Related
FIRST THING FIRST, THIS IS DANGEROUS. DO IT AT YOUR OWN RISK.
Myself and one other person have successfully done this. If you have success as well, please post here. What you DO NOT want to flash, and is the cause of bricks is motoboot.img that is older than what you have now. Just dont mess with it.
What you can do, is flash gpt.bin to get the partition tables re-partitioned to get you back to be able to flash roms from CWM, TWRP, Philz, etc.
That being said, this is my PERSONAL experience, and am only sharing because it got me out of GPE lollipop hell, and I was terrified of the bricks, like everyone else. I will attempt to be more clear in my OP.
I have an XT1034 that I converted to GPE to flash 5.0 Lollipop OTA and it gave me the new bootloader 41.18. I couldnt get to CM12 due to Status 7, and I could only flash 4.4.4 stock, lollipop stock, or CM11, any flashing to CM12 always gave errors about Status 7. Others have reported not being able to wipe /data or /system or mount either in any recovery. The problem is the updated partition table and here is the solution:
IF YOU DO NOT FOLLOW THIS DIRECTION YOU WILL HARD BRICK. DO NOT RUN THE BATCH FILE IN THE DOWNLOAD. IT CONTAINS 4.4.2 motoboot.img and YOU WILL BRICK. ONLY RUN THE COMMANDS LISTED BELOW!!!
ALSO DO NOT use an older gpt.bin, it must be 4.4.2 or newer!! Use the link below to get a 4.4.2 XT1034 stock rom.)
I flashed a 4.4.2 GPT.bin from this: US_retail_XT1034_KXB20.9-1.8-1.4_CFC.xml.zip (http://motofirmware.com/files/getdow...-14-cfcxmlzip/)
If you want to try the same thing, you can extract gpt.bin from the zip and run this: (ONLY!!)
Code:
fastboot flash partition gpt.bin
then download philz here: http://fs1.d-h.st/download/00145/DEw...8.7-falcon.img
rename to philz.img
fastboot flash recovery philz.img
Hold vol - and power, to reboot into recovery, then
format /system
format /data
Download the latest nightlies and gapps and push them like this:
adb push cm-10-10-1000.zip /data/media/0
Reboot into recovery, and flash cm12 and gapps.
Marcus Lemonis!
I thought it had been established flashing the KitKat Partiton Table (gpt.bin) was the cause of downgrade hard-bricking.
It would appear the 4.4.4 Partition Table is specifically the cause.
People have been hard-bricking (now have to wait for full firmware images to fix) - because they flashed the 4.4.2 image and then applied the 4.4.4 OTA Update.
Perhaps you should mention that in OP.
I don't think a gpt.bin "4.4.2 or newer" is wise advice. Please correct me if I'm wrong.
lost101 said:
I thought it had been established flashing the KitKat Partiton Table (gpt.bin) was the cause of downgrade hard-bricking.
It would appear the 4.4.4 Partition Table is specifically the cause.
People have been hard-bricking (now have to wait for full firmware images to fix) - because they flashed the 4.4.2 image and then applied the 4.4.4 OTA Update.
Perhaps you should mention that in OP.
I don't think a gpt.bin "4.4.2 or newer" is wise advice. Please correct me if I'm wrong.
Click to expand...
Click to collapse
It is possible to flash 4.4.4 gpt bin, bit it's not possible to OTA update to 4.4.4 from 4.4.2.
andogeek10 said:
It is possible to flash 4.4.4 gpt bin, bit it's not possible to OTA update to 4.4.4 from 4.4.2.
Click to expand...
Click to collapse
Exactly.
It's the same if you want come back from GPe to Retail Motorola STOCK, you need change GPe-partitions to Motorola-Partitions. There are some differents between both partitions:
GPE
Code:
'cache' -> 560,00 Mb
'system' -> 840,00 Mb
Motorola
Code:
'cache' -> 662,13 Mb
'system' -> 976,00 Mb
There is a partition with 2,28 Mb: In GPe is called 'metadata'; and in Motorola is Called 'padA'.
And there is a partition en GPE with 6,13 Mb called 'padC', but in Motorola didn't exists.
Any way, if you downgrade from LP, you don't must flash BL (motoboot.img), or you'll have a pretty brick.
updated op, I shouldnt have tried to walk anyone through that last night, i couldnt even understand my own english, apologies.
I just don't understand why peoples push 4.4.2 into phones when there is "safer" 4.4.4 that works perfectly and you must be retarded to brick phone when flashing 4.4.4 and doing anything after it. I will say for sure that 80% of hard bricks are caused by 4.4.2 android and updating to 4.4.4(which makes no sense at all) or doing anything after 4.4.2. Just. Stop. Doing. That.
Flash everything from last KITKAT except motoboot and everything will be fine.
how can I know my current bootloader version ?
P.s : ok sorry got it... it is in the bootloader mode (41.13)
http://forum.xda-developers.com/showthread.php?t=3002572
Tell me where to find the 4.4.4 stock xt1034 and I'll link it. My process works. No bricks. Sbf.droid developers is down, send me the 4.4.4 and I'll link it. It is not 4.4.2 causing bricks, it is 4.3!
Sent from my Moto G using XDA Free mobile app
The link is not able to be verified where that gpt.bin came from, that's why I linked the whole stock ROM and not just gpt.bin
Again, try it if you like, and if you don't, don't!
Sent from my Moto G using XDA Free mobile app
I am not suggesting that people flash the whole way back to 4. 4.2. I'm only saying that people need to flash the partition tables from 4.4.2 so then you can install recovery and move on to CM. Re read the op I tell you NOT to flash that rom, but to only update gpt.bin
Sent from my Moto G using XDA Free mobile app
Xt1032?
Do you think this will work for an XT1032 converted to GPE? I have been unable to flash any sort of custom recovery as of yet like it keeps on disappearing when I reboot the device and becoming stock recovery.
Fuchsie said:
Do you think this will work for an XT1032 converted to GPE? I have been unable to flash any sort of custom recovery as of yet like it keeps on disappearing when I reboot the device and becoming stock recovery.
Click to expand...
Click to collapse
Are you flashing recovery from fastboot? If you use fastboot, try flashing the recovery and using the button combo to boot into recovery from fastboot.
Do you have the 41.18 bootloader?
I have an 8 GB Telus xt1032 that I converted to GPE. While on GPE 4.4.4, I mistakenly allowed the 5.01 OTA update to install. Needless to say, it hung at the boot screen and I could do nothing.
I booted back into bootloader and noticed that my bootloader was now 41.18. I downloaded the stock Telus 4.4.4 ROM and manually flashed everything except motoboot.img (this is the bootloader image and is older than 41.18) and the phone booted without issue. I then installed TWRP and can flash pretty much any custom ROM.
I've heard it's possible to flash CM12 over Lollipop 5.0.2 official firmware. It was from 3 sources that peoples did it without problems
brainscollector said:
I've heard it's possible to flash CM12 over Lollipop 5.0.2 official firmware. It was from 3 sources that peoples did it without problems
Click to expand...
Click to collapse
It is possible but not on the GPE firmware. There are differences in the /system partition size and the update script doesn't expect this and hence the flashing fails.
audit13 said:
Are you flashing recovery from fastboot? If you use fastboot, try flashing the recovery and using the button combo to boot into recovery from fastboot.
Do you have the 41.18 bootloader?
I have an 8 GB Telus xt1032 that I converted to GPE. While on GPE 4.4.4, I mistakenly allowed the 5.01 OTA update to install. Needless to say, it hung at the boot screen and I could do nothing.
I booted back into bootloader and noticed that my bootloader was now 41.18. I downloaded the stock Telus 4.4.4 ROM and manually flashed everything except motoboot.img (this is the bootloader image and is older than 41.18) and the phone booted without issue. I then installed TWRP and can flash pretty much any custom ROM.
Click to expand...
Click to collapse
No no I have the 41.18 bootloader as it's a full conversion.
To get around the boot screen hanging I fastboot flashed a gpt.bin. Cheers for the advice though
d33dvb said:
FIRST THING FIRST, THIS IS DANGEROUS. DO IT AT YOUR OWN RISK.
Myself and one other person have successfully done this. If you have success as well, please post here. <snip>
Marcus Lemonis!
Click to expand...
Click to collapse
Finally!
It worked for me: UK Stock KK to GPE KK to GPE LP, on bootloader 41.18 and unable to flash CM12.
It didn't work exactly as you described, it only worked when I did teh following: flash stock v4.4.4 gbt.bin, reboot, flash philz, reboot to recovery, format system (unable to mount it otherwise), flash twrp, convert data from f2fs to ext4 (unable to mount it otherwise), format data, then install CM12, pagapps, and SU.
Thanks!
Does this downgrade the bootloader to 41.13? I'm on retail 4.4.4 with bootloader 41.18, tried flashing gpt.bin from 4.4.4 and it booted straight to bootloader with the message "fastboot reason: utag flash fail configured as fastboot", then I fixed it by flashing all the other files (except motoboot of course) However I'm still on 41.18..
I just want to get rid permanently of the ripple efect every time you reboot.
Motoboot.img is the bootloader file. Once on the 41.18 bootloader, you cannot flash an older bootloader.
The best method imo to flash custom ROMs on the 41.18 boot-loader is:
1) Flash the official Moto 5.0.2 firmwares for your respective devices
2) Flash the OFFICIAL TWRP 2.8.5.0
3) Wipe everything except internal storage. The first wipe will fail and the phone will reboot. Reboot again into the recovery and perform the wipe again. It will work this time.
4) Flash the ROM zip now.
PS: ADB sideload works for me but not MTP.
help me please: with my Samsung Galaxy Note 3 900V. I have a problem: got root and can not unlock the bootloader of the fact that I have a CID begins with the digits "11", and because of which it is impossible to boot into recovery. Safestrap The program also fails to take advantage of (by clicking on "reboot to recovery" device is loaded into the system, have tried almost all the versions of this app and the new and old), I have the firmware is now 5.0 N900VVRUEOF1, what to do and how I can install custom? Maybe we can somehow lower firmware version from 5.0 to 4.4.2 or 4.3, there use to Safestrap? Or somewhere you can find Firmware N900V_VZW_N900VVRUCNC4 service with 4 files? Because a single file, this firmware is not installed - an error aboot? Please help me for 4 days already suffer...
Here is the sequence of SM-N900V stock firmware releases:
MI9->MJ7->MJE->(NC2)->NC4->NJ6->NK1->OB6->OF1
Shown above (in red) are the "RP SWREV" anti-rollback protection trigger points: MJ7, NC4, and NK1.
Once you have flashed a stock firmware in this sequence, you can roll backwards (or forwards) only to the closest prior trip point.
So for instance - in your case - you had/have OF1 firmware on your phone, so you can only flash NK1, OB6, or OF1. You can not flash NC4 (or NJ6, or anything else before NK1).
If you were to flash NK1, you might have trouble rooting - I'm not sure if Towelroot works on NK1.
And even then, if I recall correctly there is no Safestrap version for NK1. But don't quote me on that.
Perhaps you could query @donc113
If I recall correctly he is on NK1, so he might have some ideas for you. He is unlocked now & so probably has more freedom (bcuz of custom recovery), but if he spent time "rooted but locked" on NK1, he'll know what your options are.
.
apxati said:
help me please: with my Samsung Galaxy Note 3 900V. I have a problem: got root and can not unlock the bootloader of the fact that I have a CID begins with the digits "11", and because of which it is impossible to boot into recovery. Safestrap The program also fails to take advantage of (by clicking on "reboot to recovery" device is loaded into the system, have tried almost all the versions of this app and the new and old), I have the firmware is now 5.0 N900VVRUEOF1, what to do and how I can install custom? Maybe we can somehow lower firmware version from 5.0 to 4.4.2 or 4.3, there use to Safestrap? Or somewhere you can find Firmware N900V_VZW_N900VVRUCNC4 service with 4 files? Because a single file, this firmware is not installed - an error aboot? Please help me for 4 days already suffer...
Click to expand...
Click to collapse
You can NOT unlock a Note 3 where the CID starts with 11.
Sorry..but as of now... It simply can not be done.
The exploit that was used to unlock those whose cid begins with 15. Only eMMC chips that start with 15 have the 'backdoor' that was used to unlock the bootloader.
Sent from my SM-N900V using Tapatalk
---------- Post added at 08:23 PM ---------- Previous post was at 08:15 PM ----------
bftb0 said:
Here is the sequence of SM-N900V stock firmware releases:
MI9->MJ7->MJE->(NC2)->NC4->NJ6->NK1->OB6->OF1
Shown above (in red) are the "RP SWREV" anti-rollback protection trigger points: MJ7, NC4, and NK1.
Once you have flashed a stock firmware in this sequence, you can roll backwards (or forwards) only to the closest prior trip point.
So for instance - in your case - you had/have OF1 firmware on your phone, so you can only flash NK1, OB6, or OF1. You can not flash NC4 (or NJ6, or anything else before NK1).
If you were to flash NK1, you might have trouble rooting - I'm not sure if Towelroot works on NK1.
And even then, if I recall correctly there is no Safestrap version for NK1. But don't quote me on that.
Perhaps you could query @donc113
If I recall correctly he is on NK1, so he might have some ideas for you. He is unlocked now & so probably has more freedom (bcuz of custom recovery), but if he spent time "rooted but locked" on NK1, he'll know what your options are.
.
Click to expand...
Click to collapse
There are none. He can root OF1 via the Arabian program but no version of Safestrap works with it.
As to NC4... I was on 4.4.2 which is NC2/NC4 and it was root able... and OF1 (nor NK1) Can not be rolled back to NC4 or NC2.
I know of no way to root NK1 (4.4.4)
(I had NC4 modem [still do] but NC2 firmware)
Sent from my SM-N900V using Tapatalk
@donc113 Oops, my bad - I thought you were on NK1
if I install NK1 then will I be able to take advantage Safestrap got root? Or wait until be able to unlock the bootloader on the " 11 " chip?
apxati said:
if I install NK1 then will I be able to take advantage Safestrap got root? Or wait until be able to unlock the bootloader on the " 11 " chip?
Click to expand...
Click to collapse
NK1 didn't have a publicly-available rooting method, and even if it did, Safestrap never supported NK1.
Unfortunately you are stuck with "rooted stock" only on Ox11 CID phones that have been flashed to NK1 or later firmware.
The hazard with only having a single root (no custom recovery as an alternative boot) is that if you make a mistake that boot loops or otherwise wedges your OS boot, you'll have to start completely over from Odin - and will have no backups.
My next phone is going to be a Nexus. All this dicking around with arcane rooting methods on Samsung devices is BS. It results in a tiny dev community on what is otherwise nice hardware... so, very scarce ROM development.
Can I install custom firmware android 6.0 in some way in my situation ?
apxati said:
Can I install custom firmware android 6.0 in some way in my situation ?
Click to expand...
Click to collapse
In your situation - rooted but without a known way to unlock the bootloader - you have to live within the restriction of using Samsung-signed boot images.
The closest thing to that is Jasmine (for locked/retail devices), but it is a Lolipop ROM.
The chance of you being able to make a custom MM ROM behave nicely with a stock Lolipop boot/kernel image seems a bit remote.
You could experiment but you need to be fully aware that any mistake or booting problem means that you would have to start all over with Odin (full stock flash) and re-rooting.
bftb0,
Here a similar instruction to unlock the bootloader, but the Note 4 with a change in the CID on the "15 .." http://forum.xda-developers.com/not...erting-retail-note-4-to-t3358957#post66367497 How can I do something like this to change my CID and make it starting with "15 .." and continue the unlock here on this instruction http://forum.xda-developers.com/ver...l/official-note-3-verizon-bootloader-t3359370
apxati said:
bftb0,
Here a similar instruction to unlock the bootloader, but the Note 4 with a change in the CID on the "15 .." http://forum.xda-developers.com/not...erting-retail-note-4-to-t3358957#post66367497 How can I do something like this to change my CID and make it starting with "15 .." and continue the unlock here on this instruction http://forum.xda-developers.com/ver...l/official-note-3-verizon-bootloader-t3359370
Click to expand...
Click to collapse
The issue is not the number 15, it is what that number means.. It means that a specific eMMC chip was used and that specific chip had a known 'backdoor' that was used to unlock Note 3's. The code that worked for that specific chip does not work other chips.
So changing your cid to start with 15, would not replace the eMMC hardware and the code still would not work.
Until someone finds the backdoor into those other chips.. Your phone can not be unlocked.
Sent from my SM-N900V using Tapatalk
@apxati
donc113 said:
The issue is not the number 15, it is what that number means.. It means that a specific eMMC chip was used and that specific chip had a known 'backdoor' that was used to unlock Note 3's. The code that worked for that specific chip does not work other chips.
Click to expand...
Click to collapse
^this.
If you are curious, the details of the exploit are described in a file in beaups' github - see SAMDUNK_1.0-03262016.pdf
It happens to turn out that 0x15 is the vendor code for Samsung. But that's more or less just a coincidence; Samsung makes all sorts of stuff... including eMMC flash memory.
bftb0 said:
Here is the sequence of SM-N900V stock firmware releases:
MI9->MJ7->MJE->(NC2)->NC4->NJ6->NK1->OB6->OF1
Shown above (in red) are the "RP SWREV" anti-rollback protection trigger points: MJ7, NC4, and NK1.
Once you have flashed a stock firmware in this sequence, you can roll backwards (or forwards) only to the closest prior trip point.
So for instance - in your case - you had/have OF1 firmware on your phone, so you can only flash NK1, OB6, or OF1. You can not flash NC4 (or NJ6, or anything else before NK1).
If you were to flash NK1, you might have trouble rooting - I'm not sure if Towelroot works on NK1.
And even then, if I recall correctly there is no Safestrap version for NK1. But don't quote me on that.
Perhaps you could query @donc113
If I recall correctly he is on NK1, so he might have some ideas for you. He is unlocked now & so probably has more freedom (bcuz of custom recovery), but if he spent time "rooted but locked" on NK1, he'll know what your options are.
.
Click to expand...
Click to collapse
Is this true with dev edition running OF1?
seadooman said:
Is this true with dev edition running OF1?
Click to expand...
Click to collapse
Yes but you will lose root and bootloader unlock.
Sent from my SM-N900V using Tapatalk
Okay, here is the deal. I was trying to install a costum rom on my att galaxy s4. What I did was I rooted it using king root and tried to flash a rom through rom toolbox, but I believe it was just going to take me to my recovery. After that the screen got stuck on the costum screen with the padlock, and only seems to turn on with a charger plugged into it. I am on 5.0.1 lollipop and have managed to flash the original recovery, but any stock rom I try to flash using Odin fails by saying complete thread failed or something like that, and says on my phone binary 1 or something like that. I really need help on where to start.
Thanks
What is the exact Odin error?
AT&T never released a full firmware for flashing via Odin beyond 4.1.2. Look here for a possible solution: https://forum.xda-developers.com/ga...-to-update-to-i337oc3-5-0-1-keeproot-t3075814
Once the phone is running a 4.3 or higher bootloader, the bootloader is locked and custom ROMs can't be installed unless the custom ROM is based on a stock ROM.
There's an ODIN flashable Android 4.2.2 MDL bootloader tar file out there somewhere too.
If the bootloader is locked, and it sounds like it is since it's running 5.01, Odin will not be able to flash a 4.2.2 ROM or bootloader.
audit13 said:
If the bootloader is locked, and it sounds like it is since it's running 5.01, Odin will not be able to flash a 4.2.2 ROM or bootloader.
Click to expand...
Click to collapse
Are there any other options, or should I just give up on it?
Look at this thread: https://forum.xda-developers.com/ga...-to-update-to-i337oc3-5-0-1-keeproot-t3075814.
Pay attention to this part of the post which may help:
Notes:
1. The above process will not affect your Knox Warranty Flag.
2. The process will update your Modem, Non-hlos, System, Kernel, and Stock Recovery.
3. No need to wipe prior to flashing! The ROM will automatically perform a factory data reset.
4. If you are not already rooted (or to unbrick) you must first flash the I337UCUFNB1_Rootable_Full_Odin.tar (use Odin's PDA slot (AP in Odin v3.09+), root with Towelroot, then proceed with the above process.
5. To learn more about FlashFire's capabilities on locked bootloader devices see here: http://forum.xda-developers.com/show...10&postcount=2
audit13 said:
Look at this thread: https://forum.xda-developers.com/ga...-to-update-to-i337oc3-5-0-1-keeproot-t3075814.
Pay attention to this part of the post which may help:
Notes:
1. The above process will not affect your Knox Warranty Flag.
2. The process will update your Modem, Non-hlos, System, Kernel, and Stock Recovery.
3. No need to wipe prior to flashing! The ROM will automatically perform a factory data reset.
4. If you are not already rooted (or to unbrick) you must first flash the I337UCUFNB1_Rootable_Full_Odin.tar (use Odin's PDA slot (AP in Odin v3.09+), root with Towelroot, then proceed with the above process.
5. To learn more about FlashFire's capabilities on locked bootloader devices see here: http://forum.xda-developers.com/show...10&postcount=2
Click to expand...
Click to collapse
I finally fixed it. I had downloaded that rom before, but it hadn't worked. I decided to try it again and used a different USB port and it worked! Thanks for the help!
Recently decided to try the Bootloader unlock.
Thought everything had gone well, it seemed OK.
Flashed TWRP, and now it won't boot.
I'm stuck at the phone telling me to take it to a Verizon store to fix it.
That being said, I can get into download mode and I get the following :
ODEN MODE
PRODUCT NAME : SM-N900V
CURRENT BINARY: SAMSUNG OFFICIAL
SYSTEM STATUS: Custom
KNOX KERNEL LOCK: 0X0
KNOW WARRANTY VOID: 0X1
QUALCOMM SECUREBOOT: ENABLE (CSB)
AP SMREV: S1, T1, R1, A2, P1
WRITE PROTECTION: Enable
UDC START
SYS REV CHECK FAIL : No Version
SECURE MAGICCODE CHECK FAIL : recovery
From all that, it seems that my recovery is not any good (probably from flashing twrp, duh).
I haven't been able to find a NC2 or NC4 flashable recovery anywhere.
Help?
Or am I barking up the wrong tree and do I need something else?
darkhawkff said:
Recently decided to try the Bootloader unlock.
Thought everything had gone well, it seemed OK.
Flashed TWRP, and now it won't boot.
I'm stuck at the phone telling me to take it to a Verizon store to fix it.
Click to expand...
Click to collapse
That "Verizon" message means that you did NOT unlock the bootloader succesfully.
You would normally see [size=+1]MODE: Developer[/size] in the Odin/Download mode screen if you had successfully unlocked.
As a matter of fact, that condition should always be checked for before trying to flash any recovery.
darkhawkff said:
AP SMREV: S1, T1, R1, A2, P1
Click to expand...
Click to collapse
[size=+1]Whoa! HOLD THE PHONE![/size] (Somebody with an older bootloader - MJE or NC2 at the latest)
If you reflash with Odin, USE EITHER MJE or NC4 at most - nothing later than that!
darkhawkff said:
SYS REV CHECK FAIL : No Version
SECURE MAGICCODE CHECK FAIL : recovery
Click to expand...
Click to collapse
I've never seen those messages before, but it's probably because you flashed something either into the boot partition or the recovery partition and your bootloader is not yet unlocked.
darkhawkff said:
From all that, it seems that my recovery is not any good (probably from flashing twrp, duh).
I haven't been able to find a NC2 or NC4 flashable recovery anywhere.
Help?
Click to expand...
Click to collapse
I will help you out. Please stand by. DO NOT FLASH NJ6 NK1 OB6 or OF1.
darkhawkff said:
Or am I barking up the wrong tree and do I need something else?
Click to expand...
Click to collapse
Stand by for more. posting now (quickly) so you don't do something rash.
bftb0 said:
That "Verizon" message means that you did NOT unlock the bootloader succesfully.
You would normally see [size=+1]MODE: Developer[/size] in the Odin/Download mode screen if you had successfully unlocked.
As a matter of fact, that condition should always be checked for before trying to flash any recovery.
[size=+1]Whoa! HOLD THE PHONE![/size] (Somebody with an older bootloader - MJE or NC2 at the latest)
If you reflash with Odin, USE EITHER MJE or NC4 at most - nothing later than that!
I've never seen those messages before, but it's probably because you flashed something either into the boot partition or the recovery partition and your bootloader is not yet unlocked.
I will help you out. Please stand by. DO NOT FLASH NJ6 NK1 OB6 or OF1.
Stand by for more. posting now (quickly) so you don't do something rash.
Click to expand...
Click to collapse
Thanks for the insight. No worries, I was downloading NC4 ATM, but I would prefer NC2 I think, for now. I got no problems waiting...it isn't my 'main' phone anymore. I got a note 5, but I prefer my note 3 for most usage. It's just....nicer....
I appreciate the help greatly though! Finding older files (like NC2) is damn near impossible. If I was at home, it's probably sitting on my file server somewhere, but I don't have access at the moment. Still at work.
I will also note, I did verify prior to trying to bootloader, to ensure the CID started with 0x15, and it does. Checked like 5 times, just to be sure.
And I figured it would.....since I bought this the day it was released. Anyway.....
Thanks!
OK. First things first. Let's examine the state your phone is currently in before you flash anything.
My educated guesses are that (a) your bootloader is NOT unlocked, and possibly (b) the phone is "stuck" always trying to boot into the recovery - which gives you the Verizon screen, or (c) something worse - for example if you flashed the custom recovery into the wrong partition.
The not-unlocked condition means that whatever is trying to be booted (either the recovery partition or the boot partition) has something non-Samsung in it. Either one would give you the Verizon message about unauthorized software.
When the phone boots from a cold startup, it looks at something in NVRAM called the "BCB" - the Boot Communication Block. If it is "empty" it will do the normal thing - try to boot the phone normally, starting with the "boot" partition. But, the BCB can contain other instructions, such as "boot to recovery", or "boot to Odin mode". And experience seems to indicate that the conditions under which the BCB is cleared (i.e., goes back to the default) is a little bit buggy or quirky - so that the phone can get "stuck" always trying to boot either the recovery or Odin/Download mode.
The "three-finger salute" of Vol-Down + Home + Power - which you normally use to start up Odin - seems to clear the BCB when you choose the "Cancel" option (Vol-Down) from that initial splash screen, and it usually will attempt to boot the normal ("boot") partition if you select "Cancel" ( = Vol-Down ).
So FIRST: Pull your battery. Re-insert. Vol-Down+Home+Power until you get that "do you want to install custom software?" screen. Press Vol-Down to cancel.
===> Does your ROM boot correctly?
If so, then you can attempt to unlock again without any flashing. I suppose you are still rooted if your phone still boots.
===> If your ROM still boots, please report it's exact firmware version. It makes a big difference whether it is a M-series or an N-series. (Note: I am asking about the bootloader firmware, not the ROM version).
If your ROM does not boot, then you are going to have to use Odin in one way or another.
I can help you out with that and point you at the correct custom recovery, depending on which bootloader firmware you want to end up with. (Especially if you have a copy of the NC2 firmware at home (it's the only one I don't have).) DON'T FLASH NJ6 OR ABOVE IN ODIN - yet. (Towelroot V3 is trivially easy on anything from MI9 through NC4, and rooting appears to be a pain in the rear beyond that)
let me know what you find.
darkhawkff said:
I will also note, I did verify prior to trying to bootloader, to ensure the CID started with 0x15, and it does. Checked like 5 times, just to be sure.
And I figured it would.....since I bought this the day it was released.
Click to expand...
Click to collapse
That certainly is a mandatory prerequisite to success. But it doesn't mean that something won't go wrong during the unlock process. To be sure, just boot into Odin mode after you think everything has succeeded and look for that "MODE: Developer" message on the Odin screen to verify that the unlock process succeeded.
There are a couple different versions of the unlocker binary in that Unlock thread, and most of the variations have to do with how the program went about reading the CID value out of the volatile filesystem /sys during initial sanity checks. As that location seemed to change from firmware release to release, there was some dependency between the unlock binary version and the OS release level of the rooted ROM it was used on. So a "safety check" in the code was what was making it non-portable; the actual CID change and binary patching of the "aboot" partition was the same in every version.
I might have used @donc113's original variant (post #218) when I was on MJE. If you are rooting with M* or N* ROM firmware, that version should work.
The other thing that happened was that (I think?) someone released an app that was really just a wrapper around the binary file. That had the unfortunate side effect of hiding the status and error messages the unlock binary produces if someone happened to use it on the wrong OS version. It's possible that someone that is rooted could slip a different version of the "unlock" binary underneath that app (in it's appropriate /data/data/* location), but that's asking a lot from people who gravitate towards using "one click" apps.
You didn't mention whether you were using the app or just the command line. If it was the latter I think that careful inspection of the unlock binary's output would have indicated success or failure.
Anyway, some TWRP custom recovery links:
TWRP for hltevzw
If you have a M* series bootloader use the -4.3.img recoveries, otherwise use -4.4 for N*, O*, or P* firmware
(The AryaMod ROM uses the Aroma installer, which apparently needs the twrp-2.8.7.0-hltevzw version, not the twrp-3.0.2-0-hltevzw. So... grab both of them)
PS I recently "upgraded" my bootloader from MJE to NC4. I did this because the M* series bootloader is incompatible with later kernels (due to technical issues about how the "DTB" (Device Tree Blob) attached to the kernel is parsed and initialized by the bootloader). I probably would have gone with NC2 instead of NC4, but all the links for the NC2 leak firmware were dead. At least NC4 is easy to root with Towelroot v3, and so far I've been able to boot and run not only lolipop roms (e.g. CM13) but a marshmallow rom (AryaMod) without major troubles. So I have an Odin-back-to-stock method for device recovery that is easily rootable (in contrast to NJ6, NK1, or PL1 which have no root method, or OB6/OF1 which have crufty/difficult rooting methods (& perhaps dodgy too)).
.
Any chance of just using Odin and flashing a stock recovery image? Rather than killing the entire os too?
I can't find just a recovery image though.
darkhawkff said:
Any chance of just using Odin and flashing a stock recovery image? Rather than killing the entire os too?
Click to expand...
Click to collapse
That works when the bootloader is unlocked (even with unsigned recoveries such as TWRP). Not sure about the locked case.
Code:
tar -H ustar -c -f my_recovery_only_Odin_bundle.tar recovery.img
md5sum my_recovery_only_Odin_bundle.tar >> my_recovery_only_Odin_bundle.tar
mv my_recovery_only_Odin_bundle.tar my_recovery_only_Odin_bundle.tar.md5
Note that the above technique for preparation of Odin flashables isn't restricted to adding just a single file. For instance, someone that had a bootlooping stock ROM in need of repair could probably create a tar.md5 bundle that only contained "boot.img" and "system.ext4.img"* Note that when Odin does the MD5 checking, it wants the filename to be unchanged (other than the .md5 extension). So don't change the name of the .tar.md5 file to something else or the MD5 check in Odin will fail.
darkhawkff said:
I can't find just a recovery image though.
Click to expand...
Click to collapse
It's inside the stock Odin tar.md5 bundle. Just extract it.
Is it even important at the moment? So long as your phone boots normally, what's in the recovery partition simply doesn't matter
Did you try the Vol-Down+Home+Power startup (followed by Cancel == Vol-down) that I suggested above? What happens?
.
* There is one place where partial firmware flashes would be extremely ill-advised: if you were flashing a bootloader (dear lord why?) ALL five pieces (aboot.mbn, sbl1.mbn, rpm.mbn, tz.mbn, sdi.mbn) need to be flashed as a group all in one go
Yup. Just tried that finally (was busy at work).
Fixed. I'm unlocked bootloader.
Yup, I'm still on NC2 (not that it's a surprise).
Still haven't been able to find the files at home. I thought I might have them saved somewhere, but apparently not. Still have 1 or 2 places to look, but I'm going to guess that I don't have it anywhere.
darkhawkff said:
Yup. Just tried that finally (was busy at work).
Fixed. I'm unlocked bootloader.
Yup, I'm still on NC2 (not that it's a surprise).
Still haven't been able to find the files at home. I thought I might have them saved somewhere, but apparently not. Still have 1 or 2 places to look, but I'm going to guess that I don't have it anywhere.
Click to expand...
Click to collapse
hope I helped.
Make a backup of your current ROM in TWRP and get it off the phone into a safe place. Then you will feel free to experiment with different ROMs as time allows. I would also suggest it is really a good idea to save that "debrick" image on the SD card in case a utter disaster happens (probably you will never use it though).
(before reformatting the SD card to get it back to usefulness)
Code:
dd if=/dev/block/mmcblk1 bs=4096 count=65536 of=/data/local/debrick.img
(or, too-late... get a debrick image with the modded "aboot" partition unlocked bootloader)
Code:
dd if=/dev/block/mmcblk0 bs=4096 count=65536 of=/sdcard/debrick.img
I'll archive the NC2 if you can find it (send me a PM) even though I can't use it any longer as I recently flashed NC4 bootloader. I have all the other firmware releases, just not that one.
The NC2 (leak) engineering bootloader appeared at a time when the kernel DTB blobs were changing structure; hopefully it is able to boot all later kernels. Please drop a note somewhere in these forums if you discover problems booting newer kernels - whether custom or stock. As I mentioned, if NC2 won't work, NC4 seems decent enough so far and it preserves a full-stock Odin recovery/rescue to a ROM version which is easily rooted with Towelroot v3
As to modems, I've done a few pairings of my flashable-stock ROMs with different modem releases (see the flashable stock thread for downloads) and - strangely - the NC4 modem won't work at all with NJ6 or NK1 (no service) kernels/ROMs, but it will work with later kernels/ROMs e.g. OB6-PL1. Just mentioning it because the NC2 modem might behave in a similar strange fashion since it is of the same vintage. I haven't had any troubles flashing modems up-version or down-version.
.
Well, all great!
I got Aryamod installed and going well.
NC2 bootloader yet too! TWRP obviously installed and OK, with 2.8.7 I believe. Installing apps now.
It really makes a difference with this phone too. I'm quite surprised by it to be honest.
All I know, is I might actually switch back to using my note 3 instead of my note 5 as my daily driver again.
Thank you again for the help. I really appreciate it.
darkhawkff said:
Well, all great!
I got Aryamod installed and going well.
NC2 bootloader yet too! TWRP obviously installed and OK, with 2.8.7 I believe. Installing apps now.
It really makes a difference with this phone too. I'm quite surprised by it to be honest.
All I know, is I might actually switch back to using my note 3 instead of my note 5 as my daily driver again.
Thank you again for the help. I really appreciate it.
Click to expand...
Click to collapse
Good deal.
AryaMod is a pretty nice ROM. Marshmallow FTW!
(I'm glad I bought a device with 3GB of RAM.)
Could you please message me at [email protected] I tried to root my sm-n900v note 3 on 5.0 and it's soft bricked. I can't get Odin to flash..keeps failing. I need to talk to someone just bought it week ago man.
Right now I have two CID 15 G900Vs with PB1 rooted 5.0 firmware and OD5 bootloader. I'd like to use the spare to try out MM 6.0.1 rooted using the unlock procedure.
I know that loading a post-OD5 stock bootloader is irreversible. If I use the procedure here:
https://forum.xda-developers.com/ve...t/rd-unlocking-galaxys-s5-bootloader-t3337909
to install an unlocked bootloader, is that an irreversible change? Will I be unable to go back to an earlier (OD5) bootloader or firmware after the unlock procedure?
If I use this procedure:
https://forum.xda-developers.com/verizon-galaxy-s5/general/update-qi2-t3688046
and install
Developer Bootloader Friendly/No Aboot No-Wipe Firmware:
G900VVRU2DQI2_G900VVZW2DQI2_G900VVRU2DQI2_HOME_No_ Aboot.tar.md5.zip
will I trip a KNOX flag or set any fuses or otherwise do anything that cannot be undone? I'd love to play with this stuff but want to make sure I can back it out if necessary.
Thanks,
Mike