Need help flashing stock S5 G900R4 - Galaxy S 5 Q&A, Help & Troubleshooting

Hello there,
So, I have a Samsung Galaxy S5 G900R4 with U.S. Cellular. I've heard of rooting your phone, and I decided I'd give it a try. Now, the rooting went fine, and the phone was working like a charm, until I started to have some issues. SuperSU needed to update its binary, and I allowed it to try, but it continued to tell me that it could not update it. Hence, I let it reboot when it offered. Now, for whatever reason, the phone won't boot past the U.S. Cellular 4G logo that appears, it just sits there on that screen.
Now so far, I haven't been able to find anyone that has encountered this specific problem, as most people say their soft-bricks are bootlooping and whatnot. I'm not sure if my specific case is technically a soft brick, or something else, but I wanted to just return it to stock format. I loaded up Odin again, downloaded the 1.5g firmware file, and I got the SW REV CHECK FAIL error.
I did some research, and I searched EVERYWHERE, and the closest I could find to a solution was http://forum.xda-developers.com/showthread.php?t=2798396 <-- this thread. Which makes sense, when I read it. I'm guessing the bootloader is locked on my phone, or something. The problem is that this thread is for the Galaxy S5 G900AU, and I don't have that phone.
Maybe I'm just not searching on the web enough, or I didn't search the site well enough, but I have not been able to locate a similar set of AP, CP and CSC files for my specific model.
I would really appreciate it if someone could point me in the right direction or, if the issue I'm actually having with my phone is NOT a soft-brick and there is another solution, suggest another way for me to fix the phone.
Thank you.

First off, I'd try clearing the caches from recovery
If that fails, factory reset from recovery
If that fails, (And I'm not sure about stock firmwares with ODIN & locked bootloaders) I'd try flashing stock from ODIN also
Grab stock ROMs from here
sammobile . com / firmwares / database /SM-G900R4/
Can't link it here, as SM links are not allowed - just remove the spaces

*Detection* said:
First off, I'd try clearing the caches from recovery
If that fails, factory reset from recovery
If that fails, (And I'm not sure about stock firmwares with ODIN & locked bootloaders) I'd try flashing stock from ODIN also
Grab stock ROMs from here
sammobile . com / firmwares / database /SM-G900R4/
Can't link it here, as SM links are not allowed - just remove the spaces
Click to expand...
Click to collapse
Well last night I went ahead and used recovery to clear cache, and then I did a factory reset. I just did it again, now, but I guess I'll have to download the file from SM to try. I already have a stock ROM, but I can't remember where I downloaded it from, so it may actually be a 4.4.2 ROM or something, which would explain why it won't work. I'll wait for the 5.0 ROM to download and give it a try, should take a little more than an hour and a half, then I'll report back.

Xeretius said:
Well last night I went ahead and used recovery to clear cache, and then I did a factory reset. I just did it again, now, but I guess I'll have to download the file from SM to try. I already have a stock ROM, but I can't remember where I downloaded it from, so it may actually be a 4.4.2 ROM or something, which would explain why it won't work. I'll wait for the 5.0 ROM to download and give it a try, should take a little more than an hour and a half, then I'll report back.
Click to expand...
Click to collapse
Try this link, if it works, it won't work for long
Code:
http://am4-r1f4-stor08.uploaded.net/dl/800e713b-624b-4a91-a57c-1639c6b5071e

*Detection* said:
Try this link, if it works, it won't work for long
Click to expand...
Click to collapse
It worked, it's downloading now, just have to give it some time.

nice one

*Detection* said:
nice one
Click to expand...
Click to collapse
I really hope this works, when it finishes >.>
Any idea what's happening with the phone to cause it to stay at the U.S. Cellular screen?

I never let SuperSU reboot when I let it update the binaries
Could be a number of things, possibly just corrupted a file necessary for boot, but as SuperSU has root, it could be anything
I don't know the ins and outs of how SuperSU works, but I know a few carrier specific US S5s have a locked bootloader, Verizon, AT&T etc - not sure if rebooting to allow the binary update requires an unlocked bootloader, maybe that bricked it, half assed attempt at a root process failed maybe

*Detection* said:
I never let SuperSU reboot when I let it update the binaries
Could be a number of things, possibly just corrupted a file necessary for boot, but as SuperSU has root, it could be anything
I don't know the ins and outs of how SuperSU works, but I know a few carrier specific US S5s have a locked bootloader, Verizon, AT&T etc - not sure if rebooting to allow the binary update requires an unlocked bootloader, maybe that bricked it, half assed attempt at a root process failed maybe
Click to expand...
Click to collapse
As far as I know, though, U.S. Cellular has confirmed that this device has an unlocked bootloader. And besides that, if it were locked, wouldn't that have come up as an issue when I rooted the device? I used the CWM custom recovery tool.
On a similar note, I'm not even sure if the problem was a locked bootloader. It's just that, from what I've read with other people having the same issue, they solved it by excluding the BL file from the flash and instead only using the AP, CP and CSC files.

Xeretius said:
As far as I know, though, U.S. Cellular has confirmed that this device has an unlocked bootloader. And besides that, if it were locked, wouldn't that have come up as an issue when I rooted the device? I used the CWM custom recovery tool.
On a similar note, I'm not even sure if the problem was a locked bootloader. It's just that, from what I've read with other people having the same issue, they solved it by excluding the BL file from the flash and instead only using the AP, CP and CSC files.
Click to expand...
Click to collapse
If you can flash anything custom from ODIN, bootloader is unlocked, afaik, locked bootloaders require a right mess on to get anything flashed to them
To root with a locked bootloader, is easily possible if you're on a certain KitKat ROM, and use Towelroot - other than that, (From what I've read), you need to use specific tools, so it sounds like your bootloader is indeed unlocked - which makes this next ROM flash, much more likely to work using only ODIN
Use ODIN 3.10.6 though
My experience with the S5 is with an unlocked bootloader (G900F), so I can only quote what I know about locked from what I've read, but it sounds like that doesn't matter in your case

*Detection* said:
If you can flash anything custom from ODIN, bootloader is unlocked, afaik, locked bootloaders require a right mess on to get anything flashed to them
To root with a locked bootloader, is easily possible if you're on a certain KitKat ROM, and use Towelroot - other than that, (From what I've read), you need to use specific tools, so it sounds like your bootloader is indeed unlocked - which makes this next ROM flash, much more likely to work using only ODIN
Use ODIN 3.10.6 though
My experience with the S5 is with an unlocked bootloader (G900F), so I can only quote what I know about locked from what I've read, but it sounds like that doesn't matter in your case
Click to expand...
Click to collapse
It worked! Thank you so much for the help, I really appreciate it.
Well, my warranty is now void. Is there a safer way to root the phone, or should I just leave it be?

Xeretius said:
It worked! Thank you so much for the help, I really appreciate it.
Well, my warranty is now void. Is there a safer way to root the phone, or should I just leave it be?
Click to expand...
Click to collapse
Great
Flashing a stock ROM won't void your warranty, but if it is indeed void (KNOX 0x1), then just flash this with ODIN
http://download.chainfire.eu/404/CF-Root1/CF-Auto-Root-klteusc-klteusc-smg900r4.zip
Tripping KNOX only happens when you flash something not signed by Samsung, IE: A custom recovery, ROM or Kernel etc

I have the same issue, same phone I ended up flashing a custom ROM because I luckily flashed twrp before it bricked on the us cellular screen.. How did you fix this I just want to get back to stock remove my root completely

Related

Does flashing a rom unroot a rooted phone???

So I rooted my phone with one click method, changed rom, also because I wanted an unrooted phone again, but it seems that even though I flash a new room I always stay rooted??? Am I doing something wrong??? I thought that flashing a new rom was supposed to restore factory defaults including an unrooted device. Am I wrong??? I started with a XXJID whent to XWJJ4 to XXJK1 and back to XXJID, but it always stays rooted... I want to unroot my phone can anyone help me out please
yes it does, once the custome roms are created they will generally be released rooted to save you the effort.
retroqwe said:
yes it does, once the custome roms are created they will generally be released rooted to save you the effort.
Click to expand...
Click to collapse
Thanks, so what must I do to unroot my phone?? tried the one click metod and it does not work...
Curious as to why you want to un-root it?
shollywood said:
Curious as to why you want to un-root it?
Click to expand...
Click to collapse
Because i am curios as well and should the need arise I see it is not as simple as all that.
There is no reason whatsoever to unroot. But yes, flashing a new firmware will unroot your tab as it would any other device.
ftgg99 said:
There is no reason whatsoever to unroot. But yes, flashing a new firmware will unroot your tab as it would any other device.
Click to expand...
Click to collapse
Not true, I have flashed many roms and always stays rooted
That, my man, is because the roms you were flashing already included su permissions... a new firmware will completely replace the entire filesystem, all settings included. And there are no customised firmwares for the tab atm.
EDIT: just realised you are attempting to answer your own question lol
ftgg99 said:
That, my man, is because the roms you were flashing already included su permissions... a new firmware will completely replace the entire filesystem, all settings included. And there are no customised firmwares for the tab atm.
EDIT: just realised you are attempting to answer your own question lol
Click to expand...
Click to collapse
Wait a moment, I dont get it???? Are you telling me that whoever flashes a Rom from Samfirmware is in fact installing a firmware with root access already installed??? I didn't realize this, but looking at the results of my flashes I guess you must be right
I had to manually root my JK1 ROM after flashing.
I'm saying this shouldn't be happening. Probably its the recovery you need to replace. I'm not sure if its partition gets wiped with Sammy firmwares. I'm not doing any flashing yet as I see no point.
The rom XWJJ4/XXJK1 uses a different partition schema as XXJID used, where XWJJ4 and its successors uses "P1" .PIT file, and XXJID uses "816" .PIT file. Maybe the issue comes from this.
Zeron.Wong said:
The rom XWJJ4/XXJK1 uses a different partition schema as XXJID used, where XWJJ4 and its successors uses "P1" .PIT file, and XXJID uses "816" .PIT file. Maybe the issue comes from this.
Click to expand...
Click to collapse
Perhaps, but from what I understand the XXJID uses "no repartition" to install, so the pit is actually not used when putting on this firmware... I wonder which firmware actually uses this same repartition. I used JHA before putting on JID, and I would have thought this used the same repartition, but still signs of a rooted phone. From what "ftgg99" said I wonder where the roms from samfirmware come from. I guess other devices from were the roms have been extracted, and to extract a rom from a device I think you need root acess, so that is why I am getting leftovers of rooted phones on these roms, namely the SU file which gives me the rom as rooted when I go and check the firmware. I saw that Kies fortunately sees my device as normal so I hope that when an official update will come along there will be no problems with the official upgrade...
Well, flashing a ROM outside of OTA updates invalidates the warranty, so does rooting, if we believe this article:
MOD EDIT:Wait until further instructions.DO NOT EDIT THE POST W/O MY PERMISSION.
Hack only if you can afford the consequences !
Moddage ftw. Super one click modifies the recovery partition, so to lose root you will have to replace it with the original.
So, can we please get the original recovery?
Superoneclick has a unroot function that we may wish it will "restore the original one". While a root guide posted by "chowdarygm" indicated that after unrooting the device that was rooted by superoneclick before, he can't root it again by using the same tool, and have to reflash the rom to make it under control. Given this, the root tool itself is not as perfect as we wished yet, especially with the "rollback" mechanism.
Thanks for this thread you guys, i have Samsung A9 PRO 2016 and flashed magisk patched rom to it, but i have problem the Magisk don't detect instalation and Banking app don't work cause magisk can't hide no settings to do it. Also my apps starts breaking and stopping.

Would it be plausible to use JTAG to rewrite an unlocked firmware?

I know that the Verizon bootloader is almost impenetrable as is, but would it be plausible to completely go over the head of the firmware and directly write an image with JTAG that would allow for custom software? If so, would it be possible to use the firmware from another carrier like USC or would it have to be a custom image?
EDIT: summary of the method and everything I have thusfar discovered
So, this method after a bit of evolution, got to the point it basically entailed the following: Using the SD Card debrick method (popularized by the galaxy s3 LTE variants) a modified firmware image would be written to an SD Card, and the phone would boot from that image. The main problem I ran into: it would not let me flash anything that could brick the phone, nor was I able to pull the usb cord at the right moment and try and manually brick it. I was able to flash firmware and stock tars from other variants of the phone (such as the one that runs on T-mobile), but what I found out through that is a couple things:
1. The stock tars seem mostly carrier independent, and I was without any modification able to flash a T-mobile bootloader, system image, and pit file, but within recovery and download mode it would show that because of integrated CSC, it would still change back to the original variant. This could have implications for a very simple method of removing bloat from the phone, but I'm not so sure
2. It must have a very low level method of injecting information and file verification that is not located anywhere on eMMC
The latter led me to research a TON, eventually finding that the most likely culprit is the use of Qualcomm Qfuses, non-volatile pre-set memory located directly on the SoC, to check how the bootloader is signed. They consist of a couple blocks of registers, and definitely aren't readily writable. The trusted base of the entire secure system, the same system that KNOX invokes on other systems, is within a series of Qfuses. From what I have deduced, however, they must be at some software level writable, as although the Knox counter is an e-fuse, the others (such as the warrantee bit) have been both changed upon their void and reverted when brought back to a service center. This must mean that the entire block is possible to modify in both directions, unlike a fuse or breaker; It seems to act more like flash memory than a "fuse." This is very good, mainly because if the service center can change it it means that jtag has not been disabled by those flags, and is enabled in at least some form. What this also means is that without another MAJOR exploit within unfortunately simple, clean code or a leak of several RSA keys from verizon, either current workarounds such as safestrap are the answer for the foreseeable future, or a method of manually changing a simgle Qfuse (the one that controls the "Qualcomm Secureboot" flag) could be used.
What I'm hopefully going to start at some point here is research into finding a way of accessing and changing that Qfuse via JTAG. I have no money for a JTAG box at the moment, so it'll have to wait, but if anyone who already has one wants to use it, hopefully this info helps
P.S. I figured out exactly what T-flash does in odin: it flashes the files that you input into odin to the currently inserted SD Card (or so it seems, I could be wrong but that's what it did for me)
P.P.S. Verizon, I respectfully request that...oh never mind, profanity is definitely frowned upon here
Also, I'm in ongoing discussion with the FCC as to block C violations by Verizon of aspects of the regulations that upon research have not really been argued to any substantial extent, so if that comes to fruition hopefully there'll be simple ODIN flashable patches for this stuff :fingers-crossed:
UPON REFLECTION: if the phone could be bricked, either by very subtly corrupted file or by interrupting a flash at the right moment, then could the debrick image from a tmobile galaxy s5 with an unlocked bootloader be used as not a method of flashing the on-board bootloader but as a kind of external boot, so a permenantly installed SD Card that would be permissive of modified kernels and such but still accepted as a boot device by the phone?
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
tr4nqui1i7y said:
I was wondering something similar. It would be interesting to see if we could do something similar to what we did for the droid x.
Click to expand...
Click to collapse
what was done with the droix x? Did they use a direct JTAG patch?
I just realized something. From reading here: http://forum.gsmhosting.com/vbb/f200/how-fix-samsung-galaxy-s5-sm-g900f-dead-boot-1813266/
It seems to show that the S5 has a "alternative boot upon init fault" method similar to that that allows the galaxy s3 debrick to work (I have a guide I made with details) so would it be possible to somehow corrupt a very important part of the bootloader in an official update (would one or two bits still mess with the signature?), apply that, and have an insecure bootloader on a microsd card in the phone allowing it to boot into that, then use that with odin to flash an insecure bootloader to the s5 itself?
Now I have to ask an interesting question somewhere (since he: http://forum.xda-developers.com/verizon-galaxy-s5/help/g900v-hard-brick-t2914847 seems to have done it): "guys how do I brick my sm-g900v?"
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
tr4nqui1i7y said:
They hijacked the boot init by basically using an alternate boot. It was essentially telling the phone to use a different boot method.
Check out koushs bootstrapper for the droid x and droid 2
Koush, birdman, and apex were the three that I remember the most from the beginning. When I remember who got root first, I'll post here. That or I'll try to get in touch with them.
Click to expand...
Click to collapse
I think it might actually be easier
So long as a couple conditions are met for it:
1. The bootloader alone determines if an image is "signed" or not (like when flashed in odin)
2. The same UnBrick exploit from the S3 LTE variants works in some form (secondary storage, fault-triggered boot)
3. It is possible to get it to load a modified bootloader from that secondary boot (this is why number 1 is important)
4. KNOX is completely firmware based, and doesn't have any chip based verification
5. I or someone else actually knows how to modify the bootloader such that it will allow unsigned images (even if not removing it all together, then changing the key to one they publicize so people can sign their rom with it)
If all of these are met, then we might actually have free root! Basically all it would involve would be bricking the device badly enough it boots from secondary storage, have that secondary boot have a "back door" that allows a custom image to be flashed, that allows a bootloader image to be flashed that allows for a signed recovery (signed with that publicly available code) to be flashed without having to deal with safestrap or anything like that. Just full root like on any other phone. Anyone want to offer an opinion? Will this work? I would love to try this out, though I'm a bit unwilling to offer my s5 as a sacrifice just yet as I don't have a JTAG unit on site. I know the bounty is probs gone but I'm ok just getting my bootloader unlocked an' $#*+
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
tr4nqui1i7y said:
The bootloader doesn't need to be bricked, it just needs to be bypassed. If we can find the magic words then we'll be golden.
I'm researching tonight. I'll try tests, hopefully tomorrow. Not sure when I'll be able to have the tone for sure.
An unlock isn't likely. A bypass should be possible though.
Click to expand...
Click to collapse
Have you found anything yet?
dreamwave said:
Bypassed in what way? I understand the thing with safestrap and such, but that doesn't allow custom kernels or anything, so just modified tw roms which is kinda limiting
Click to expand...
Click to collapse
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
dreamwave said:
safestrap uses root access in a stock rom to create a temporary recovery image that lasts for one boot, but it can be finicky and no way to boot into it if you can't access the rom
Click to expand...
Click to collapse
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
tr4nqui1i7y said:
I need to look up this "safestrap" thing. It sounds like it might be the same thing. Also, by no means does any of this mean root access. If safestrap is what it sounds like, then the concept I was attempting might have already been done.
Safestrap appears to be the same concept, applied in a different way. I've got to do some catching up. I just got the s5, so I'm very late to the show. I'm wondering if anyone has looked into the similarities between the s5 variants.
Click to expand...
Click to collapse
that's why I'm hoping the debrick image method will work
tr4nqui1i7y said:
The Droid X bootstrap was used with the same intent. It didn't allow custom kernels either. It didn't allow pure aosp ROMs because of that. It modified a boot file to boot to the custom ROM, rather than the actual ROM. It wasn't a recovery or anything like that. It was in app form and only needed to be applied manually the initial time. Unless you wanted to switch/update your custom ROM.
I'm wondering if safestrap, in conjunction with the oe1 rooted build, the oe1 tar, and the boot vulnerability could lead to a method that would allow a one time "downgrade".
Something along the lines of applying a pre-rooted tar, leaving the phone in a bricked state since the bootloader can't be downgraded, adb pushing safestrap files into place, thus modifying the bootloader to get passed the bricked state, allowing it to boot into the rooted tar that was applied or even booting into a ROM possibly.
^ Is all an uneducated guess. I haven't done enough research to know how viable of an option that would be.
Click to expand...
Click to collapse
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom. Also, safestrap didn't do a thing with the bootloader, it was done during kernel init, right after firmware finishes. If a phone is hard bricked then adb won't work, and what I'm getting at is hard bricking it then using the debrick image thing
dreamwave said:
so far I've been able to downgrade just fine. Don't do anything with knox and it seems odin can flash back to the original Kitkat rom
Click to expand...
Click to collapse
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Click to expand...
Click to collapse
I don't know, I got it to go back to when root was still possible to get via an app. I don't see why there's a need to downgrade the bootloader if the debrick image thing works
tr4nqui1i7y said:
Even after updating past OE1? I thought nobody has been able to downgrade after accepting anything past that update.
Hm, I'd be really interested in finding a way to get the downgrade to work properly for users that updated. Perhaps packaging the safestrap into a rooted tar. I'm not sure. There has got to be a possibility. We've got all the pieces, we just need to put them together.
When you say you want to hard brick then debrick... Are you thinking that the bootloader might be ignored when it is in a broken state, allowing an older image to be written?
Click to expand...
Click to collapse
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
dreamwave said:
Exactly. Safestrap is basically useless for flashing bootloader and stuff as it has no firmware involvement. If the bootloader is the part that determines whether or not it's being upgraded or downgraded then if this works it could be downgraded. If they have a hardware counter that determines it, then a modified new bootloader could be flashed probably but not a previous version.
Click to expand...
Click to collapse
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
tr4nqui1i7y said:
I am not concerned with fllashing a bootloader. I am only trying to find a way to sneak the old exploit into the updated system via an old flaw.
Old System - Check
Root for old system - Check
init tweak - Check
New bootloader - Check
New system - Check
Rooted new system - Check
Old bootloader vulnerability - Check
New bootloader vuln - Missing
This means we either need to find a way to downgrade again, or find a root method for the new system.
What I am interested in is utilizing the init hack to spoof the old bootloader and allow for the new rooted system to boot for users who have taken updates past OE1.
Click to expand...
Click to collapse
but that has already been done I think, root on a system with any bootloader so long as a root exploit exists for the OS
That's safestrap. It doesn't allow custom kernels or a full custom recovery though, that's why I'm trying to modify the bootloader

Trying to [Root] Note 3, not sure what method to use.

Hello,
Samsung Note 3
I REALLY want to root my phone to help test out the beta of f.lux. You can look it up if you want, should take you a a peachy orange page. Anyway, I really want that on my phone, and it needs root, and I've NEVER rooted a phone before, and I'm not sure what I'm doing.
I want to follow [this guide](http://www.phonearena.com/news/How-to-Root-the-Verizon-Samsung-Galaxy-Note-3_id48247) PhoneArena link, but it doesn't say what android version it needs, and that worries me.
One more thing, I downloaded a file called "fastboot" and it has something to do with ADB that disables certain apps so that I'm not nagged to update. I'm on 4.4.4, and I can't find that file, I think it's in the root of C:\ but I ran them and it didn't work. So if I could reenable those apps to get on lollipop or marshmallow, if rooting would be easier, I'd do that. I've searched the forum, but I need baby steps.
Thanks.
timpster said:
Hello,
Samsung Note 3
I REALLY want to root my phone to help test out the beta of f.lux. You can look it up if you want, should take you a a peachy orange page. Anyway, I really want that on my phone, and it needs root, and I've NEVER rooted a phone before, and I'm not sure what I'm doing.
I want to follow [this guide](http://www.phonearena.com/news/How-to-Root-the-Verizon-Samsung-Galaxy-Note-3_id48247) PhoneArena link, but it doesn't say what android version it needs, and that worries me.
One more thing, I downloaded a file called "fastboot" and it has something to do with ADB that disables certain apps so that I'm not nagged to update. I'm on 4.4.4, and I can't find that file, I think it's in the root of C:\ but I ran them and it didn't work. So if I could reenable those apps to get on lollipop or marshmallow, if rooting would be easier, I'd do that. I've searched the forum, but I need baby steps.
Thanks.
Click to expand...
Click to collapse
If you're just looking to try out f.lux you could give Cf.lumen a try first. It has a non-root mode.
If you want to root you can just flash a custom recovery like TWRP with Odin.
Sjant said:
If you're just looking to try out f.lux you could give Cf.lumen a try first. It has a non-root mode.
If you want to root you can just flash a custom recovery like TWRP with Odin.
Click to expand...
Click to collapse
You say, just flash, as if there is no risk. I want to get it right, no bricking. I'm on 900V (V for verizon), and I want a quick safe way to root. Also, thank you for mentioning Cf.lumen, I do have it, and the nonroot looks like ****, yes it works, but it's not remotely the same.
timpster said:
You say, just flash, as if there is no risk. I want to get it right, no bricking. I'm on 900V (V for verizon), and I want a quick safe way to root. Also, thank you for mentioning Cf.lumen, I do have it, and the nonroot looks like ****, yes it works, but it's not remotely the same.
Click to expand...
Click to collapse
I recommend visiting TWRP's website and pick out the latest version for your device and then flash the latest non-beta version of SuperSU which you can find here on XDA. Flash TWRP with Odin and then boot into recovery and simply reboot, it will then ask you if you'd like to root your device.
What model do you have? Find your model first then download TWRP recovery. Use odin to flash the recovery, then flash super su.
Odin - http://www.droidviews.com/download-odin-tool-for-samsung-galaxy-devices-all-versions/
Supersu - https://download.chainfire.eu/743/SuperSU/BETA-SuperSU-v2.52.zip
Complete edit.
O.K., so I see that TWRP has a backup option. If I use this option, and should I "brick" my phone, could I flash the TWRP in odin, and figure out how to restore the backup, and unbrick the phone if I screw up the root process? Because that would be ****ing amazing, and I'd root IMMEDIATELY if that's the case, because, no worries -- I'd always have a backup! I love backups.
You need Root for TWRP to backup .
Suggest you read the stickeid FAQS and guides .
timpster said:
Complete edit.
O.K., so I see that TWRP has a backup option. If I use this option, and should I "brick" my phone, could I flash the TWRP in odin, and figure out how to restore the backup, and unbrick the phone if I screw up the root process? Because that would be ****ing amazing, and I'd root IMMEDIATELY if that's the case, because, no worries -- I'd always have a backup! I love backups.
Click to expand...
Click to collapse
First things first, EXACTLY what Note 3 model do you have? Go to Settings -> About -> Device model. If it is SM-N9005, that would be quite surprising, because we didn't get a 4.4.4 build.
American Note 3s got a 4.4.4 build, N900A, N900V (AT&T Note 3 and Verizon Note 3 respecitevly), and the methods for rooting THEM has nothing in common with the way a N9005 or N900 is rooted.
900V. Verizon, 4.4.****ing4. I had .3 but it kept nagging me to update like trial software and that was probably the end of my chances as I recall I most likely have a locked bootloader so I may not be able to do any of this.
Why can't I make a full backup on stock android anyway, seems like the responsible thing to do.
Verizon then use the verizon forum anything from here is wrong and may brick your phone .
Full backup requires a modified recovery therefore no longer stock .
Ah so it's the stock recovery that is used. So why do you think that lacks options for a full backup?
When you say use Verizon forums is that a section here or a dedicated Verizon forum?

Shortcut to being rooted on N910VVRU2CQI2

Here's my Cheat Sheet ! This is the same procedure I used a while back with N910VVRU2CPD1 . I just updated the thread to work with the newer package.
1. Odin SamMobile N910VVRU2BPA1
reboot and factory reset a few times if needed to remove custom icon
2. Odin hsbadr's N910VVRU2BPA1_N910VVRU2CPD1_FullFirmware.tar HERE
3. Unlock with the samsung_unlock_n4-fix PROCESS use SIM card for data. Wi-Fi will not work at this point.
4. Odin twrp-3.0.2-0-trltevzw.tar Uncheck Auto Reboot, Manually boot into TWRP
5. Odin hsbadr's N910VVRU2CPD1_StockRestore.tar HERE
6. TWRP BETA-SuperSU-v2.71-20160331103524, Factory Reset, boot system
7. Use FlashFire to Flash firmware package SamMobile N910VVRU2CQI2
( ! System and Cache only ! )
Your mileage may vary.
Before I install my personal apps I remove as much Verizon, Samsung and Google spyware as possible.
-------------------------------------------------------------------------------------------------
EDIT: I was able to skip the recommended rooting and unlocking of 5.1.1 and make the jump I described.
I did not do the unlock using Kingroot until step 3 and I did not permanent root with Super Su until step 6.
No matter how you get there the phone has to be on [Firmware] [MM] [6.0.1] [RetEd/DevEd] Safe Upgrade to Marshmallow [N910VVRU2CPD1] then you can use FlashFire.
Hyperlinks are in the text to most of what's needed.
Credit AstonsAndroid I found it HERE
I keep seeing people saying there is a way to just flash TWRP and Magisk and you're done. I'd like to avoid SuperSU and the other root methods if possible. How would that work with your updated guide? Thanks
My main concern is the spyware the guys on Reddit bring up. Not to use kingroot and the like. Was there any resolution to this thread you posted Dr cool? Want to unlock my bootloader and flash the MODest ROM but I want to be able to avoid spyware too. Thanks for your work.
https://forum.xda-developers.com/no...spyware-fix-fixed-lag-wi-fi-problems-t3433839
RootMyNote4Please said:
My main concern is the spyware the guys on Reddit bring up. Not to use kingroot and the like. Was there any resolution to this thread you posted Dr cool? Want to unlock my bootloader and flash the MODest ROM but I want to be able to avoid spyware too. Thanks for your work.
https://forum.xda-developers.com/no...spyware-fix-fixed-lag-wi-fi-problems-t3433839
Click to expand...
Click to collapse
I'm not sure if it was spyware or what. but my phone performance better after cleaning out that folder.
Thanks doc. Is that a folder that gets overwritten when you flash a new room?
This says "Continue with sim card data because wifi wont work at this point."
What if we don't have any data right now? Will it still work?
lodilovesmuffins said:
This says "Continue with sim card data because wifi wont work at this point."
What if we don't have any data right now? Will it still work?
Click to expand...
Click to collapse
Kingroot needs to connected to root. I never seen it work without a connection. N910VVRU2BPA1_N910VVRU2CPD1_FullFirmware.tar brakes wifi but you get it back with N910VVRU2CPD1_StockRestore.tar, I dont know why. It just works
RootMyNote4Please said:
Thanks doc. Is that a folder that gets overwritten when you flash a new room?
Click to expand...
Click to collapse
My best guess now is it's some kind of provisioning issue that is cleaned up. Some of the files deleted you may actually need some day.
does this require the developer version? btw how do i backup
I seem to lose root after I flash CPD1. Still have TWRP though and says developer mode. What could be causing this?
Edit - When I flash stock restore I mean. I get rooted on BPA/CPD and then when I go to the next step I'm losing root and Kingroot says it has no solutions. I must be doing something wrong.
RootMyNote4Please said:
I seem to lose root after I flash CPD1. Still have TWRP though and says developer mode. What could be causing this?
Edit - When I flash stock restore I mean. I get rooted on BPA/CPD and then when I go to the next step I'm losing root and Kingroot says it has no solutions. I must be doing something wrong.
Click to expand...
Click to collapse
As long as you have TWRP installed still you are in good shape. At that point, you could either flash (through TWRP) SuperSu or magisk (on certain kernels magisk install errors out in twrp). The main objective is to get the custom recovery (twrp) installed on the 6.0.1 bootloader and once that's done it's just a matter of flashing your preferred rooting method or flashing a rom that has root included.
You can use an app like this to check your bootloader to make sure it's the right one.
kevintm78 said:
As long as you have TWRP installed still you are in good shape. At that point, you could either flash (through TWRP) SuperSu or magisk (on certain kernels magisk install errors out in twrp). The main objective is to get the custom recovery (twrp) installed on the 6.0.1 bootloader and once that's done it's just a matter of flashing your preferred rooting method or flashing a rom that has root included.
You can use an app like this to check your bootloader to make sure it's the right one.
Click to expand...
Click to collapse
That's weird. I flashed SuperSU but it didn't show up in the apps and when I tried to use Flashfire it said I didn't have root.
Got there. SuperSU had an error message when I tried to install it the 1st time after flashing full system. So I rebooted and installed again. Now Flashfire crashes and won't open. Switched to Flashify and it seems to work ok.
Edit - Stuck here for now. Flashify can't seem to find the CQI2 file and I still haven't been able to get Flashfire to work. Tried an older version and still crashes when it checks to see if I have the pro version or not.
In case someone else has the same problem with Flashfire, it's because the program expired April 1st, 2018. Turn the date back on your phone and it will load.
Finally completed it!!!
Ok, so the things I learned from my trials and errors.
1) DON'T flash the kernal and SU after you root with the N4 fix. I did this the 1st 15 times and could never get Flashfire to work later on. So skip all of the stuff in that post after you flash TWRP. Then flash the next firmware step.
2) Uncheck auto time and date on your phone and roll it back to before 4/1/18 to get Flashfire to work.
I'm sure there are some more things and I'll add whatever else I think can help the next guy along. Good luck! And thanks for the guide doc!
Note: Did the phone icon on your lock screen disappear as well when you were done? The camera is there on the bottom right like normal, but the phone is gone on the bottom left and it displays the charging info there now.
Thanks for this - it was helpful to make clear that in my mind that despite what other guides say, there is no need to unlock a Lollipop bootloader with a Lollipop kernel + ROM first, and that we can boot a Lollipop kernel + ROM with a Marshmallow bootchain and unlock the Marshmallow bootloader from the get-go.
I tracked down the CQI2 full Odin and I made hybrid Odins that get you "rooted on N910VVRU2CQI2" in fewer steps, following hsbadr's file naming scheme:
N910VVRU2BPA1_N910VVRU2CQI2_FullFirmware.tar.md5: MM CQI2 bootchain/firmware/modem, LL BPA1 ROM/kernel/recovery
N910VVRU2CQI2_StockRestore.tar: MM CQI2 ROM/kernel (no recovery - TWRP isn't overwritten)
These should be fine as drop-in replacements for the files mentioned in steps 2 and 5 of your guide.
Using these obviously means that you are unlocking the CQI2 aboot instead of the CPD1 aboot in step 3 while temprooted, and - importantly - step 7 is unnecessary to get to a CQI2 ROM, which is good because Flashfire is now expired :3
I doubt there's much of a real benefit to being on the newer aboot, but hey, why not.
Hey, no one answered my question from a while ago. So I'll ask again, does this require the developer version of the Note 4?
lodilovesmuffins said:
Hey, no one answered my question from a while ago. So I'll ask again, does this require the developer version of the Note 4?
Click to expand...
Click to collapse
No, this will work with both versions of the verizon note 4.
kevintm78 said:
No, this will work with both versions of the verizon note 4.
Click to expand...
Click to collapse
Ok, thank you very much. I'll try and root my phone with this tutorial now.
Please help!!!!
I followed this link because its supposed to be a way to downgrade from 6.1.0 to 5.1.1 so I can unlock boot loader. However, these instructions make no sense to me. Can someone PLEASE help me. I've been searching and searching for a way to root my note 4 (N910VVRS2CQA1) and can't seem to find a way. I've never done this before so I'm pretty clueless. When I read these instructions, I just don't understand what I'm supposed to be doing. A lot of this tech lingo means nothing to me unfortunately. I'm starting to thing I should just give up the idea of rooting this Note 4 that's getting slower and slower and just get a new one. I don't really want to though bc I love the fact that you can replace the battery. It'd be much easier to just root and upgrade.....well, easier if I actually knew how.

SM-G950F Root

Ok, I have rooted Galaxy S4s and 5s, usually the T-Mobile versions. I just ordered a used SM-G950F off ebay. It did not say if it was Nougat or Oreo.
Been searching, and have not found my answer, so I hope someone might be able to send me a link or advise me.
Want a rooted S8. Stock rom would be ok, but I would prefer custom down the road.
This is how I have been rooting the S4s and 5s
Put SuperSU zip on phone.
Then flash TWRP from Oden and not let it reboot. Do a battery pull, and then start the phone to recovery, then flash the SuperSU from TWRP.
Can I do this with the S8 ? (SM-G950F)
Thanks!
Come on you gurus, just take 1 minute and help me out ..... ffs
or maybe I posted the question in the wrong place, or your bored with the question.
I was a mod on another type of forum, I posted a sticky ... you dumb asses
ctbale said:
Ok, I have rooted Galaxy S4s and 5s, usually the T-Mobile versions. I just ordered a used SM-G950F off ebay. It did not say if it was Nougat or Oreo.
Been searching, and have not found my answer, so I hope someone might be able to send me a link or advise me.
Want a rooted S8. Stock rom would be ok, but I would prefer custom down the road.
This is how I have been rooting the S4s and 5s
Put SuperSU zip on phone.
Then flash TWRP from Oden and not let it reboot. Do a battery pull, and then start the phone to recovery, then flash the SuperSU from TWRP.
Can I do this with the S8 ? (SM-G950F)
Thanks!
Click to expand...
Click to collapse
There's literally dozens of guides on how to root the G950F. Come on you guru, do a Google search for one minute and help yourself out.
DAViiD__ said:
There's literally dozens of guides on how to root the G950F. Come on you guru, do a Google search for one minute and help yourself out.
Click to expand...
Click to collapse
I think I just set the hook ......
ctbale said:
I think I just set the hook ......
Click to expand...
Click to collapse
But seriously, I heard about a bootloader, (version 2?) that if I try to flash twrp might brick my phone. Have not actually pulled the trigger on buying a SM-G950F yet, but want to know if I can attain root on this device if its on android V8.0
I did try searching, but it just sits there with no results no matter what I put in the field. Might be because I am in Alaska and my internet SUCKS!
I am at the point I would pay someone like $20 via paypal if they know what they are doing and they want to give me Tech Support
ctbale said:
But seriously, I heard about a bootloader, (version 2?) that if I try to flash twrp might brick my phone. Have not actually pulled the trigger on buying a SM-G950F yet, but want to know if I can attain root on this device if its on android V8.0
I did try searching, but it just sits there with no results no matter what I put in the field. Might be because I am in Alaska and my internet SUCKS!
I am at the point I would pay someone like $20 via paypal if they know what they are doing and they want to give me Tech Support
Click to expand...
Click to collapse
The process I've followed is as follows.
Now please take into account that I flash twrp and part of that process is that data partition needs to be formatted, so make sure anything that's needed back it up.
Have a look at some roms, download one to your memory card.
Flash twrp via Odin, you will need to wipe data in twrp and return to twrp.
Flash the Rom in twrp as normal.
Now if you want just root, flashing cf-autoroot via Odin is the of other choice, flashing magisk or supersu will involve twrp so like I said earlier you'll end up wiping data.
Hope this helps in some sort of way
Thanks! I have been searching for hours in my free time to see if I can do this. I just read in a few threads that if the phone is on Oreo it would have a locked bootloader. I went thru that helping my buddy root his ATT 337 S4. Almost bricked his phone.
I will be starting with a new phone, dont care about tripping knox. Just want root so I can use titanium backup to freeze/uninstall any of the bloat. I would get a costom rom after root eventually.
I will get a SH-G950F ordered. I just didnt want to get the phone and not be able to root. Almost ordered The SH-G950U and its got snapdragon, and I read thats not the best version if I have a choice.
I love my rooted S4 but its kind a turtle so need to move forward.
Thanks So much for your help sofir786 !!!!!
sofir786 said:
The process I've followed is as follows.
Now please take into account that I flash twrp and part of that process is that data partition needs to be formatted, so make sure anything that's needed back it up.
Have a look at some roms, download one to your memory card.
Flash twrp via Odin, you will need to wipe data in twrp and return to twrp.
Flash the Rom in twrp as normal.
Now if you want just root, flashing cf-autoroot via Odin is the of other choice, flashing magisk or supersu will involve twrp so like I said earlier you'll end up wiping data.
Hope this helps in some sort of way
Click to expand...
Click to collapse
Mrmezz
I rooted my s8 G950F on oreo with twrp magisk and dm verity. If u dont wipe data and flash dm verity after twrp your phone will boot sayin we cannot verify the integrity of this device please restart. I cant mind the ecact process i followed but it was onli them 3 i flashed

Categories

Resources