[Q] Some questions on the current state of Verizon S5 hacking - Verizon Galaxy S 5 Q&A, Help & Troubleshooting

So we just upgraded my wife's phone to the S5 on Verizon, and I've spent a few minutes going through the forum here and want to make sure I understand the current state of hacking on this phone, along with some other questions:
1) Root is possible - which will provide full access to the system for modification? (TiBu, Xposed, etc)?
2) No bootloader unlock - so standard custom ROM flashing is not available.
3) Ability to use "safestrap" - which as best as I can tell allows you to multi-boot custom ROMs by bootstrapping them from defined partitions in internal memory(?)
Some additional questions:
4) What are the drawbacks to safestrap booting compared to the standard custom ROM flash with a custom recovery? I mean, yes the method is different, but are there limitations on the functionality of custom ROMs flashed using this method? Does it detract from anything, or does it just mean a little more development must go into making a safestrap ROM?
5) I see some posts regarding SELinux being enabled in the kernel and no working fix yet. What actual impact does having SELinux in Enforcing mode have on the system for custom tweaking, etc?
6) Is it possible (and easy enough) to bring the phone back to complete stock if required. Either for return purposes, or because you deleted something and can't get OTA, etc.
7) In general, when all is said and done, what are the tangible areas which the S5 is locked to the extent that it truly diminishes the custom experience?
I am getting myself the M8, and spending most of my time figuring things out on there. My wife preferred the S5 and although she isn't a "power user" she may eventually want some things that the custom ROM can't provide. I'm hoping root and Xposed will be enough for those things - but we are still within our return window and if I deem the S5 just doesn't have the features, we may try something else....though it seems that most everything on Verizon is locked down except maybe the M8.
TIA

1) Root is possible - which will provide full access to the system for modification? (TiBu, Xposed, etc)?
Correct
2) No bootloader unlock - so standard custom ROM flashing is not available.
Correct
3) Ability to use "safestrap" - which as best as I can tell allows you to multi-boot custom ROMs by bootstrapping them from defined partitions in internal memory(?)
In essence, this is how we are loading custom ROMs. Technically you could use it for multiple ROMs, it seems like the consensus is to just load your custom ROM to the primary slot and not switch between multiple.
Some additional questions:
4) What are the drawbacks to safestrap booting compared to the standard custom ROM flash with a custom recovery? I mean, yes the method is different, but are there limitations on the functionality of custom ROMs flashed using this method? Does it detract from anything, or does it just mean a little more development must go into making a safestrap ROM?
The drawback is no custom kernels and no ROMs like CM or AOSP because of that.
6) Is it possible (and easy enough) to bring the phone back to complete stock if required. Either for return purposes, or because you deleted something and can't get OTA, etc.
Yes.
7) In general, when all is said and done, what are the tangible areas which the S5 is locked to the extent that it truly diminishes the custom experience?
Having a locked bootloader does limit the ROM choices in that we will only get Touchwiz-based options, but that isn't necessarily a huge deal.

jcollier said:
1) Root is possible - which will provide full access to the system for modification? (TiBu, Xposed, etc)?
Correct
2) No bootloader unlock - so standard custom ROM flashing is not available.
Correct
3) Ability to use "safestrap" - which as best as I can tell allows you to multi-boot custom ROMs by bootstrapping them from defined partitions in internal memory(?)
In essence, this is how we are loading custom ROMs. Technically you could use it for multiple ROMs, it seems like the consensus is to just load your custom ROM to the primary slot and not switch between multiple.
Some additional questions:
4) What are the drawbacks to safestrap booting compared to the standard custom ROM flash with a custom recovery? I mean, yes the method is different, but are there limitations on the functionality of custom ROMs flashed using this method? Does it detract from anything, or does it just mean a little more development must go into making a safestrap ROM?
The drawback is no custom kernels and no ROMs like CM or AOSP because of that.
6) Is it possible (and easy enough) to bring the phone back to complete stock if required. Either for return purposes, or because you deleted something and can't get OTA, etc.
Yes.
7) In general, when all is said and done, what are the tangible areas which the S5 is locked to the extent that it truly diminishes the custom experience?
Having a locked bootloader does limit the ROM choices in that we will only get Touchwiz-based options, but that isn't necessarily a huge deal.
Click to expand...
Click to collapse
So when using safestrap do you actually overwrite your main ROM in the slot, or you would have your main (factory) ROM loaded as normal, and then your custom in a separate slot? In effect, you could toggle between those if wanted? If so, I might load a custom for her to play with while not interrupting her normal usage. If she prefers it, we could eventually switch her over.
Where in the ROM/RAM are these custom ROMs actually placed and how big are they as in how do they affect the overall storage on your device if you opt to use one? I assume if you were to switch between more than one you would probably have to install all your apps, etc on each one.
What you said about touch-wiz only makes sense though I suppose it isn't that bad of a thing especially with all the proprietary goodies that Samsung has. I would expect that AOSP or CM mods might have problems recreating some of those features anyway.
Thanks again

TraderJack said:
So when using safestrap do you actually overwrite your main ROM in the slot, or you would have your main (factory) ROM loaded as normal, and then your custom in a separate slot? In effect, you could toggle between those if wanted? If so, I might load a custom for her to play with while not interrupting her normal usage. If she prefers it, we could eventually switch her over.
Where in the ROM/RAM are these custom ROMs actually placed and how big are they as in how do they affect the overall storage on your device if you opt to use one? I assume if you were to switch between more than one you would probably have to install all your apps, etc on each one.
What you said about touch-wiz only makes sense though I suppose it isn't that bad of a thing especially with all the proprietary goodies that Samsung has. I would expect that AOSP or CM mods might have problems recreating some of those features anyway.
Thanks again
Click to expand...
Click to collapse
I believe most people are just overwriting the main ROM and that is what I have done. I believe I recall issues when loading into the other slots.
I can't speak to the specific partition the custom ROMs are stored on when using other slots, sorry.

jcollier said:
I believe most people are just overwriting the main ROM and that is what I have done. I believe I recall issues when loading into the other slots.
I can't speak to the specific partition the custom ROMs are stored on when using other slots, sorry.
Click to expand...
Click to collapse
Last I knew, safestrap slots are virtual disks on the data partition. Safestrap hijacks the boot process and remaps /system, /data, et al to the appropriate virtual disk for that slot.
If you flash to the main slot, you would be overwriting the stock rom, which may have drastic consequences. I highly recommend flashing your custom rom to a slot other than the stock rom slot.
When I had my Droid Razr, kexec was used to hot boot a new kernel. Support for kexec may not be available for the S5 though, denying us custom kernels.

fcsager said:
Last I knew, safestrap slots are virtual disks on the data partition. Safestrap hijacks the boot process and remaps /system, /data, et al to the appropriate virtual disk for that slot.
If you flash to the main slot, you would be overwriting the stock rom, which may have drastic consequences. I highly recommend flashing your custom rom to a slot other than the stock rom slot.
When I had my Droid Razr, kexec was used to hot boot a new kernel. Support for kexec may not be available for the S5 though, denying us custom kernels.
Click to expand...
Click to collapse
From what I've read, safestrap with the s5 has problems with rom slots. Most people having small problems here and there are on a rom slot, and when they flash the rom to stock slot most of they're problems go away. I think this is mentioned in the safestrap thread itself.
From what I understand, make a backup of your stock rom, then format, then flash rom choice on stock slot. That way if something screws up you can restore your stick backup.

fcsager said:
If you flash to the main slot, you would be overwriting the stock rom, which may have drastic consequences. I highly recommend flashing your custom rom to a slot other than the stock rom slot.
Click to expand...
Click to collapse
SafeStrap on the S5 is very buggy if you are using a ROM slot other than stock and is HIGHLY recommended by all the devs to use stock slot.
There will be no drastic consequences if you decide to use your stock slot. Just make sure you make a backup of your stock ROM before wiping it. If, by chance, something does go wrong, you can always ODIN back to stock and start over.

So being that the common/accepted practice is to install a ROM to the stock slot (which I did) its probably a good idea to go back in and resize the ROM slot to the smallest size allowable correct? Were never going to be using it so why not? Can this be done easily without affecting the ROM installed in the stock slot?

chetqwerty said:
So being that the common/accepted practice is to install a ROM to the stock slot (which I did) its probably a good idea to go back in and resize the ROM slot to the smallest size allowable correct? Were never going to be using it so why not? Can this be done easily without affecting the ROM installed in the stock slot?
Click to expand...
Click to collapse
You could just delete all ROM slots and call it a day.

MrHyde03 said:
You could just delete all ROM slots and call it a day.
Click to expand...
Click to collapse
Wow, I over thought that a tad aay! lol of course you can do that, thanks man!

I would like the piggyback off this thread since I also just got my S5 a couple days ago. I have an OTA update pending, I'll attach a screenshot of my current version number here but should I not update it until I root it or is it still possible to root with the latest software? After I do root it should I lock the file that is used to detect new versions?

If you have not updated, do not update, use towelroot to root, then freeze SDM using Titanium Backup

Ok, did that, that was easy. Quick read through of that thread says he works for Google now and people who updated basically shot them selves in the foot for that method, is that about right?
What should I do after I root, download SuperSU? Anything else I should need?
EDIT: Oh, it already restored SuperSU from my app sync so I don't even need that.

I had the ne9 version and immediately odin flashed to NCG and rooted. Then I SU'd, busyboxed, then safestrapped. Flashed alliancerom over my system after testing it on a different partition. So now I have alliancerom running and have customized the heck out of it.

berfles said:
I would like the piggyback off this thread since I also just got my S5 a couple days ago. I have an OTA update pending, I'll attach a screenshot of my current version number here but should I not update it until I root it or is it still possible to root with the latest software? After I do root it should I lock the file that is used to detect new versions?
Click to expand...
Click to collapse
berfles said:
Ok, did that, that was easy. Quick read through of that thread says he works for Google now and people who updated basically shot them selves in the foot for that method, is that about right?
What should I do after I root, download SuperSU? Anything else I should need?
EDIT: Oh, it already restored SuperSU from my app sync so I don't even need that.
Click to expand...
Click to collapse
Yes, it's possible to root the latest firmware(NE9). See here: http://forum.xda-developers.com/verizon-galaxy-s5/general/how-to-root-g900vvru1ane9-t2836201
And with any luck we should be able to keep root on any subsequent updates if not with the kernel swap method with other methods.

Related

Hi new user here- need some help

Hello everyone-
New user for the Samsung Galaxy S4 here. I used to own both the iPhone 3GS and 4S prior. My general background was writing VB in version 3.0 for AOL back in the late 90s for all you old school people, progs/punters that may remember those days. Unfortunately, even now I'm still have issues following along with new technology. So far, I have really enjoyed the android system and have made modifications through various launchers. I did use SuperSU and rooted the phone by the automated process. I realize these may be 'noob' questions, however; everyone I suppose goes through it at some point. I do have some general questions and several of them that I have read about have conflicting information. This will be somewhat long, but I do appreciate any input:
The Galaxy S4 that I have is SPH-L720, MK2, and 4.3 version.
At this point, I backed-up and installed several Google Games, Books, and Sprint ID, Sprint Worldwide, etc.....general bloatware using Titanium Back-up. Again the root method I used was SuperSU by Chainfire. I have NOT use TWRP/Clockwork Mod or flashed any custom ROMs. I just have it rooted and diabled some bloatware, installed Xposed Installer and other root only apps. I checked my phone and its status says 'custom'.
1. Given this set-up, can I still get OTA for new Android versions ? I don't care if it removes root, but I was just wondering if I can get OTA updates to get new versions for my phone. Some threads I have read say yes, others say no. If I cannot, how can I then get new updates ? I don't want to not be able to permanently update to 4.4 in the future. I know there is a way to update via Kies to the computer.
2. The root access via Chainfire SuperSU involves 2 components from what I understand. SU.apk and busybox. I was using Terminal Emulator based on the advice from this thread: http://forum.xda-developers.com/showthread.php?t=2565758
I could not get it to work when typing in the prompts on the screen, it just would not go through. I tried downloading Total Commander which allows root access. Can I instead of using Terminal Emulator to get rid of busybox, use Total Commander to get into the /system/xbin folder and manually delete all busybox files prior to using the permanent unroot of SuperSU feature in settings ? Or does the Full unroot remove everything ?
3. Maybe I still don't understand the flashing process, but it seems, you download Odin, then use the ROM file you need under the PDA selection then start the process while the phone is in download mode (home button, down volume, etc...) Is this how all custom ROMs and re-stores are performed ? Is this form of the restore different that the phone Samsung settings (back-up/restore) ? I've read about TWRP, custom recovery, Clockwork Mod, etc....but I dont understand what all these are. It seems easy enough to download files then put them via Odin then hit start....
At this point, I've refrained from doing anything other than back-up/uninstalling some bloatware and using some cool apps that supposed xposed installer. I'm worried that I might brick my expensive phone or render it unable to get anymore updates :crying:
Thanks for the input !
mikeprius said:
Hello everyone-
New user for the Samsung Galaxy S4 here. I used to own both the iPhone 3GS and 4S prior. My general background was writing VB in version 3.0 for AOL back in the late 90s for all you old school people, progs/punters that may remember those days. Unfortunately, even now I'm still have issues following along with new technology. So far, I have really enjoyed the android system and have made modifications through various launchers. I did use SuperSU and rooted the phone by the automated process. I realize these may be 'noob' questions, however; everyone I suppose goes through it at some point. I do have some general questions and several of them that I have read about have conflicting information. This will be somewhat long, but I do appreciate any input:
The Galaxy S4 that I have is SPH-L720, MK2, and 4.3 version.
At this point, I backed-up and installed several Google Games, Books, and Sprint ID, Sprint Worldwide, etc.....general bloatware using Titanium Back-up. Again the root method I used was SuperSU by Chainfire. I have NOT use TWRP/Clockwork Mod or flashed any custom ROMs. I just have it rooted and diabled some bloatware, installed Xposed Installer and other root only apps. I checked my phone and its status says 'custom'.
1. Given this set-up, can I still get OTA for new Android versions ? I don't care if it removes root, but I was just wondering if I can get OTA updates to get new versions for my phone. Some threads I have read say yes, others say no. If I cannot, how can I then get new updates ? I don't want to not be able to permanently update to 4.4 in the future. I know there is a way to update via Kies to the computer.
2. The root access via Chainfire SuperSU involves 2 components from what I understand. SU.apk and busybox. I was using Terminal Emulator based on the advice from this thread: http://forum.xda-developers.com/showthread.php?t=2565758
I could not get it to work when typing in the prompts on the screen, it just would not go through. I tried downloading Total Commander which allows root access. Can I instead of using Terminal Emulator to get rid of busybox, use Total Commander to get into the /system/xbin folder and manually delete all busybox files prior to using the permanent unroot of SuperSU feature in settings ? Or does the Full unroot remove everything ?
3. Maybe I still don't understand the flashing process, but it seems, you download Odin, then use the ROM file you need under the PDA selection then start the process while the phone is in download mode (home button, down volume, etc...) Is this how all custom ROMs and re-stores are performed ? Is this form of the restore different that the phone Samsung settings (back-up/restore) ? I've read about TWRP, custom recovery, Clockwork Mod, etc....but I dont understand what all these are. It seems easy enough to download files then put them via Odin then hit start....
At this point, I've refrained from doing anything other than back-up/uninstalling some bloatware and using some cool apps that supposed xposed installer. I'm worried that I might brick my expensive phone or render it unable to get anymore updates :crying:
Thanks for the input !
Click to expand...
Click to collapse
I can answer 1 & 3 for you.
1. No, you won't be able to take an OTA because you removed or modified system files. This will cause the update file of the OTA to abort once it encounters the modded file or can't find the file your removed. The best process to take an OTA would be to return the phone to stock before taking the OTA. The easiest method is to use Odin and install the full stock tar file that you are currently on. In your case it would be the MK2 tar file. This will return your phone to stock with the stock recovery and allow your phone to update via OTA, then you can re root.
3. Odin is used to flash things like stock tar files, modems(basebands), recoveries & firmwares. If you are installing a custom rom, that is usually done using a custom recovery like Phillz's or TWRP. These recoveries can be installed via odin or TWRP via goomanager app in playstore. Once the custom recovery is installed you copy the rom file or other mod to your sdcard and install through recovery.
cruise350 said:
I can answer 1 & 3 for you.
1. No, you won't be able to take an OTA because you removed or modified system files. This will cause the update file of the OTA to abort once it encounters the modded file or can't find the file your removed. The best process to take an OTA would be to return the phone to stock before taking the OTA. The easiest method is to use Odin and install the full stock tar file that you are currently on. In your case it would be the MK2 tar file. This will return your phone to stock with the stock recovery and allow your phone to update via OTA, then you can re root.
3. Odin is used to flash things like stock tar files, modems(basebands), recoveries & firmwares. If you are installing a custom rom, that is usually done using a custom recovery like Phillz's or TWRP. These recoveries can be installed via odin or TWRP via goomanager app in playstore. Once the custom recovery is installed you copy the rom file or other mod to your sdcard and install through recovery.
Click to expand...
Click to collapse
Thanks for the response....Does it matter what version of Odin I use if I were to restore the phone back to stock ? Also do I need to manually remove all rooted program and features, or can it be flashed back to stock ROM as is ? I have a lot of apps that I also don't want to lose and I've tried manually back up files on my SD card, but I didn't know if there was a way to back it up, so that it literally can be dumped right back in when stock is restored.
mikeprius said:
Thanks for the response....Does it matter what version of Odin I use if I were to restore the phone back to stock ? Also do I need to manually remove all rooted program and features, or can it be flashed back to stock ROM as is ? I have a lot of apps that I also don't want to lose and I've tried manually back up files on my SD card, but I didn't know if there was a way to back it up, so that it literally can be dumped right back in when stock is restored.
Click to expand...
Click to collapse
I believe if you are on MK2 you will want to use the latest version of odin which is ver3 3.09. If you are using the MK2 complete stock tar file it will rewrite everything in system and restore all the apps that were removed or modded so you don't need to manually remove root. Currently, the stock files available to us do not wipe the data partition so anything you have in that partition will remain there unless you do a factory reset. One thing you will want to make sure you are doing is backing up to the external sdcard and not the internal. You can then use TB to replace any files if you did a factory reset.
cruise350 said:
I believe if you are on MK2 you will want to use the latest version of odin which is ver3 3.09. If you are using the MK2 complete stock tar file it will rewrite everything in system and restore all the apps that were removed or modded so you don't need to manually remove root. Currently, the stock files available to us do not wipe the data partition so anything you have in that partition will remain there unless you do a factory reset. One thing you will want to make sure you are doing is backing up to the external sdcard and not the internal. You can then use TB to replace any files if you did a factory reset.
Click to expand...
Click to collapse
I'm using Kies 3 and using the data back-up feature ? I assume this is backing up to the computer then I was planning on using the 'restore data' feature once they phone is back to stock. Will this revert it back to the way it was previously customized before root ? So if I understand correctly, once I download Odin 3.0, I load the MK2 .tar file into the phone, enbable download mode, then hit start and the phone will be like it was out of the box and ready to be OTA and restored with prior data ? I may be confusing flashing the stock firmware with factory reset ?
I also noticed there is an update firmware feature on Kies 3, if I try using this while SuperSU is present and the phone is rooted, will I also have a failed update/issues ? Again, thanks for your help. Do appreciate it.
mikeprius said:
I'm using Kies 3 and using the data back-up feature ? I assume this is backing up to the computer then I was planning on using the 'restore data' feature once they phone is back to stock. Will this revert it back to the way it was previously customized before root ? So if I understand correctly, once I download Odin 3.0, I load the MK2 .tar file into the phone, enbable download mode, then hit start and the phone will be like it was out of the box and ready to be OTA and restored with prior data ? I may be confusing flashing the stock firmware with factory reset ?
I also noticed there is an update firmware feature on Kies 3, if I try using this while SuperSU is present and the phone is rooted, will I also have a failed update/issues ? Again, thanks for your help. Do appreciate it.
Click to expand...
Click to collapse
I have never used Kies and heard that it doesn't work with the MJA or MK2 software yet. I don't believe Kies will work if your status is custom but I could be wrong on that. If you odin the MK2 full tar file your phone will be back to stock but your data should still be there. You will only lose your data if you do a factory reset in recovery. Remember, a factory reset is just wiping the data partition and does not restore any software or apps.
cruise350 said:
I have never used Kies and heard that it doesn't work with the MJA or MK2 software yet. I don't believe Kies will work if your status is custom but I could be wrong on that. If you odin the MK2 full tar file your phone will be back to stock but your data should still be there. You will only lose your data if you do a factory reset in recovery. Remember, a factory reset is just wiping the data partition and does not restore any software or apps.
Click to expand...
Click to collapse
Ok, I think I have the general idea. It sounds similar to putting back on the stock 'image' nothing else.........I currently have the Odin 3.0 software, but I have been having a hard time finding the stock firmware online and downloading it. I will keep looking. Once I get the .tar and flash in download mode, will I just see all the bloatware back on, but everything else the same ? I was wondering what will happen if I kept Titanium Back-up, SuperSU, and Xposed Installer on when I do this ? Does it just render them all un-useable, but the new OTA will still install anyway ? Thanks.
mikeprius said:
Ok, I think I have the general idea. It sounds similar to putting back on the stock 'image' nothing else.........I currently have the Odin 3.0 software, but I have been having a hard time finding the stock firmware online and downloading it. I will keep looking. Once I get the .tar and flash in download mode, will I just see all the bloatware back on, but everything else the same ? I was wondering what will happen if I kept Titanium Back-up, SuperSU, and Xposed Installer on when I do this ? Does it just render them all un-useable, but the new OTA will still install anyway ? Thanks.
Click to expand...
Click to collapse
Every thing in the data partition(titanium backup) will remain and everything in the system partition (SuperSU & stuff modified via xposed installer) will be gone and replaced with the bloatware.
Sent from my SPH-L720 using Tapatalk
Ok, so it appears to have worked. I flashed the 4.3 prior version however it was hooked up to wifi and automatically downloaded the new version and removed root (not a big deal). My status says custom still, but I am assuming that I can OTA after the flash b/c it updated to the most recent 4.3 in Dec 2013. I re-rooted so it is back to prior, but I know now how to do it.
Is there anything that I may delete or uninstall that cannot be replaced by flashing the stock firmware ? For example I was thinking about getting rid of the 'help' on the phone and Titanium Back up said it is odexed or something to that extent and can only be replaced by using Titanium Backup and the exact same copy ?
I figured that I might as well just try deleting the bloatware and not back up b/c worse case scenario if something happens I can just flash back the stock ROM and all is well ?
Being able to flash the stock .tar through ODIN gives me peace of mind from screw ups, even if it removes root and takes time.
mikeprius said:
I figured that I might as well just try deleting the bloatware and not back up b/c worse case scenario if something happens I can just flash back the stock ROM and all is well ?
Click to expand...
Click to collapse
If you haven't spent much time customizing, that'll work fine. Most of us use custom recoveries (like Philz or TWRP) to make "nandroid" backups of our setups. A nandroid is like a drive image on a computer, so restoring it will restore all of the customizations you've done (accounts, apps, app data, bloatware deletions, etc). Nandroids don't back up firmware (modem, bootloader,etc), but back up the ROM completely. A Titanium backup is almost as good, but requires a bit more work.
As for deciding what apps you can delete, most of the custom ROM creators post a list of the bloatware they remove. So, if it's on their list, it's almost certainly ok to delete it on your phone too.
nobody291 said:
If you haven't spent much time customizing, that'll work fine. Most of us use custom recoveries (like Philz or TWRP) to make "nandroid" backups of our setups. A nandroid is like a drive image on a computer, so restoring it will restore all of the customizations you've done (accounts, apps, app data, bloatware deletions, etc). Nandroids don't back up firmware (modem, bootloader,etc), but back up the ROM completely. A Titanium backup is almost as good, but requires a bit more work.
As for deciding what apps you can delete, most of the custom ROM creators post a list of the bloatware they remove. So, if it's on their list, it's almost certainly ok to delete it on your phone too.
Click to expand...
Click to collapse
Thanks being able to flash the stock .tar and use ODIN gives me peace of mind of any potential screw ups. So far I'm just using stock rom and toggling some of the features with xposed installer and titanium back up.
I'd like to explore more eventually with custom ROMs and I've heard of Clockwork mod and TWRP, Nandroid, Cyanogen, etc... but I don't know what any of that means or what it is.
Is TWRP/Philz like ODIN program then you download custom ROMS like Cyanogen the same way as the stock firmware. tar ?
As you can tell I am extremely new to this.....this is also my first time owning an Android phone as well, but I never messed with jailbreaking my past 2 iPhones in the past. I just have used VB 3.0 back in the day....
mikeprius said:
Thanks being able to flash the stock .tar and use ODIN gives me peace of mind of any potential screw ups. So far I'm just using stock rom and toggling some of the features with xposed installer and titanium back up.
I'd like to explore more eventually with custom ROMs and I've heard of Clockwork mod and TWRP, Nandroid, Cyanogen, etc... but I don't know what any of that means or what it is.
Is TWRP/Philz like ODIN program then you download custom ROMS like Cyanogen the same way as the stock firmware. tar ?
As you can tell I am extremely new to this.....this is also my first time owning an Android phone as well, but I never messed with jailbreaking my past 2 iPhones in the past. I just have used VB 3.0 back in the day....
Click to expand...
Click to collapse
To me, one of the hardest parts of this whole thing is getting to the point where the basic terms make sense. I've been at this for a couple of years with an HTC Evo and now the GS4 since October, and sometimes it still makes my head spin. Here is an attempt to explain my understanding of a few things:
1. Booting...you can boot into Download mode, recovery, or system. Download mode is what you use with ODIN, you need the correct drivers on your computer (which can be found lots of places), so that ODIN and your phone can communicate. In download mode, the phone just accepts whatever ODIN sends it, so it's the easiest way to totally brick your phone. Don't mess with partitions and follow the instructions for whatever you're doing very carefully, because I think this is the only way to "hard brick" your phone.
2. Recovery - something you use to create images of your phone's ROM (nandroids), flash ROMs and mods, and restore past nandroids. The stock recovery will only flash approved updates from the carrier, so to do any of the things I listed you need a custom recovery. Most people use Philz (which is based on the ClockworkMod recovery) or TWRP. To flash the custom recovery, use ODIN and follow the instructions in the thread exactly. There is a way to flash recoveries without ODIN, but I've never done it. I was using TWRP, and switched to Philz to flash the rooted stock 4.3 update because the thread suggested it. They both seem to do the same thing, and I have been happy with both. I'm sure there are technical differences, but I couldn't explain what they are. You can switch back and forth as much as you'd like between the recoveries with ODIN. Recoveries can flash a complete ROM or just partial changes (like the hotspot mod). In a custom recovery (or the stock) you can also do factory resets and cache cleaning (most ROMs suggest you do this before flashing). Factory reset doesn't return the ROM to the factory original, it just clears out all of the user data (including user apps). A nandroid is the fastest way to restore a phone if you screw it up...I always make one before making significant changes to the phone. It takes several minutes to do, but I think it's well worth it. The operating system can't be running when you make one, that's why you need to boot into recovery mode. You create a Nandroid in Philz by selecting "backup and restore" then "backup to" which will allow backup to the internal storage or external SD card.
3. ROM - the actual operating system used by the phone when you actually use it as a smartphone. There are 2 basic flavors for the GS4...touchwiz and AOSP (Android Open Source Project). Touchwiz is Samsung's "flavor" of Android, AOSP is the "pure Google" version of Android. A lot of the things the GS4 will do rely on touchwiz (multiwindow is one example...but there are several). Some people really like the AOSP ROMs (Cyanogen is AOSP), but make sure you understand their limitations. I've never used one on the GS4. There are several touchwiz custom ROMs which have various features. I've tried a few and just settled on the stock rooted touchwiz ROM, but there are lots of options from great developers. I think most custom ROMs require you to use a custom recovery to flash them, but there might be ways to do it using ODIN. I like having a custom recovery, so I've only used ODIN for flashing modems and recoveries.
4. Firmware - as far as I can tell, there are two important parts of the firmware...the modem (sometimes called "radios" or "baseband"...find your version by looking in "about device"->"Baseband version"...the different modems are described by the last 3 letters you see) and the bootloader. The modem and the version of the ROM you flash need to match or you'll have problems with the radios in the phone (wifi seems to be the biggest problem if you have a mismatch). MF9 was the last modem version based on 4.2.2, and 4.3 has had MJA and MK2 (MK2 is the latest). The bootloader is what the phone uses to initially decide how to boot up. If you have the 4.3 version of the bootloader it will include "Knox", which will prevent you from flashing older versions of the modem, so you'll have to use a 4.3 ROM. Knox also "trips" a counter if you flash a custom ROM and Samsung claims they won't honor the warranty on a phone with the "Knox flag" tripped. If you have the 4.3 bootloader you're stuck with it (for now at least). I still have the 4.2.2 bootloader, so I don't have much more to offer on this subject. There are ways to get the 4.3 modem and ROM without the 4.3 bootloader. There is a lot here (and lots on youtube) on how to navigate the Knox minefield if you care about it. If you still have the 4.2.2 bootloader you can flash older (and newer) modems as much as you'd like without getting the updated bootloader using ODIN.
Hopefully this helps...this is a great place with lots of great people. Sometimes the scale of the amount of information here is overwhelming. But, search is your friend along with lots of time! Feel free to keep asking questions.
thanks for explaining this nobody-
The information does help quite a bit and I am still learning, however; I do enjoy the process of messing with the phone. My GS4 now runs the RAM at 750-800mg instead of a bloated 1.2GB which was happening quite a bit. I had to originally not use a lot of apps I wanted to like Facebook bc the programs themselves bloated up to accomidate the existing bloatware which was also running. I did flash my phone back with the stock firmware today and it looks like it installed all the stock software. My status said 'custom' when I looked at it however I was already connected to wifi and it went from 4.3 (Oct 2013 version which I flashed) to Dec 2013 version automatically so it appears that the OTA feature works.
I assumed if I accidently delete something from the phone that I really need to affects the phone, I can always flash the stock ROM to fix it. Losing the root is not that big of an issue, but I did lose Superuser and had to re-root the phone. I suppose I do have a few more questions, one was when I was reading another carrier provider thread.
1. Is there anything I can delete from the phone that I could not eventually recover by flashing the stock firmware ? When I uninstall for example the 'help' app on the phone Titanium Backup says this only copy can be replaced by using Titanium 5.1 and it's existing copy ? Could this just be replaced by flashing the stock firmware as well ? I like being able to flash the stockfirm ware rom at any point as a fail safe.
2. The other issue is the bootloader that I heard about ? It was on a Verizon thread where the person was able to flash the stock firmware on his phone, but then after an upgrade, he was not longer able to flash the rom b/c the carrier in the most recent upgrade he did blocked ODIN ? Is this something that I should possibly be concerned about in the future not being able to flash stock firmware via ODIN ? As you can tell, I'm pretty OCD about being able to have a failsafe for my phone. LOL. Thanks again for your help, I do appreciate it.
mikeprius said:
1. Is there anything I can delete from the phone that I could not eventually recover by flashing the stock firmware ? When I uninstall for example the 'help' app on the phone Titanium Backup says this only copy can be replaced by using Titanium 5.1 and it's existing copy ? Could this just be replaced by flashing the stock firmware as well ? I like being able to flash the stockfirm ware rom at any point as a fail safe.
Click to expand...
Click to collapse
Yes, you can always flash the stock firmware to fix whatever you do to the ROM (just to the ROM, use ODIN very carefully). In the case of the Help file, you could also back it up using Titanium, then delete the app, and restore it later using Titanium if you want it back. This is probably obvious, but use Titanium to delete the app, but don't delete the backup.
2. The other issue is the bootloader that I heard about ? It was on a Verizon thread where the person was able to flash the stock firmware on his phone, but then after an upgrade, he was not longer able to flash the rom b/c the carrier in the most recent upgrade he did blocked ODIN ? Is this something that I should possibly be concerned about in the future not being able to flash stock firmware via ODIN ? As you can tell, I'm pretty OCD about being able to have a failsafe for my phone. LOL. Thanks again for your help, I do appreciate it.
Click to expand...
Click to collapse
Sprint is a lot more friendly toward its users modifying their phones than Verizon. But, they could change their minds any time. For now, there are no issues (other than the Knox warranty issue). But, don't presume that'll always be the case. The best precaution is to not take OTA (over the air) updates. OTAs are the ones that pop up as a notification on the phone saying "system update available, tap to install". Kit Kat should become available in the next month or two, who knows what'll come along with the OTA. Threads will start here almost immediately when the update rolls out; watch those threads and don't do the update until you're comfortable with what's inside. I will wait and flash something from the development section, even if it is just the stock ROM.
nobody291 said:
Yes, you can always flash the stock firmware to fix whatever you do to the ROM (just to the ROM, use ODIN very carefully). In the case of the Help file, you could also back it up using Titanium, then delete the app, and restore it later using Titanium if you want it back. This is probably obvious, but use Titanium to delete the app, but don't delete the backup.
Sprint is a lot more friendly toward its users modifying their phones than Verizon. But, they could change their minds any time. For now, there are no issues (other than the Knox warranty issue). But, don't presume that'll always be the case. The best precaution is to not take OTA (over the air) updates. OTAs are the ones that pop up as a notification on the phone saying "system update available, tap to install". Kit Kat should become available in the next month or two, who knows what'll come along with the OTA. Threads will start here almost immediately when the update rolls out; watch those threads and don't do the update until you're comfortable with what's inside. I will wait and flash something from the development section, even if it is just the stock ROM.
Click to expand...
Click to collapse
It was good that you mentioned the Knox bootloader issue with the 4.3 upgrade. When I purchased my cell phone back in Nov, I believe it had the 4.3 (1st) version loaded, but it already had Knox features as I do recall seeing them. If I were to try and flash 4.2.2 like the version you initially had, would the phone have a bootloop error or fail to flash because there were some free wifi tethering exploits that were not yet fixed in the 4.2.2 version ? This may have been the error I read about due to the new Knox feature.
I think since my phone is currently rooted and I altered some of the bloatware system files that the update if it were made available OTA should not update anyway due to the root. Will the stock ROM/firmware .tar files eventually be posted in the developers section that can just be flashed via ODIN later on ? With that, if I were to load 4.4 and not like it, could I flash back 4.3 ? I am guessing this is the part where you mentioned that the carrier may decide differently later on.....I suppose I will just keep an eye out in the meantime.
Good good............, I'm picking up this pretty well so far.............
mikeprius said:
If I were to try and flash 4.2.2 like the version you initially had, would the phone have a bootloop error or fail to flash because there were some free wifi tethering exploits that were not yet fixed in the 4.2.2 version ?
Click to expand...
Click to collapse
I'm not sure what symptoms you'd see if you installed 4.2.2 with the 4.3 bootloader. Most likely the phone would fail to boot. ODIN will flash whatever you tell it to, I don't believe it does any compatibility checking on its own. You can still get the wifi hotspot feature to work even with Knox and the 4.3 bootloader, I don't think that was what they were trying to do with the update. There are threads discussing 4.3 and what changed, but there wasn't much obvious to the user. For now you can't go back if you're on 4.3, but there might be an exploit discovered down the road that lets you get the old bootloader and go back.
Will the stock ROM/firmware .tar files eventually be posted in the developers section that can just be flashed via ODIN later on ?
Click to expand...
Click to collapse
Yes, they won't be available immediately though. It can take some time for the community to re-obtain root too, depending on how big the changes are.
With that, if I were to load 4.4 and not like it, could I flash back 4.3 ?
Click to expand...
Click to collapse
I think you alluded to the answer already, but it depends. It took a month or two before you could flash the stock 4.3 without the 4.3 bootloader. There were custom ROMs available that used custom kernels sooner, but there was a problem trying to use the stock kernel with the 4.2.2 bootloader. So, always read and read and read some more before flashing updates.
So far i think i got the hang of it. I have been modifying the phones original touchwhiz. I ended up freezing alot of files instead of deleting them so the ability to turn them back on is there. Some of the files while there are not meant to be frozen/disabled/turned off. I tried a few methods for keeping SuperSU over an ODIN with no luck. I do have a question though. If i turned off (but did not delete) alot of system files and were to run ODIN again will all of them including the bloatware be turned back on and restored? That would be bad if i flashed, lost root, then simultaneously had all the system files disabled with no way to turn them back on......
This also a dumb question but what exactly am i flashing with ODIN? Its a 1.5 GB file with Sprint and it is a tar that restores all bloatware and turns the phone status back to official so i can get OTA updates. Am i flashing the entire stock ROM or just the firmware? Its nice that i have not lost any existing apps or data. It just restores the bloatware and removes root
Reading the above posts im guessing firmware....along the lines of the previous question will this restore system files and apps as well that have been shut off because ive been on a roll disabling and freezing a lot of files and apps and not sure what to turn back on to restore function to some of them. If the ODIN firmware flash resets all settings then that will also be very useful as well. Thanks much
mikeprius said:
Reading the above posts im guessing firmware....along the lines of the previous question will this restore system files and apps as well that have been shut off because ive been on a roll disabling and freezing a lot of files and apps and not sure what to turn back on to restore function to some of them. If the ODIN firmware flash resets all settings then that will also be very useful as well. Thanks much
Click to expand...
Click to collapse
The .tar you are flashing from sprint is what we would call stock firmware image. This is the image that shipped on the phone from the factory. I'm an avid flasher and would highly recommend installing twrp or philz touch, creating a nandroid backup and giving some debloated touchwiz roms a shot. You'll see some significant improvement in battery life and performance and some really cool upstream features. I use odin as a last resort, when I need to go back to stock for whatever reason (ie domestic sim unlock) or have fubar'd my current setup past a point of no return.

Sprint unlocked bootloader ?

I am still new in terms of customizing Android. The Sprint Galaxy S4 has an unlocked bootloader, while the AT&T and Verizon Galaxy S4 versions have a locked bootloader. This means that the ATT/VZW required a seperate program called a 'safestrap' which keeps the stock ROM intact, and uses additional internal memory and creates a whole new memory (essentially 2 ROMs in the internal memory) due to the bootloader being locked from the carrier ? Am I understanding this correctly ?
Just making sure, a few friends from VZW knew that I have a custom ROM on my phone and asked, and I didn't realize you can just flash custom recovery wipe, then flash like with Sprint. Thanks
mikeprius said:
I am still new in terms of customizing Android. The Sprint Galaxy S4 has an unlocked bootloader, while the AT&T and Verizon Galaxy S4 versions have a locked bootloader. This means that the ATT/VZW required a seperate program called a 'safestrap' which keeps the stock ROM intact, and uses additional internal memory and creates a whole new memory (essentially 2 ROMs in the internal memory) due to the bootloader being locked from the carrier ? Am I understanding this correctly ?
Just making sure, a few friends from VZW knew that I have a custom ROM on my phone and asked, and I didn't realize you can just flash custom recovery wipe, then flash like with Sprint. Thanks
Click to expand...
Click to collapse
You're correct. You guys on sprint and TMobile are lucky to have unlocked bootloaders. My Verizon s4 is mdk firmware (the original) which can use Loki to bypass the bootloader so to speak. ATT has a similar situation I believe. But every firmware since the original has locked them down further. Requiring SafeStrap.
Sent from my SCH-I545 using Tapatalk
Mistertac said:
You're correct. You guys on sprint and TMobile are lucky to have unlocked bootloaders. My Verizon s4 is mdk firmware (the original) which can use Loki to bypass the bootloader so to speak. ATT has a similar situation I believe. But every firmware since the original has locked them down further. Requiring SafeStrap.
Sent from my SCH-I545 using Tapatalk
Click to expand...
Click to collapse
Thank for the reply. Since the internal memory keeps the original ROM intact does it bog down the phone and draw resources while the custom ROM is running ? Or is the original ROM essentially "frozen" ?
Will your phone brick if you try and load custom ROMs without safestrap and tamper with the locked bootloader ?
mikeprius said:
Thank for the reply. Since the internal memory keeps the original ROM intact does it bog down the phone and draw resources while the custom ROM is running ? Or is the original ROM essentially "frozen" ?
Will your phone brick if you try and load custom ROMs without safestrap and tamper with the locked bootloader ?
Click to expand...
Click to collapse
Well if you're using SafeStrap the way it was intended ( stock slot + ROM slots ) then the only resources used will be the physical memory which the stock ROM and the custom ROM will be taking up on the internal memory. Now some have wiped the stock ROM slot and installed custom Roms onto that to have more internal memory free. That however isn't recommended because if anything gets screwed up Odin is your only option usually. Whereas if you install to ROM slots you can just keep wiping and installing.
And your chances of bricking one of these locked down s4 is really high if you do anything other than root it and use SafeStrap. If we could do it without SafeStrap we certainly would. Just can't be done that's all.
Sent from my SCH-I545 using Tapatalk
Mistertac said:
Well if you're using SafeStrap the way it was intended ( stock slot + ROM slots ) then the only resources used will be the physical memory which the stock ROM and the custom ROM will be taking up on the internal memory. Now some have wiped the stock ROM slot and installed custom Roms onto that to have more internal memory free. That however isn't recommended because if anything gets screwed up Odin is your only option usually. Whereas if you install to ROM slots you can just keep wiping and installing.
And your chances of bricking one of these locked down s4 is really high if you do anything other than root it and use SafeStrap. If we could do it without SafeStrap we certainly would. Just can't be done that's all.
Sent from my SCH-I545 using Tapatalk
Click to expand...
Click to collapse
Makes sense. How would the phone get hard bricked if you can flash via Odin if you were to wipe the stock ROM slot ? The locked bootloader would still stay intact but the stock ROM would be gone. I am assuming the possibility of bricking the phone would be restoring the stock rom after it has been wiped while leaving the locked bootloader untouched. I was looking at safestrap for my friend and will pass along the information....too bad it is not like sprint where everything can be deleted haphazardly which is what I do when I flash new roms. I even format the internals so everything is completely empty when I put a new ROM.
mikeprius said:
Makes sense. How would the phone get hard bricked if you can flash via Odin if you were to wipe the stock ROM slot ? The locked bootloader would still stay intact but the stock ROM would be gone. I am assuming the possibility of bricking the phone would be restoring the stock rom after it has been wiped while leaving the locked bootloader untouched. I was looking at safestrap for my friend and will pass along the information....too bad it is not like sprint where everything can be deleted haphazardly which is what I do when I flash new roms. I even format the internals so everything is completely empty when I put a new ROM.
Click to expand...
Click to collapse
When I was using SafeStrap I never ran into a hard brick myself, just soft brick that Odin would fix pretty easily. I'd say about 99% of the time that would be the case.
I'm not sure of the technical details as far as why messing with the stock slot can lead to issues. My guess , and i could be wrong, is maybe to do with the kernel. . SafeStrap Roms must be based of the same version if Touchwiz that the phone is on 4.2 4.3 4.4 etc and it must have the same kernel as well. Again I'm just guessing but when the phone boots up and runs all its checks, if there are any discrepancies i think that would lead you to a soft brick, again this is if you're flashing to the stock slot.
I think someone who is way smarter than me could explain the differences between what really is going on when soft bricks result from flashing to the stock slot vs a ROM slot. I'm just going off my experiences.
That said... Most people have no problems keeping the stock slot and running 2 or 3 ROM slots as long as they manage their internal memory well and send everything they can to external SD card.
I ran SafeStrap on my RAZR for a long time and for a little while on the s4 before I picked up an MDK build S4 that I could bypass the bootloader using Loki.
The RAZR had Kexec support or Bootstrapping, whatever you want to call it, which allowed for custom kernels and Aosp Roms. People are working on that for the s4 and hopefully that day comes because it opens up a ton of options as you can imagine.
Hope I helped a little. And like I said if you want more technical answers about SafeStrap and stock slot vs ROM slot just hop over to a SafeStrap thread I'm sure someone will know
Sent from my SCH-I545 using Tapatalk
Wow, I hadn't realized how big of a hassle some of the carriers were trying to make it for you to customize your own phone. That really stinks. Sprint has always been good to me so far.
Sent via mobile

Would it be plausible to use JTAG to rewrite an unlocked firmware?

I know that the Verizon bootloader is almost impenetrable as is, but would it be plausible to completely go over the head of the firmware and directly write an image with JTAG that would allow for custom software? If so, would it be possible to use the firmware from another carrier like USC or would it have to be a custom image?
EDIT: summary of the method and everything I have thusfar discovered
So, this method after a bit of evolution, got to the point it basically entailed the following: Using the SD Card debrick method (popularized by the galaxy s3 LTE variants) a modified firmware image would be written to an SD Card, and the phone would boot from that image. The main problem I ran into: it would not let me flash anything that could brick the phone, nor was I able to pull the usb cord at the right moment and try and manually brick it. I was able to flash firmware and stock tars from other variants of the phone (such as the one that runs on T-mobile), but what I found out through that is a couple things:
1. The stock tars seem mostly carrier independent, and I was without any modification able to flash a T-mobile bootloader, system image, and pit file, but within recovery and download mode it would show that because of integrated CSC, it would still change back to the original variant. This could have implications for a very simple method of removing bloat from the phone, but I'm not so sure
2. It must have a very low level method of injecting information and file verification that is not located anywhere on eMMC
The latter led me to research a TON, eventually finding that the most likely culprit is the use of Qualcomm Qfuses, non-volatile pre-set memory located directly on the SoC, to check how the bootloader is signed. They consist of a couple blocks of registers, and definitely aren't readily writable. The trusted base of the entire secure system, the same system that KNOX invokes on other systems, is within a series of Qfuses. From what I have deduced, however, they must be at some software level writable, as although the Knox counter is an e-fuse, the others (such as the warrantee bit) have been both changed upon their void and reverted when brought back to a service center. This must mean that the entire block is possible to modify in both directions, unlike a fuse or breaker; It seems to act more like flash memory than a "fuse." This is very good, mainly because if the service center can change it it means that jtag has not been disabled by those flags, and is enabled in at least some form. What this also means is that without another MAJOR exploit within unfortunately simple, clean code or a leak of several RSA keys from verizon, either current workarounds such as safestrap are the answer for the foreseeable future, or a method of manually changing a simgle Qfuse (the one that controls the "Qualcomm Secureboot" flag) could be used.
What I'm hopefully going to start at some point here is research into finding a way of accessing and changing that Qfuse via JTAG. I have no money for a JTAG box at the moment, so it'll have to wait, but if anyone who already has one wants to use it, hopefully this info helps
P.S. I figured out exactly what T-flash does in odin: it flashes the files that you input into odin to the currently inserted SD Card (or so it seems, I could be wrong but that's what it did for me)
P.P.S. Verizon, I respectfully request that...oh never mind, profanity is definitely frowned upon here
Also, I'm in ongoing discussion with the FCC as to block C violations by Verizon of aspects of the regulations that upon research have not really been argued to any substantial extent, so if that comes to fruition hopefully there'll be simple ODIN flashable patches for this stuff :fingers-crossed:
UPON REFLECTION: if the phone could be bricked, either by very subtly corrupted file or by interrupting a flash at the right moment, then could the debrick image from a tmobile galaxy s5 with an unlocked bootloader be used as not a method of flashing the on-board bootloader but as a kind of external boot, so a permenantly installed SD Card that would be permissive of modified kernels and such but still accepted as a boot device by the phone?
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
tr4nqui1i7y said:
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
Click to expand...
Click to collapse
what was done with the droix x? Did they use a direct JTAG patch?
I just realized something. From reading here: http://forum.gsmhosting.com/vbb/f200/how-fix-samsung-galaxy-s5-sm-g900f-dead-boot-1813266/
It seems to show that the S5 has a "alternative boot upon init fault" method similar to that that allows the galaxy s3 debrick to work (I have a guide I made with details) so would it be possible to somehow corrupt a very important part of the bootloader in an official update (would one or two bits still mess with the signature?), apply that, and have an insecure bootloader on a microsd card in the phone allowing it to boot into that, then use that with odin to flash an insecure bootloader to the s5 itself?
Now I have to ask an interesting question somewhere (since he: http://forum.xda-developers.com/verizon-galaxy-s5/help/g900v-hard-brick-t2914847 seems to have done it): "guys how do I brick my sm-g900v?"
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
tr4nqui1i7y said:
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
Click to expand...
Click to collapse
I think it might actually be easier
So long as a couple conditions are met for it:
1. The bootloader alone determines if an image is "signed" or not (like when flashed in odin)
2. The same UnBrick exploit from the S3 LTE variants works in some form (secondary storage, fault-triggered boot)
3. It is possible to get it to load a modified bootloader from that secondary boot (this is why number 1 is important)
4. KNOX is completely firmware based, and doesn't have any chip based verification
5. I or someone else actually knows how to modify the bootloader such that it will allow unsigned images (even if not removing it all together, then changing the key to one they publicize so people can sign their rom with it)
If all of these are met, then we might actually have free root! Basically all it would involve would be bricking the device badly enough it boots from secondary storage, have that secondary boot have a "back door" that allows a custom image to be flashed, that allows a bootloader image to be flashed that allows for a signed recovery (signed with that publicly available code) to be flashed without having to deal with safestrap or anything like that. Just full root like on any other phone. Anyone want to offer an opinion? Will this work? I would love to try this out, though I'm a bit unwilling to offer my s5 as a sacrifice just yet as I don't have a JTAG unit on site. I know the bounty is probs gone but I'm ok just getting my bootloader unlocked an' $#*+
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
tr4nqui1i7y said:
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Click to expand...
Click to collapse
Have you found anything yet?
dreamwave said:
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
Click to expand...
Click to collapse
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
dreamwave said:
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
Click to expand...
Click to collapse
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
that's why I'm hoping the debrick image method will work
tr4nqui1i7y said:
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
Click to expand...
Click to collapse
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom. Also, safestrap didn't do a thing with the bootloader, it was done during kernel init, right after firmware finishes. If a phone is hard bricked then adb won't work, and what I'm getting at is hard bricking it then using the debrick image thing
dreamwave said:
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom
Click to expand...
Click to collapse
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Click to expand...
Click to collapse
I don't know, I got it to go back to when root was still possible to get via an app. I don't see why there's a need to downgrade the bootloader if the debrick image thing works
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
Click to expand...
Click to collapse
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
dreamwave said:
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
Click to expand...
Click to collapse
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
tr4nqui1i7y said:
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
Click to expand...
Click to collapse
but that has already been done I think, root on a system with any bootloader so long as a root exploit exists for the OS
That's safestrap. It doesn't allow custom kernels or a full custom recovery though, that's why I'm trying to modify the bootloader

Need a little confirmation....

Hi all,
It's been a few yrs since I've flashed a phone (the last being my SGS1 variant) and I'm very out of practice. That being said, I just need a little help in understanding how to flash my SGS4. So far, I've had this phone for yrs and I would've jumped to custom roms as I did normally but there was the whole KNOX debacle and I didn't want to do anything to damage my phone - while within warranty. I've been out of the loop for awhile, so I need a little help in my choices here.
My phone is still running on it's original software (that's right, I completely haven't updated in yrs), so it's a 4.2.2 and the build is I9505XXUBM4 (pre-KNOX). If I am going to root, I was thinking that I should use the method from this thread: [GT-I9505 + GT-I9505G] CF-Auto-Root. Would I be right in using this method or is there something better?
Secondly, I've only ever used CWM. I'm assuming the recovery to use currently is TWRP since I've seen it brought up in a good number of threads. Can I make a nandroid with TWRP the same way it was done with CWM or do I need to find another way to backup my data?
Lastly, this is the rom I'm leaning towards; [JDCTeam][6.0.1][9 July] The Android Open Source Project MOB30M. Could I just flash this on top of my stock or do I have to update first and then flash this?
TIA for your responses.
Oniyuri said:
Hi all,
It's been a few yrs since I've flashed a phone (the last being my SGS1 variant) and I'm very out of practice. That being said, I just need a little help in understanding how to flash my SGS4. So far, I've had this phone for yrs and I would've jumped to custom roms as I did normally but there was the whole KNOX debacle and I didn't want to do anything to damage my phone - while within warranty. I've been out of the loop for awhile, so I need a little help in my choices here.
My phone is still running on it's original software (that's right, I completely haven't updated in yrs), so it's a 4.2.2 and the build is I9505XXUBM4 (pre-KNOX). If I am going to root, I was thinking that I should use the method from this thread: [GT-I9505 + GT-I9505G] CF-Auto-Root. Would I be right in using this method or is there something better?
Secondly, I've only ever used CWM. I'm assuming the recovery to use currently is TWRP since I've seen it brought up in a good number of threads. Can I make a nandroid with TWRP the same way it was done with CWM or do I need to find another way to backup my data?
Lastly, this is the rom I'm leaning towards; [JDCTeam][6.0.1][9 July] The Android Open Source Project MOB30M. Could I just flash this on top of my stock or do I have to update first and then flash this?
TIA for your responses.
Click to expand...
Click to collapse
For first you MUST update your phone, if you have root, update with odin on the latest firmware version and then flash flash recovery(cwm, twrp, philz) and flash the rom, because firmware request of the rom is android lollipop stock. Try cyanogenmod 13 nighty for this smartphone
Alessandro's said:
For first you MUST update your phone, if you have root, update with odin on the latest firmware version and then flash flash recovery(cwm, twrp, philz) and flash the rom, because firmware request of the rom is android lollipop stock. Try cyanogenmod 13 nighty for this smartphone
Click to expand...
Click to collapse
Ok, so after I root the phone, can I go straight onto CM13 or do I still have to get lollipop first and then flash CM?
I'm still trying to avoid getting KNOX on the phone.
Oniyuri said:
Ok, so after I root the phone, can I go straight onto CM13 or do I still have to get lollipop first and then flash CM?
I'm still trying to avoid getting KNOX on the phone.
Click to expand...
Click to collapse
Then you install lollipop stock, make root , flash recovery and then flash cm13
Oniyuri said:
Ok, so after I root the phone, can I go straight onto CM13 or do I still have to get lollipop first and then flash CM?
I'm still trying to avoid getting KNOX on the phone.
Click to expand...
Click to collapse
Knox does matter once you're on a custom ROM.
Most content creators recommend to use the latest modem and bootloader in order to avoid problems.
You don't necessarily have to update the whole ROM to have the newest modem and bootloader, there are Odin flashable packages.
I don't know if CF-Auto-Root works with 4.2. I know it works for 4.4 and above.
As long as you do your wipes (this means system, data, cache, dalvik) you can flash anything over anything.
Yes, you can do nandroid backups, but TWRP and CWM backups are not compatible with each other. Also, TWRP has a problem with TouchWiz backups, meaning you can make and restore a TouchWiz backup, but it either won't boot or will give you lots of errors.
GDReaper said:
Knox does matter once you're on a custom ROM.
Most content creators recommend to use the latest modem and bootloader in order to avoid problems.
You don't necessarily have to update the whole ROM to have the newest modem and bootloader, there are Odin flashable packages.
I don't know if CF-Auto-Root works with 4.2. I know it works for 4.4 and above.
As long as you do your wipes (this means system, data, cache, dalvik) you can flash anything over anything.
Yes, you can do nandroid backups, but TWRP and CWM backups are not compatible with each other. Also, TWRP has a problem with TouchWiz backups, meaning you can make and restore a TouchWiz backup, but it either won't boot or will give you lots of errors.
Click to expand...
Click to collapse
Ok, so is there a way that I could at least get to lollipop w/o getting KNOX and have a nandroid that would work or should I just OTA all the way up to current and then root and flash?
Oniyuri said:
Ok, so is there a way that I could at least get to lollipop w/o getting KNOX and have a nandroid that would work or should I just OTA all the way up to current and then root and flash?
Click to expand...
Click to collapse
Why are you so obsessed with Knox? I just told you that it won't be an issue on custom ROMs. There is no knox on custom ROMs. Knox is a Samsung thing. So, unless you plan on staying stock, there is no reason to be concerned about it. Even if you stay stock, there still is no reason to be afraid of it, it's just some security crap, and it won't affect you in any way. Why are you so afraid of it?
My device came with Knox pre-installed and it didn't do jack.
Just update if you want to update or flash a recovery (flashing custom ROMs doesn't require root, just a custom recovery) and flash your desired ROM.
GDReaper said:
Why are you so obsessed with Knox? I just told you that it won't be an issue on custom ROMs. There is no knox on custom ROMs. Knox is a Samsung thing. So, unless you plan on staying stock, there is no reason to be concerned about it. Even if you stay stock, there still is no reason to be afraid of it, it's just some security crap, and it won't affect you in any way. Why are you so afraid of it?
My device came with Knox pre-installed and it didn't do jack.
Just update if you want to update or flash a recovery (flashing custom ROMs doesn't require root, just a custom recovery) and flash your desired ROM.
Click to expand...
Click to collapse
Well, I've been out of the loop for a while (the last time I was active was circa late 2013/ early 2014), but I do remember there was a lot of concern regarding warranty and the flags. I do admit that there was a lot of speculation from losing a section of memory from tripping the flag to actually burning the motherboard. I originally decided to wait until the dust settled but life took over and I ended up only sporadically checking the forums before disappearing for long periods of time. I actually don't know what the end of the story is to be honest.
Oniyuri said:
Well, I've been out of the loop for a while (the last time I was active was circa late 2013/ early 2014), but I do remember there was a lot of concern regarding warranty and the flags. I do admit that there was a lot of speculation from losing a section of memory from tripping the flag to actually burning the motherboard. I originally decided to wait until the dust settled but life took over and I ended up only sporadically checking the forums before disappearing for long periods of time. I actually don't know what the end of the story is to be honest.
Click to expand...
Click to collapse
The only concern is about the warranty. Since your phone is some years old, I doubt that is an issue for you anymore.
By losing memory you mean losing data or actually losing storage space?
Either way, I haven't heard of anyone with such a problem around here.
Nor about somebody with a fried motherboard.
There might have been some unfortunate cases, but this is to be expected when you modify your device. There always is a risk of damage, it doesn't matter if it's by rooting or by flashing a ROM.
I meant lose storage. As I understood it, KNOX worked like a container and once the flag was tripped, you'd lose whatever it contained - as in never being able to access that bit ever again.
Oniyuri said:
I meant lose storage. As I understood it, KNOX worked like a container and once the flag was tripped, you'd lose whatever it contained - as in never being able to access that bit ever again.
Click to expand...
Click to collapse
You have to use the knox app first for that to even be considered a risk.
Knox will not put anything in that container without user input.
GDReaper said:
You have to use the knox app first for that to even be considered a risk.
Knox will not put anything in that container without user input.
Click to expand...
Click to collapse
Ok, so to get the steps straight:
1. I'd need to get a lollipop bootloader & modem
2. root + nandroid (CWM) + titanium for app data (non-system app data)
3. change recovery to TWRP
4. flash rom + gapps
....and then I should be ready to go, correct?
Oniyuri said:
Ok, so to get the steps straight:
1. I'd need to get a lollipop bootloader & modem
2. root + nandroid (CWM) + titanium for app data (non-system app data)
3. change recovery to TWRP
4. flash rom + gapps
....and then I should be ready to go, correct?
Click to expand...
Click to collapse
1) Is not mandatory, it's just recommended. The only exception is if your device is a Verizon or AT&T phone, then don't - and I repeat - don't update or you risk losing the possibility of any custom ROM flashing or rooting due to the locked bootloaders.
2) and 3) CWM and TWRP backups do not have cross-compatibility. If you backup with CWM you have to restore with CWM.
Please tell me you haven't flashed anything yet. I can help with the entirety of the procedure.
robcore said:
Please tell me you haven't flashed anything yet. I can help with the entirety of the procedure.
Click to expand...
Click to collapse
No I haven't done anything yet. I found something else to occupy me for the last few nights - a chromecast that seems to hate me.
Oniyuri said:
No I haven't done anything yet. I found something else to occupy me for the last few nights - a chromecast that seems to hate me.
Click to expand...
Click to collapse
Haha I hear ya. I've been building a kernel for about a year now and finally (knock on wood) arrived at something I'm happy with. Lesson learned, electronics are definitely conspiring against us.
That said, please feel free to pm me when you're ready for the flashing process. Though it's a silly skill, it's become second nature to me and something about your situation flipped a helpful switch in me : P what's the Chromecast like?
robcore said:
Haha I hear ya. I've been building a kernel for about a year now and finally (knock on wood) arrived at something I'm happy with. Lesson learned, electronics are definitely conspiring against us.
That said, please feel free to pm me when you're ready for the flashing process. Though it's a silly skill, it's become second nature to me and something about your situation flipped a helpful switch in me : P what's the Chromecast like?
Click to expand...
Click to collapse
Well, so far, the chromecast is only plugged into my tv and basically did the setup by itself only for the google cast app on my phone to not recognize it when it said that it's ready to cast. I've ran out of things to do aside from going to the google forums (which I've already done). I'm starting to wonder if it's my phone that's causing all the issues.

OK3: any modifications at all possible?

Hello,
A few months ago, I was able to successfully root my AT&T S4 (SGH-I337, builld LRX22C.I337UCSGOK3) using KingRoot. The KNOX warranty bit was not set at the conclusion of the root process.
After wrestling with storage problems, including the "system memory" taking up 6.29 GB out of the meager 16 GB that is on this phone (preventing practically any Google Play updates from occurring, as the available space would always dip below 500 MB periodically), as well as performance problems (very long delays for some touch events and a general resentment of TouchWiz), I decided that enough was enough, and I decided to change my ROM/OS out for LineageOS.
LineageOS offers builds for jfltexx, which is reported to work for jflteatt since they are similar enough. I am not really willing to try "older" builds, as one of my goals is also to bring the security of the operating system up to date, so I am not exactly inclined to go for old CyanogenMod builds. The LineageOS install guide stipulates that I install TWRP to successfully install the OS via a supported recovery; however, the message SECURE MAGICCODE FAIL: recovery appears, as the upgrade process seems to be expecting something signed by Samsung (right?). Other guides warn that the stock recovery only allows stock OS installation and not custom operating systems, so I decided not to try that route. This effectively prevents me from installing LineageOS due to a problem that is inherent in OK3.
Why did I make the mistake to install OK3? More than a year ago, I decided to do the final update that AT&T pushed out for this phone. Thinking that it would be something significant, I went for it, only to find out months later that it was a minor update whose purpose was also to add an additional lock to the bootloader. As this phone is "fairly old" (is 2013 already considered ancient times?), I have not found many guides that cover OK3, and those that do pertain to either rooting the S4 (already done) or something about downgrading (but I can't really do that, seemingly due to the OK3 lock-in). Oops.
That said, is there any hope to bring more life out of my phone, or is it time to throw the phone out and buy a Pixel or related product like any typical consumerist would do? My goal is to move to another OS to end the storage problems and other quirks of this phone that I have grown to deplore; that is all I wish to attain.
The phone is relatively reliable: it had ~1200 hours of uptime before I had to reboot it a few days ago to fix a data connectivity problem. The battery is also very manageable and can last a day and a half in regular use, but it can last 2-3 days under maximum power-saving mode.
I have read the rules and done some research on this forum, among some others. Thank you for your assistance.
Upgrading the phone to 4.3 locked the boot loader which prevents the installation of TWRP.
audit13 said:
Upgrading the phone to 4.3 locked the boot loader which prevents the installation of TWRP.
Click to expand...
Click to collapse
I see; so I was already screwed when I had OK2?
oldmud0 said:
I see; so I was already screwed when I had OK2?
Click to expand...
Click to collapse
Yes, anything past MDL has the bootloader flaw patched. MDL firmware and below have a flaw in the bootloader that allows loki doki to be installed bypassing the bootloader lock so you can install TWRP recovery and custom AOSP ROMs.
Since you're on OK3, you're forced to use safe strap recovery and can only install custom touchwiz ROMs like golden eye and albe95.
If you want to read up on the MDL bootloader, I have written a guide here: https://forum.xda-developers.com/galaxy-s4-att/general/how-to-one-guide-to-mdl-bootloader-t3584122
My wish is to escape TouchWiz, so I suppose I have hit a dead end.
Thank you for your help anyway.
oldmud0 said:
My wish is to escape TouchWiz, so I suppose I have hit a dead end.
Thank you for your help anyway.
Click to expand...
Click to collapse
If you want away from touch wiz, I think there's a Google play edition ROM for the galaxy s4 that you can use with OK3, but I am not too sure. I would just check the galaxy s4 ROM section for it. I'm on the MDL bootloader which allows me to use TWRP, so I don't know too much about safe strap recovery.
Even if one wanted to do a TouchWiz-based ROM, I don't think we on OK2/OK3 even have the option to install SafeStrap, so far as I can gather
Hold the phone, I think I've found something. Evidently we can Odin back down to NB1 and go from there! Experiments, here we come.
Yes, NB1 is as far back you can go I believe without bricking your phone.

Categories

Resources