I don't really know which one improves my device's speed, more cores or more RAM?
That's one problem, my another question is, is there a way to install a new RAM with bigger space like the PC? My tablet is some sort of random Chinese tablet, unlike the others, I can't seem to find any screws on my tablet, the shell must be attached with another way.
I think it's nearly impossible and by opening it you take risk breaking it. You should try software tweaks instead.
Flash Thunderzap v2 +500
Jusinway said:
I don't really know which one improves my device's speed, more cores or more RAM?
That's one problem, my another question is, is there a way to install a new RAM with bigger space like the PC? My tablet is some sort of random Chinese tablet, unlike the others, I can't seem to find any screws on my tablet, the shell must be attached with another way.
Click to expand...
Click to collapse
I didn't open a chinese tablet but several phones and never found any free slot to attach anything new.
I wouldn't try with smd welding either... never see enough free space for working there by my own hands...
Hello,
You can't, as a console, ram is directly on the motherboard.
Try some Rom until you find one more fast.
Sorry for my English
Yeah, RAM is a soldered hardware component. Your only options are too use various RAM management techniques like swap and zram.
LG Optimus 2X:
ROM: Tonyp TheROM Build 26 New Bootloader
Kernel: Kowalski Kernel M1 New Bootloader 2.6.39.4 W/ RAM Hack
Bootloader:ICS Bootloader
Recovery: TWRP 2.6.0.0 For New BL
Baseband: 1035.21
Nexus 4:
ROM: Stock 4.4.4 W/ Root (Xposed, GPU Drivers, Dalvik/Bionic Patches)
Kernel: Franco r213
Bootloader: Stock Bootloader (Unlocked)
Recvoery: PhilZ Touch CWM-Based Recovery
Radio:Radio (1.03)[/SIZE][/SIZE]
DataAce said:
Flash Thunderzap v2 +500
Click to expand...
Click to collapse
I would like to do so but my tablet is totally incompatible with ROM flashing, I tried billions of apps, when I press enter system recovery, it gets me to factory reset, the same result when I enter fastboot, or any other ROM installer.
As far as I know the only way to change your ram is to buy and then find a way to "paste" it into the motherboard.. IF ITS COMPATIBLE!
PS.Try to change "config.low.ram" to true in your build.prop file
*-* XDA App *-*
---------- Post added at 04:45 PM ---------- Previous post was at 04:40 PM ----------
Jusinway said:
I would like to do so but my tablet is totally incompatible with ROM flashing, I tried billions of apps, when I press enter system recovery, it gets me to factory reset, the same result when I enter fastboot, or any other ROM installer.
Click to expand...
Click to collapse
Man..tablets are so hard to work with .the only thing you can do its to just get better with Adb command ,because this is the only tool you can use to work with tablets.. :thumbup:
*-* XDA App *-*
I think it's possible if you change your whole cpu with one with more RAM ( but it must be the same cpu ) but the biggest problem is that,if you are lucky and your tablet will reboot,it is extremely possible that the extra RAM to not be seen by Android,so it will not been used unless you change your kernel with one that can use the extra amount of RAM
Hey if u wanna expand your ram check my post on reosoft ram expander for increasing ram. 100% working and updated
Man if you can desolder and replace with same type high capacity and change kernel.........you are the hero..... but u can treat your SD card as a ram too . just Google for zram on Android........RAM manager pro is best app
After a year of usage I've run ROM benchmark which resulted in 230MB read and 118MB write (sequential ofc). I also found (and lost) thread on MIUI site. There was a table that compared storage speeds. This results are almost perfect match for eMMC 5.1. also "cat /proc/scsi/scsi" command reported that I have "Toshiba thglf2g9j8lbatrh" memory chip. I could not find it on Toshiba site neither in eMMC section, nor in UFS.
I have a silver 3/64 version, probably one of the first ones, bought it on "11th of November" a year ago.
So go ahead check your devices. Please, let me know what results you will get.
I'm getting 433MB/s read, 131MB/s write (both sequential). Bought my phone in April 2017 and still running Nougat.
Josua. said:
I'm getting 433MB/s read, 131MB/s write (both sequential). Bought my phone in April 2017 and still running Nougat.
Click to expand...
Click to collapse
Can you please run the command from OP? It requires root though. You can execute it from PC using ADB: you would have to download it if you have not already, then add "ADB shell su " before the command from OP and execute it from command line. You can also do it from device itself: download some terminal app, add just "su " to the command and run it
Same here eMMC on my device, and I bought it in 06.2017... But I am not power user, so I don't care
WORMrus said:
Can you please run the command from OP? It requires root though. You can execute it from PC using ADB: you would have to download it if you have not already, then add "ADB shell su " before the command from OP and execute it from command line. You can also do it from device itself: download some terminal app, add just "su " to the command and run it
Click to expand...
Click to collapse
Sure! I got the same result: TOSHIBA Model: THGLF2G9J8LBATRH
My XiaoMi Mi5s 128gb version , purchased on 13.10.2016 use the KLUDG8J1CB-C0B1 UFS 2.0 memory. I think all 128gb variants use this memory according to this:
http://deviceinfohw.ru/devices/variants.php?model=MI 5s&set_brand=Xiaomi&set_vendor=Xiaomi.
I have the 128 GB version and used A1 SD Benchmark, result of internal memory is:
480 MB/s read and 127 MB/s write
Using the latest official Global ROM 9.2.1.0.
If your device doesn't have enough free space, the io performance will drop off a lot.
Well, it kinda seems like a false alarm. I've conducted more benchmarks and found out that results are heavily dependent on read-ahead value that you can set in Kernel Adiutor at i\o scheduler tab. If it is set to a minimum default value of 128 then you get results that are natural to eMMC 5.1, but as soon as I increased value to 512 and then 1024 I've got 358 and 160 r/w (for 1024) speeds. Values were used in this order 128->512->128->1024. I forgot to take screenshot of 512 and can't compare it to 1024, but it was close to it and really far away from 128. It might be a lucky coincidence, but this parameter is the only thing that was changed between measurements.
Increasing the read-ahead value will increase your RAM usage and keep the flash, in cases of random reads, longer busy and thus can cause lower performance.
I also have Toshiba UFS memory. Read and write are good.
Well, I'm having like 288 MB/s on read, and only 31 MB/s on write, with ~7 GB of free space.
Once you get below 10-15% of free space, the write rate will drastically decrease on every flash based storage type.
dariusz666 said:
I also have Toshiba UFS memory. Read and write are good.
Click to expand...
Click to collapse
Is this good bro?
henmadx said:
Is this good bro?
Click to expand...
Click to collapse
Yes, it is. I have similar results.
There is my test results: 3/64GB version, Toshiba, phone bought on 2017-08-14
Well, I found this in a Chinese forum.
Code:
imgsrc.baidu.com/forum/pic/item/cf5440380cd7912300b80158a7345982b3b78092.jpg
-- UPDATE #1 (11/05/18) added
So I've got myself a Tracfone Variant of the Samsung J7, The "Galaxy J7 Sky Pro" [SM-S727VL] CDMA. As far as I can tell, this variant is sold on both the Tracfone and StraightTalk carriers, and it seems to just run a slightly modified build based off of the Official Verizon Firmware. The build fingerprint lists this device as "J7POPQLTEVZW", or an LTE Verizon Qualcomm J7 Pop. Yes, even Google refers to the device as a J7 Pop on official firmware.
I've had the phone for about two weeks now and I'm ready to begin tinkering again. I have the current official firmware with Carrier & Home CSC files. I also have the Binary 3 and Binary 4 Combination Firmware. I am awaiting download of an Official Stock Bootloader Revision 3 ROM and a set of Official VZW ROMs. I would pay someone for a real engineering firmware build. But I have the the carrier unlocked modems (still CDMA Only I hear) that are ODIN Flashable if anyone needs them. in my past experiences with Combination Firmware their modems are normally nor carrier locked.
Just bear with me on the longwinded-ness of this post. I want to know more about this device just as I've seen many others post already. I'm making this thread because, while I'm not the foremost expert on newer Samsung Firmware or even Android in general, I do know a bit about a lot of different topics spanning all of Android. I just need a little help compiling the command line tools I need. Because we are going to have to use older sources to compile the tools. Please message me if you have Linux experience. I feel like I can do this, but I will need a Linux Person on my side. Get at me bro.
***
So now I will breakdown into my Analysis and post my insights into Rooting this decently awesome (and cheaper) Android. All I know is, deep down my intuition is telling me this device is perfectly rootable, just using a round-a-bout method. I can see all the steps, they just haven't aligned yet, and I don't know the nitty gritty configuration details of CF's SuperSU/pHH's SuperUser.
At this point, it all comes down to setting the correct SELinux Contexts on the SU related files we install manually, and then extending ADB Root to the Launcher. Root currently is basically at the same point I got to with the AT&T Note 5. I have successfully manually installed & configured SuperSU from adb shell only once, and it was by accident on a Note5 w/5.1 combination installed. It seems like the 6.0 based factory binaries no longer include ADB Root in the kernel like KK and LP.
LINKS TO RESOURCES: https://drive.google.com/open?id=1eP1FK9Jw08sSVwf4X-i1P58-eDHI04LR
***
(1.) There is a major difference right off the top that can be seen in the two carriers. StraightTalk variants are stuck on the build 4ARF2 MM 6.0.1 build. This is only if you've bought the device brand new from straight talk. ST I've heard will not release the 7.0 Nougat build of 4ARF2. Straight Talk doesn't do it's own development. The normal Tracfone variant however, does have a 7.0 Nougat build of 4ARF2, the newest firmware thus far. As far as I am aware at this time, if you can find the ODIN Flashable 7.0 Nougat Firmware for the S727VL, it will still flash onto a StraightTalk variant. ST just will not do it themselves. But the current official firmware, S727UDS4ARF2 should come in a 6.0.1 form from StraightTalk OTA's, and a 7.0 form from Tracfone OTA's. But since both firmware are made for the SM-S727VL they should still flash. This might also be a path towards decrypting the test-keys the Kernel is signed with.
(2.) Normally, Combination Firmware is from a previous Android Version. Over the last few years of tinkering with Samsung devices, one thing I've always noticed, is that the combination firmware for a given bootloader revision is normally a version behind. Like on the Verizon Galaxy S6 Edge, the Revision 4 Combination Firmware is based on Lollipop 5.0 while the official builds are based on 6.0.1. Or if the device has official firmware that is 7.0 for that bootloader revision, the combination firmware will be based on 6.0.1. My point being, combination and official builds are normally not on the same Android version. They do this I think because the version change forces a full DM-Verity check with new signatures. The combination firmware still works because the "aboot" is legal for the bootloader revision is still validly signed. That's why combination firmware always comes as "1A", "3A", "4A", etc instead of "2D" or "4C". The number is the bootloader revision and the letter after is the ABOOT revision. The last 3 digits of the build ID being the date it was built. With the StraightTalk S727VL however, the revision 4 factory binary UDU4ARF1 is actually based on the same MMB29M Android 6.0.1 source as the official UDS4ARF2 MMB29M 6.0.1 release. I haven't seen this happen before and I know it means it will open a door or two for us. Especially considering we have both a Carrier and HOME CSC file for the firmware.
(3.) The Combination Firmware comes with a Permissive SELinux Kernel. Yet unlike most other Factory Binaries I've dealt until now, the Revision 4 Combination Firmware does not include a kernel with adb root. This must be one of the caveats of a MM based Factory Binary. All of the LP and older Combo's I've worked with had a Permissive Kernel with ADB Root, this one only has Permissive SELinux. The Factory Binary does include a Permissive SELinux Kernel that is flashable/bootable over top of the the official stock 4ARF2 build. So the official stock S727UDS4ARF2 firmware can be booted in SELinux Permissive mode, which means we should be able to get root somehow, that's usually a deciding factor at the end stage. Our problem with the Note5 was that the Binary 4 Combination was 5.1 while the official revision 4 builds were 6.0.1, so the kernels were all together from different versions of android. That isn't the case at all with the J7 Sky Pro.
(4.) Be careful flashing the Combination Firmware. It could mess up your SD Card. I'm not sure if it was because of the options I was testing in ODIN while flashing a couple times and my SD got repartitioned as well, or if flashing the combo firmware just shorted my SD. Either way, after flashing the combination and then back to stock, my device no longer reads my 64GB SD Card. It didn't read in the factory binary either. I may have to just repartition it for the card to work. But looking at the DiskInfo at the bottom, it looks like my External and Internal SD Cards have been combined maybe.
(5.) The Revision 4 Factory Binary ships with the 4ARF2 baseband, which is unusual as well. Normally a combination firmware will ship with the same build of the CP as the AP. But when I did a NAND Erase All & a Re-Partition in ODIN the Combination firmware still showed me having the 4ARF2 modem installed. But I use Straight Talk so my modem should already be carrier unlocked for CDMA use. Normally combination firmware carry the carrier unlocked modem for that bootloader revision.
*****
*****
*****
This is where I'm at currently. I hope to have some help tackling this. I'll try looking into this some more yes, but I haven't had this long and this is how far I've gotten in ~1.5 - 2 weeks.
ODIN Results flashing 4ARF1 Combination Firmware
T-Flash Total Sector 124735488
Download Mode - WonderShare MobileGo identifies the device as MSM8953
Flash Lock option failed to start flashing because ODIN didn't receive a response from the device.
GPT Layout Information via DiskInfo
Code:
--------------------------
Internal Storage (MMC)
--------------------------
* sbl1 [mmcblk0p1] Not mounted
Total space: 512 KB
* sbl1bak [mmcblk0p2] Not mounted
Total space: 512 KB
* ddr [mmcblk0p3] Not mounted
Total space: 32 KB
* limits [mmcblk0p4] Not mounted
Total space: 32 KB
* aboot [mmcblk0p5] Not mounted
Total space: 2 MB
* rpm [mmcblk0p6] Not mounted
Total space: 512 KB
* tz [mmcblk0p7] Not mounted
Total space: 2 MB
* hyp [mmcblk0p8] Not mounted
Total space: 512 KB
* devcfg [mmcblk0p9] Not mounted
Total space: 256 KB
* fsg [mmcblk0p10] Not mounted
Total space: 3 MB
* sec [mmcblk0p11] Not mounted
Total space: 16 KB
* keymaster [mmcblk0p12] Not mounted
Total space: 256 KB
* cmnlib [mmcblk0p13] Not mounted
Total space: 256 KB
* cmnlib64 [mmcblk0p14] Not mounted
Total space: 256 KB
* lksecapp [mmcblk0p15] Not mounted
Total space: 512 KB
* apdp [mmcblk0p16] Not mounted
Total space: 256 KB
* mdsap [mmcblk0p17] Not mounted
Total space: 256 KB
* pad [mmcblk0p18] Not mounted
Total space: 944 KB
* modemst1 [mmcblk0p19] Not mounted
Total space: 3 MB
* modemst2 [mmcblk0p20] Not mounted
Total space: 3 MB
* param [mmcblk0p21] Not mounted
Total space: 10 MB
* efs [mmcblk0p22] (/efs) [ext4]
Used: 5.1 MB, Free: 8.9 MB, Total space: 14 MB
* boot [mmcblk0p23] Not mounted
Total space: 32 MB
* recovery [mmcblk0p24] Not mounted
Total space: 32 MB
* bota [mmcblk0p25] Not mounted
Total space: 7 MB
* fota [mmcblk0p26] Not mounted
Total space: 5 MB
* backup [mmcblk0p27] Not mounted
Total space: 6 MB
* fsc [mmcblk0p28] Not mounted
Total space: 3 MB
* ssd [mmcblk0p29] Not mounted
Total space: 8 KB
* persist [mmcblk0p30] (/persist) [ext4]
Used: 5.3 MB, Free: 26.7 MB, Total space: 32 MB
* persistent [mmcblk0p31] Not mounted
Total space: 1 MB
* steady [mmcblk0p32] Not mounted
Total space: 1 MB
* keystore [mmcblk0p33] Not mounted
Total space: 512 KB
* config [mmcblk0p34] Not mounted
Total space: 32 KB
* mota [mmcblk0p35] Not mounted
Total space: 512 KB
* dpo [mmcblk0p36] Not mounted
Total space: 256 KB
* mdtp [mmcblk0p37] Not mounted
Total space: 64 KB
* dip [mmcblk0p38] Not mounted
Total space: 1 MB
* oem [mmcblk0p39] Not mounted
Total space: 64 KB
* mcfg [mmcblk0p40] Not mounted
Total space: 4 MB
* dsp [mmcblk0p41] (/dsp) [ext4]
Used: 9.5 MB, Free: 6.5 MB, Total space: 16 MB
* modem [mmcblk0p42] (/firmware-modem) [vfat]
Used: 63.9 MB, Free: 27.6 MB, Total space: 91.6 MB
* apnhlos [mmcblk0p43] (/firmware) [vfat]
Used: 23.3 MB, Free: 60.7 MB, Total space: 84 MB
* reserved2 [mmcblk0p44] Not mounted
Total space: 1 MB
* System [mmcblk0p45] (/system) [ext4]
Used: 3.1 GB, Free: 464 MB, Total space: 3.5 GB
* Cache [mmcblk0p46] (/cache) [ext4]
Used: 31.2 MB, Free: 568 MB, Total space: 600 MB
* carrier [mmcblk0p47] (/carrier) [ext4]
Used: 5.6 MB, Free: 39.4 MB, Total space: 45 MB
* Data (userdata) [mmcblk0p48] (/data) [ext4]
Used: 3.9 GB, Free: 6.3 GB, Total space: 10.2 GB
* mmcblk0rpmb [mmcblk0rpmb] Not mounted
Total space: 4 MB
--------------------------
Internal Storage
--------------------------
* vnswap0 [vnswap0] Not mounted
Total space: 1 GB
--------------------------
SD Card
--------------------------
* sbl1 [mmcblk1p1] Not mounted
Total space: 512 KB
* sbl1bak [mmcblk1p2] Not mounted
Total space: 512 KB
* ddr [mmcblk1p3] Not mounted
Total space: 32 KB
* limits [mmcblk1p4] Not mounted
Total space: 32 KB
* aboot [mmcblk1p5] Not mounted
Total space: 2 MB
* rpm [mmcblk1p6] Not mounted
Total space: 512 KB
* tz [mmcblk1p7] Not mounted
Total space: 2 MB
* hyp [mmcblk1p8] Not mounted
Total space: 512 KB
* devcfg [mmcblk1p9] Not mounted
Total space: 256 KB
* fsg [mmcblk1p10] Not mounted
Total space: 3 MB
* sec [mmcblk1p11] Not mounted
Total space: 16 KB
* keymaster [mmcblk1p12] Not mounted
Total space: 256 KB
* cmnlib [mmcblk1p13] Not mounted
Total space: 256 KB
* cmnlib64 [mmcblk1p14] Not mounted
Total space: 256 KB
* lksecapp [mmcblk1p15] Not mounted
Total space: 512 KB
* apdp [mmcblk1p16] Not mounted
Total space: 256 KB
* mdsap [mmcblk1p17] Not mounted
Total space: 256 KB
* pad [mmcblk1p18] Not mounted
Total space: 944 KB
* modemst1 [mmcblk1p19] Not mounted
Total space: 3 MB
* modemst2 [mmcblk1p20] Not mounted
Total space: 3 MB
* param [mmcblk1p21] Not mounted
Total space: 10 MB
* efs [mmcblk1p22] Not mounted
Total space: 14 MB
* boot [mmcblk1p23] Not mounted
Total space: 32 MB
* recovery [mmcblk1p24] Not mounted
Total space: 32 MB
* bota [mmcblk1p25] Not mounted
Total space: 7 MB
* fota [mmcblk1p26] Not mounted
Total space: 5 MB
* backup [mmcblk1p27] Not mounted
Total space: 6 MB
* fsc [mmcblk1p28] Not mounted
Total space: 3 MB
* ssd [mmcblk1p29] Not mounted
Total space: 8 KB
* persist [mmcblk1p30] Not mounted
Total space: 32 MB
* persistent [mmcblk1p31] Not mounted
Total space: 1 MB
* steady [mmcblk1p32] Not mounted
Total space: 1 MB
* keystore [mmcblk1p33] Not mounted
Total space: 512 KB
* config [mmcblk1p34] Not mounted
Total space: 32 KB
* mota [mmcblk1p35] Not mounted
Total space: 512 KB
* dpo [mmcblk1p36] Not mounted
Total space: 256 KB
* mdtp [mmcblk1p37] Not mounted
Total space: 64 KB
* dip [mmcblk1p38] Not mounted
Total space: 1 MB
* oem [mmcblk1p39] Not mounted
Total space: 64 KB
* mcfg [mmcblk1p40] Not mounted
Total space: 4 MB
* dsp [mmcblk1p41] Not mounted
Total space: 16 MB
* modem [mmcblk1p42] Not mounted
Total space: 91.6 MB
* apnhlos [mmcblk1p43] Not mounted
Total space: 24 MB
* reserved2 [mmcblk1p44] Not mounted
Total space: 1 MB
* system [mmcblk1p45] Not mounted
Total space: 3.5 GB
* cache [mmcblk1p46] Not mounted
Total space: 600 MB
* carrier [mmcblk1p47] Not mounted
Total space: 45 MB
* userdata [mmcblk1p48] Not mounted
Total space: 55 GB
--------------------------
Internal Storage
--------------------------
* dm-0 [dm-0] Not mounted
Total space: 10.2 GB
--------------------------
tmpfs mount points
--------------------------
* /dev [tmpfs]
Used: 192 KB, Free: 929 MB, Total space: 929 MB
* /mnt [tmpfs]
Used: 0 B, Free: 929 MB, Total space: 929 MB
* /mnt/secure [tmpfs]
Used: 0 B, Free: 929 MB, Total space: 929 MB
* /mnt/secure/asec [tmpfs]
Total space: unknown
* /storage [tmpfs]
Used: 0 B, Free: 929 MB, Total space: 929 MB
* /storage/self [tmpfs]
Used: 0 B, Free: 929 MB, Total space: 929 MB
--------------------------
Memory
--------------------------
* RAM
Used: 1.4 GB, Free: 388 MB, Total space: 1.8 GB
* Swap
Used: 503 MB, Free: 520 MB, Total space: 1023 MB
**************
**************
UPDATE #1: So I've unpacked the RAMDISK from the current official build (4ARF2), and the current official factory binary (4ARF1), as well as the official combination build from the last bootloader revision (3ARC1)
My results find that the file, "/verity_key", is the exact same across all the 3 most recent firmware. Like I opened the "verity_key" file in a hex editor, and the binary data for "verity_key" is exactly the same across the board for all 3 builds of the firmware.
THE SAME GOES FOR "/publiccert.pem". Does this mean the signature remains the same for Bootloader Revision 3 and Bootloader Revision 4? Does that mean they've used the same signature throughout their Marshmallow Releases? Doesn't that mean the signature should be easier to find?
Good **** my dude! Ill be seeing what can be done in my spare time to get this done for 100 bucks the thing is locked down tight. Or just so kadiwompus there is no simple answer. Ive been lerking this for a while now and have several j7sp's at my disposal. I do sec work and clients that have needs for SU gooyness for this device. Get with me and ill flash anything any way with whatever software and base infrastructure needed. I mostly do scummy peoples sec work so having the ability to melt wash the data is paramount and using s5's is getting harder and harder. this hundered dollar peice of her shuck donnng is what I need for what I do. although linux is my bag android and the phone scene is new to me. just here to help with the resources to lend aid.
That's awesome! I have a couple good ideas still I never got around to trying on the note 5.
And now that the S7 and S8 are as rooted and customized as they are, people are able to see how much of my concept for the greyhat root project was actually viable. System Root has always been more viable on Samsung devices. Systemless' concept doesn't work with Samsung since 6.0 by strict definition. If they could have mixed the systemless injection method with the system configuration it might have worked better.
Samsung still ships with Qualcomm Modems. And Qualcomm still dictates much of the Samsung experience. In the S6 line, the QC modems were installed before Samsung ever installed any firnware. The modems played a big part on their secured environment. I'm telling you I was able to get modaco's superboot to boot on my Verizon s6 edge once. But the thread was deleted by xda. And it worked because of the commands sent to the modem by the send_command.exe app.
DM, AT Commands, and a deeper knowledge of the QC environment is actually key to unlocking more of the device's potential.
I tried mixing up firmware bits of the stock RF2 and combination RF1. And it didn't boot the system. But I could boot into full recovery every time.
I'm also looking into a couple and will report back soon. It will be then, that I may need help acquiring a couple tools. Because I know a few other Samsung devs that could help but probably won't. I'm going to have to learn a lot from scratch. I have a few really good ideas that have already worked on other devices. I just don't have as much of a full understanding as I'd like before I tried some of it.
I need to get a few of my questions answered about a couple rooting methods that weren't explained in depth enough for me. Like I've seen some devices be rooted in a way I think the J7 Sky Pro could possibly be rooted, but I don't know how to do such an in depth analysis on some of the files involved. Seriously speaking, I need someone who is on call that could just give me some nitty gritty details when I need them and I'd be fine I think.
My next course of action includes trying to flash the Nougat Firmware to the device to see if the StraightTalk Variant can still support 7.0.
It also includes testing the J727VL from the POV of Kali Linux, and Running as much of the official firmware inside the Android Emulator as possible. Our combination firmware does not include ADB Root like LP Versions do. So with DM-Verity enabled so well, and both the stock and combination firmware being tied to the same signatures from the previous bootloader revision, I'm guessing there isn't much of a chance to get a lot done with just simple SELinux Permissive.
But I have a feeling since nothing seems to change much from 3ARC1 to 4ARF2, we may have a way to get some modified images flashed to the device. And I feel like it has to do with the order of images being flashed.
Because when I was on 4ARF2 factory binary, I was able to get to the 3ARC1 aboot.mbn to flash for a second, but ODIN failed once the sbl.mbn tried to flash from 3ARC1. It gave me an aboot revision check error, but it didn't show up until the secondary bootloader tried to flash.
As in, it would have flashed if it were not for the Software Revision Check. Which I've heard can actually be modified to a degree. But just modifying revision flags in the binary data might not solve our problem fully. I've also read from Qualcomm that the modem installed on our chipset should actually support GSM bands technically. Maybe we just need the secret menu IME code to get to the bands selection menu.
Delgoth said:
My next course of action includes trying to flash the Nougat Firmware to the device to see if the StraightTalk Variant can still support 7.0.
It also includes testing the J727VL from the POV of Kali Linux, and Running as much of the official firmware inside the Android Emulator as possible. Our combination firmware does not include ADB Root like LP Versions do. So with DM-Verity enabled so well, and both the stock and combination firmware being tied to the same signatures from the previous bootloader revision, I'm guessing there isn't much of a chance to get a lot done with just simple SELinux Permissive.
But I have a feeling since nothing seems to change much from 3ARC1 to 4ARF2, we may have a way to get some modified images flashed to the device. And I feel like it has to do with the order of images being flashed.
Because when I was on 4ARF2 factory binary, I was able to get to the 3ARC1 aboot.mbn to flash for a second, but ODIN failed once the sbl.mbn tried to flash from 3ARC1. It gave me an aboot revision check error, but it didn't show up until the secondary bootloader tried to flash.
As in, it would have flashed if it were not for the Software Revision Check. Which I've heard can actually be modified to a degree. But just modifying revision flags in the binary data might not solve our problem fully. I've also read from Qualcomm that the modem installed on our chipset should actually support GSM bands technically. Maybe we just need the secret menu IME code to get to the bands selection menu.
Click to expand...
Click to collapse
The Tracfone SM-727VL 4ARF2 is 6.0.1 not 7.0 like the firmware website(s) report.
I have the Tracfone SM-727VL and I am on 4ARF2 which is 6.0.1 (while my damn J3 Luna Pro is on 7.0 )
The StraightTalk/Tracfone SM-727VL both are 6.0.1 on their latest firmwares.
The Verizon SM-727V however is on 8.0.1 already.
This might help
Delgoth said:
My next course of action includes trying to flash the Nougat Firmware to the device to see if the StraightTalk Variant can still support 7.0.
It also includes testing the J727VL from the POV of Kali Linux, and Running as much of the official firmware inside the Android Emulator as possible. Our combination firmware does not include ADB Root like LP Versions do. So with DM-Verity enabled so well, and both the stock and combination firmware being tied to the same signatures from the previous bootloader revision, I'm guessing there isn't much of a chance to get a lot done with just simple SELinux Permissive.
But I have a feeling since nothing seems to change much from 3ARC1 to 4ARF2, we may have a way to get some modified images flashed to the device. And I feel like it has to do with the order of images being flashed.
Because when I was on 4ARF2 factory binary, I was able to get to the 3ARC1 aboot.mbn to flash for a second, but ODIN failed once the sbl.mbn tried to flash from 3ARC1. It gave me an aboot revision check error, but it didn't show up until the secondary bootloader tried to flash.
As in, it would have flashed if it were not for the Software Revision Check. Which I've heard can actually be modified to a degree. But just modifying revision flags in the binary data might not solve our problem fully. I've also read from Qualcomm that the modem installed on our chipset should actually support GSM bands technically. Maybe we just need the secret menu IME code to get to the bands selection menu.
Click to expand...
Click to collapse
Hello I ran across a issue with my moto droid turbo 2 that required me to download quick shortcut maker and I just so happen 2 install it on my Straight Talk j7 and if you open the app and scroll down to the ims+ icon under the activities tab in the shortcut maker apk then click the dropped down the click the "try" section it opens a bunch of different settings. Hopefully it may help.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I also attached the quick shortcut maker.apk
The Verizon version has yet to update past the second revision bootloader though. Yes 4ARF2 is currently 6.0.1, But all the repair firmwares and all the websites that report on this same device outside the straighttalk network, report as 7.0.
It is interesting only because it seems like not much changed security wise from revision 3 to revision 4. It is possible they just temporarily locked it to 6.0.1.
The boot.img and recovery.img are signed with test keys and have a combination version available. The revision 4 firmware looks so similar to the revision 3. My phone forced itself to update from 3ARC1. By itself. I did nothing but it took it upon itself to update my firmware even though I never wanted it to. The Firmware should exist somewhere. And I don't see why either of these carriers would take such great pains to lock down a device when they are kings of unlocked devices and BYOP plans...
I haven't finished doing a lot of stuff. Holiday times...
Well the journey ended before it really had a chance to take off. The farthest I actually achieved was just Permissive SELinux via the combination boot.img
My phone is bricked, harder even than my S6 Edge stuck in 9008 mode. It literally will not power on and will not charge.
This happened after I was messing with the aboot.mbn and boot.img from the combination trying to add more functionality to ADB's access. Well I was able to get the prince comsey ODIN to flash my tar of the aboot & boot, only for my phone to never power back after the autoreboot.
So whatever I did, ODIN didn't catch on and let the images flash, only it messed up the device. At least with my S6 Edge I know that Partition Tables are gone, I have no idea what happened to my Sky Pro today. Sad times indeed. The only chance I have is to try and write the bootloader to the SD Card via T-Flash, and hope it can give it a jump. Secure Boot usually disallows that though.
Delgoth said:
Well the journey ended before it really had a chance to take off. The farthest I actually achieved was just Permissive SELinux via the combination boot.img
My phone is bricked, harder even than my S6 Edge stuck in 9008 mode. It literally will not power on and will not charge.
This happened after I was messing with the aboot.mbn and boot.img from the combination trying to add more functionality to ADB's access. Well I was able to get the prince comsey ODIN to flash my tar of the aboot & boot, only for my phone to never power back after the autoreboot.
So whatever I did, ODIN didn't catch on and let the images flash, only it messed up the device. At least with my S6 Edge I know that Partition Tables are gone, I have no idea what happened to my Sky Pro today. Sad times indeed. The only chance I have is to try and write the bootloader to the SD Card via T-Flash, and hope it can give it a jump. Secure Boot usually disallows that though.
Click to expand...
Click to collapse
Made an image https://drive.google.com/drive/folders/1hkNQZPJhMjRsFSm-DQqqWPo1xRdGjcGI if anyone needs it. Always got to be safe.
How are you able to modify the images and getting them to apply to the device? I'm not able to without the phone throwing the security checks.
Justin1198 said:
Made an image https://drive.google.com/drive/folders/1hkNQZPJhMjRsFSm-DQqqWPo1xRdGjcGI if anyone needs it. Always got to be safe.
How are you able to modify the images and getting them to apply to the device? I'm not able to without the phone throwing the security checks.
Click to expand...
Click to collapse
Thanks, I will try this out. However I don't have high hopes. I did find out what happened to my 64GB SD Card awhile back though, T-Flash Mode actually wrote my entire firmware to the SD Card, It kept bootlooping though. It didn't break my card, just formatted it improperly for regular use.
It would be really friggin awesome if my device (Actually Manufactured this year Summer 2018) could still be debricked via SD. I thought that ability died a long time ago. I was reading that a Secure Boot Vulnerability (reported AND patched by SS in 2016) allowed T-Flash mode to allow flashing/booting of a non-signed kernel image. So I'm not sure this is an option anymore, but It can't hurt to try at this point.
I will get back to you soon.
I was using someone elses FRP Tool that can enable ADB on non ADB Enabled Firmware, essentially giving an ADB Root Shell at least. The program seems to have modified the aboot.mbn and the boot.img. I honestly Wish I knew what it did, because it bricked my device. I also used a .tar archive, instead of a .tar.md5
I believe that skips some of the security checks. At least the initial CheckSum. It is hard to get a straight answer about how ODIN functions internally sometimes, because the people that DO know usually don't talk. The people who have modified ODIN have a very niche body of knowledge to edit a program that is basically undocumented, especially since I can't get anyone who has modified ODIN for a specific purpose to tell me exactly why. All they tell me is that they modified ODIN to skip a specific checksum while flashing. Ok? But why? And how did you figure that out?
Message for all the people looking for root.
Delgoth said:
Thanks, I will try this out. However I don't have high hopes. I did find out what happened to my 64GB SD Card awhile back though, T-Flash Mode actually wrote my entire firmware to the SD Card, It kept bootlooping though. It didn't break my card, just formatted it improperly for regular use.
It would be really friggin awesome if my device (Actually Manufactured this year Summer 2018) could still be debricked via SD. I thought that ability died a long time ago. I was reading that a Secure Boot Vulnerability (reported AND patched by SS in 2016) allowed T-Flash mode to allow flashing/booting of a non-signed kernel image. So I'm not sure this is an option anymore, but It can't hurt to try at this point.
I will get back to you soon.
I was using someone elses FRP Tool that can enable ADB on non ADB Enabled Firmware, essentially giving an ADB Root Shell at least. The program seems to have modified the aboot.mbn and the boot.img. I honestly Wish I knew what it did, because it bricked my device. I also used a .tar archive, instead of a .tar.md5
I believe that skips some of the security checks. At least the initial CheckSum. It is hard to get a straight answer about how ODIN functions internally sometimes, because the people that DO know usually don't talk. The people who have modified ODIN have a very niche body of knowledge to edit a program that is basically undocumented, especially since I can't get anyone who has modified ODIN for a specific purpose to tell me exactly why. All they tell me is that they modified ODIN to skip a specific checksum while flashing. Ok? But why? And how did you figure that out?
Click to expand...
Click to collapse
I created another copy of the debrick.img if that one does not work for you. (This being my T-Flash). I have attempted to downgrade the device down to a version lower than the ARF2 and failed as it's saying that it can't fuse (even tried to flash just the system file). I also tried to run all root methods I know of on the combination and stock files and failed (The root methods mostly freezing on the combination). I can confirm that combining the files from combination and stock WILL cause a brick to the point where the phone won't turn on, yes, they flash. Another user in another thread says he managed to enable "volte" on his device with some modem file, haven't got my hands on it as I can't test due to no service being on the phone.
I keep seeing people saying "Enable OEM Unlock and then update and flash TWRP" in the other threads that are popping up about the SM-S727VL.
NO.
The "Unlock OEM" feature in the developer settings is only used to restore the stock update regardless of FRP being enabled or any type of actual "Google" interference of the restore. The setting does not actually unlock the bootloader. Yes, You could use CROM and it will say it's successful however it will not be for non-Chinese devices. The bootloader is still locked and this is why you are getting secure check fail. I know what you are thinking at this point...what about fastboot? Sorry, This is one of those Samsung devices that does not fastboot.
THE OEM UNLOCK FEATURE DOES -NOT-UNLOCK THE BOOTLOADER! Do not think that if you enable the oem unlock, that it will magically allow you to install TWRP.
CROM does not unlock it either. CROM will report that the bootloader is unlocked however it will not be.
The TWRP located on the TWRP Builder website is for an older version of the firmware for the phone. You cannot downgrade the stock firmware once you update it on this phone as I described above. That means you cannot install the May 2018 update if you have the July 2018 update installed. The TWRP build could be updated to match the latest recovery build however that is completely pointless and a waste of time at this point until you can actually 'find a way' to actually get the TWRP installed. If you want TWRP on a device that has a bootloader, you might actually have to gain root beforehand and install something like SafeStrap with the SafeStrap installer.
Well since you guys have all the heartbreaking news, here is the kind of good...
Tracfone is not very responsible when it comes to making sure their phones are up to date and even are sloppy (You might have noticed the duplicated stock ringtones, haha). This means that it could be possible for someone to find an exploit in the latest firmware or one of the internals (engineering firmware) then gain root access.
Now everyone looking for TWRP: Our first priority would be to gain root so that we can tackle the bootloader issue. Once we get root then we got everything we need. KingRoot, Kingo, and all those methods are failing so we got to get creative in finding a method, it takes time.
This was the crazy method done to an Verizon S5, root access is pretty difficult to gain especially when you get higher up in Android versions: https://forum.xda-developers.com/ve...oot-method-t3561529/post71202995#post71202995
Delgoth said:
Thanks, I will try this out. However I don't have high hopes. I did find out what happened to my 64GB SD Card awhile back though, T-Flash Mode actually wrote my entire firmware to the SD Card, It kept bootlooping though. It didn't break my card, just formatted it improperly for regular use.
It would be really friggin awesome if my device (Actually Manufactured this year Summer 2018) could still be debricked via SD. I thought that ability died a long time ago. I was reading that a Secure Boot Vulnerability (reported AND patched by SS in 2016) allowed T-Flash mode to allow flashing/booting of a non-signed kernel image. So I'm not sure this is an option anymore, but It can't hurt to try at this point.
I will get back to you soon.
I was using someone elses FRP Tool that can enable ADB on non ADB Enabled Firmware, essentially giving an ADB Root Shell at least. The program seems to have modified the aboot.mbn and the boot.img. I honestly Wish I knew what it did, because it bricked my device. I also used a .tar archive, instead of a .tar.md5
I believe that skips some of the security checks. At least the initial CheckSum. It is hard to get a straight answer about how ODIN functions internally sometimes, because the people that DO know usually don't talk. The people who have modified ODIN have a very niche body of knowledge to edit a program that is basically undocumented, especially since I can't get anyone who has modified ODIN for a specific purpose to tell me exactly why. All they tell me is that they modified ODIN to skip a specific checksum while flashing. Ok? But why? And how did you figure that out?
Click to expand...
Click to collapse
I've included a few links to this thread in other threads about root. Explained the situation above for the people who are curious. Keep me informed of anything you discover and I'll let you know what I discover. I should have more time to look into the device after exams next week. See if you can get your device down to the first release? Maybe we could open the door for more methods or something.
I’ll keep trying in my spare time to find something (because I know there is something) that will allow root on this device. I’ll keep trying and mirror everything we try on the J3 also to knock out two birds with one stone. Let me know if you need any files or anything. Hopefully you can get your phone fixed, if you can’t, take it up to a Samsung care center and see if you can swap it. Call it a “factory flaw”
Justin1198 said:
I created another copy of the debrick.img if that one does not work for you. (This being my T-Flash). I have attempted to downgrade the device down to a version lower than the ARF2 and failed as it's saying that it can't fuse (even tried to flash just the system file). I also tried to run all root methods I know of on the combination and stock files and failed (The root methods mostly freezing on the combination). I can confirm that combining the files from combination and stock WILL cause a brick to the point where the phone won't turn on, yes, they flash. Another user in another thread says he managed to enable "volte" on his device with some modem file, haven't got my hands on it as I can't test due to no service being on the phone.
I keep seeing people saying "Enable OEM Unlock and then update and flash TWRP" in the other threads that are popping up about the SM-S727VL.
NO.
The "Unlock OEM" feature in the developer settings is only used to restore the stock update regardless of FRP being enabled or any type of actual "Google" interference of the restore. The setting does not actually unlock the bootloader. Yes, You could use CROM and it will say it's successful however it will not be for non-Chinese devices. The bootloader is still locked and this is why you are getting secure check fail. I know what you are thinking at this point...what about fastboot? Sorry, This is one of those Samsung devices that does not fastboot.
THE OEM UNLOCK FEATURE DOES -NOT-UNLOCK THE BOOTLOADER! Do not think that if you enable the oem unlock, that it will magically allow you to install TWRP.
CROM does not unlock it either. CROM will report that the bootloader is unlocked however it will not be.
The TWRP located on the TWRP Builder website is for an older version of the firmware for the phone. You cannot downgrade the stock firmware once you update it on this phone as I described above. That means you cannot install the May 2018 update if you have the July 2018 update installed. The TWRP build could be updated to match the latest recovery build however that is completely pointless and a waste of time at this point until you can actually 'find a way' to actually get the TWRP installed. If you want TWRP on a device that has a bootloader, you might actually have to gain root beforehand and install something like SafeStrap with the SafeStrap installer.
Well since you guys have all the heartbreaking news, here is the kind of good...
Tracfone is not very responsible when it comes to making sure their phones are up to date and even are sloppy (You might have noticed the duplicated stock ringtones, haha). This means that it could be possible for someone to find an exploit in the latest firmware or one of the internals (engineering firmware) then gain root access.
Now everyone looking for TWRP: Our first priority would be to gain root so that we can tackle the bootloader issue. Once we get root then we got everything we need. KingRoot, Kingo, and all those methods are failing so we got to get creative in finding a method, it takes time.
This was the crazy method done to an Verizon S5, root access is pretty difficult to gain especially when you get higher up in Android versions: https://forum.xda-developers.com/ve...oot-method-t3561529/post71202995#post71202995
Click to expand...
Click to collapse
I actually have a Verizon S5 and have gone through all of that before. It isn't working here, I believe our hardware to be too new on the 727VL.
VOLTE comes from using the combination modem of 4ARF1.
The first debrick file didn't work. I only tried writing it once though to SD Card. when debricking my d2vzw (VZW S3) I've sometimes had to write the debrick image to the SD 4 times before I could get it to work. Or Samsung got smart and stopped letting these kinds of repairs happen for free...
And I'm pretty sure not much at all changed from 3ARC1 to 4ARF2 except a bootloader revision update. Those changes could be tracked down via examining the rootable and unlockable versions of the the other J series variants with a revision 4 bootloader. It really seems like everything down to even the veritykey is the same from revision 3 to revision 4 bootloader. I feel it wouldn't be too hard to crack. But Tracfone also forces updates to binary 4 bootloader from binary 3. They force the security policy update on you to patch everything that would have already got us root from the last year of MM exploits...
I am trying to figure out how to make a twrp recovery for the arf2 variant,but I don't know if I will be able to flash it if I end up succeeding. I'm not sure if anyone has any ideas on unlocking this bootloader.
(Sorry If I sound like a noob I am trying to learn android development and trying to figure this out at the same time.)
Masterx4020 said:
I am trying to figure out how to make a twrp recovery for the arf2 variant,but I don't know if I will be able to flash it if I end up succeeding. I'm not sure if anyone has any ideas on unlocking this bootloader.
(Sorry If I sound like a noob I am trying to learn android development and trying to figure this out at the same time.)
Click to expand...
Click to collapse
See post #11
Delgoth said:
I actually have a Verizon S5 and have gone through all of that before. It isn't working here, I believe our hardware to be too new on the 727VL.
VOLTE comes from using the combination modem of 4ARF1.
The first debrick file didn't work. I only tried writing it once though to SD Card. when debricking my d2vzw (VZW S3) I've sometimes had to write the debrick image to the SD 4 times before I could get it to work. Or Samsung got smart and stopped letting these kinds of repairs happen for free...
And I'm pretty sure not much at all changed from 3ARC1 to 4ARF2 except a bootloader revision update. Those changes could be tracked down via examining the rootable and unlockable versions of the the other J series variants with a revision 4 bootloader. It really seems like everything down to even the veritykey is the same from revision 3 to revision 4 bootloader. I feel it wouldn't be too hard to crack. But Tracfone also forces updates to binary 4 bootloader from binary 3. They force the security policy update on you to patch everything that would have already got us root from the last year of MM exploits...
Click to expand...
Click to collapse
We just have to wait until some carrier update to bootloader revision 4 and not upgrade. It's just a wait game now.
Delgoth said:
Thanks, I will try this out. However I don't have high hopes. I did find out what happened to my 64GB SD Card awhile back though, T-Flash Mode actually wrote my entire firmware to the SD Card, It kept bootlooping though. It didn't break my card, just formatted it improperly for regular use.
It would be really friggin awesome if my device (Actually Manufactured this year Summer 2018) could still be debricked via SD. I thought that ability died a long time ago. I was reading that a Secure Boot Vulnerability (reported AND patched by SS in 2016) allowed T-Flash mode to allow flashing/booting of a non-signed kernel image. So I'm not sure this is an option anymore, but It can't hurt to try at this point.
I will get back to you soon.
I was using someone elses FRP Tool that can enable ADB on non ADB Enabled Firmware, essentially giving an ADB Root Shell at least. The program seems to have modified the aboot.mbn and the boot.img. I honestly Wish I knew what it did, because it bricked my device. I also used a .tar archive, instead of a .tar.md5
I believe that skips some of the security checks. At least the initial CheckSum. It is hard to get a straight answer about how ODIN functions internally sometimes, because the people that DO know usually don't talk. The people who have modified ODIN have a very niche body of knowledge to edit a program that is basically undocumented, especially since I can't get anyone who has modified ODIN for a specific purpose to tell me exactly why. All they tell me is that they modified ODIN to skip a specific checksum while flashing. Ok? But why? And how did you figure that out?
Click to expand...
Click to collapse
What FRP Tool did you use?
Are you still in 9008 mode? You can probably flash kirito9's twrp from edl.
Frp
@Justin1198 I used Haggard FRP Tool v1
@djared704 It is straight brick, no charging no anything. Not even in Diagnostic Mode. I'll probably need a new device, a new motherboard, or a flash programmer.
I plan on going back to the Exynos7420 chipset here within the next month or so. I know a lot more about those devices than I do anything else.