PG2
id=14
start_location=0x4000000
size=0x1000000
### PG3FS ###
[partition]
name=PG3
id=15
start_location=0x5000000
size=0x1000000
### Software Info ###
[partition]
name=SIF
id=16
start_location=0x6000000
size=0x400000
filename=SIF.img
### Splash1 ###
[partition]
name=SP1
id=17
start_location=0x6400000
size=0x400000
### Reserve1 ###
[partition]
name=RV1
id=18
start_location=0x6800000
size=0x1C00000
### System ###
[partition]
name=APP
id=19
filesystem_type=ext3
start_location=0x8400000
size=0x50000000
filename=system.img
### Cache ###
[partition]
name=CAC
id=20
filesystem_type=ext3
start_location=0x58400000
size=0x14000000
### Internal SD ###
[partition]
name=ISD
id=21
start_location=0x6C400000
size=0x650000000
### Userdata ###
[partition]
name=UDA
id=22
filesystem_type=ext3
start_location=0x6BC400000
size=0x89400000
filename=userdata.img
### Memory dump ###
[partition]
name=DUM
id=23
start_location=0x745800000
size=0x200000
### MISC Partition ###
[partition]
name=MSC
id=24
start_location=0x745A00000
size=0x200000
### Radio File System ###
[partition]
name=RFS
id=25
start_location=0x745C00000
size=0x600000
### Develop Log ###
[partition]
name=DLG
id=26
start_location=0x746200000
size=0x1600000
### PDATA for MASD ###
[partition]
name=PDT
id=27
start_location=0x747800000
size=0x200000
[partition]
name=GPT
id=28
type=GPT
start_location=0x747A00000
#size=0xFFFFFFFFFFFFFFFF
size=0x200000
Click to expand...
Click to collapse
Mike1986's Partition Info (mike1986's post One X Partition Info)
mike1986. said:
This thread's content might brick your device.
This is not a ROM thread, so I'm not going to answer again and again and again the same questions over and over and over again.
You can't read - quit this thread now. You can read but you can't understand more or less simple things - quit as well.
You can read and you understand things, but you are too lazy to read the whole thread before asking the question - watch this first. And quit.​
This is what we know so far:
Some conclusions:
1. It's very nice to see that finally someone separated "internal sd card" from userdata partition. So it's no longer linked to /data/media, as it used to be on Asus Transformer, Transformer Prime, Galaxy Nexus etc. but it's a separate partition now - mmcblk0p14. Basically the biggest benefit from that is that now formatting userdata partition will no longer erase virtual sd card content.
2. It seems that NFC and WLAN deep settings are stored on separate partitions: mmcblk0p1 (wlan) and ? (NFC).
3. There is a 5th PHYSICAL core, but it's invisible to the system. Android only sees the 4 main cores. The 5th companion core is not controlled by Android. Tegra 3 architecture itself handles the load balancing between the main cores and the companion core. (Thanks to Diamondback)
4. There is no radio.img in current RUUs.
Download firmware for HTC One X (PJ4610000)
Firmware from 1.28.401.9 RUU
--- MD5 checksum: 83375DF988C86E92417AA8949012A1C2 *PJ46IMG.zip ---
Supported devices:
--- CID's added by users requests are marked with green color ---
cidnum: HTC__001
cidnum: HTC__E11
cidnum: HTC__203
cidnum: HTC__Y13
cidnum: HTC__102
cidnum: HTC__405
cidnum: HTC__304
cidnum: HTC__032
cidnum: HTC__J15
cidnum: HTC__A07
cidnum: HTC__016
cidnum: HTC__M27​
Why it's better then full RUU:
1. It doesn't contain stock recovery
2. It doesn't contain stock, non rooted system
3. It doesn't contain secured boot.img
4. It wont wipe your data partition
5. It's much smaller
PJ46IMG.zip content: [UPDATE: 25.03.2012]
android-info.txt - updated [20.04.2012]
bct.img - updated [25.03.2012]
rcdata.img - updated [20.04.2012]
How to flash:
1. Check your CID using fastboot getvar cid and MID using fastboot getvar mid
2a. If your CID and MID are supported by default, navigate to point 3.
2b. If your CID or MID is not supported by default, do this: (you do it at your own risk)
2c. Open PJ46IMG.zip (don't extract it)
2d. Open android-info.txt in text editor
2e. Add your cidnum: or modelid: to the list, save file and close archive
3. Place PJ46IMG.zip on your SD card
4. Boot your device holding power button + vol down button
5. Follow instructions on the screen
Additional information:
1. Flash above firmware at your own risk!
2. It's recommended to flash it before flashing custom ROM based on proper RUU!
3. Unlocking via htcdev.com will change your CID number into "none".
4. RUU variants:
x.xx.61.x - Orange UK (United Kingdom)
x.xx.75.x - Orange ES (Spain)
x.xx.110.x - T-Mobile UK (United Kingdom)
x.xx.111.x - T-Mobile DE (Germany)
x.xx.112.x - T-Mobile AT (Austria)
x.xx.114.x - T-Mobile NL (Netherlands)
x.xx.118.x - T-Mobile PL (Poland)
x.xx.161.x - Vodafone UK (United Kingdom)
x.xx.166.x - Vodafone CH-DE (Switzerland - Germany)
x.xx.163.x - Vodafone FR (France)
x.xx.169.x - Vodafone AT (Austria)
x.xx.206.x - O2 UK (United Kingdom)
x.xx.207.x - O2 DE (Germany)
x.xx.401.x - World Wide English
x.xx.707.x - Asia WWE (World Wide English)
x.xx.720.x - Asia India
x.xx.771.x - Hutchison 3G UK (United Kingdom)
x.xx.862.x - Voda-Hutch AU (Australia)
x.xx.980.x - Optus AU (Australia)
x.xx.1400.x - HTC China
Please post here your findings, thoughts or experience with after flashing images listed above.
Click to expand...
Click to collapse
Mike1986's addition (mike1986's post Addition)
mike1986 said:
Something more:
/system/etc/Flash_Loader.conf
boot_port_name=/dev/ttyACMX0
fw_download_port_name=/dev/ttyACMX0
baudrate=921600
BootTimeOut=3000
CommTimeOut=1000
eep_normal_mode=m
file_name=/data/modem_work/QUO_6260.fls
#file_name=QUO_6260.fls
#file_name=XMM6260_SIC.fls
#log_fname=/dev/null
log_fname=/data/modem_work/Flash_Loader.log
Click to expand...
Click to collapse
also
\system\bin\poweron_modem_fls.sh
Line 55: /system/bin/InjectionTool -i ${backup_dir}/QUO_6260.fls.clean -o ${Injected_dir}/QUO_6260.fls -n ${work_dir} -s ${sec_dir}
Line 55: /system/bin/InjectionTool -i ${backup_dir}/QUO_6260.fls.clean -o ${Injected_dir}/QUO_6260.fls -n ${work_dir} -s ${sec_dir}
Click to expand...
Click to collapse
and
\system\bin\poweron_modem_hboot.sh
Line 50: /system/bin/InjectionTool -i ${backup_dir}/QUO_6260.fls.clean -o ${Injected_dir}/QUO_6260.fls -n ${work_dir} -s ${sec_dir}
Line 50: /system/bin/InjectionTool -i ${backup_dir}/QUO_6260.fls.clean -o ${Injected_dir}/QUO_6260.fls -n ${work_dir} -s ${sec_dir}
Click to expand...
Click to collapse
And from flash_loader.log
Start downloading item 'CODE:../HW/XMM6260_V2_USB-HSIC_FLASHLESS_EDE_1.0/MODEM_DEBUG/QUO_6260.fls'' from file '/data/modem_work/QUO_6260.fls
Click to expand...
Click to collapse
Click to expand...
Click to collapse
This is how HTC does it:
My attempt (tried also on locked bootloader with the same output)
Things you'll need for this trick:
- USB OTG-Y-Cable. You can also build your own with this guide : How to make external powered OTG Cable
- USB SD Cardreader
- MicroSD Javacard (if you can bypass cid check, the Javacard is not needed) Xmoo said this one is used by HTC: GO-Trust® Secure microSD Java. It costs 980 US Dollars together with the SDK. Also, even if you have the Javacard you have to build the Application environment.
- 5V+ Power supply (Standard wall charger)
- PJ46DIAG.zip= clean S58 Data program specificly for the S720E/S728e. The correct DIAG has tot have a size of 964kb or 941kb and must contain the string "clean s58..." which can be checked with hexedit or any similar hex editor.
The procedure:
1. Put PJ46DIAG.zip on the Secure MicroSD Javacard
2. Plug it into the USB SD Cardreader
3. Plug the Cardreader into the female end of USB OTG-Y-Cable
4. Plug the OTG-Y-Cable into the USB port of the phone
5. Plug the cable onto the power supply
6. Reboot into bootloader
7. Once in Bootloader the file will be load by the phone and you'll land in S58 Menu. Clean S58 Data and you've successfully set your device S-Off
And here's the problem with this method. 1. A Javacard is really hard to get. I've never saw one, no one I know has ever saw one 2. The Diag file can't be leaked. The ones I've attached here are useless as Xmoo said and maybe proved. I have attached them though. So anyone interested and willing to help can investigate them.
As we know, the Diag file's for the One X can't be leaked. They're spread to choosen HTC-Repair centres, so a leak will easily be traced back. This would bring the affected people in some serious trouble. But this is interesting. These guys over on pdacentre use the official method. It's suspicious, kind of. For now, this is the only know method. It cost's around 2000 rubel (65€ | 85$) + shipping depending on your location. Of course this isn't an appropriate solution. Another thing; Why do we need a Javacard? Well, because the DIAG files will only work on devices with SuperCID (11111111) not on normal CID (HTC__XXX). So another way is to bypass the CID check.
Rough diagram of a Javacard
Copyright © 2011 GOTrust Technology Inc., All rights reserved.
TOOLBOX
The DIAG files I've linke don't have any function except from superwipe. They're only meant to be used as a test file to check if we can load such DIAG files.:
Goal: S-off HOX+ and maybe the HOX (TEGRA3)
Obtaining HTC One X Diag File to Manage S-OFF!!
[S-OFF]Development
ENG Hboot 0.03
PJ46DIAG_4
DIAG files of older HTC devices
NVflashdrivers
Radio Documentation
TEGRA 3 Documentation. PM me for password.
Click to expand...
Click to collapse
How do I know that I have the correct DIAG file? ;
The clean DIAG has a size of 964kb or 941kb. Or look at the image above. If your DIAG is called like them it could be the correct one also. But to be really sure, do the following;
Download any HEXeditor you can get. Open the DIAG file with the HEXeditor and search for keywords like "clean", "s58", . If you find these two strings in the DIAG file, it could be the correct one. We'd appreciate it if you could upload the file.
"clean s58"
Known and working DIAG files for the One X
What's already been done:
xmoo; said:
13-04-2012 XDA.CN releases pictures showing someone succesfully has S-OFF'd his device. Tool is for sale here: http://item.taobao.com/item.htm?id=10824156715
17-04-2012 Thread made.
17-04-2012 We have found someone with a S-OFF device, and a newer HBOOT than the one from XDA.CN. Trying to get access to the HBOOT.
18-04-2012 OTA 1.28 brings HBOOT 0.94.
18-04-2012 New member with a S-OFF device is willing to help.
19-04-2012 HBOOT 0.43 S-OFF rfs.img received and uploaded.
19-04-2012 RFS.img is not the correct file, searching continues...
19-04-2012 Radio located, click here
26-04-2012 HBOOT probably located here
15-05-2012 NVFlash app + APX Drivers added
12-06-2012 Tegra 3 Manual added, see here!
16-06-2012 HBOOT 1.11 from the test-keys uploaded here!
16-06-2012 Huge development, read more about it!
18-06-2012 Need to find a way to by-pass CID check.
19-06-2012 Football Partition list for One X with all addresses and lengths of partitions which can be found here.
27-06-2012 Huhge thread clean-up and update.
04-07-2012 Had the chance to play with a S-OFF device, read more about it here! ENG HBOOT which is used in test, is located here.
09-07-2012 Javacard with DIAG will work, but won't be a good solution cause no one got a legit Javacard and the DIAG files can't be leaked!
14-07-2012 Video added which shows the Javacard with DIAG method. Video can be found here.
14-07-2012 The ENG HBOOT 0.03 that Football uploaded lost it's sign. I re-uploaded it and re-checked the file and it should be good now. You can find the new .zip here.
FAQ.
What is S-OFF?
S-OFF stands for Security-OFF
S-OFF means that the NAND portion of the device is unlocked and can be written to. The default setting for HTC’s devices is S-ON, which means that neither can you access certain areas of the system nor can you guarantee a permanent root. Furthermore, signature check for firmware images is also ensured by the S-ON flag.
What has already been done?
-Tried flashing DIAG file, but with no success. File needs SuperCID.
-Tried flashing ENG HBOOT as zip file, but with no success. File needs SuperCID.
-Tried flashing modified DIAG file, but with no success. File needs SuperCID.
-Tried flashing modified HBOOT as zip file, but with no success. Signature check failed.
-Tried creating a Goldcard, but won't work. The Goldcare is for Qualcomm devices.
-Root while phone is LOCKED, won't work. Only will work on the Qualcomm One X and One XL.
-Ask the Chineese guy with the S-OFF tool. Won't share, cause he needs his money.
-Tried flashing files over recovery, but with no success.
-Tried flashing TETS and MFG ROMs, but with no success. Phone needs S-OFF because the ROMS are not sighned.
-Tried changing CID, but won't work. Only will work on the Qualcomm One X and One XL.
-Tried commands over ADB, but with no success.
-Tried XTC clip, won't work.
How Do I Know If My Device Is S-ON Or S-OFF?
That is easy to verify. Simply boot into HBOOT (bootloader) on your device, and the text on top will show the flag status as either S-OFF or S-ON. A full root generally means S-OFF.
S-OFF – What And Why?
HTC have installed a sort of security check whose level is determined by S-OFF/S-ON. Essentially, this security level is a flag stored on the device’s radio that checks signature images for any firmware before it is allowed to be written to system memory. This hinders using any custom ROMs, splash images, recovery etc., and also restricts access to the NAND flash memory. However, when security level is set to S-OFF, the signature check is bypassed, allowing a user to upload custom firmware images, unsigned boot, recovery, splash and HBOOT images, as well as official firmware that has been modified, this enabling maximum customization of your HTC Android device.
Furthermore, S-OFF also reduces restrictions on accessing the NAND flash memory on the device, allowing all partitions (including /system) to be mounted in write mode while the operating system is booted.
Where is it located?
Don't know yet, here are the partitions.
How can I flash through SD?
Tutorial added here!
What HBOOT status have we seen so far?
ENDEAVORU PVT SHIP S-ON RL
ENDEAVORU PVT SHIP S-OFF RL
ENDEAVORU PVT ENG S-OFF RL
ENDEAVORU XE ENG S-OFF RH
ENDEAVORU PVT MFG RH
ENDEAVORU XE SHIP S-OFF RH
ENDEAVORU UNKNOWN ENG S-OFF RH
Partition list for One X with all addresses and lengths of partitions
Football share the full list which can be found here.
How does HTC do it?
They do it with a smartcard/javacard/goldcard (What ever you want to call it) in combination with the DIAG file. Proof is in the attachment.
Click to expand...
Click to collapse
--------------Alternative APX MODE Route--------------​
xmoo said:
Hey guys,
Please stop PM'ing me about APX Mode. I get like 10 PM's a day.
How to get in
Nobody really knows. The most common way has been pressing volume up and down together while device is off and then plugin USB while connected to a computer.
How to get out
When your device is in APX Mode, HTC fixes it in repair. Someone here on XDA PM'd me with this video and said it should work: http://www.youtube.com/watch?v=rsnl_LIgzt0
I have not tried it myself, so just give it a try and share with the rest.
All the other discussions about APX can be done here, please stop pm'ing me.
Thank you!
Click to expand...
Click to collapse
Alright Folks! TripNRaVer has made something rudimentary, awesome, fascinating...words can't describe....Work!! Here You go, APX DRIVERS FOR THE ONE X
TripNRaVeR said:
For those of you that are in APX Mode or want to mess with APX here is the modified driver for the One X.
Now you have acces to the device again through USB.
Todo:
- Plug the usb cable in hox
- Goto device manager
- Search for APX or Unknown device or whatever it is listed
- Choose update driver
- Choose manually select driver
- Select the folder where you extracted the zip file
- Install drivers
Use nvflash to gain acces to the device again.
Download:
http://tripndroid.bindroidroms.com/TripNDroid-HOX-APX-Driver.zip
Nvflash:
- Use nvflash binary to gain acces to the device
- Including flash.cfg for endeavoru to use with nvflash.exe
- Including a bct file
http://tripndroid.bindroidroms.com/tripndroid_nvflash.zip
Click to expand...
Click to collapse
PLEASE read on the threads I've linked, before you start discussion. People really did some great development.

My HOX Will be S-OFF soon, got acces to a Java white card to S-OFF in seconds..
Sent from my HTC One X using xda app-developers app

bobcoenen said:
My HOX Will be S-OFF soon, got acces to a Java white card to S-OFF in seconds..
Sent from my HTC One X using xda app-developers app
Click to expand...
Click to collapse
Well, do you have the correct diag file? And do you have HTC's private key to sign the Javacard? You have to be more specific otherwise your post isn't helping us in ANY way...I accidentally hit the thx button, don't be smug.

Yes my friend has the diag file, his HOX is already S-OFF. I will try to post a screenshot next week when mine is done. I'm not trying to be smug
Sent from my HTC One X using xda app-developers app
---------- Post added at 07:50 PM ---------- Previous post was at 07:46 PM ----------
The S-OFF process is done with a y-cable with a card reader an usb charger on the other end. For what i understood the java card is very rare.
Sent from my HTC One X using xda app-developers app

matt95 said:
well, i've been on HTC since i passed on Android and every HTC device has got S-OFFed 2 or 3 months later from the day one... i don't think this will happen unfortunately, i really believed in this but now is time to be realist.
Click to expand...
Click to collapse
You know that there's NO hard-, software which isn't vulnearable or which hasn't got an exploit, don't you? No need to be pessimistic or realistic if we keep staying constructive and productive, somehow this will be done call me a dreamer, but... let's just try to give our best, ok? This would be fine. I just think the One X hasn't got the attention it has actually deserved. Its release date was too close to the release of the gs3. HTC's great devs are mostly familiar with Qualcomm processors. Never before they've worked with a Tegra 3 processor. The available Tegra 3 devices (Asus TFXXX[T]) don't have the problem with S-Off/On, it's enough for them to be unlocked. So none of the devs who managed bootloader unlock on this Tegra devices faced this problem. This and many other avoidable reasons caused the lack of development and it's surely one of the reasons why we didn't got s-off yet.

I have just cleaned the thread up NO MORE off topic!
Sent from my HTC One X+ using xda app-developers app

After a free way so people dont need to send they're phones anywhere
Sent from my HTC One X+ using xda app-developers app

ppcd9220 said:
I've succeded in overwriting the CID. Just used count= parameter for DD command. (Block size=512b).
I've replaced my CID with another one. disconnected, connected, performed test readout. The CID string is changed.
Unfortunately it looks like it is back-uped somewhere and checked at start-up.
Because after rebooting my CID is back.
Tested 2 times. After changing - I can read it. After reboot it is back to original one.
Does anyone have any other ideas of changing CID and/or S-ON/OFF ?
Click to expand...
Click to collapse
Link to original Thread.
I posted him to ask him how he did it. It was a week ago and he didn't answered until now. My idea was to do this and try to load PJ46DIAG.zip without rebooting. As you know, if you have superCID you don't need a Javacard. Even if I don't have the correct DIAG, at least we'd have a way to load the DIAG until the correct one is out...somehow...

S-OFF via hboot upgrade
TRY AT YOUR OWN RISK. NOT VERIFIED.
I found is an article HERE for S-OFF via HBOOT upgrade. I don't have a CID HTC_621 (taiwan) so I can't try it. Neither I can verify its reliability.
I briefly translate it into english:
My One X (CID HTC_621, hboot 0.94 or 0.95 can't remember the exact version) hboot has to be upgraded to flash Android 4.1.1 so I did a manual upgrade of hboot to 1.31. At the end of the upgrade, I discovered by chance that my One X is now S-OFF. I did a trial by flashing new ROM without flashing boot.img and it works.
So, this S-OFF is done via manual hboot upgrade (for HTC_621) to 1.31. Do not attempt on other CID One X.
Below is the step-by-step procedures:
1. Download RUU for Asia_Taiwan (2.17.709.2 or 2.18.709.x) and Endeavoru_CustomRUU. Make sure One X is locked, go into fastboot and connect to USB. Unzip the Endeavoru_CustomRUU to somewhere. Rename the Official RUU zip to "rom.zip" and put inside the folder of the unzipped Endeavoru_CustomRUU. Run ARUWizard.exe.
2. Make sure the following is run in Windows XP. You will stuck under Windows 7. Make sure all HTC drivers are installed.
3. Download JBFW here and Asia_Taiwan 3.14 OTA here. Unzip the JBFW and the OTA package. Copy the firmware.zip (from OTA package) and the Unlock_code.bin (obtained from htcdev.com) into the JBFW folder.
4. Go into fastboot usb mode, run JBFWFlasher.bat. It will say to put the Unlock_code.bin and custom boot file into the folder (this was done in Step 3 above), and warn this is for certain CID only. I ignore this and click NEXT NEXT NEXT until it is done.
These are the steps I used to obtain (unexpectedly) S-OFF. This is what I want to share and hope you guys get S-OFF soon.
Click to expand...
Click to collapse
TRY AT YOUR OWN RISK. Neither the author or me will be responsible for your device.

singcheng said:
TRY AT YOUR OWN RISK. NOT VERIFIED.
I found is an article HERE for S-OFF via HBOOT upgrade. I don't have a CID HTC_621 (taiwan) so I can't try it. Neither I can verify its reliability.
I briefly translate it into english:
TRY AT YOUR OWN RISK. Neither the author or me will be responsible for your device.
Click to expand...
Click to collapse
Read somewhere that the diag file can't be leaked because it will be traced back to the guy who leaked it. Now can we get it and make our own diag file based on it?

Drefsab said:
Several people have tried this and not had it work.
Click to expand...
Click to collapse
your welcome to discuss the methods here, but PLEASE either show the reasons why or at least link it for me please? I've been looking into this and got a couple of ideas....

hboot
Hey Guys!
Dunno if its worth much but I downloaded the ENG HBoot File you linked in the first post and opened it in a hex editor and poked a little bit around. I found this:
Code:
Settings memory area 10B 00 01 00 Disable patches 0A 00 01 00 Settings memory area 2 Settings memory area 2 first Settings memory area 2 second Settings memory area 2 third 0B 00 01 01 Settings memory area 3 Flash Code memory area 0B 00 01 02
Patch Code memory area 0B 00 01 03 Enable patches 0A 00 01 01 Final Integrity check 0B 00 01 FF%d: SD init
%d: SD init fail !!!%d:SD FAT32 init OK Checking key-card...Checking key-card...
%d: Not key-card !!!%d: Key-card DMCID.dat Open '%s' file success !!!
hFile = 0x%x, file_size = 0x%x
Read '%s' (%d != %d B)
[email protected]=0: Change CID to '%s'4: Change CID to '%s'Alloc data buffer failOpen '%s' file fail###[ End CDMA Cust Mode ]###
It looks like thats the part where it checks for a "key-card". Probably this Java Card??

Thats well known. With an ENG Bootloader you can do whatever you want including CID Changes.
hexdump of EBT Partition, where Hboot is possibly located. As Footbal said, on a stock kernel this partition is somehow hidden. Even on hboot 1.36.
Code:
[email protected]:/ $ su
[email protected]:/ # hexdump -C /dev/block/mmcblk0|grep EBT
[COLOR="Red"]000000e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|[/COLOR]
000000f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000010e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000010f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000020e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000020f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000030e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000030f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000040e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000040f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000050e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000050f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000060e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000060f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000070e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000070f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000080e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000080f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000090e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000090f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0000f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0000f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000100e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000100f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000110e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000110f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000120e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000120f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000130e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000130f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000140e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000140f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000150e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000150f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000160e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000160f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000170e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000170f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000180e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000180f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000190e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000190f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0001f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0001f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000200e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000200f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000210e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000210f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000220e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000220f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000230e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000230f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000240e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000240f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000250e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000250f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000260e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000260f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000270e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000270f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000280e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000280f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000290e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000290f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0002f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0002f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000300e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000300f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000310e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000310f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000320e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000320f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000330e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000330f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000340e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000340f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000350e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000350f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000360e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000360f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000370e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000370f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000380e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000380f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000390e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000390f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0003f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0003f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000400e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000400f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000410e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000410f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000420e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000420f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000430e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000430f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000440e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000440f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000450e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000450f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000460e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000460f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000470e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000470f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000480e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000480f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000490e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000490f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0004f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0004f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000500e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000500f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000510e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000510f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000520e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000520f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000530e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000530f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000540e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000540f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000550e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000550f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000560e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000560f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000570e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000570f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000580e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000580f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000590e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000590f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0005f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0005f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000600e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000600f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000610e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000610f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000620e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000620f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000630e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000630f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000640e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000640f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000650e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000650f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000660e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000660f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000670e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000670f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000680e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000680f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
000690e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
000690f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0006a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0006b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0006c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0006d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0006e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0006f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
xxx....
blubbers said:
these are the partitions seen by the OS:
Code:
APP CAC DLG DUM ISD LNX MSC PDT PG1 PG2 PG3 RCA RFS RV1 SIF SOS SP1 UDA WDM WLN
none of these partitions contain the hboot!
these are the partition actually on the emmc:
Code:
APP BCT BIF CAC DIA DLG DUM EBT GP1 GPT ISD LNX MSC PDT PG1 PG2 PG3 PT RCA RFS RV1 SIF SOS SP1 UDA WDM WLN
so, you won't be able to access the hboot partition (on a s-off device neither) without a bit of work,
Click to expand...
Click to collapse

nitrous² said:
Thats well known. With an ENG Bootloader you can do whatever you want including CID Changes.
hexdump of EBT Partition, where Hboot is possibly located. As Footbal said, on a stock rom this partition is somehow hidden. Even on hboot 1.36.
Code:
0016b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0016c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0016c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0016d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0016d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0016e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0016e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0016f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0016f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001700e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001700f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001710e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001710f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001720e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001720f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001730e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001730f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001740e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001740f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001750e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001750f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001760e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001760f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001770e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001770f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001780e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001780f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001790e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001790f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0017f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0017f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001800e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001800f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001810e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001810f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001820e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001820f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001830e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001830f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001840e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001840f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001850e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001850f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001860e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001860f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001870e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001870f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001880e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001880f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001890e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001890f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0018f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0018f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001900e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001900f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001910e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001910f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001920e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001920f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001930e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001930f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001940e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001940f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001950e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001950f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001960e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001960f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001970e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001970f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001980e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001980f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001990e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001990f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019a0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019a0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019b0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019b0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019c0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019c0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019d0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019d0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019e0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019e0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
0019f0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
0019f0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001a90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001a90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001aa0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001aa0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ab0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ab0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ac0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ac0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ad0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ad0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ae0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ae0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001af0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001af0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001b90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001b90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ba0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ba0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001bb0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001bb0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001bc0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001bc0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001bd0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001bd0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001be0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001be0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001bf0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001bf0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001c90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001c90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ca0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ca0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001cb0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001cb0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001cc0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001cc0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001cd0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001cd0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ce0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ce0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001cf0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001cf0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001d90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001d90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001da0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001da0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001db0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001db0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001dc0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001dc0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001dd0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001dd0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001de0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001de0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001df0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001df0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001e90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001e90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ea0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ea0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001eb0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001eb0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ec0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ec0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ed0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ed0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ee0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ee0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ef0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ef0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f00e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f00f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f10e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f10f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f20e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f20f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f30e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f30f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f40e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f40f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f50e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f50f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f60e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f60f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f70e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f70f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f80e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f80f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001f90e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001f90f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001fa0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001fa0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001fb0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001fb0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001fc0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001fc0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001fd0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001fd0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001fe0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001fe0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|
001ff0e0 03 00 00 00 00 00 00 00 04 00 00 00 45 42 54 00 |............EBT.|
001ff0f0 12 00 00 00 03 00 00 00 00 00 00 00 45 42 54 00 |............EBT.|e
Click to expand...
Click to collapse
Will the new hboot 1.39 be the same as well
Sent from my Nexus 7 using xda premium

RohinZaraki said:
Will the new hboot 1.39 be the same as well
Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse
I'm not on hboot 1.39, but you could try it with following commands:
Code:
D:\fastboot>adb shell
[email protected]:/ # hexdump -C /dev/block/mmcblk0|grep EBT

nitrous² said:
I'm not on hboot 1.39, but you could try it with following commands:
Code:
D:\fastboot>adb shell
[email protected]:/ # hexdump -C /dev/block/mmcblk0|grep EBT
Click to expand...
Click to collapse
When my phone receives the JB update (stupid branding -.- ) I will root it and have a look, maybe I can find something

nitrous² said:
If there's someone with an s-off device, here's a command with that old htc devices can be set back to s-on. But there's no way I know how to set back to s-off as you may know
"fastboot oem writesecureflag 3"
You've been warned, only at your own risk!!!!
You've been warned, only at your own risk!!!!
You've been warned, only at your own risk!!!!
Click to expand...
Click to collapse
Is there a similar fastboot command we can try for S-Off ? I mean, there may be one.

RohinZaraki said:
Is there a similar fastboot command we can try for S-Off ? I mean, there may be one.
Click to expand...
Click to collapse
don't think so, they would have already tried it

i'm still poking and prodding my HOX+ for ideas plus doing research, not found anything that's not already been mentioned here...by the way people are welcome to make new threads in this section for development purposes....like porting FireFox OS and so on.

Bus pass?

Hi just wondering if there is anything I could do to make this card expiry date longer?
It expired on Tuesday. Anything I could do?
** TagInfo scan (version 2.00) 2014-04-13 14:07:30 **
-- INFO ------------------------------
# IC manufacturer:
NXP Semiconductors
# IC type:
MIFARE DESFire EV1 (MF3ICD41)
# DESFire Applications:
ITSO public transport application
Provision of citizen services #0
* UK National Smartcard Project
Provision of citizen services #1
* UK National Smartcard Project
Provision of citizen services #2
* UK National Smartcard Project
Provision of citizen services #3
* UK National Smartcard Project
Provision of citizen services #4
* UK National Smartcard Project
-- NDEF ------------------------------
# NFC data set storage not present:
Maximum NDEF storage size after format: 4094 bytes
-- EXTRA ------------------------------
# Memory information:
Size: 4 kB
Available: 2.2 kB
# IC detailed information:
Capacitance: 17 pF
# Version information:
Vendor ID: NXP
Hardware info:
* Type/subtype: 0x01/0x01
* Version: 1.0
* Storage size: 4096 bytes
* Protocol: ISO/IEC 14443-2 and -3
Software info:
* Type/subtype: 0x01/0x01
* Version: 1.4
* Storage size: 4096 bytes
* Protocol: ISO/IEC 14443-3 and -4
Batch no: 0xBA44D7C6C0
Production date: week 38, 2013
# Authentication information:
Default PICC master key
-- TECH ------------------------------
# Technologies supported:
ISO/IEC 7816-4 compatible
Native DESFire APDU framing
ISO/IEC 14443-4 (Type A) compatible
ISO/IEC 14443-3 (Type A) compatible
ISO/IEC 14443-2 (Type A) compatible
# Android technology information:
Tag description:
* TAG: Tech [android.nfc.tech.IsoDep, android.nfc.tech.NfcA, android.nfc.tech.NdefFormatable]
android.nfc.tech.NdefFormatable
android.nfc.tech.IsoDep
* Maximum transceive length: 261 bytes
* Default maximum transceive time-out: 6000 ms
* Extended length APDUs supported
android.nfc.tech.NfcA
* Maximum transceive length: 253 bytes
* Default maximum transceive time-out: 6000 ms
MIFARE Classic support present in Android
# Detailed protocol information:
ID: 04:81:68:7A:62:36:80
ATQA: 0x4403
SAK: 0x20
ATS: 0x067577810280
* Max. accepted frame size: 64 bytes (FSCI: 5)
* Supported receive rates:
- 106, 212, 424, 848 kbit/s (DR: 1, 2, 4, 8)
* Supported send rates:
- 106, 212, 424, 848 kbit/s (DS: 1, 2, 4, 8)
* Different send and receive rates supported
* SFGT: 604.1 us (SFGI: 1)
* FWT: 77.33 ms (FWI: 8)
* NAD not supported
* CID supported
* Historical bytes: 0x80 |.|
# Memory content:
PICC level (Application ID 0x000000)
* Default PICC master key
* PICC key configuration:
- PICC key changeable
- PICC key required for:
~ directory list access: no
~ create/delete applications: no
- Configuration changeable
- PICC key version: 0
Application ID 0xA00216 (ITSO public transport application)
* Default master key
* Key configuration:
- 2 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: no
- Configuration changeable
- Master key required for changing a key
* 16 files present
- File ID 0x00: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 21 7D 00 40 80 00 01 FE C3 58 A9 00 00 00 00 |.!}[email protected]|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 88 8A A2 62 42 8F 00 00 08 00 00 |........bB......|
[0030] 00 08 00 03 F8 2D 68 29 2A 9E 24 2C A3 3A BF 00 |.....-h)*.$,.:..|
- File ID 0x01: Backup data, 192 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 1C 01 00 F0 8A A2 62 00 00 00 10 00 FF 00 00 00 |......b.........|
[0010] 00 00 00 02 D1 00 00 1F FF F0 01 00 00 FF 02 72 |...............r|
[0020] BD 00 00 46 1C 2B 6D 39 E9 0E 19 4C 00 00 00 00 |...F.+m9...L....|
[0030] 1C 01 00 F0 8A 9E 7F 00 00 00 10 00 FF 00 00 00 |................|
[0040] 00 00 00 02 D1 00 00 1F FF F0 10 00 00 FF 02 71 |...............q|
[0050] 6F 00 00 5C 44 E0 F5 CF E5 28 41 4B 00 00 00 00 |o..\D....(AK....|
[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x02: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x03: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x04: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x05: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x06: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x07: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 23 09 00 00 88 B4 2F 03 F8 29 C8 00 00 00 00 00 |#...../..)......|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 FA 00 31 A7 00 35 00 F7 87 A1 DB 89 65 EF AC |...1..5......e..|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x08: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x09: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0A: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0B: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0C: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0D: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 21 11 00 00 7F FE 40 02 62 6A CF 80 00 8A 8F 40 |[email protected]@|
[0010] 00 FF 00 00 00 00 04 1A 10 00 14 84 00 63 35 97 |.............c5.|
[0020] 00 03 F8 2D 69 00 00 07 32 E0 A5 26 84 E7 BE 4F |...-i...2..&...O|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0E: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 18 01 FF 00 7F 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 FA 00 31 A7 00 35 01 |...........1..5.|
[0020] 34 8F B7 B5 63 93 CE 08 00 00 00 00 00 00 00 00 |4...c...........|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0F: Standard data, 32 bytes
~ Communication: plain
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 18 11 63 35 97 01 27 02 02 56 04 07 04 01 00 00 |..c5..'..V......|
[0010] 40 10 08 07 00 00 54 FD 00 00 00 00 00 00 00 00 |@.....T.........|
Application ID 0xF40110
* Default master key
* Key configuration:
- 3 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: yes
- Configuration changeable
- Master key required for changing a key
* No files present
Application ID 0xF40111
* Default master key
* Key configuration:
- 3 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: yes
- Configuration changeable
- Master key required for changing a key
* No files present
Application ID 0xF40112
* Default master key
* Key configuration:
- 3 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: yes
- Configuration changeable
- Master key required for changing a key
* No files present
Application ID 0xF40113
* Default master key
* Key configuration:
- 3 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: yes
- Configuration changeable
- Master key required for changing a key
* No files present
Application ID 0xF40114
* Default master key
* Key configuration:
- 3 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: yes
- Configuration changeable
- Master key required for changing a key
* No files present
--------------------------------------
Click to expand...
Click to collapse
Thx
Sent from my C6833 using Tapatalk

This would be considered fraud which is not accepted here on XDA. You're on your own, mate, both in finding the solution to this and in the cell after you get caught.
Cheers!

Thats seriously illegal my friend.
Sent from my SAMSUNG-SGH-I337 using XDA Premium 4 mobile app

Thats seriously illegal my friend.
Click to expand...
Click to collapse
+1 to this .

Thank u
Sent from my SAMSUNG-SGH-I337 using XDA Premium 4 mobile app

How can i get this files from my bus card ? i have phone with nfc and rooted. whic program actually thx
GT-I9500 cihazımdan Tapatalk kullanılarak gönderildi

It is illegal, you know ? We can't help you, but let me give you some tips: you should find a timestamp on the ticket. Find it, find out how it's calculated, and you're on your way (as long as the part containing the timestamp isn't write-protected).
Once you find the problem, I highly suggest you to report the problem to those concerned by the vulnerability, so that they can fix the problem, and maybe reward you somehow
I have already worked in this very field, it is a rather fascinating one !
Edit:
How can i get this files from my bus card ? i have phone with nfc and rooted. whic program actually thx
Click to expand...
Click to collapse
@ahmetozgur I just published an app on here called UltraManager. If your bus card is a Mifare Ultralight tag, you can use my app for the purpose. Otherwise, there are some good apps on Google Play, just look for "NFC tag reader"

How did you get such a detailed information about that card?

Diogo Recharte said:
How did you get such a detailed information about that card?
Click to expand...
Click to collapse
omg so many people asking such simple questions
HEY OP
What card is that ??
im interested in people disposing of beatiful desfire cards xD
i wonder if i can wipe it..

Diogo Recharte said:
How did you get such a detailed information about that card?
Click to expand...
Click to collapse
The application used to capture this card information was TagInfo by NXP. It is available from the Play Store here: https://play.google.com/store/apps/details?id=com.nxp.taginfolite&hl=en

Hello . I live in Madrid (Spain), and I have a transportation voucher. I would like "hack" it, but I would like know for where I can start haha I saw _darkjoker_ said : "you should find a timestamp on the ticket" . How can I do it? I downloaded the program TagInfo by NXP but I need an app where I can change the information of the chip. Is there an app? Because when you buy another month the store clerk swipes the card through a machine NFC ...
If anyone knows anything about this, comment it
Thanks

Hello. Quick question about a ISO 14443-3A id card. Does it support GPS? In other words can it be tracked by GPS? May be a dumb question, but I am not familiar with how the technology works and I'm trying to figure out capabilities. Thanks in advance

GadgetMonger said:
Hello. Quick question about a ISO 14443-3A id card. Does it support GPS? In other words can it be tracked by GPS? May be a dumb question, but I am not familiar with how the technology works and I'm trying to figure out capabilities. Thanks in advance
Click to expand...
Click to collapse
nfc is near field communication, the way it works is there is an antenna/coil inside the tag/card that when next to a tag reader gets a charge from it, giving power to the ic on the card. so the card cannot be directly tracked by gps. BUT, it is possible to have gps enabled tag readers which could track you every time you get close enough to one.

Hello,
Most bus pass technology uses desfire cards with two logical addresses one is public for all the world to see and the other is private , the private sector is encrypted and is updated everytime you put money on it or use it. Also as a duel layer defence most implementations of this technology uses back to base system which means everytime you tap it the card is used to query a database to verify that there is money for the trip and to check if the card is currently being used for a trip.
In NSW Australia we have opal cards they work by storing the balance information and activity in public storage so you can check it through a NFC enabled device and then storing the cards sensitive information in private storage that only the readers at stations and in top up locations can use. Every time we tap on the balance on the card is checked with a database and updated locally when needed then at the end of the trip the cards balance is updated from the central database to the card.
So I don't believe you can simply add more time ( or money) to most bus pass cards.

MRCaratacus said:
Hello,
Most bus pass technology uses desfire cards with two logical addresses one is public for all the world to see and the other is private , the private sector is encrypted and is updated everytime you put money on it or use it. Also as a duel layer defence most implementations of this technology uses back to base system which means everytime you tap it the card is used to query a database to verify that there is money for the trip and to check if the card is currently being used for a trip.
In NSW Australia we have opal cards they work by storing the balance information and activity in public storage so you can check it through a NFC enabled device and then storing the cards sensitive information in private storage that only the readers at stations and in top up locations can use. Every time we tap on the balance on the card is checked with a database and updated locally when needed then at the end of the trip the cards balance is updated from the central database to the card.
So I don't believe you can simply add more time ( or money) to most bus pass cards.
Click to expand...
Click to collapse
Did you ever work out a way to add money to the card? Im in nsw too and i have a school opal card so i dont have to pay anyway but im interested.

Unfortunately no , unless you hack into the database and locate your cards identifier then add money from the central DB , there is no way you can "hack" more money on the card , and even if you could the moment you tapped on it would always take the databases values as correct and either adjust your cards balance or detect the fraud and lock the card down.

Might have a solution but...
buckofive said:
The application used to capture this card information was TagInfo by NXP. It is available from the Play Store here:]https://play.google.com/store/apps/details?id=com.nxp.taginfolite&hl=en
Click to expand...
Click to collapse
It's illegal and we cannot help you in doing what you want.
In theory if you use an app like Mifare classic tool, that has a tool to compare dumps, you can get what changed like time, money or whatever. But that must be done if its with testing nfc cards and just for getting knowledge, not money.

hello
i have nfc card which i use it in university restaurant to pay a lunch could i hack it and but more money
pls help me

can't he overwrite the hex for the date, e.g. Production date: week 38, 2013 -> Week 38, 2018 ?
abood.456 said:
hello
i have nfc card which i use it in university restaurant to pay a lunch could i hack it and but more money
pls help me
Click to expand...
Click to collapse
thats fraud.

Lg h815 stuck in download mode

Hi, my LG G4(H815) stuck in download model(always boot in too DOWNLOAD MODE) its on MM.
The LG Bridge find it as H815, but LGUP see it as "unknown, COM 5, SUPEREXE 6.0", on phone screen is "633A BXX"
in linux after lsusb its show as 1004:633A.
Anyone can help me?
Sorry for my english.
LGUP LOG
________________________________________________________________
Intel(R) Active Management Technology - SOL (COM3)
[14:40:54] Find 1 LGE AndroidNet USB Serial Port (COM5)
[14:40:54] CBasicComControl:pen, the port(COM 5) is constructed successfully => HANDLE : 0x28c
[14:40:54] CPort:penPort() Success. Port number is 5
[14:40:54] [T000003] 41 54 0D AT.
[14:40:55] CBasicCom::SendRecvPacket, PACKET_ERROR code = 1460 Msg => [14:40:55] [T000005] EF 00 16 65 7E ...e.
[14:40:56] [R000007] EF 00 00 05 00 AD 7E .......
[14:40:56] [T000005] EF A0 1C C0 7E .....
[14:40:57] [R000150] EF A0 00 02 00 00 00 4C 47 2D 48 38 31 35 00 00 00 53 55 50 45 52 58 45 20 36 2E 30 00 00 00 00 .......LG-H815...SUPERXE.6.0....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 35 39 38 37 32 30 36 36 33 38 36 34 34 31 00 ................359872066386441.
00 00 00 00 41 1E 41 6E 64 72 6F 69 64 00 00 00 36 2E 30 00 00 00 00 00 00 00 30 30 30 30 30 30 ....A.Android...6.0.......000000
30 30 30 30 30 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00000......................0....
00 00 00 00 00 4F 50 45 00 00 00 00 00 00 00 00 00 00 00 CC 38 7E .....OPE............8.
[14:40:57] CComPort::ClosePort, Closed Port Successfully for COM 5
[14:40:57] CBasicComControl::Close, the port(COM5) is closed successfully
_______________________________________________________________________

nekus said:
Hi, my LG G4(H815) stuck in download model(always boot in too DOWNLOAD MODE) its on MM.
The LG Bridge find it as H815, but LGUP see it as "unknown, COM 5, SUPEREXE 6.0", on phone screen is "633A BXX"
in linux after lsusb its show as 1004:633A.
Anyone can help me?
Sorry for my english.
LGUP LOG
________________________________________________________________
Intel(R) Active Management Technology - SOL (COM3)
[14:40:54] Find 1 LGE AndroidNet USB Serial Port (COM5)
[14:40:54] CBasicComControl:pen, the port(COM 5) is constructed successfully => HANDLE : 0x28c
[14:40:54] CPort:penPort() Success. Port number is 5
[14:40:54] [T000003] 41 54 0D AT.
[14:40:55] CBasicCom::SendRecvPacket, PACKET_ERROR code = 1460 Msg => [14:40:55] [T000005] EF 00 16 65 7E ...e.
[14:40:56] [R000007] EF 00 00 05 00 AD 7E .......
[14:40:56] [T000005] EF A0 1C C0 7E .....
[14:40:57] [R000150] EF A0 00 02 00 00 00 4C 47 2D 48 38 31 35 00 00 00 53 55 50 45 52 58 45 20 36 2E 30 00 00 00 00 .......LG-H815...SUPERXE.6.0....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 35 39 38 37 32 30 36 36 33 38 36 34 34 31 00 ................359872066386441.
00 00 00 00 41 1E 41 6E 64 72 6F 69 64 00 00 00 36 2E 30 00 00 00 00 00 00 00 30 30 30 30 30 30 ....A.Android...6.0.......000000
30 30 30 30 30 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00000......................0....
00 00 00 00 00 4F 50 45 00 00 00 00 00 00 00 00 00 00 00 CC 38 7E .....OPE............8.
[14:40:57] CComPort::ClosePort, Closed Port Successfully for COM 5
[14:40:57] CBasicComControl::Close, the port(COM5) is closed successfully
_______________________________________________________________________
Click to expand...
Click to collapse
Solved
I borrow LG G2, i used it to launch lgup, but i nees to replace dll file to one from g4 pack, next i plug g4 and change com port to one is used by g2, and turn off com port g2, and start refurbished, and now my g4 is live again