Unified ecs87 Samsung RIL Software (Windows 10 users please disable SmartScreen)
License Information
In order to successfully open this tool, you will need a license. Each license is $100 and is tied into the Unique ID of your GSM box (to find your Unique ID, download the program and run IDGrabber.exe). Upon acquiring payment, we will send you a new link to the software which will open as long as you have your specific box plugged into the computer you’re trying to use it on.
Function Information
Step 1: Put your phone into USB Debugging mode (do not attempt to do this through ##3424# or *#0808#, sometimes this does not work. Go through the settings and use the build number trick to get to USB debugging). Then plug in your phone.
Step 2: DO NOT SKIP THIS STEP OR ELSE THE RIL PROGRAM WILL HANG/CRASH!!! Dial *#9900# and set the Debug Level to High. On Verizon phones you may need to enable to hidden menu through the QCDM port.
Step 3: Connect to RIL. If this fails at the end, try reconnecting.
Step 4: If reconnecting ever fails, Connect to RIL again. Do not attempt to keep reconnecting.
Step 5: Perform operations.
If the program ever hangs or crashes, please close the program, start it back up, reboot the phone, start Logging, and Connect to RIL (do not attempt to reconnect).
Instructions for Samsung T-Mobile Exynos Unlock without root: Enable ADB > Unlock. Done.
Instructions for Verizon hidden menu enable without root: Enable DM Mode (##366633#) > Enable Hidden Menus. Done.
Instructions for Qualcomm MSL reset without root (old algo): Enable DM Mode > Reset MSL. Reboot. Done.
Instructions for FRP/Reactivation Reset (Exynos only): Connect phone in download mode. DO NOT USE A USB HUB. Click Reset FRP/Reactive Lock. Done.
Instructions for Exynos EFS Reset (rooted phones only): Enable ADB > Reset EFS > KNOX CP Bypass > Write CERT. CAREFUL! This may brick the baseband. Use with caution.
Chipsets? What? Exynos/Qualcomm explained.
Most of the operations are either for Qualcomm chipsets or Exynos chipsets. Selecting the wrong one can lead to the operation failing, or reporting false success (or worse). Please always, always, always triple check the chipset of your device and which function you click on.
How do I know Exynos vs Qualcomm? The easiest way is to get into the USB DIAG settings (normally by dialing *#0808#) and looking at the bottom-most setting. If it says DM+MODEM+ADB most likely the phone has a Qualcomm chipset. If it does not say DM+MODEM+ADB but rather something like DM+ACM+ADB then most likely the phone has a Exynos chipset.
As always, this information can change, and I always suggest performing the proper research (by Google’ing the phone model) to determine the chipset.
Changelogs/Update Information
1/21/2018: Smart Card identification is now supported for licensing. This means even you guys with dongles/keys that were not previously supported (because of no UART port) are now supported for licensing!
12/2/2017: Sprint unlocks should now support the S8, S8+ and Note 8 devices.
11/25/2017: Sprint unlocks now have a conditional where you can force the function to run when “uid=0” (root) is not found. Very useful for those of you running FA binaries that don’t give root access (no, this will not work to force an unlock when production firmwares are used without root; the unlock will not succeed).
11/25/2017: Rooted RIL functions should be working on newer security (IE: new Sprint lock security).
8/3/2017: Rooted RIL functions (Sprint SPC reading over ADB with root and CERT writing over ADB with root) are now functional on Nougat/7.0.
5/24/2017: Exynos EFS Reset changes. No longer requires the debug level to be set to high. BETA (have only tested it on a N920T with the security already reset, need more testers).
3/19/2017: UI changes.
3/4/2017: Added support for ROOTED Samsung Sprint unlocks on Nougat/7.0.
3/1/2017: Fixed rootless “Connect to RIL” and “Reconnect to RIL” hanging. You should now see INIT 50%… and then it should fully complete afterwards (instead of being stuck at “Exploit initializing”).
2/21/2017: More fixes for 32-bit/64-bit detection to prevent program freezing.
2/11/2017: Fixes for Rooted CERT write and Rooted Exynos EFS Reset. These SHOULD now be working properly remotely (and locally).
1/27/2017: Rooted Exynos EFS Reset (resets MSL, IMEI, CERT, and lock codes). BETA! USE AT YOUR OWN RISK!!!
1/24/2017: Fixed Exynos FRP (New Algo) issues.
1/11/2017: Fixed 32-bit auto-detection. Apparently the command I was using doesn’t carry over onto some 32-bit phones; legacy command was used for backwards compatibility. Changed sequence of timeouts for rooted CERT write, this should help with remote issues. Also changed timeouts for FRP, this should also help with remote issues. BETA: All models Exynos EFS reset (with root). Not released yet because…after wipe and CERT write LTE doesn’t work…
1/10/2017: Fixed rooted CERT write, there was a ton of “garbage” being thrown into the logger. Extended timeout for rooted CERT write, should help for remote issues. Fixed KNOX CP bypass and cleanup; was not detecting engineering root properly (I though I previously fixed this…).
1/9/2017: Added old-algo for download-mode FRP removal, also added old-algo for QC unlock (users requested some of these “throwback functions” so here they are).
1/7/2017: Finally got my hands on a 32-bit phone (G900P). Fixed INIT failed issues and tested the changes against the 64-bit phones I have my hands on (G930P and N920T).
12/29/2016: Added “unbranding” command to Sprint unlocks (rooted and unrooted). Doesn’t seem to work on my G935P. Perhaps it only works on models without locked bootloaders (or I may have the wrong command). This should affect absolutely nothing other than adding another 5-10 seconds to the unlock process. This also requires zero additional input from you nor the user on the other end. Besides, who wants to be reminded that they own a Sprint phone?! Changes reverted. Binaries updated.
12/28/2016: Good news: modified the way the program grabs your Unique ID so that you do NOT have to have all drivers installed. Also added a Read Info button on the main screen (pulls the info from ADB without root). Bad news: Still appears to be remote issues…mostly with the rooted CERT write over ADB. As always, working on it!
12/27/2016: UART COM port issues resolved and crashing under Windows 8 and 10 should now be fixed.
12/24/2016: Fixed even more INIT FAIL issues, especially on older firmware versions (such as 5.0.2). Tested on a G920P on 5.0.2 and a G935P on 6.0.1 (PK1). Also added “extended” COM port info in RootOps (instead of just showing “COM##” it shows something like “COM## – Samsung Mobile USB Modem #23”). Also added/fixed the capability to share your box over USB redirector and open the program from a remote computer. Added write CERT over ADB (without the exploit) for rooted phones (WARNING: couldn’t quite add this under Root Ops because…it still uses the log). Updated the mega file…earlier today I forgot to include the binaries which were the main cause of the INIT FAIL issues. Oops.
- Apparently there are also UART COM port issues as well. These will be resolved tomorrow!
- I hope you all have a Merry Christmas and a Happy New Year!
12/19/2016: OK, remote issues should definitely be solved. Version 3.1 up. Lots of FRP reset issues SHOULD be fixed. As always, feel free to let me know which ones do and don’t work (currently Qualcomm devices do not have this “userdata” exploit hole as far as I know…)
12/16/2016: Special thanks to Chris Bernardo who assisted in beta-testing the remote INIT failed issue. This issue should now be resolved! I’ve also done some more work on FRP removals. Please test the Reset FRP/Reactive lock for the S7/S7 Edge/Note7 models!
12/15/2016: Rooted tools/UART tools/MISC tools section up and running (as far as I can tell). As always, feel free to inform me of any bugs. FRP Reset finally here (only works on Exynos AP chipsets, currently working on Qualcomm).
12/13/2016: NOTE!!! It seems Samsung has closed the exploit hole on T-Mobile devices running PK1 and newer (Sprint devices don’t seem to be patched yet). I will be releasing a secondary tool (will require either root or UART depending on which function you select) to use while I keep looking for exploit holes.
Initial Changelog:
- Apparently I also broke the start/stop log buttons…oops. They should now be fixed. Ahem.
- Added an icon to the .exe
- Users have reported issues of not being able to use other box software while using this software (or not being able to connect more than one box at a time). This should now be fixed.
Also, it seems there’s been “INIT Fail” issues remotely using the rootless unlocks (and sending any AT commands or writing CERTs). I’ve increased the timeout to cut down on this issue. Hopefully this increases the chances of success remotely.Still working on this…ugh.- I’ve slimmed down a lot of stuff on the Rootless RIL area and moved it into the “Root Ops” button. I guess not everything in Root Ops requires root…perhaps that button name will change in the future.
- If you get RIL Shell error more than twice (after connecting, reconnecting, and attempting to connect one last time) then move onto the “Root Ops” tools. Most likely the “rootless” RIL access has been patched on that build. Builds PK1 and newer seem to be patched (on all carriers other than Sprint). The rooted/UART tools are so much faster than the root-less ones anyway 🙂