Can i flash a new firmware, using odin, removing the aboot, rpm, sbl2, sbl3 and tz files from the tar file?? leaving only the boot, cache, hidden, modem, non-hlos, recovery and system img files? will there be another problem?
or maybe make a cwm installable rom with the dsixda kitchen?
i want to try but afraid to brick my phone... just tellme if im in the right direction.
thanks
No, thats not possible. Official firmwares need the new bootloader. You can however flash any custom rom.
modem.bin also contains sbl and rpm
there are many other things related to Knox bootloader
Flash the custom or make your custom rom with kitchen
Related
Hey guys
I was wondering why there are no custom roms which can be flashed with odin which retain knox warranty status?
Apparently you can alter the system image / partition and as long as you stay away from recovery and kernel partition the knox warranty will stay 0x0?
What else does RDLV do than use a modified system image? Thats why u get custom status, but knox stays 0x0 because you dont flash kernel or recovery.
So with odin tars just containing system.img we should be able to install custom roms without even needing CWM or any other recovery - we just lose the convinient method for backup/restore by staying stock recovery right? (and no adb in recovery, which actually sucks more imo).
---
We should actually also be able to install cwm zip files without a recovery right? Couldnt you just extract the zip and run the binary or the script from there? Or transform the update-script to a real sh file instead. Or are there "limits" as to what you can do on the running device vs recovery mode? Recovery mode is just a minimal os anyway isnt it?
Or is there maybe already some app or tool out there which can flash zips while device is fully booted?
And last but not least: Anyone tried side-booting a recovery image? Afaik you can boot images without actually flashing them onto the device right? Couldnt we just temporarily boot the recoveries without actually flashing?
---
I really want to beat this knox **** =)... (without tripping warranty hehe)
ohh i just found an app which can flash zips without recovery:
"Flash Gordon"
Pretty sure Knox checks the entire rom as a whole rather than just the recovery and kernel.
URDLV is done through hex editing a small bit of the rom/image. Not replacing an entire part of the rom.
It would be interesting though as we can flash roms without installing the new bootloaders, I wonder if there's a way to dummy up a rom to look like an official rom while being custom...
well I'm pretty sure custom (modified) system.img is alright. It doesnt matter what you change - the system is custom or its not (verified by signature scan or smth).
So if we pack up roms or mods into a modified system.img they should be flashable with odin without tripping knox.
I will try it out - I extracted a stock system.img.ext4 from MJ7 and will try to merge it up with x-note installer zip. The aroma installer is what giving me trouble - else I could just copy over all the files from the zip to the system.img and fix the permissions.
But creating a system.img from a "normal" rom zip without aroma or special choices during install process should be pretty easy:
1.) You need linux so that you can work with the permissions and mount the system.img as a directory etc.
2.) extract the system.img.ext4 from the tar.
3.) get simg2img and use it to "decrypt" the system.img.ext4 to a system.raw which then can be mounted with "mount -t ext4 -o rw,loop system.raw mount_point".
4.) Edit what you like and make sure the permissions are alright.
5.) repack to img.ext4. (forgot the tools name for that.. smth like "makeext4fs" or so)
6.) repack to tar
7.) add md5 and create tar.md5
8.) Flash through odin
---
I will try it as soon as I created my system.img.ext4 with x-note, but this gonna take some while - rom brewers could do this alot easier after rom creation though. (maybe we could even find a way to still use aroma installer or something else mimicking its actions)
---
ADD: Also wanted to add that that my experience so far is that the knox flag is pretty forgiving about what you do on your phone as long as you stay away from the kernel and recovery.
I deleted like everything related to knox (even the containers folder in system root with the extra apks and jars, also deleted tima_measurement_info which gets recreated every boot though, deleted or renamed some binaries related to knox like containersetup in /system/bin) and even modded my efs folder (tried to use my random mac script - but apparently the stock kernel ignores mac settings) and other pretty deep things, without tripping knox yet - so to me that seems like we can just do what we want with our system partition (and some others) as long as the kernel and recovery remain signed by samsung. (we really need to get our hands on this signing key somehow!!!!!!!)
If you flash a modified system.img it will trip Knox. Rdv only modifies bites of the IMG ..
Sent from my SM-N900W8 using XDA Premium 4 mobile app
DAGr8 said:
If you flash a modified system.img it will trip Knox. Rdv only modifies bites of the IMG ..
Sent from my SM-N900W8 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Does that mean that it's not a check-sum lock? Even a bit would change the check-sum. What else could it be checking? Size?
It checks for signature. That's for sure not sure why modifying the zip doesn't trip it Maybe it's only matching part of it ..
Sent from my SM-N900W8 using XDA Premium 4 mobile app
So flashing a self-brewed system.img.ext4 (within an odin tar and including cache.img with CSC data - like the one URDLV spits out) does trip knox? Is this confirmed?
If it is confirmed, this means that while flashing the knox must be tripped - because you can just alter the system partition on a running system and it does not trip knox flag as far as I can tell. So how does this signature thing work anyway? You get the checksum of the whole rom and encrypt it afterwards and check against this? Because if so, then modifying anything on system would just trip knox. And if the signature is just some appended file or something then it is not really safe - because you could just leave that signature file intact.
I did not try it yet, but I'm really strongly believing that there is a way to get a custom system.img onto the device without tripping knox - maybe those who tried just messed up somewhere. But RDLV does modify the image - may it be "just" hex-editing or be it some other modification - modification = checksum wont match = detected as "custom" by syscope. And RDLV actually adds a line (or edits an existing one, not 100% sure) to /system/bin/ss-presetup.sh - that would definitely change the checksum etc.
---
What RDLV actually does on top of flashing the system.img.ext4 is also flashing the cache.img which contains CSC data afaik - so maybe the secret lies there - that you need the right cache.img for the corresponding system.img.ext4?
I will most likely just end up tripping knox by will just to have a custom recovery and kernel, but before that maybe I or we can learn a lil more about how the flag works?
Digital signature of system.img is not modified by RDLV but will be by building a system.img because it will be a new one
can you maybe explain how this digital signature works if you happen to know? If it checksums the whole image for example, it would be broken by the modifications RDLV does - and I doubt he's doin a signature "collusion" so that the checksum stays the same right?
How about this then:
You edit stuff ON DEVICE and dump the system.img.ext4 from the running note3 and flash that onto another or reflash it on your own device - this should also retain the signature shouldnt it?
Skipping the step of unpack/repacking of the img this way..
(just need to find a way to modify EVERYTHING on a running device - maybe have some files be changed on boot through scripts if no change is possible while the system is fully booted - I read you cannot change some lib files in system while system runs or it will crash / break the operation)
Sorry guys this is maybe a dumb question but I cannot find a real reply to my doubts.
I have a Galaxy S4 i9505 with old bootloader knox free xxubmf8. I would like to backup my bootloader just in case I would try to change it with some other still knox free BL, for testing reasons.
I made a backup with nandroid , choosing the boot partition during the backup. Is this enough?
Is there a way to create an Odin backup of the bootloader or somewhere where I could download this bootloader release alredy packed?
I have also downloaded the stock xxubmf8 firmware but I don't know which file inside the firmware to keep (probably aboot, sbl1, sbl2, sbl3, rpm and tz)
Many thanks!
I don't think you can. There is nothing different on a knox bootloader, other than knox itself.
Hey GDReaper, sorry for the late thanks! So I won't bother trying to change the bootloader.
Just in case you know and for my only knowledge, what does the nandroid backup when you choose to save the boot partition?
It will backup your kernel.
Hello the community,
i'd like to ask you for help because i don't manage to make it.
Here is the problem :
1/ i flashed last firmware for the phone
2/ then root it, install latest busybox....
3/ dump from my phone cache & system using this :
dd if=/dev/block/platform/13540000.dwmmc0/by-name/CACHE of=/sdcard/cache.img
dd if=/dev/block/platform/13540000.dwmmc0/by-name/SYSTEM bs=4096 of=/sdcard/system.img
I check it using linux reader. No problem at all
4/ Then repack those 2 files with others files which are on stock tar file (boot, hidden...)
5/ Launch Odin, put my tar on AP then flash.
- All were ok until it came to cache.img then fail
On stock tar, there is a system.img (not .raw). Don't know if it is sparsed but....i suppose as it needs to be converted to bre used with linux reader.
So i dunno what to do to have a valid cache.img & system.img
If you can help me, i will be grateful.
Thanks for all.
Hi
I'm trying too making a pre rooted stock rom flashable through odin. But i get everytime a "failed" from Odin.
However why are using your cache instead of cache.img present in stock firmware?
Try unpack stock firmware and replace only custom "system.img" that contains root and finally repack stock firmware!
Well some info i need is in cache
why don't you make a flashable zip since you know the partions then add root
malbert16442 said:
why don't you make a flashable zip since you know the partions then add root
Click to expand...
Click to collapse
A stock firmware pre-rooted flashable through odin is more comfortable whenever you wanna reset your phone isn't need to using FlashFire or Mobile Odin. IMHO
Because the (SM-N900V) bootloader unlock allows you to flash anything you please in the Odin AP slot (but probably not a bootloader firmware downgrade), I'm wondering:
Have any of you tried partial-stock Odin flashes (just boot.img and system.img) which downgrade only the Stock ROM and kernel?
[ for example, you are on (unlocked) OF1 or OB6 and you flash just boot.img/system.img from the Stock NK1 distro? (clean flash obviously; I suppose the system.img could also be pre-rooted & pre-debloated) ]
This is mostly for the lulz; what I am wondering is if the stock kernels enforce a "bootloader version match" policy (in addition to the bootloader Odin flashing Anti-Rollback enforcement). The bootloaders pass their version string as a command line argument to the kernel that they boot; I suppose the stock kernels could use that value for lockstep-policy enforcement.
I'd run the experiment myself, but I'm still on MJ7 so there's little for me to test (afaik MJ7 can be downgraded to MI9 even *with* a locked bootloader)
One of these days I'll upgrade my boot firmware*, but that day hasn't arrived yet.
* there are multiple experiments which could be run at that time:
(a) Odin flash only bootloader, tz, apnhlos & radio firmware "underneath" a custom or rooted ROM, eliminating the need to re-root prior to re-performing bootloader unlock on upgraded firmware.
(b) use dd to manually flash all bootloader, tz, apnhlos, & radio with an offline-modified aboot, creating a pre-unlocked, pre-rooted firmware upgrade.
(b) seems a bit more dangerous esp. if there is any real time protection of firmware partitions in the tz.
Why is it whenever someone has a real question not Android central stupidity there is no help?
danbracket said:
Why is it whenever someone has a real question not Android central stupidity there is no help?
Click to expand...
Click to collapse
Because @bftb0 is pretty good all by himself and most, if not all the 'heavy' developers no longer visit this forum.
Sent from my SM-N900V using Tapatalk
Can somebody tell me what's the latest baseband and how to flash it pls?
I flash roms all the time but some of the TW based roms don't give me any mobile network and they usual require a certain baseband. My current one is
I337MVLSGQB1
If the baseband isn't in the https://forum.xda-developers.com/galaxy-s4-att section as a flashable zip using TWRP, you'll have to download the latest stock ROM from sammobile.com and flash the baseband extracted from the ROM zip using Odin. That will guarantee the latest baseband gets put on your device.
Thanks for your reply
But won't that just flash the entire firmware causing me to have to unlock and flash recovery and root all over again?
If your phone is unlocked from its carrier, it stays unlocked even if you change ROMs. Also, I misstated what you had to do to get to the appropriate files. After downloading the large file from sammobile, extract it using WinRAR or 7-Zip. You should end up with a .tar.md5 file. Rename that file to .tar, and extract the files within. The two you want are modem.bin and NON-HLOS.bin. Those two are then flashed using Odin.
Of course, you could do the adventurous thing and download one of the existing flashable modem zips, then replace the existing modem.bin and NON-HLOS.bin in the flashable zip with the versions from the stock ROM package.
Forum for the sgh-i337m is located here: http://forum.xda-developers.com/galaxy-s4-att
Oh I downloaded the Bell one and saw the modem.bin but didn't know which other one was needed so thanks
Rogers, Telus, and Bell use the same stock ROM with a bit of customization on the sgh-i337m; therefore, you can cross-flash the modem, bootloader, and system as they are the same.
Oh cool. You've been a great help, thanks for the info
So i updated to QB1 but not getting any cell service when i flash certain i9505 roms like Super Touchwiz v6, Machinex or something like that, Imperium v18.1. Some require QG1.
Would QG1 or any other baseband/bootloader/modem be able to work on my Rogers i337M?
I know this phone usually can flash any rom that is for the i9505 so just wondering if it's able to go that far as to use those as well
I would not cross-flash bootloaders or modems as invalid modem/bootloader combinations may hard brick the phone.
You may need to flash a different kernel when using custom ROMs desgined for the i9505.
Okay