So, a few months back, I got my first cell phone, the Samsung “Vice” SCH-R561. Overall I am very happy with this phone cept for one thing… The complete lock-down of the features. First, is the GPS, you can only use it if you download their software (Which they want $6 a month for!) and second, it naggs you if you REALLY want your apps to run every time! You can of course hit “4″ when ever it asks you (so it will not ask you again) but programs like Opera and Gmail will not be able to save passwords or save bookmarks. So after a little Googling, and some 1337 skills, I hacked my way in and unlocked this phone! Here is how I did it:
I AM NOT RESPONSIBLE FOR BRICKING YOUR PHONE! IF YOU JUST WANT RING TONES USE THE RUMKIN UPLOADER, THIS GUIDE WILL NOT HELP! WHEN EDITING THE FLASH OF YOUR PHONE THERE IS ALWAYS A RISK OF KILLING IT! YOU HAVE BEEN WARNED! THIS HACK WILL ALLOW YOUR PHONE TO RUN UNASSIGNED CODE AND CAN BE A HUGE SECURITY HOLE IF YOU ARE NOT CAREFUL! I AM DONE YELLING NOW!
You need to have a 32 bit OS for this to work! If you do not, then your messed! The Drivers are only 32 Bit. I did this with Windows XP in virtual box via USB pass-through 
The first step is to READ ALL OF MY YELLING ABOVE then download the tool and driver below:
- The Driver to access the Serial interface - Right here!
- BitPM – Offical Site
Installing the drivers and setting up your phone:
What can I say? Download the drivers and run the setup! (These drivers are hosted on my site because Samsung is lame and pulled them!)
Next plug in your phone WITHOUT picking the “Connect to computer” If you do that it will not work! Next open device manager and figure out what COM port the phone is on. Make sure you take note of which port it is!
Using BitPIM
Now, before you even think of running this program UNPLUG YOUR PHONE! If this program attempts to auto-detect your phone, it will clear the memory in it! That means all your downloads/contacts/texts/EVERYTHING will be deleted!
Now, once you have that done, start the program up, the first thing it will ask you is what kind of phone you have, it is “other CDMA” chose the correct COM port via picking browse. NOW you can plug your phone back in! Click refresh until your phone apears under avalible ports. Select it (Should have a COM port to the right of it) and make sure that “detect my phone on start-up” is DISABLED! (This will prevent future killing!)
Hit OK, then hit the receive button. (The one with the arrow pointing from the phone to nothing!) Now, under the “view” menu, pick view filesystem. A little icon labled “filesystem” should appear on the left. Click it and now you are on to the fun stuff!
This allows you to view all the files on your phone, messing with these files will kill your phone! There is only one file that we are intersted in, it is located in /brew/shared/policy. Click the little + next to the / to start browsing.
There is a little text file in there called policy.txt. Right click it and save it some where safe. Before contuing, I STRONGLY recommend that you save it again to a diffrent directory for backup. If you mess up your phone, you need this back up to restore it to it’s stock state! Now, open up the first copy and modify it like so:
BEFORE:
The bottem of the text file will look like this:
domain: untrusted
oneshot(oneshot): Application_Self_Start
oneshot(oneshot): Device_Connectivity_Bluetooth
oneshot(oneshot): Message_Delivery
…and so on.
Copy the text (From your own file people! Some phones MAYBE DIFFERENT depending on firmware!) from under “domain: Gold-Trust” and paste it under “domain: untrusted” for MY phone it looked like this:
domain: untrusted
oneshot(oneshot): Application_Self_Start
oneshot(oneshot): Device_Connectivity_Bluetooth
oneshot(oneshot): Message_Delivery
oneshot(oneshot): Message_Reception … and so on
To this:
domain: untrusted
allow:Â Â Â Â Â Â Â Â Â Â Â Application_Self_Start
allow:Â Â Â Â Â Â Â Â Â Â Â Device_Connectivity_Bluetooth
allow:Â Â Â Â Â Â Â Â Â Â Â Device_Connectivity_Comm
allow:Â Â Â Â Â Â Â Â Â Â Â Location
allow:Â Â Â Â Â Â Â Â Â Â Â Message_Delivery
allow:Â Â Â Â Â Â Â Â Â Â Â Message_Reception
allow:Â Â Â Â Â Â Â Â Â Â Â Multimedia_Access
allow:Â Â Â Â Â Â Â Â Â Â Â Net_Access
allow:Â Â Â Â Â Â Â Â Â Â Â Personal_Data_Read_Access
allow:Â Â Â Â Â Â Â Â Â Â Â Personal_Data_Write_Access
allow:Â Â Â Â Â Â Â Â Â Â Â Satsa
allow:Â Â Â Â Â Â Â Â Â Â Â Sprint_Extensions
Save that file and send it back to your phone. Close BitPIM and then unplug and restart your phone. It is now hacked!
Now, even though your phone is hacked, it maybe hard for you to find apps for it (Since most sites, like google, think your phone is still a cripple.) The best method I found was to use the runkim uploader here to upload the jar files, then run them from your phone.
My top Apps List:
Opera Mini -> Very very fast web browser verses the stock, but you can’t download stuff with it….
meboy -> Gameboy Emulator, a little hard to control, but pretty playable none the less.
mgmaps -> This allows you to use the GPS in the phone to find your self on a map. It does take about 5 minutes to get a reading, and it does not update very quickly.
gmail -> I like to check my gmail and even though google says it wont work, it does and it works very well! You will have to download it to your computer first, then use the rumkin
Google Maps -> GPS does not work, but the rest does!
MidpSSH -> Need to login to a server via ssh or telnet? This will help you in a bind!
VNC2Go -> Yes, you can run a VNC client on your phone… It works, but it is a little slow to use. (As in 10-20 sec delays…)
Happy Hacking!
damn, on 64 bit comp..
Lame, I had that problem too, but if you virtualbox with USB passthough, you can use a 32bit windows XP virtual machine, that’s what I did when I wrote this up. Personally, I would just find a computer that you could borrow for a bit. I got over 4 laptops running windows xp 32 right now, so I no longrt have this issue
Does not work for me,
The phone is detected as ‘Other CDMA’ on the good COM port but I cannot get data from the phone because every components are greyed out.
I tried using BitPim to unlock the phone about 6 months ago and had the same result. I am a little skeptic. Could you send captures of BitPim’s window? Maybe it is a matter of version, which version of BitPim are you using? What is the firmware of the phone?
Thank you
Hello
Have you hit “View File system” under the view menu? That should bring it up. I am using 1.7 of Bit PM, also what network are you on?
Cheers
Chris
At first, I didn’t try the ‘View File System’ command directly. I did it and it worked
Bizzarely (and happily), it does not ask the SPC of the phone.
I’m on the Virgin Mobile Canada network, which seems to be Bell Canada in reality.
Thanks for the tip and answer!
No problem man! Happy Hacking!
Which version of midpssh did you try/use?
I have a mini sd-card that i put a signed, and unsigned jad, as well as a jar, and the phone cant run any of them. I followed the guide and even checked after by resaving the overwritten policy.txt file, and it has been changed. I don’t have a data plan, so is there any way to use a mini sd card? Thanks for the guide by the way
Yeah , I tried that too and it does not work. You have to download the program over the net because it has to be “Installed” so to speak… If you have a pre paid, then it only costs like 15 bucks for unlimited internet for the month!
I used 1.7.2, although it is not made for the samsung vice and has some major issues when it comes to typing info in. I only use it in case of emergency!
Too bad, i dont want to waste cash on the internet. I even fiddled around with bitpim to try to copy how the other games looked in terms of folder/files/everything wise, and couldn’t get it to show. I even replaced one of the games with another, but it recognized the difference, most likely due to the file size, and it wouldn’t launch it. If i could get past whatever blocks it from changing the actual file, then i could easily live with having 4 applications in my games folder, and 1 replacing the backup app in the applications folder.
I am dying to try this- everytime I try to use Myxer my vice screams ACCESS DENIED. Virgin mobile you bug me
I believe the reason for that is that there is a so called “Registry” file located on the device that needs to be updated with regards to the program, if you edit this it should work, but the problem is that it is all in computer code from what I understand. If you speak computer you should have no problem!
Hello Scott
I recommend using the rumkin upload for ring-tones and MP3′s. Just use audacity to edit your favorite song that you want to make into a ringtone. It may take a few tries, but it will work!
No luck. I believe Virgin Mobile has coded all their phones to deny all attempts to download files not signed by their servers:( Evil corporate capitalism.
That’s lame! So is this before or after the mod?
When i hit the receive button, the `Get Data from Phone` window pops up, but everything is grey, meaning i cant select any sources to import or even press okay. The only buttons i can hit are `Cancel`, `Help` or the x in the corner. Can you please help me, i`m just trying to recover some deleted messages on my phone. any help would be greatly appreciated. thanks.
Scott, Im using Virgin Mobile and can download, install and run applications using rumkin.
Mike, please read the other posts in case your question was already answered. That is called netiquette.
Thanks again Chris
lol no Problem philthemuzik, Are you still having issues Mike or did you get it figured out?
i’m still having the same problem. i can’t figure it out.
@philthemuzik I keep getting an error code 905 error attribute mismatch
And it was before I tried the mod- havent been able to get to my 32 bit desktop
@Mike ~ BitPM is not able to extract SMS Messages from the phone due to the phone not being supported. There is another program you can use from qualcomm but you must get it from the manufacture (Which FYI is never going to happen) Also, if it is to recover the Messages they are probably toast anyway.
@Scott ~ So Have you got this mod on your phone yet? Also what are you trying to put on your phone? From what I understand, you are trying to put apps on your phone? If so, there is a chance the App may not work anyway. Try an MP3 or something.
BTW I just got to University and the Internet is the pits, so if I don’t respond for a while, it’s because I have no connection
Worked for me a on a bell prepaid Vice.
Note that on more recent version of BitPim (I used 1.07), the step of clicking “Get Phone Data” isn’t needed after connection, as “view filesystem” is now under the “View” menu.
Also, the step of finding the COM port (in my case, COM9) was REQUIRED – without that (leaving it on auto), I sent my phone into an infinite reboot loop which erased all data.
Glad it worked for you Gerald, I did the same thing (Set it to auto com port) and it also did the infinite reboot loop, which at that time got me a little upset since I just finished putting all my contacts back in.
So this entire actions allows you to get a free GPS reading and other 3rd partys, or do you need to have a data plan to get this? Because it seems that this is only really beneficial if you have a data plan, am i correct?
Well, this hack is centered around using data-applications. For example, after this hack, the phone will no longer bug you every time opera requires a web connection (Which is about 2-4 times per page). As for the free GPS, you will need a data plan or else it will run up quite the bill (Downloading the maps and all)
~Chris
Hi there
Very interesting post. I have been looking everywhere for the LINUX drivers. Do you know where I can go to download them?
Thanks!
Hello Charles
I hate to say it, but I am not sure where you would find Linux drivers, If you are trying to do this hack, you could use virtual box and then usb pass-through to make it work, but again it depends on what you want the drivers for. The windows drivers I got took me about 3 hours of google searches to find. Have you tried plugging it in yet? It might work, I have had it happen before where some obscure device that I lost the drivers for years ago had no problem with Linux.
~Chris
I don’t see OTHER CDMA with BitPM 1.07. It fails to detect my phone. Suggestions? I have the comm port set right.
Oops. Figured that out, an no I did not have my comm port selected correctly, which I’m still working on. Suggestions if it doesn’t show up in browse?
Hello Ben
Make sure the driver is working right by checking in device manager. It should come up as Samsung CDMA Modem under Ports. I am not sure though since I don’t have access to an XP machine right now
Hello
The display on my phone doesn’t work, but the phone does. I just want to retrieve the contact list. Can I do it with this method/programs? I have it hooked to the computer and can see the com port it’s conected to.
I haven’t done this hack in a few years now since I got a new phone, but if you get BitPIM working, that should let you extract the contacts. As I stated in the post however, be very careful using it. It does have the possibility of factory defaulting your phone, which would remove all hope of getting the contacts back.
~Cheers
Chris