********NOTE*********
i have included a few of the tools you will need as attachments to this post. I will not take any credit for these programs as i was not the developer for them... these people work too hard to have anyone steal their credit... please give credit where credit is due!Your nv_data.bin file and its matching nv_data.bin.md5 files are located on your phone in /efs/
All references that i make to "sd card" or "/sdcard/" refer to your phone's internal SD Card, not an external SD card that you may have installed.
I have created a windows batch file that you can run and it will extract your entire /efs/ folder from your phone to your PC. I am currently working on the batch script to move the edited nv_data.bin files back to your/efs/ folder and do the other adb stuff.
attached is the EFS Extractor.zip file that contains the ADB files and the batch script.
The product code for your AT&T Captivate is: SGH-I897ZKAATT
WARNING… I AM NOT RESPONSIBLE IF YOU BREAK YOUR PHONE FOLLOWING ANY OF THESE INSTRUCTIONS
The Attached EFS Extractor.zip file contains the necessary adb file and a couple batch files. "retrieve efs.bat" copies your entire /efs/ folder to your PC in a folder called /efs_bkup/ in the directory where you unzipped the file and ran the batch program from. The file "update nv_data.bat" takes your edited nv_data.bin file from the root directory where you ran the .bat file from and places in in your phone's /efs/ folder and removes the old copies from your phone... when it is done, it will power cycle your phone.
To fix your nv_data.bin, you will have to have access to the following tools:
A hex editor (search google for hex editors, they have tons of them that are free… I use one called HexEdit and i have it attached)
GalaxyS_One-Click_Root_All_Models (available via XDA-Developers... attached)
ADB (Android Debugging Bridge) This is available by getting the Android SDK at the Android Developers Website (http://developer.android.com/sdk/index.html) or if you downloaded the Galaxy S One Click Root, it is in the directory where you unzipped the files.
BusyBox – Search the google market for “BusyBox”. It will appear and will be the free one from stericson (i have included the .apk as an attachement)
Odin One-Click Downloader (available from XDA)… make sure you get the correct one. There are 2 versions. If you batch number is 1008 then you need the one with the 3-button fix, if you batch number is greater than 1008 then you should need the regular one. Your batch number is written on the sticker on your phone under your battery on the left side right under the words “S/N” where your serial number is listed.
Samsung Kies Mini (gotten from Samsung website)
Download the attached EFS Extractor .zip file. It contains everything you need to copy your /efs/ folder to your PC
Now for what you need to do to get your phone’s nv_data.bin back to normal:
Flash back to stock and then do a master clear using Odin One Click
put phone into USB debugging mode and also check the setting to "stay awake"
connect phone to PC and root and install busybox
extract the attached EFS Extractor.zip file and run the "retrieve efs.bat" file. This will copy your entire /efs/ folder from your phone to your PC in a direcotry called ./efs_bkup/
Using the Hex Editor, edit the file ./efs_bkup/efs/nv_data.bin on your PC to have the correct product code SGH-I897ZKAATT. do an ASCII search for "SGH" to locate the line in the file that contains your product key. then save the edited file to ./nv_data.bin (the root directory where you extracted your ZIP file to on your PC)
run the file "update nv_data.bat" to copy your corrected nv_data.bin to your phone's efs folder and chown it and reboot your phone
change USB Settings on phone back to Kies then open Kies Mini and connect phone.
you should now be able to connect to Kies Mini and not have unregistered device... now would be a good time to back_up your /EFS/ folder... you can now either do Odin One-Click and a master clear, or flash a different rom. You should do Odin if you want to use Kies to get updates to be 100% stock to remove your root and busybox.
The general overview what what you need to do is this for those of you that want to know and/or use other tools to do this
Copy your /efs/nv_data.bin file from your phone to your PC
Use a hexeditor to modify the line in the nv_data.bin file that contains the productcode to contain your correct product code
delete any nv_data.* files from your /efs/ folder on your phone
copy the corrected nv_data.bin file from your PC to your /efs/ folder on your phone
busybox chown 1001:1001 /efs/nv_data.bin
reboot phone
Done!
Now, when you backup your /efs/ folder to your PC you may see files like nv_data.bak and nv_data.bak.md5. Using a hexeditor, open the nv_data.bak file and look at the line that has the product code (ASCII values starting wtih SGH)... if the product code in the .bak file is correct, then delete the nv_data.bin and nv_data.bin.md5 from your /efs/ folder on your phone and reboot your phone. Your phone should then create new .bin and .bin.md5 files from the .bak and .bak.md5 files that will have the proper productcode. You can also optionally rename the .bak and .bak.md5 files on your PC to be .bin and .bin.md5 and copy them to your /efs/ folder on your phone.
You can view what Kies is reading your productcode as by opening your windows registry editor Start>Run>regedit[enter]
Connect phone to PC in Kies(Firmware) mode
Navigate to HKEY_CURRENT_USER/Software/Samsung/KiesMini/FUS
Look at the key "PRODUCTKEY" and what it's value is... if it is correct, then you are good. If not, then something went wrong somewhere.
If you have issues please post the issues you are having and I will update as necessary.
Here is a link to a different thread that contains a program and instructions for restoring your unlock codes if that is what you are trying to do. The .jar (java program is written in frech, but it only asks for the codes you want to use for your unlock codes... i did not make this program so I cannot help you with it.
http://forum.xda-developers.com/showpost.php?p=8983897&postcount=103
Tried to trim this down a little as there are a ton of steps, let me know if any of this is incorrect.
1. Flash back to stock rom, and do a master clear using the Odin3 One-Click Downloader by designgears
2. Root using one-click-root and install busybox, turn on usb development mode + stay awake, and connect to your PC.
3. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /efs/nv_data.bin /sdcard/nv_data.bin
d. cp /efs/nv_data.bin /sdcard/nv_data.bin.copy (incase there is a problem)
e. rm /efs/nv_data.*
4. Exit your adb.exe window, mount your phone on your PC and navigate to the internal card. Edit the nv_data.bin with a hexeditor (bpsoft.com) and search (ascii) for "SGH-" (without the quotes)
5. It may be something like SGH-I897ZKATOR or SGH-I897ZKATMB. You need to change this to SGH-I897ZKAATT then save the file, and unmount your phone.
6. Disconnect usb data cable from pc to phone, re-enable usb development mode + stay awake, reconnect.
7. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /sdcard/nv_data.bin /efs/nv_data.bin
d. busybox chown 1001:1001 /efs/nv_data.bin
8. Power cycle
Hi hansomni. l've been down this road. Were you successfull with creating Nv_data.bak this way and restoring with that. For example editing nv_data.bak and making a corresponding md5 file and only placing those files in your efs folder and restarting your phone
I had problems creating this file. i would always get an incorrect iemi. This is why i recommend using nv_data repair.zip posted in the tmo vibrant unlock thread not only can you recreate the correct product code but also fix the fffffffff for unlock code.
Have you checked this outhttp://forum.xda-developers.com/showpost.php?p=8983897&postcount=103
mattbeau said:
Hi hansomni. l've been down this road. Were you successfull with creating Nv_data.bak this way and restoring with that. For example editing nv_data.bak and making a corresponding md5 file and only placing those files in your efs folder and restarting your phone
I had problems creating this file. i would always get an incorrect iemi. This is why i recommend using nv_data repair.zip posted in the tmo vibrant unlock thread not only can you recreate the correct product code but also fix the fffffffff for unlock code.
Have you checked this outhttp://forum.xda-developers.com/showpost.php?p=8983897&postcount=103
Click to expand...
Click to collapse
yeah... i have been successful using the steps i outlined... like i said in the original post, this is only to get your product code fixed... i don;t have an unlocked phone so i don't know if that program works... i did use it to check it out, but it is written in frech or something and it never copied the "patched" nv_data files back to my phone... i had to do it manually and still the product code from the created files were wrong. Others say that they have had success using it, but i never did. I took a buch of stuff from a buch of posts on this site to compile the guide here for restoring product codes only.
the .bak files are your backup files that get generated sometimes... usually those files have your correct unlock codes and productcode... to restore them, just delete the non .bak files and remove the .bak extension from the backups... then copy them to your /efs/ folder and powercycle and you should be good. you should keep all your orignial files from your /efs/ folder in a safe place though so you have them to fall back on if you need to. I have never had the .bak files in my /efs/ folder so i haven't ever been that lucky.
devz3r0 said:
Tried to trim this down a little as there are a ton of steps, let me know if any of this is incorrect.
1. Flash back to stock rom, and do a master clear using the Odin3 One-Click Downloader by designgears
2. Root using one-click-root and install busybox, turn on usb development mode + stay awake, and connect to your PC.
3. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /efs/nv_data.bin /sdcard/nv_data.bin
d. cp /efs/nv_data.bin /sdcard/nv_data.bin.copy (incase there is a problem)
e. rm /efs/nv_data.*
4. Exit your adb.exe window, mount your phone on your PC and navigate to the internal card. Edit the nv_data.bin with a hexeditor (bpsoft.com) and search (ascii) for "SGH-" (without the quotes)
5. It may be something like SGH-I897ZKATOR or SGH-I897ZKATMB. You need to change this to SGH-I897ZKAATT then save the file, and unmount your phone.
6. Disconnect usb data cable from pc to phone, re-enable usb development mode + stay awake, reconnect.
7. Open a command prompt window and navigate to the directory where you extracted the one-click-root. Run the following commands:
a. adb shell
b. su
c. cp /sdcard/nv_data.bin /efs/nv_data.bin
d. busybox chown 1001:1001 /efs/nv_data.bin
8. Power cycle
Click to expand...
Click to collapse
Yeah, looking at it quickly it looks like all the instructions are correct... maybe abbreviated too much... Thanks for that... i will update with instuctions similar.... i have to remember that there are those folks that have never used adb or know what it is. I will credit you in my update tomorrow. I am used to where i work we have people that use computers that don;t know how to power them on and off so they just leave them on all the time... i have to be very specific on my instructions that i tell them so they can understand... a two second task becomes an all-day event. Just something i am used to doing.
I will be working on a dos script (.bat) file that will do most of the adb stuff so then the users only need a few things to do and just let the scripts take care of the rest.
hansonmi said:
yeah... i have been successful using the steps i outlined... like i said in the original post, this is only to get your product code fixed... i don;t have an unlocked phone so i don't know if that program works... i did use it to check it out, but it is written in frech or something and it never copied the "patched" nv_data files back to my phone... i had to do it manually and still the product code from the created files were wrong. Others say that they have had success using it, but i never did. I took a buch of stuff from a buch of posts on this site to compile the guide here for restoring product codes only.
the .bak files are your backup files that get greated sometimes... usually those files have your correct unlock codes and productcode... to restore them, just delete the non .bak files and remove the .bak extension from the backups... then copy them to your /efs/ folder and powercycle and you should be good. you should keep all your orignial files from your /efs/ folder in a safe place though so you have them to fall back on if you need to.
Click to expand...
Click to collapse
You dont even need to change the extenaion of those files if you power cycle your phone with just .Bak files. Your phone will recreate the nv_data.bin and md5 from those .Bak files and create a log file
Yeah i know the java program is in french. But its only asking you what two codes you want to use for unlocking your phone ( ahh google translate)
And yes the first time i tried the program i had trouble too. I think it helps if you have a good busybox version.
Believe me the easier you can make it the better it will be for everyone. Now if we could just get everyone to back up that folder before flashing anything we wouldnt even need to go down that road. Thanks for your help in this. Ill leave this thread alone now sorry if im intruding. Pm me if you need any help
mattbeau said:
You dont even need to change the extenaion of those files if you power cycle your phone with just .Bak files. Your phone will recreate the nv_data.bin and md5 from those .Bak files and create a log file
Yeah i know the java program is in french. But its only asking you what two codes you want to use for unlocking your phone ( ahh google translate)
And yes the first time i tried the program i had trouble too. I think it helps if you have a good busybox version.
Believe me the easier you can make it the better it will be for everyone. Now if we could just get everyone to back up that folder before flashing anything we wouldnt even need to go down that road. Thanks for your help in this. Ill leave this thread alone now sorry if im intruding. Pm me if you need any help
Click to expand...
Click to collapse
Yeah... the problem is that not everyone knew to do it before flashing as a lot of the ROM pages don't say it (I was one of them that never knew about it)... i knew what the java was saying but since i don't have an unlocked phone, i had no way of testing it to see if it worked for me or not... and on top of that it didn't work with restoring my productcode (i know that becuase i couldn't use Kies until i did things manually)... I tell people to rename the files, becuse i am assuming they copy the contents of their /efs/ folder to a PC or something... then they just have to delete the nv_data files from /efs/ on their phone, and rename the .bak files on their PC and copy them back to their phone's /efs/ so they still have a copy of their original files saved on their PC... plus i don't like relying on the phone doing the renaming because if it doesn't no one will know what went wrong...
Working on Windows Batch (.bat) script
I will be working on doing a windows .bat script that will do most of the dirty work for you... it may take a couple days because where i work the end of the year is the busiest time for me and i don't have a lot of time between work during the week.
I will make the script an attachment and will hopefully be able to zip with the abd files to make life a little easier for everyone.
Thanks for the input everyone.
What line
Could someone that has successfully done this post what line in the hex file the product code is found on. All I get is string not found??? Thanks
Worked great, followed steps exactly as outlined didn't have any problems. Thanks again for this, I've been wanting to have a proper backup of efs folder with correct product code, but could never change it back.
Slowazz28 said:
Could someone that has successfully done this post what line in the hex file the product code is found on. All I get is string not found??? Thanks
Click to expand...
Click to collapse
I used hexedit, and if the line number is in first column it begins on line 188010. I did notice when searching a second time to get line number, that I had to have sgh- in all caps, and once i got string not found, I closed program reopened and searched again using caps (SGH-) it worked several times. Hopes this helps.
Big thanks for posting this.
I'll give this a shot prior to flashing Axura 2.5.
Thanks hansonmi! I got it updated with kies. I done it a lil diffent using root explorer to move files around and used hexeditor to edit files and root explorer to copy back.
great guide.
wish this would have been around the first time i ran into this problem as it was a headache when it happened and the threads and advice on fixing were so fragmented within the forum threads.
The only thing i did differently was that i didn't use ADB on a pc at all during the process (I completed the process using both Root Explorer and Terminal Emulator on my phone and copying files to pc via mounting the phone and its storage as disk drives).
(PS before doing any of this i backup up my efs folder first to my external SD using root explorer and then to my pc via mounting the phones storage)
1. I had already copied my nv_data.bin file to external SD when backing up EFS folder.
2. Connected to pc via usb and mounted for storage (with debugging on)
3. copid nv_data to pc
4. used PsPad to edit the nv_data file in accordance with previous instruction in this thread. (I highly recommend PSpad as a hex editor. Its nice that you can switch back and forth between hex and text editor views) See PS in the end for using PSpad hex editor to find the line you need to edit. That seemed to be the only thing that needed clarified.
5. copy nv_data.bin back to the root directory of external sd
6. use root explorer to move newly edited nv_data from external sd back to original EFS folder.
7. Delete the nv_data..bin.md5 file..i left the backup from efs folder
7. delete any nv_data.baks from efs folder
8. Now the use of Termainl Emulator (download from market). Busybox must be installed as well
9. Open terminal emulator execute following commands:
SU
busybox chown 1001:1001 /efs/nv_data.bin
reboot
(reference to step 4 using hex editor)
PS - These are the steps for editing the hex code and starting with step first step assuming you have copied the nv_data.bin to your PC
1. Open PsPad (or other hex editor)
2. Open nv_data.bin in hex editor mode
3. Go to line 188000 (using search modes you will likely have to enter $00188000 or 00188000) Using PsPad you would do the following:
Select SEARCH from top tool bar. Select GOTO LINE.......then enter $00188000
4. You will see yTMB....SGH_i897ZKATMB (or yTOR....SGH-ZKATOR).
5. Replace that first TMB or TOR with ATT then replace ZKATMB or ZKAATOR with KZAATT
6. Save
7. Now you should have a proper nv_data.bin
HBeezy said:
I used hexedit, and if the line number is in first column it begins on line 188010. I did notice when searching a second time to get line number, that I had to have sgh- in all caps, and once i got string not found, I closed program reopened and searched again using caps (SGH-) it worked several times. Hopes this helps.
Click to expand...
Click to collapse
Ok that worked great except when I get to that line it says productcode several times then a bunch of x's then 11 0's but no SGH- so not sure where to put it in at. The 0's start on line 1880f0 and end on line 188100 ??? Appreciate the help
Slowazz28 said:
Ok that worked great except when I get to that line it says productcode several times then a bunch of x's then 11 0's but no SGH- so not sure where to put it in at. The 0's start on line 1880f0 and end on line 188100 ??? Appreciate the help
Click to expand...
Click to collapse
what hex editor are you using?
i recommend downloading the free PSpad Hex/Txt editor.
1. Open your nv_data file using FILE then OPEN IN HEX EDIT
2. use SEARCH from toolbar commands....GOTO LINE from search menu....options after opening in hex edit mode
3. then search for $00188000
you should see the line you need to edit.
The nice thing about PSPAD is that you can also open the binary file in a Text mode. If you have trouble finding it in the hex editor mode try the following.
1. open PSpad. Goto FILE then OPEN (vs. open in hex edit). This will open in a text editor view/mode.
2. goto SEARCH and select INCREMENTAL SEARCH
3. type SGH and search
(you could also do all the hex editing without moving files to pc if you wanted using HEX EDITOR from market...though for most the PC hex editors might be easier)
if you want to use the android hex editor app to do all the editing on your phone...do the following:
THERE ARE 3 Total Lines you will need to edit:
00188008
00188010
00188020
1. Use Root Explorer to copy nv_data.bin from efs folder to the root directory on your external sd.
2. Use Hex Editor App to open the copy from your external SD.
3. One Open click the capacitive menu button and select jump to address
4. Enter 0188008
This will take you to line 00188008
5. Edit the last or 8th Block so it reads 41.
6. Enter 0188010
7. This will take you to line 00188010. Edit the first two blocks of this line. Replace the #'s so that both of the first two blocks contain 54. (look to the text at the right of screen the first two letter should have changed to TT. To recap you need to edit Block 1 and Block 2 of line 0018010:
LINE 0018010
Block 1 = 54
Block 2 = 54
(text @ right should now read TT....SG)
8. Now look down to line 0018020 and look at the line. If you at the line and to the far right text you will see ATOR or ATMB if your nv_is messed up.
9. You may need to edit blocks 2-4. They should read as follows:
LINE 00188020
Block 2 = 41
Block 3 = 54
Block 4 = 54
(the text at the right of your screen should now read AATT....)
10. Save the file and move it back to efs using root explorer.
PS: Here are how the following lines should read (the ones in bold are the only ones you have to edit as line 00188018 will already be correct):
00188008|2e|34|00|00|00|00|ff|41|.4....A
00188010|54|54|00|00|00|00|53|47|TT....SG
00188018|48|2d|49|38|39|37|5a|4b|H-I897ZK
00188020|41|41|54|54|00|00|00|00|AATT....
bames said:
what hex editor are you using?
i recommend downloading the free PSpad Hex/Txt editor.
1. Open your nv_data file using FILE then OPEN IN HEX EDIT
2. use SEARCH from toolbar commands....GOTO LINE from search menu....options after opening in hex edit mode
3. then search for $00188000
you should see the line you need to edit.
The nice thing about PSPAD is that you can also open the binary file in a Text mode. If you have trouble finding it in the hex editor mode try the following.
1. open PSpad. Goto FILE then OPEN (vs. open in hex edit). This will open in a text editor view/mode.
2. goto SEARCH and select INCREMENTAL SEARCH
3. type SGH and search
(you could also do all the hex editing without moving files to pc if you wanted using HEX EDITOR from market...though for most the PC hex editors might be easier)
if you want to use the android hex editor app to do all the editing on your phone...do the following:
THERE ARE 3 Total Lines you will need to edit:
00188008
00188010
00188020
1. Use Root Explorer to copy nv_data.bin from efs folder to the root directory on your external sd.
2. Use Hex Editor App to open the copy from your external SD.
3. One Open click the capacitative menu button and select jump to address
4. Enter 0188008
This will take you to line 00188008
5. Edit the last or 8th Block so it reads 41.
6. Enter 0188010
7. This will take you to line 00188010. Edit the first two blocks of this line. Replace the #'s so that both of the first two blocks contain 54. (look to the text at the right of screen the first two letter should have changed to TT. To recap you need to edit Block 1 and Block 2 of line 0018010:
LINE 0018010
Block 1 = 54
Block 2 = 54
(text @ right should now read AT....SG)
8. Now look down to line 0018020 and look at the line. If you at the line and to the far right text you will see ATOR or ATMB if your nv_is messed up.
9. You may need to edit blocks 2-4. They should read as follows:
LINE 00188020
Block 2 = 41
Block 3 = 54
Block 4 = 54
(the text at the right of your screen should now read AATT....)
10. Save the file and move it back to efs using root explorer.
PS: Here are how the following lines should read (the ones in bold are the only ones you have to edit as line 00188018 will already be correct):
00188008|2e|34|00|00|00|00|ff|41|.4....A
00188010|54|54|00|00|00|00|53|47|AT....SG
00188018|48|2d|49|38|39|37|5a|4b|H-I897ZK
00188020|41|41|54|54|00|00|00|00|AATT....
Click to expand...
Click to collapse
Ok, So my nv_data.bin must be fubared cause I don't even have lines 188008 or 188018. They go by 10's like 188000, 188010, 188020, ect. And the text to the right of line 188010 starts TT....SG not AT....SG
File
I didn't back this up from my first flash to a custom ROM. Stated at the beginning it says this is likely unfixable. I have run Axura, Cog and Perception Roms (not in that order). Not sure if that makes a difference. Is this still fixable? The problem I have (using new market) is apps are either
A) Installed and not showing so on the market
B) I have them installed and they disappear & have to reinstall them from the market only to have them disappear from my phone again
C) Unable to download them (such as Pocket Legends)
Any feedback is appreciated.
Thanks
Slowazz28 said:
Ok, So my nv_data.bin must be fubared cause I don't even have lines 188008 or 188018. They go by 10's like 188000, 188010, 188020, ect. And the text to the right of line 188010 starts TT....SG not AT....SG
Click to expand...
Click to collapse
my bad
the 188010 should start TT i will correct my original.
but you should be able to find lines 188008 an 18 though you wont need to do anything with 18. Did you try looking at it with the android hex editor app from market?
You won't see the 008 and 018 lines if your using a hex editor on PC you will only see the lines by by 10's.
The section you are referring to are for Using Android Hex Editor App on your phone.
-----------------------
if your using a hex editor on your PC you should see the following when corrected:
188000 | FFFF | FFFF | 5245 | 5630 | 2E34 | 0000 | 0000 | FF41 |
188010 | 5454 | 0000 | 0000 | 5347 | 482D | 4938 | 3937 | 5A4B |
188020 | 4141 | 5454 | 0000 | 0000 | 0000 | 0150 | 024E | 034E |
Slowazz28 said:
Could someone that has successfully done this post what line in the hex file the product code is found on. All I get is string not found??? Thanks
Click to expand...
Click to collapse
It really depends on the editor you are using and you have to make sure you are searching for ASCII...
in the edit that i use, it is line 188010
How to turn the Droid X into wifi mini tab without crippling your cell radio.
Requires Root
This write up is to guide people who have moved on to other phones but what to use their good old Droid X for a wifi device. Many people have just frozen or uninstalled the dialer and messaging apps, but this is going to an unnecessary extreme. Other people have used airplane mode, but this is a pain because it also disables your bluetooth and wifi. Sure you can toggle them back on, but this doesn't persist after a reboot. This fix allows you to use airplane mode to disable the cell radio, but not the wifi or bluetooth. The extra benefit is that you still have a fully functional phone if you ever need it as a backup.
Step 1. Download a File Manager from the market that allows browsing as root. I recommend ES File Explorer because its free and has a search function.
Step 2. Open the file manager and go to its settings. Find any settings that allow you to browse as root, navigate to the root of the filesystem, and mount the filesystem as rw (Read & Write). If you get a Superuser prompt, click allow.
Step 3. Navigate to the root of the filesystem. If you see folders like "etc" and "system", you are there.
Step 4. Use the search function to find settings.db. On ES, make sure you are searching the current folder and have the filter set to all files. Enter settings.db as the file name.
Step 5. Copy the settings.db file to your sd card. Note the directory you found it in. Usually /data/data/com.android.providers.settings/databases.
Step 6. Download SQLite Manager from the market. Open and navigate to /sd card and find your copy of settings.db. Click on it.
Step 7. Click on "system" and then long press on the line that says "airplane_mode_radios". Click on update row and edit the value so that it only has the word "cell" in it.
Step 8. Back out to update the file. Re-open it in SQLite Manager and verify your changes. If your changes did not stick, keep trying.
Step 9. Copy the settings.db that you edited on your sd card back to the folder you originally found it in. When prompted to overwrite, allow it.
Step 10. Reboot and turn your wifi on and activate airplane mode. You wifi should stay on. Reboot. Your wifi should come back up right away but airplane mode should still be active.
Edited example settings.db from .605 stock in a zip file. This is not flashable in CWM Recovery! You can use this but it will probably change a bunch of settings back to what they are when you first set the phone up. Better to sbf and then apply this right away before changing any settings.
I just use the app Airplane Mode Wifi which disables data and cell but keeps wifi and bluetooth active.
Requirements:
A Rooted device running ICS Rom
Hands
Procedure:
Open Root Explorer & navigate to /system
Now Open build.prop in Text Editor.
Edit ro.build.version.sdk = 16 & save.
Now go to /system/app & Rename GoogleQuickSearchBox.apk to GoogleQuickSearchBox.apk1
Now reboot & install the app from the download link.
Now edit build.prop & change ro.build.version.sdk = 15 & reboot.
DOWNLOAD LINK : "h t t p: / / d - h . s t / y 4 4" (without quotes and spaces)
After following all the steps, it sent me into a boot loop after the final reboot.
chrisliphart said:
After following all the steps, it sent me into a boot loop after the final reboot.
Click to expand...
Click to collapse
try editing the build.prop again and changing the SDK version to 16.
shubhankarsingh007 said:
Requirements:
A Rooted device running ICS Rom
Hands
Procedure:
Open Root Explorer & navigate to /system
Now Open build.prop in Text Editor.
Edit ro.build.version.sdk = 16 & save.
Now go to /system/app & Rename GoogleQuickSearchBox.apk to GoogleQuickSearchBox.apk1
Now reboot & install the app from the download link.
Now edit build.prop & change ro.build.version.sdk = 15 & reboot.
DOWNLOAD LINK : "h t t p: / / d - h . s t / y 4 4" (without quotes and spaces)
Click to expand...
Click to collapse
Clearly a KF noob, but how can this work with no mic?
Leaving the SDK at 16 worked for me, but Google Now does keep crashing shortly after launch. As to not having a mic, you can type in searches.
waffull said:
Clearly a KF noob, but how can this work with no mic?
Click to expand...
Click to collapse
You can still type the question (or text) in the search box. :good:
I got my Mi Band yesterday and I am trying to reverse engineer how to export my data from the Mi Band app to something where I can keep and aggregate it.
I found user-db sqlite database on my phone (data/com.xiaomi.hm.health/databases). I opened the file and there is a LUA_LIST table. That table contains what looks to be the step data.
The problem is that I can't figure out how the values work. There is START and STOP column. I tried summing up all the steps from today but it doesn't add up to what my phone is displaying.
Any ideas?
**UPDATE**
I figured out that the date stored in the user db corresponds to the date on the "details" screen (screenshot from app)
My Query (id 5 is the first data point for January 22)
select sum (steps) from (
select sum (start) as steps from lua_LIST
where _id > 5
union
select sum (stop) as steps from lua_LIST
where _id > 5) as t
Latest update: please get the latest version from this thread: http://forum.xda-developers.com/general/accessories/xiaomi-mi-band-data-extraction-t3019156
I wrote the script to extract all activity from origin_db database. This works for me for MI software version 1.2.442. If you have sqlite3 installed on windows, you can run following from command line:
sqlite3 origin_db < miband.sql
It would generate extract.csv file with all sleep and activity data.
tehcypress said:
export my data from the Mi Band app to something where I can keep and aggregate it
Click to expand...
Click to collapse
Here Android application / Tasker profile for extracting stats into CSV / HTML.
Based on parsing templates by @xmxm, taken from his Windows-app above.
****Moderator Note****
A thread on this topic already exists here. Links have been removed from this one.
In Samsung's TTS app, someone discovered an exploit where the app, using it's receiver capabilities, will accept just about any command or information it receives from just about anything. This exploit so far as I know has not yet been patched but does affect a significant number of existing Samsung devices up to present day including the Samsung Galaxy Note 9 (SM-N960U) and probably others. Essentially this exploit allows a user to to run commands as system user (User: 1000) which is essentially one user level below root access. I am hoping this exploit will assist us in finding a root method for this device. In the meantime, as system user, you can run any command in a shell that is available to system. Running root commands will not work. I have not yet explored the extent of this exploit's capabilities, but you can change system props, some of which persist a reboot, probably disable some applications as opposed to uninstalling them per user, have full access to the /data directory and the ability to change anything in /data/system/users/0 at the very least. You need a Windows computer in order to perform these operations. It maybe possible to do through linux, but I did not try. This will also allow Lsposed patch to be installed on the device (a variant of the xposed framework). Though I am not sure it is required this will also allow you to use the dial pad on the device to Launch pretty much every important Samsung secret code that exists. Using Google to search for Samsung secret codes you can find what you need.
NOTE: I did not create this exploit and I do not claim any authorship or ownership over it. I just got it to work on this device. For reference, further reading and additional details and installation methods, please ***Link removed*** The steps below is the easiest and most basic method.
IMPORTANT: changing some of these props and other settings may cause device instability. In some cases a general factory reset will not change these settings back to your factory settings, so if you screw something up you're going to have to download your device's stock firmware and flash your device using odin.
1. Go to the Github repository above and download the zip file and extract it to anywhere you want. If you don't have minimal ADB and fastboot installed, you can get it here. Otherwise you'll need to download Google's platform-tools for Windows.
2. Plug your Note 9 into your PC, making sure ADB is authorized on the device.
3. Navigate to the exploit's folder and open a cmd window inside the folder, or place the folder's files in the platform-tools folder and navigate there and open a cmd window. To do this, click on the folder's window, press and hold down the shift key while right-clicking your mouse and select either "open cmd window here" or "open powershell window". Use adb to push the "samsungTTSVULN2.apk" to /data/local/tmp:
Code:
adb push samsungTTSVULN2.apk /data/local/tmp
.
4. Install "komraids_POC_V1.5.apk" using adb and reboot your Note 9:
Code:
adb install komraids_POC_V1.5.apk and open the app once. Navigate to settings, apps and select the app. Turn off battery optimizations.
adb reboot
5. When your Note 9 is completely rebooted (wait a minute or two after turning it back on, before you unlock your device), return to the exploit's or platform-tools folder and run 'systemshell.exe'. When the box pops up, click on 'start shell' and wait for the process to complete. When finished, click on 'reopen running shell'. You should be user: 1000. Run 'id' in that shell and the user should return as user: 1000. If not successful, navigate to the Github repository for other means of installation. Please note you will have to run this process on your device after every reboot.
With this level of access, you can change some system props, launch hidden activities including some degbug menus in various apps, as well as other things. From the Github repository, some examples of abilities:
Access to most of /efs /efs/imei /efs/sec_efs /efs/FactoryApp - Access to most of /data /data/system /data/user/0/ANY_SYSTEM_APP - The "Insthk" bin becomes useable, - Secure Folder/Separated Apps becomes COMPLETELY compromised if you also install the POC in it (UID 150_system) - start IOTHidden Menu, DM Mode, Service Mode, Multiple Debugging and hidden menus as well as preconfig in system context- Change many protected props, such as: setprop persist.service.adb.root 1, setprop sys.hidden.otatest 1, setprop sys.hiddenmenu.enable 1, setprop persist.sys.knox.device_owner true, setprop persist.sys.usb.qxdm.debug 1, setprop persist.service.adb.enable 1, setprop persist.sys.usb.qxdm.debug 1, setprop persist.rollback.is_test true, setprop sys.oem_unlock_allowed 1.
Click to expand...
Click to collapse
Some props I was able to change which persist upon rebooting:
Code:
persist.service.adb.root 1
setprop sys.hiddenmenu.enable 1
persist.service.adb.enable 1
persist.security.ams.enforcing 0
I am hoping with this access we can figure out a way to use it to our advantage to gain root access. I have only ever had this experience once, where we had gained system level shell access through a debug app accidently left on an Amazon Fire 10 tablet. That access later progressed to root access and from my understanding it is most likely possibility if we can gain this level of access on the device than it is more than likely there is a way to also gain root access. I would very much like any feedback anybody can provide and hopefully we can get further along in this. Please post your modifications and other tricks and hacks in this thread so others can follow along.
@DragonFire1024 Please note that a thread already exists on this topic:
***LOCKED UNTIL FURTHER NOTICE*** System Shell Exploit - ALL Samsung Mobile Devices NO BL UNLOCK REQUIRED.
***MODERATOR ANNOUNCEMENT: THREAD CLOSED*** @K0mraid3 you are hereby required to provide proper credit in your OP as follows: Link the assigned CVE for this exploit as it mentions the author's blog and GitHub, OR Link the original research repo...
forum.xda-developers.com
We do not allow multiple threads on the same topic:
5. Create a thread topic or post a message only once, this includes external links & streaming media.
As a large forum, we don't need unnecessary clutter. You're free to edit your message as you like, so if you do not receive an answer, revisit your message and see if you can describe your problem better. Not everyone is online at the same time so it might take a while before you receive an answer.
You can bump your unanswered question once every 24 hours
Duplicate threads and posts will be removed
Always post in an existing thread if a topic already exists, before creating a new thread.
Use our search function to find the best forum for your device.
Links to an external source are only allowed if relevant to the topic in hand. A description must be included, no copy & pasting from the original source.
Click to expand...
Click to collapse
I am closing this thread.
If you or someone else working on the project would like to have an open thread to discuss this topic, please refer to the original. However, I expect you to read the warnings I have posted, as the exploit covered must be credited to the individual who discovered it.