Related
Dear xda'er from the USA: To the disappointment of some in this forum, the xda-team has decided to split the sections on the Samsung Galaxy S i9000 and its US-counterparts into SEPARATE sections! You will be able to get some help here but you will likely be better helped/supported/suited in the forums that belong to your specific device!
Note: Many of the FAQs may still apply to you and you are welcome to make use of our setup. However, if you have open questions I suggest directing them to the above mentioned forums.
IP-Notice: You are welcome to use the information in this thread! If you do, please link the original source.
I try to give credit where due. If you feel I am using your content without your authorization or proper credits, please contact me!
General Note: There are now four official models of the Samsung Galaxy S outside the US: the GT-I9000 (International), GT-I9000M (Canada), GT-I9000B (Brazil), GT-I9000T (Mexico). All information in this FAQ is based on the GT-I9000 International version. Most of them also apply to the other models. The I9000M and I9000T are virtually identical to the I9000 and are mostly compatible with I9000 software. The I9000B has an added digital television receiver and is generally not as compatible. Please check carefully before starting to mess with the firmware on your device, check for possible compatibility issues beforehand and ALWAYS make sure you have three button recovery (see FAQ#A12)
Note: The I9000B has a separate FAQ
Note2: For the Korean Galaxy S SHW-M110S, please see this separate FAQ
Disclaimer: This FAQ is provided as-is without any warranties to completeness/correctness. I will take no responsibility if you break/brick/damage your phone.
Contents:
Post#1: Frequently Asked Questions
Post#2: HOWTO Section
Post#3: ADB Tutorial
Post#4: Tutorials and Fixes
Post#5: Tips & Tricks
Post#6: Firmware Selection Guide
FAQ Sections:
A. General
B. Firmware
C. Modding
D. Applications
E. Recovery
(A) General:
1.How can I reset my phone?
2.I have flashed a new firmware and now my phone won't connect to 3G. What's wrong?
3.Can I disable 2G broadband like on the Desire/N1?
4.I flashed a new firmware and now I cannot download protected apps and Market-enabler doesn't work. How can I still install protected apps?
5.My phone takes forever to get a GPS-fix? Is there a solution to this problem?
6.I am experiencing long loading times when opening apps/intermittent lags when switching screens. What is the problem?
7.My G-sensor seems to be off. How can I calibrate it?
8.I have a SIM-Locked phone. Is there anything I need to look out for?
9.When will Ice Cream Sandwich be released for my shiny new phone?
10.I'm running Linux. Can I still flash my firmware? Do I need to install Windows?
11.Most phones have a bunch of codes that can be entered in the dialer for special functions. What are they on the SGS?
12.My phone cannot enter download mode or recovery mode using the buttons combos. What can I do?
13.I live in Canada/Mexico (The Americas in general). Can I get my phone to use the 850Mhz bands with I9000 Modems?
1.How can I reset my phone?
On the Galaxy S the soft-reset is achieved by pressing and holding the power button. A hard-reset can executed by pressing and holding VolumeUP+Home+Power. There you will find the options "reboot", "apply sdcard:update.zip", "wipe data/factory reset" and "wipe cache partition". (Note: The list of options can vary considerably after installing modified firmware/kernels)
The "wipe data/factory reset" option will restore your phone to the original configuration of the firmware YOU LAST INSTALLED (including any updates made via update.zip). This will NOT bring your phone back to the firmware installed when you originally bought it unless you haven't flashed your phone.
You can navigate the recovery screen using VolumeUp & VolumeDown and use the Home button to select.
2.I have flashed a new firmware and now my phone won't connect to 3G. What's wrong?
The CSC you used is most likely not intended for your area. This means that the broadband provider settings are not included and need to be configured manually. To do this, go to Settings->Wireless and Networks->Mobile Networks->Access Point Names, press the settings-button and select "New APN". You will then need to enter the respective data as provided by you mobile operator. APN settings can usually be found on the operators website.
3.Can I disable 2G broadband like on the Desire/N1?
As of firmware XWJM1 (July 2010), this function is available in the wireless settings. All current firmwares now have this feature.
4.I flashed a new firmware and now I cannot download protected apps and Market-enabler doesn't work. How can I still install protected apps?
This is done by google to protect commercial applications from piracy. This usually only happens on internal beta firmwares. Use Eris Market Fix from the Market or the tutorial in P#4,T#1. Both fixes require root privileges (See FAQ#C1)
5.My phone takes forever to get a GPS-fix? Is there a solution to this problem?
It appears that the XWJM1 and XWJM2 firmwares have mostly fixed the major GPS issues and the general consensus is that these firmwares deliver consistently better GPS results than previous firmwares. The usability, however, still varies per location and sometimes the software gets no fix despite seeing plenty of satellites.
To date, there appear to be no better fixes available. There are still many reports that GPS is flaky and it appears as if Samsung is no longer working on improvements in this area.
6.I am experiencing long loading times when opening apps/intermittent lags when switching screens. What is the problem?
The Samsung Galaxy S uses the internal SD to store cache data by default. This storage uses the severely outdated RFS (FAT-related) filesystem. Next the to poor performance in a good state, RFS appears to rapidly manifest massive amounts of filesystem errors which cause the experience on the SGS to degrade over time.
Currently almost all custom kernels fix the problem by replacing the RFS filesystem with ext4 on (virtually) all partitions (some do not touch the /efs partition). Original credit for the discovery that the filesystem was the problem belongs to mimocan and the fix has since been refined by RyanZA, z4ziggy, sztupy and most notably supercurio.
7.My G-sensor seems to be off. How can I calibrate it?
The G-sensor calibration appears to be off in a lot of shipped devices. Current firmwares can calibrate the accelerometer in the Display menu.
8.I have a SIM-Locked phone. Is there anything I need to look out for?
As of now there are several reports of successfully flashed SIM-locked phones and no reports of any (related) problems.
This means that as of now (there seem) to be no specific restrictions for SIM-locked phone except the lock itself. However, the lock on the Galaxy S can be easily removed. Please refer to T&T#20 for unlocking your phone.
9.When will Ice Cream Sandwich be released for my shiny new phone?
At the moment, there are no indications that Samsung will release a fully featured Android 4.0 firmware for the Galaxy S. They are, however, porting several ICS features to Android 2.3. While this is very disappointing, there are several ICS ports based (in part) on the sources for the Nexus S available already which will probably result in a relatively stable build in the long term.
10.I'm running Linux/OSX. Can I still flash my firmware? Do I need to install windows?
If you are running Linux or OSX you do not need to install Windows. You can either run Odin in a virtual machine or alternatively use Heimdall by Benjamin Dobell. Heimdall runs natively on Linux and OSX and has reached a well tested release state.
11.Most phones have a bunch of codes that can be entered in the dialer for special functions. What are they on the SGS?
There is a list of "secret codes" here. There are also several apps in the market with these features in the market.
12.My phone cannot enter download mode or recovery mode using the buttons combos. What can I do?
Some batches in various countries seem to not have this feature. However, Samsung Canada has released a fix via Kies (for the I9000M) and it has been adopted to suit a larger audience (I9000 and I9000M). Instructions on how to update your phone to get the three-button-combo can be found here or here. Note: Follow the instructions in that post CAREFULLY and read it completely BEFORE attempting to do anything on your phone. If done improperly, this can still brick your device!!!
13.I live in Canada/Mexico (The Americas in general). Can I get my phone to use the 850Mhz bands with I9000 Modems?
Users in the Americas will find that the I9000 modems use the 900Mhz band which is not used in the Americas. However, since the I9000 is virtually hardware-identical to the I9000M and others which do use the 850Mhz band, the band can enabled on the I9000 modems. There is a guide here.
(B) Firmware:
1.What is a ROM/firmware?
2.Can I update my firmware?
3.Why are there sometimes multiple files in the firmware archive/folder?/Why do I get three different versions when using *#1234#?
4.Can I mix PDA/Modem/CSC files from different firmwares without bricking my phone?
5.My phones software version says I9000XXJF3/XXJF5/xxxxx. What does this mean?
6.I want to install new firmware but I want to have a backup of my original firmware to go back to in case I need to go back for warranty reasons. Can I backup my original firmware somehow?
7.Can I flash an Asian ROM on my European device or vice versa?
8.What is the .pit file? Why are there different versions?
9.I flashed a new firmware using Odin (or Kies) and now my phone is acting weird (force closes etc)? Also, my settings are also still there.
1.What is a ROM/firmware?
The firmware/ROM is the software that runs on the phone. In case of the Galaxy S this is (currently) Android 2.3.5 Gingerbread. The Galaxy S was initially released with Android 2.1 Eclair and will most likely not receive any major firmware upgrades anymore. Samsung is porting several features from newer Android versions but has refused to bring a fully-featured Android 4.0 release on the grounds that the TouchWiz UI together with ICS would be to big for the normal system partition.
2.Can I update my firmware?
Most likely: Yes. You can update your firmware through Samsungs official application (Kies) and with firmwares that have been leaked or otherwise been obtained for installation without using the Samsung Kies software. You can find firmwares made by Samsung for phones all over the world, here. You will also find a guide to the installation in HOWTO#1 in the second post of this thread.
Note: Please also keep in mind that not all firmwares that come with phones are available. Reflashing to stock may not be possible because the specific firmware isn't available!
3.Why are there sometimes multiple files in the firmware archive/folder?/Why do I get three different versions when using *#1234#?
Galaxy S firmware updates come in three parts (which are sometimes packaged as one file):
-The CODE itself (called PDA). This is android and all the applications that come with it. (The archives/folders will be named after the version of this file)
-The MODEM (called Phone). This is the firmware of the wireless chipset of the device and will operate you WiFi, Blutooth and 3G/2G/GSM connections. (ie Radio ROM)
-The CSC (short for Customer Specific Customization). This includes connection data for the broadband networks as well as apps that are only available in certain languages/intended for a specific area.
If we ask for your firmware, we want to know all three!
Since not all of these require updates simultaneously, often then CSC and MODEM files will have lower version numbers.
(Also when packaged in one file the repartition option should NEVER be checked in Odin because it will mess up your partition layout and will require a reflash with three-part firmware!)
Most firmwares that are currently available are no longer split up into the three parts and instead delivered as one which can be flashed by entering it as the PDA/CODE in Odin.
4.Can I mix PDA/Modem/CSC files from different firmwares without bricking my phone?
Yes. Most Modem/CSC files will work with any PDA. However, there may be compatibility issues which may force you to reflash your phone. Note also that newer CSCs usually include newer versions of the software that comes with them (Some of which may not be upgradable via the market or other means).
5.My phones software version says I9000XXJF3/XXJF5/xxxxx. What does this mean?
The first two letters describe the country while the third gives the year, the fourth gives the month and the last number/letter is the version of the firmware (from that specific month. Numbering starts at 1-9 and then uses letters from A-Z). For an extensive list of the country codes, see this thread.
Note: To better distinguish the firmware releases based on a new Android version (2.1 vs 2.2 vs 2.3 etc), Samsung has shifted the use of the third and forth letter and these are now no longer coherent with the year and month according to Samsung's old system.
6.I want to install new firmware but I want to have a backup of my original firmware to go back to in case I need to go back for warranty reasons. Can I backup my original firmware somehow?
You can backup most of your firmware through Clockwork Recovery, however, since this already requires root it is not suitable for a warranty return. Nevertheless virtually all firmwares that are currently being shipped with the phone are available and thus a restoration is almost always possible.
7.Can I flash an Asian ROM on my European device or vice versa?
Flashing firmwares between several areas is easily possible. Please make sure you have the correct model before flashing. The international SGS has the model I9000. The Korean version and the US variants have significantly different model numbers and firmwares for those phones should NEVER be flashed on the I9000 or vice versa.
8.What is the .pit file? Why are there different versions?
There are now three different versions of the .pit file. 513.pit, 512.pit and 803.pit. Most firmwares since the end of 2010 do not require a .pit file to be selected. Generally only the 512 version is used. The .pit file is only necessary if you intend to repartition the phone. If you do, you inadvertently wipe all your data (not the internal SDcard). Since the partitioning of the device has not changed for more than a year, repartitioning is almost never necessary unless you used a custom firmware like cyanogenmod, which changes the partition sizes.
The .pit file maps partitions on the NAND storage.
9.I flashed a new firmware using Odin (or Kies) and now my phone is acting weird (force closes etc)? Also, my settings are also still there.
Some firmwares that can be flashed via Odin and the firmwares that are flashed using Kies, do not touch your settings and they do not empty your cache and appdata partitions. As a results, there is data there from previous firmwares which may lead to unforseen complications. Especially so, if your previous firmware was based on a different android version (i.e. flashing from XWJM6(android 2.1) to XXJPC(android 2.2)). You can attempt to overcome this by wiping the cache. Usually, to resolve this, you have to do a factory reset according to FAQ#A1
(C) Modding:
1.What is root/rooting?
2.What are customROMs? How do I get them?
1.What is root/rooting?
root is the user account in Linux with all privileges. The root user can edit anything on the system. For safety reasons, users do not have all those privileges. When you root your phone, you will gain write access to areas of the phone you couldn't previously access and are allowed to run more commands in the terminal. Because applications do not get a lot of priviledges, some of them require you to root the device in order for them to function properly (or fully). There is a tutorial for rooting in the Post #2 and there is a Chainfire Root that works most firmwares. CF-Root essentially is a kernel that is flashed over the original kernel.
If all of this means nothing to you then you are probably wise to NOT root your phone. Mistakes using root can break your phone very easily. (Usually, but not always, these can be solved with a reflash)
2.What are customROMs? How do I get them?
Custom ROMs are modified versions of the Samsung firmware or complete rewrites of the Android OS for the Galaxy S such as Cyanogenmod (and the derivative MIUI). Almost all current custom ROMs are based on Android 2.3 with some now being based Android 4. They can be found in the Android Development Subforum.
(D) Applications:
1.I tried using Allshare/DLNA but it will not recognize my device/play any files?
2.Can I change the default homescreen of the Touchwiz Launcher?
1.I tried using Allshare/DLNA but it will not recognize my device/play any files?
As of now a lot of DLNA certified devices/software do not work with Allshare. However, Samsung TVs should work and Windows Media Player 12 as well as Samsung's PC Share Manager work in most cases.
2.Can I change the default homescreen of the Touchwiz Launcher?
You cannot change the default Homescreen in the settings. However, if you are rooted, there is a way to change the default homescreen. See T&T#5 for more info.
(E) Recovery:
1.WHAAAA! I think I bricked my phone. My flash was unsuccessful/My device boots to a black screen/similar scenarios. Can I still save my device?
1.WHAAAA! I think I bricked my phone. My flash was unsuccessful/My device boots to a black screen/similar scenarios. Can I still save my device?
Most likely: YES! In almost any case, you should still be able to turn off the device (if necessary by removing the battery) and start into download-mode (VolumeDown+Home+Power) or recovery-mode (VolumeUp+Home+Power). After (for example) an unsuccessful flash, you can retry the flash in download-mode (same steps as when flashing a functioning device). If a flash to a functioning f/w (without applying any update.zip) doesn't help or you cannot get your PC to flash at all, you can ask for help here.
If you see a symbol asking you to connect to the PC, depending on how you arrived at this point, it may be sufficient to connect to the PC and run Odin (i.e. press "start" when the phone is recognized) without adding any files. This may, however, leave some residual issues if (for example) had an incorrect/incomplete flash so you may want to do a normal flash after this!
If you do not have download mode and for some ludicrous reason felt the need to go ahead and modify your firmware regardless of this lacking, there is now a guide on creating a home-made JIG which will force your device into download mode without the actual button combo here. Also pre-fabricated JIG dongles can be purchased on ebay for a couple of EUR/USD.
-----------------------------------------------------------
Changelog:
[12th July] FAQ created.
[12th July] Added Flash HOWTOs in Post#2
[13th July] Added list of CustomROMs in FAQ#10
[16th July] Added notification for US phone users
[18th July] Added rooting to HOWTOs
[18th July] Added ADB tutorial in Post#2
[19th July] Moved ADB tutorial to Post#3
[19th July] Added Tutorial/Fix section in Post#4
[19th July] Added "Protected Apps Market Fix" in Post#4, Tutorial#1
[24th July] Removed SIM-Unlocked as a requirement from flash HOWTO (Post#2, HOWTO#1).
[24th July] Added Tags for categorizing the FAQ
[26th July] Added Tip&Tricks section in Post#5
[20th August] Added a ROM-Selection Guide in Post#6
[30th August] Major Rework of the FAQ section
[8th October] Added "Installing any official firmware using Kies" in Post#4, Tutorial#2
[17th October '10] Added "Extracting Samsung Phone Drivers from Kies Installer" in Post#4, Tutorial#3
[2nd March '11] Began Major Update
[5th November '11] Updated to recent release of Android 2.3 and other changes
[7th January '12] Some updates to reflect recent changes regarding software and Android 4.
[6th April '12] More updates regarding Android 4.0 and some other updates.
Flash/Update Guides
!!!READ THE GUIDES AND NOTES COMPLETELY!!!
General Note:Flashing may refer to both methods. However, Method 2 requires files to already be on the phone. Therefore if you semi-bricked your phone, method 1 is usually the preferred way to fix it.
General Note 2: Flashing firmware and/or factory resets will WIPE your APN settings. Make sure you are using the right APN if that is a possible issue with your provider.
Important General Note: Several batches of phones that were sold have the download-mode button combo disabled (VolumeDown+Home+Power or alternatively Home+Power on some phones). Check if the download-mode combo works BEFORE flashing! Please refer to FAQ#A12 and T&T#23 for a fix for the download mode if it doesn't work on your phone!
HOW TO:
1.Flash Firmware and kernels using Odin.
Note: This will in (almost) all cases erase all your data and applications (includind root!). It will NOT touch the internal or external SD card.
Requirements:
-Odin3 version 1.82 (Note: Odin should be on the system partition (the partition where windows is installed) to avoid possible issues)
-".PIT" file for the Samsung Galaxy S (See FAQ#B9 or the source of the FW for the version to use! Not needed for kernel flashes.) .PIT files are usually not necessary anymore since the partition layout of the SGS hasn't changed since the end of 2010
-USB cable
-Desired firmware package or desired kernel package
Procedure:
1.Open ODIN. (And close Kies, if you have it open. It is important to have ODIN open BEFORE connecting the phone via USB!)
2.Select the PDA/Modem/CSC/.PIT files in Odin. (For kernel flashes, only PDA is required. For FW flashes, at least a PDA is required. Some PDAs have Modem and CSC integrated. If you decide to repartition, make sure you choose the right file, currently almost always the one with the ending 512.PIT)
[Optional]3.Check the "Re-Partition" checkbox. (Only do this if you have separate packages for PDA, Modem and CSC AND you have a .PIT file selected! Don't do this for single PDA flashes or kernel flashes!)
4.Turn the phone into the download mode by pressing and holding VolumeDown+Home+Power.
5.Connect your phone with your computer and wait until the drivers are installed.
6.When the drivers are installed, click Start.
7.The phone will be flashed and once it’s finished, it will boot up. (Do NOT disconnect the usb-cable, remove the battery or otherwise interrupt this process!)
8.You have successfully flashed your phone.
2.Update to CustomROMs/Mods/Root using .zip files
Note: Depending on the firmware you selected, this may or may not wipe your applications and the respective data. In any case, it will not touch your internal and external SDcards!
Requirements:
-ADB (from the Android Software Development Kit) -- Optional
-CustomROM File
-USB-cable
-2e recovery, Clockwork recovery (can be installed using HOWTO#1 and an appropriate kernel) (Note: 3e recovery will not allow the installation of .zip files that aren't signed by Samsung and is as such not usable for this procedure)
There are two methods for applying the update. Procedure A requires some basics in using a terminal (and ADB). Procedure B can be carried out by anybody but usually isn't available if the bootloader does not have download mode. See FAQ#A12 for more information on download mode using the button combo.
Note: The recovery screen can be navigated using the Volume Up and Volume Down Buttons (Up and Down) and the Home Button (To Select)
Procedure A: (Requires ADB)
1.Copy the CustomROM/root file to the "/sdcard/" folder on the phone and (if not already the case) rename to "update.zip"
2.On the phone go to Settings->Applications->Development and check "USB debugging"
3.Extract the Android SDK and navigate to the /tools/ subfolder of the SDK folder using cmd.exe.
4.Run "adb reboot recovery" to enter recovery mode
5.Wait for the recovery screen en select "apply: /sdcard/update.zip"
6.Wait for it to finish and reboot.
Procedure B: (Does NOT require ADB)
1.Copy the CustomROM/root file to the "/sdcard/" folder on the phone and (if not already the case) rename to "update.zip"
2.Restart in Recovery Mode by pressing an holding VolumeUP+Home+Power.
3.Wait for the recovery screen en select "apply: /sdcard/update.zip"
4.Wait for it to finish and reboot.
If you encounter trouble with the ROM afterwards, enter recovery mode again and select "factory reset/wipe data/cache" and confirm before seeking help.
ADB Tutorial
ADB Tutorial
Many tutorials, fixes and mods are written assuming a basic knowledge of ADB. ADB is a command-line tool that is part of the Android Software Development Kit (a.k.a. Android SDK or ADK). This tutorial is aimed at getting you acquainted with the basic functions/workings of the ADB tool.
(Note: I do not currently use/have Linux installed. For now, this tutorial will be Windows-only. However, I suspect Linux users are versed in command-lines already and do not need a tutorial like this to open adb)
Requirements:
-Android Software Development Kit (you do not need to run "SDK Setup.exe" to use ADB!)
-Rooted Samsung Galaxy S
-Busybox (installed from market and updated!)
Basic Setup:
In order to use ADB you will first need to decompress the Android SDK. For simplicity, decompress the folder "android-sdk-windows" into the root of one of your partitions. (I am using the root folder of my D: partition for the purpose of this tutorial)
You now need to start the Windows Command-Line tool "cmd". This differs per Windows version:
XP: Go to the start menu and click "Run", type "cmd.exe" and confirm with "Run"
Windows Vista/7: Go to the start menu, type "cmd.exe" and hit enter.
You will now see a command-prompt open (I erased my username):
As stated before, my "android-sdk-windows" folder is located on my D: partition. You will now need to navigate to the "platform-tools" subfolder of the "android-sdk-windows" folder:
Before we go any further we will now have to complete some steps on our phone:
-Make sure the phone is rooted (find the application "Superuser Permission")/has the latest version of busybox installed (Run "BusyBox installer" and make sure it says, that the latest version is installed). If not, root your phone according to the HOWTO in Post#2 and install busybox from the market (and follow the instructions in the description) respectively.
-Put your phone in USB debugging mode: "Settings"->"Applications"->"Development" and check "USB debugging"
-Close all other applications on your phone and go back to the TouchWiz Launcher Home Screen
-Connect the phone to your PC
Now, we are ready to run ADB:
I hope this helps all those who were clueless so far on all the adb-based tutorials for fixes etc.
Tutorial for Market Fix
Note: This section is strictly a work in progress and new tutorials will be added when they become available and have been confirmed as working!
Content:
1.Market Protected Application Fix
2.Installing any official firmware using Kies
3.Extracting Samsung Phone Drivers from Kies Installer
4.Backing up the /efs folder
Tutorials/Fixes:
1.Market Protected Applications Fix
Background: In order to prevent the illegal copying of copyrighted applications google has integrated what are called protected apps. These applications have some copying protection which means they cannot be backup-ed without root. In order to prevent rooted/modified phones from getting those applications, google market checks the build.prop file in the /system/ folder against a verified list to see if the version of your firmware is an official release. This tutorial will show you the steps to replacing the build.prop of the firmware you installed with that of a firmware that is verifiedand accepted by google.
Note: MoDaCo's r2 and the derivatives thereof have a fix included for this in the ROM (can be found in "MCR Scripts").
NOTE: As of now, "Eris Market Fix" from the android market seems to work on the SGS. It uses a similar procedure and should achieve identical results (for now). The app itself can be uninstalled after the fix is working.
Requirements:
-Rooted Samsung Galaxy S
-ADB (from the Android Software Development Kit)
-build.prop from a recognized official firmware
Procedure:
1.Download and extract "build.prop".
2.Copy the "build.prop" to the root of your internal SD card (to the folder "/sdcard")
3.Make sure the phone is rooted (find the application "Superuser Permission")/has the latest version of busybox installed (Run "BusyBox installer" and make sure it says, that the latest version is installed). If not, root your phone according to the HOWTO in Post#2 and install busybox from the market (and follow the instructions in the description) respectively.
4.Run the following commands in ADB (for a tutorial on ADB, see Post#3):
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
busybox mv /sdcard/build.prop /system/build.prop
reboot
5.Wait for the phone to reboot. Check if can see protected apps (for example the paid version of tapatalk)
6.If you cannot see protected apps, you may have to wait a while in order for market to recheck the build.prop. This process can be helped bu setting the system time (manually) to 23:59 (i.e. 11:59PM) and wait for it to pass the 0:00 (i.e. 12:00AM) mark. Then return the time to the correct time setting and reboot. (You may still need to wait a few minutes before you can actually see protected applications)
7.If you still can't see protected applications, restart in recovery mode ("Volume Up"+"Home"+"Start") and wipe the cache of your phone. (You may still need to wait a few minutes before you can actually see protected applications)
For the interested, here a explanation of the code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount is the linux routine to mount a device to a specific path
-o will allow you to issue several commands to the mount routine, separated by commas
remount will unmount and then mount the filesystem again
rw will cause the filesystem to be mounted with read/write permissions
-t is the parameter used to define the filesystem
yaffs2 is "yet another flash file system 2"
/dev/block/mtdblock3 is the hardware-location of the system path
/system is the path to which you want to remount the hardware location
busybox mv /sdcard/build.prop /system/build.prop
busybox causes the following commands to be executed by busybox instead of default android
mv moves files from one location to another
/sdcard/build.prop is the path to the file that is being moved
/system/build.prop is the path where the file gets moved to
2.Installing any official firmware using Kies
Background: In August 2010 Samsung started (if only scarcely) to release official and test updates for the i9000 firmware. Since many users have flashed different firmware and the ways of backing up original product codes were not know at the time, most people who flashed their phones do not have the original settings from their country and/or provider and can thus not get the official updates for their area. Forthermore, some updates were only released in one or a few areas and people outside those areas wanted access. Consequently, Zangieff figured out a way to fake the phone information for Kies in order for it to find and install updates from a specific area. This is a slightly adapted version of his fix.
NOTE: There have been no firmware releases for some areas and providers through Kies. This fix is only able to upgrade to versions that have actually been released on Kies.
Requirements:
-Samsung Galaxy S
-Samsung Kies
-Basic knowledge of regedit
Procedure:
1.Run Kies, connect the phone and make sure it is properly recognized.
1.1.If you have never before opened the firmware upgrade widget with your phone connected before, open it now and then close it again (Do NOT close Kies!)
1.2.Optional: (Only do this if you are looking for experimental updates!)
1.2a. Open the firmware upgrade widget in Kies
1.2b. Press Ctrl+Alt+U+P simultaneously. Kies will confirm the correct sequence with "Test Mode is ON".
1.2c. Close the firmware upgrade widget of Kies
2.Run regedit (Start-->Run...-->Type "regedit"-->Press Ok) (Windows XP)/(Start-->Type "regedit"-->Press Enter) (Windows Vista/7)
3.Use regedit to navigate to "HKEY_CURRENT_USER/Software/Samsung/Kies/DeviceDB/". You will find a number of folders in numerical order (usually) starting from 1. Find the folder with the relevant keys (see below) and make sure it is the one currently in use. [If you find several folders with the keys and don't know which are the right ones, delete all of them, repeat step 1 and 1.1 and find the folder with the lowest value. (You may have to use F5 or View--->Refresh to get to see the new folders)]
4.Find the registry keys "HIDSWVER" and "ProductCode"
5.Replace them with the appropriate keys as needed for your desired upgrade.
6.Open the upgrade widget in Kies and enjoy updating.
To find the appropriate values for HIDSWVER and ProductCode, check this thread for an extensive list of codes.
Note: If you close Kies, you will have to repeat the process.
Note2: You can upgrade to the most recent official firmware version from any firmware version even if you already have the same version or a newer one installed
3.Extracting Samsung Phone Drivers from Kies Installer
Background: Not all users are interested in installing the full software package Kies in order to get to flash their phone via Odin or Heimdall. The Kies installer turns out to be extractable using 7-zip and the phone drivers have a separate installer. This allows for installing only the phone USB drivers and lets you avoid installing Kies and the included bloatware.
Requirements:
-Samsung Kies installer package (found here)
-7-zip (found here)
Procedure:
1.Install 7-zip
2.Right click the Kies installer and Find 7-zip->Extract to "Kies_x.x.x.xxxxx_xx\"
3.Navigate to "Kies_x.x.x.xxxxx_xx-->CabFile-->USB Driver"
4.Right click the "SAMSUNG_USB_Driver_for_Mobile_Phones.exe.cab" file and 7-zip->Extract to "SAMSUNG_USB_Driver_for_Mobile_Phones.exe\"
5.Open the folder SAMSUNG_USB_Driver_for_Mobile_Phones.exe\ and execute SAMSUNG_USB_Driver_for_Mobile_Phones.exe and follow the installer instructions.
6.Enjoy connecting your phone without the full Kies install.
4.Backing up the /efs folder
Background: Some experimental firmwares modify the /efs folder. This can cause IMEI corruption and/or change the product code your phone reports.
Requirements:
-Rooted Phone
Either (A):
-ADB (from the Android Software Development Kit)
Or (B):
-Root Explorer (from market)
Procedure:
1.Make sure your phone is rooted (and busybox is installed for ADB procedure)
A:
1A.Enable USB debugging mode (Settings-->Application-->Development-->USB debugging)
2A.Connect the phone to USB
3A.Open a command prompt and enter adb (see tutorial)
4A.Acquire root privileges (type "su"). (Make sure you accept the root-prompt on the phone)
5A.Execute "busybox cp -a /efs /sdcard/"
6A.Disconnect the phone, deactivate USB debugging, reconnect the phone and backup the copy of the efs folder to your PC
B:
1B.Use root explorer and navigate to the root of the filesystem /
2B.Press "Mount R/W"
3B.Copy the efs folder to your sdcard
4B.Connect the phone to the PC and backup the copy of the efs folder to your PC.
2. Restore the backup if your IMEI gets corrupted or your product code is changed by a firmware.
Tips&Tricks
Handy Tip&Tricks
by Forum Members
This is for all Samsung Galaxy S users (GT-i9000 only. Some might work on US versions). It is a collection of handy tutorials that were posted in the development section but that do not need to be on the first page constantly.
Note: These links are provided as-is and most are untested by me! All credit for the procedure goes to the respecitve poster/involved parties.
1. Changing Fonts (for free) by socket84
2. Replacing Samsung Media Player with Android default by aditya_t90
3. Generating TUN.KO for OpenVPN on SGS by newmail
4. Replacing TouchWiz calendar with Android default by tommy34
5. Setting default homescreen in TouchWiz launcher by socket84 or the derived SGS Screen Changer by pedrodh
6. Installing Samsung Phone drivers WITHOUT Kies
7. OneClick Lagfix by RyanZA
8. CFLagFix by Chainfire
9. LagFix using update.zip by Tayutama
10. SuperOneClick Root by CLShortFuse
11. Headphone SoundQuality Fix or MixGet from Market by gilsken
12. AMOLED Screen for Notifications App by madmack
13. Using LED-Button Backlights for notifications by neldar
14. Comparing Firmwares on Packages by GAda
15. Stopping automatic media scan & scan on demand by aditya_t90
16. Overclocking/UnderVoltaging the CPU by raspdeep
17. Creating FlipFont APKs by ritalin
18. Circle Battery Indicator Mod by Fightspit (ported to SGS by designgears)
19. Official Firmware Update without running Kies by miki4242
20. Unlocking/Unfreezing Samsung Galaxy S for Free (collaboration, see thread for credits)
21. Choosing between GlassLock and Android's stock lock screen by Ateisti or Android Stock Lockscreen for JM8,JPH,JPK,JM9,JPM,JPA,JP6 by Project1.exe
22. Flashing under Linux and MacOS X using Heimdall by Benjamin Dobell
23. Restoring the three button recovery/download combo by Richthofen
24. ADB filesystem plugin for Total Commander by sztupy
25. Enabling Landscape Mode in TouchWiz Launcher by scheichuwe
Firmware and LagFix Selection Guide
Last Updated: April 3, 2010. Up-to-date as of April 3, 2011 15:53 CEST
As you may have noticed, there are a lot of firmwares on samfirmware.com and it's not very clear which ones are best/least buggy etc.
In this section, I will give a general guide to which firmware to use depending on your preferences:
If you like the stock Samsung Galaxy S experience and are looking for the most stable/bugfree version:
-Flash I9000ZSJPK or I9000XWJS8 according to HOWTO#1.
-Install the one of the kernels below or one of the lagfixes from FAQ#A6.
If you would like have the latest firmware and are willing to tolerate some bugs (this is beta firmware):
-Flash I9000XWJVK according to HOWTO#1.
For a list of current custom ROMs, see this thread
Lagfixes and Kernels:
In FAQ#A6 the currently used methods for lagfixes are described. There are a number of enhanced kernels (most of which use at least one of the lagfixes) that add features such as more accessible RAM, enhanced compiling, Clockwork Recovery, Blacklight Notification and several various features depending on the Kernel. Here is a list of the popular, well tested, optimized kernels (Note: Some of them include an overclock):
-hardcore's speedmod Froyo
-laststufo's Super Optimized Kernel
-supercurio's Voodoo Lagfix
-DamianGto's Ultimate Kernel
-tegrak's lagfix build Kernel
There is a frequently updated list here
General Note:
If you want to take the modding further, look at FAQ#D2 in Post#1 for a list of Custom ROMs and chose one you like. Depending on whether or not there is a lagfix integrated, you should then apply one of the lagfixes from the first suggestion. I would also suggest avoiding loop-mount fixes like OCLF and CFLF (see FAQ#A6) because performance rapidly declines over time.
Note: None of the available ROMs completely fix the poor GPS. Most of the ROMs noted above are provide roughly the same GPS performance. Samsung is hoping to release a full GPS fix in september (hopefully with the froyo release) It is not clear if or when Samsung will release a full fix for the GPS issues. However, it is doubtful since there are now many indications that the issue is in fact hardware related and even the final Froyo release doesn't completely fix the GPS.
For us coming from HTC devices if we hose the recovery partition is there a way to recover the phone. It was HBOOT (FastBoot) in the HTCs. Does ODIN provide the ultimate "debricking" feature. I realize there are ways to brick that are unrecoverable, but if I hose the recovery and I am done I will be very hands off on modding.
thanks for this. a good starting point to gather all the info!
should sticky this
I think we are still out of a mod for this forum...
might wanna add this for calibration of the orientation sensor:
http://forum.xda-developers.com/showpost.php?p=6999499&postcount=8
tommy34 said:
might wanna add this for calibration of the orientation sensor:
http://forum.xda-developers.com/showpost.php?p=6999499&postcount=8
Click to expand...
Click to collapse
Added! Thanks =)
can this be a sticky, its very informative?
Great! I've acctually been waiting for a thread like this!
In Sweden one operator(Tele2) seems to have issues with the device not switching to 3G even when available. Does anybody else have these issues with their operators?
FrezoreR said:
Great! I've acctually been waiting for a thread like this!
In Sweden one operator(Tele2) seems to have issues with the device not switching to 3G even when available. Does anybody else have these issues with their operators?
Click to expand...
Click to collapse
Did you check your APN settings? Did you contact the provider concerning the issue?
Darkstriker said:
It appears it doesn't take long for this reserved post to become useful. I'll post short guides on flashing firmware here. (...)
Click to expand...
Click to collapse
In the Flash Firmware using Odin guide didn't you forget to add "SIM unlocked phone" as a requirement?
Akerfeldt said:
In the Flash Firmware using Odin guide didn't you forget to add "SIM unlocked phone" as a requirement?
Click to expand...
Click to collapse
I know it says so in the guide but I recall having read that SIM-locked phones can be flashed as well. Don't quote me on that!
Added it as a requirement for now.
Edit: I did read it here. However, it seems that those phones aren't actually SIM-locked, so for now, SIM-Unlocked is definitely a requirement.
Thanks for pointing it out! =)
Darkstriker said:
Did you check your APN settings? Did you contact the provider concerning the issue?
Click to expand...
Click to collapse
The APN settings should be fine, the phone works on both 2G, 3G and HSPDA, but when it at some point have switched to 2G it will stay in 2G and you would have to manually set it to 3G.
Yeah we are a group on a Swedish android forum where someone have contacted both samsung and tele2 about the problem. But if not anyone here has the same problem it surely must be tied to the operator, which is what I have thought all along.
efbenson said:
For us coming from HTC devices if we hose the recovery partition is there a way to recover the phone. It was HBOOT (FastBoot) in the HTCs. Does ODIN provide the ultimate "debricking" feature. I realize there are ways to brick that are unrecoverable, but if I hose the recovery and I am done I will be very hands off on modding.
Click to expand...
Click to collapse
I'm sorry efbenson, I seem to completely have missed your post.
I'm not sure how this works on HTC android devices since I have only had a Windows-mobile version. What seems to be the equivalent of the features you are "describing" is the download-mode (VolDown+Home+Power) which can be reached even after interrupted firmware-flashed (experienced it myself. Still scary as hell!)
However, I don't think I'm fully qualified to answer your question. Maybe you could reformulate it, since it's not very clear right now.
This definitely deserves a sticky, thanks for this DS
FrezoreR said:
The APN settings should be fine, the phone works on both 2G, 3G and HSPDA, but when it at some point have switched to 2G it will stay in 2G and you would have to manually set it to 3G.
Yeah we are a group on a Swedish android forum where someone have contacted both samsung and tele2 about the problem. But if not anyone here has the same problem it surely must be tied to the operator, which is what I have thought all along.
Click to expand...
Click to collapse
I haven't had such problems and I dont remember reading anything of the kind so far so this likely is an issue with your provider. Maybe you can check if this occurs everywhere or only in specific areas (like cities) or something like that.
So to get to the point... I bricked my friend's SGT after trying to put a dialer app onto it. A series of stupid moves leaves it at the Samsung logo on bootup and only able to access Download Mode (No recovery). He's getting a replacement through warranty (oops) but in the meantime I'd love to learn/experiment with building my own ROM.
I've been an avid Linux user for a couple years, learning more and more as time goes by. I've done extensive modding on the Motorola Droid and Droid 2 (modding, no programming, dev'ing or cooking). Basic familiarity with the Android system and how it works.
However, it's been a huge learning experience trying to build my own ROM from source. I downloaded the SGH-I800 VZW and also the GT-P1000 sources from opensource.samsung.com and also the android source from source.android.com
following the instructions from the README inside the I800 source .tar, I wrote the GT-P1000 files over the android source, then wrote the I800 files over the combined GT-P1000/android source. After some configuring to make this work on a 32-bit system with java1.6 lib's, I finally arrived with a working "make" command in my ~/bin folder (where repo stuck the android source). before running make I did run "make update-api" and it seemed to go off without a hitch.
It's currently running and has been for quite some time (around 45 mins or so, which is normal on my centrino 4 year old laptop. However, I'm seeing quite a few warnings about parenthesis and various other syntax-related issues.
Is this going to be a huge problem with the final .img files? I can't imagine it working perfectly... Is there any way to debug this compilation procedure? I'm just using terminal and obviously there are far too many to stay in the lines history of terminal app.
Thanks for the help guys, I'm hoping to at least get this tablet bootable so I can apply a more advanced rom or (depending on the difficulty) revise my own rom into a fully working one.
-Garrett
P.S.- If I understand this correctly, it will output a few .img files into the /out folder. How am i to flash these using ODIN? can I just put them into a .tar archive and select that under the PDA option of ODIN? I've already compiled the kernel for the SGT, it seemed very straightforward and I've got the zImage file. I also read somewhere that the kernel should be included in the main platform compilation. However, the zImage file is just thrown into one of the other .tar's downloaded for a different device (just to get a feel of what format files should be where). Some advice would be much appreciated! Thanks.
update:
it compiled and produced three files of standard format (*.img) which would be used to
a) extract the /system folder, etc. to produce a flashable update.zip in CWM or some other custom recovery.
or
b) flash directly using some other program, with target booted into the bootloader,
if I recall correctly. The problem with the former is that this tablet will not boot into recovery, and with the latter, no suitable program seemingly exists. There must be some method of converting or repackaging these *.img files into Samsung's proprietary *.rfs format, but extensive google searching has yielded nothing of value.
ok, update #2
flashed a zImage and factoryfs.rfs from a sprint ROM, and of course data doesn't work on this verizon tab (actually not a big deal since I'd be wifi tethering from my Droid 2 anyway) but it does have all the sprint applications and settings and all that.
I have a full /system dump from a completely stock verizon tablet, what is the most straightforward way of flashing this onto this frankenstein tablet?
I'd imagine it entails flashing clockworkmod recovery and flashing an update.zip that contains the entire /system folder, would this work?
I've tried simply
adb push ~/Galaxy/system /data/sysbackup
then
busybox cp -rf /data/sysbackup/* /system
however this just results in a lot of disk full errors and an unbootable tablet.
thanks for the tips guys, and wondering what's so bad about the vzw tablet? there seems to be a lot more threads/roms/support for (of course) the GSM tablets and even Sprint's but none for big red.
Not sure if this would work, but maybe creating a VFAT image in Linux and dumping the contents into it then saving the file as factoryfs.rfs and flashing it?
Or, mount a known good factoryfs.rfs, rip out the contents and replace it with the VZW stuff. (Since RFS images can be mounted as VFAT in Linux/Unix)
As far as getting data up and running, you would probably need a dump of a radio from another VZW Tab. (/dev/block/btl12 if it's anything like the GSM Tabs)
gfrancis306 said:
thanks for the tips guys, and wondering what's so bad about the vzw tablet? there seems to be a lot more threads/roms/support for (of course) the GSM tablets and even Sprint's but none for big red.
Click to expand...
Click to collapse
I can only answer for myself on this one, I always prefer the GSM devices because they often have Euro/Asian counterparts, thus bigger modding communities. The GSM models will definitely have more presence solely because the majority of markets for the device are GSM-based.
thanks guys, I definitely understand the GSM tabs getting more traffic but couldn't figure out why Sprint was attended to while VZW went overlooked.
Either way, I had a friend of mine .tar up a rotohammer backup from his VZW tablet and send it to me through dropbox. un-tar'd and flashed using heimdall and it booted right up with VZW service and everything. the only problem I notice is there are no google apps (Market, Gmail, Maps, etc.) I know there's a quick fix for most android phones by just flashing gapps.zip through CWM recovery, but since there's no way to fash CWM on the VZW tab, how would I go about getting my google apps back?
Thanks
Do a factory reset or try one of the market fixes in the main galaxy section. Should be fixable.
Does your GPS function?
gfrancis306 said:
thanks guys, I definitely understand the GSM tabs getting more traffic but couldn't figure out why Sprint was attended to while VZW went overlooked.
Either way, I had a friend of mine .tar up a rotohammer backup from his VZW tablet and send it to me through dropbox. un-tar'd and flashed using heimdall and it booted right up with VZW service and everything. the only problem I notice is there are no google apps (Market, Gmail, Maps, etc.) I know there's a quick fix for most android phones by just flashing gapps.zip through CWM recovery, but since there's no way to fash CWM on the VZW tab, how would I go about getting my google apps back?
Thanks
Click to expand...
Click to collapse
Did you get the dbdata.rfs or cache.rfs? I think they play a part into stuff like the market. Check for the apps in /system/app though.
Sent from my SGH-I987 using XDA App
I bricked VZW SGT by flashing another rom accidently and now it wont go further than the Samsung logo on bootup
is there any way to flash back the orginal rom?
On my sprint gt. I am able to get to clockwork mod recovery by doing
Code:
adb reboot recovery
as far as I can tell there is no way to get to recovery with the device off. But if it gets as far as the samsung screen you still might be able to use adb to reboot to recovery. I've been trying to build froyo myself and as a proof of concept compiled the stock kernel from samsung open source. Then put it in a modified update.zip from one of monks kernels and flashed it from clockwork recovery. The flash was a success and the device booted fine. I dont see why the same shouldnt work for the system folder. The boot.img would be more difficult cause I dont think the gt uses the same partition layout as other android phones.
Helo my name is robert an im new to this. Im looking for some roms for my vzw galaxy tab. Dose anyone have any suggestions ? An is there a stable gingerbread or honeycomb roms out there for the galaxy tab for vzw ? Thanks to all that can help me
Sent from my SCH-I800 using XDA App
(UPDATE: 8/24/11 New flashable update.zip for install via recovery, includes Gscript (credit goes to PinkVenture for developing the app!) and my simple on/off scripts already installed. You can link shortcuts directly to the desktop for each ON or OFF through add shortcut on homescreen, see attachments at the end of this post)
I'll start this off by mentioning that all the threads you may find saying "CM7 DIAG Enabled!" such as this one here Etc, are not valid solutions for OUR device. That may/may not work with the eris/hero(haven't tried) etc as those topics discuss. They merely SPECULATE it will for any CM7 based rom - it doesn't for ours.
echo 1 > /dev/qct_diag_enable (to enable diag mode)
..and your phone should go into USB diag mode. when you are done just:
echo 0 > /dev/qct_diag_enable (to disable diag mode)
Click to expand...
Click to collapse
WONT DO ANYTHING for you. In fact, it made my "qct_diag_enable" file disappear. Scroll to the bottom to skip my bantering and explaining of the reason this is a useful feature for people like myself, and to just show the actual findings of this thread.
So you have CM7 and (of course) are lovin' it. The only thing is you have an alternate carrier (cricket personally) and hate the fact that manually switching prl's or needing to change your EPST settings can be a pain (since CM7 has no EPST built-in!). Especially when its [*feature name here] that you would LIKE to have the ability to use, but can live without if it means having to restore (or flash one if you have no backups) a sense rom just to change any of your EPST (##778, etc) settings.
Well, if you know anything about QPST for windows (google), then you know that you need to have your phone in DIAG mode to use it (##3424) and have the hero diagnostic drivers installed on your windows machine. (For the record, I'm an Ubuntu man and my main machine is NOT dual boot, meaning I still have to switch to my windows laptop to use QPST >< but we'll just pretend you have windows and this is more convenient for *you*).
Back to the point, once you've realized all the hassle, yada yada, you just say, "Ill just fix it later, I can live without it for now." AND how sick you are of saying that, here is the solution to no longer switching ROM's for EPST, as there IS a way without the ability to ##3242 in CM7 to enable DIAG mode.
(NOTE: This is also useful for those of you already on CM7 WITH Verizon/Alltell who would like to follow the guide in the Development section Droid Incredible Wiki regarding switching to the whole Verizon PRL/Alltell Hybrid PRL, along with other guides involving EPST or ## codes found there)
Simply go to (via adb shell/terminal emulator) /sys/devices/virtual/usb_composite/diag and run (1 for on and 0 for off, respectively)
Code:
echo 1 > enable
echo 0 > enable
To simplify all this I've included a zip file which includes Gscript.apk for you to install, and two scripts in the Gscript directory (place entire Gscript directory on root of sdcard). Open Gscript application, then once open - menu button>add script>load file>diag on/off.sh>save for each script respectively. Then you can simply toggle on/off DIAG mode from the Gscript application (or even add shortcut>gscript>diag on/off from CM7 home screen, for each script respectively). And without further excess explanation, here's the .zip signed-diagscripts.zip flashable update.zip file for recovery
By the way, if a mod reads this, could you please move to the Development section and remove my restriction? I know I don't have my whole 10 posts etc, etc, but I don't really have enough to say or the patience to say it most of the time to post 10 posts. However, I've lurked these boards and been rooting phones and flashing phones via this forum since my first android phone back from what feels like ages ago. (going on 4 rooted and flashed to cricket android phones now, all sold except my current, Dinc)
cool, thanks, man!!!
Sure thing, let me know if anyone experiences issues by pm or reply. I was thinking about compiling an installable zip so this can be installed after rom in recovery too.
Sent from my ADR6300
Just wondering... Any idea if this will work on Evo as well?
Work on the EVO too?
Yeah, I would really like to know if this would work on the evo!!
hydrosity said:
I'll start this off by mentioning that all the threads you may find saying "CM7 DIAG Enabled!" such as this one here Etc, are not valid solutions for OUR device. That may/may not work with the eris/hero(haven't tried) etc as those topics discuss. They merely SPECULATE it will for any CM7 based rom - it doesn't for ours.
WONT DO ANYTHING for you. In fact, it made my "qct_diag_enable" file disappear. Scroll to the bottom to skip my bantering and explaining of the reason this is a useful feature for people like myself, and to just show the actual findings of this thread.
So you have CM7 and (of course) are lovin' it. The only thing is you have an alternate carrier (cricket personally) and hate the fact that manually switching prl's or needing to change your EPST settings can be a pain (since CM7 has no EPST built-in!). Especially when its [*feature name here] that you would LIKE to have the ability to use, but can live without if it means having to restore (or flash one if you have no backups) a sense rom just to change any of your EPST (##778, etc) settings.
Well, if you know anything about QPST for windows (google), then you know that you need to have your phone in DIAG mode to use it (##3424) and have the hero diagnostic drivers installed on your windows machine. (For the record, I'm an Ubuntu man and my main machine is NOT dual boot, meaning I still have to switch to my windows laptop to use QPST >< but we'll just pretend you have windows and this is more convenient for *you*).
Back to the point, once you've realized all the hassle, yada yada, you just say, "Ill just fix it later, I can live without it for now." AND how sick you are of saying that, here is the solution to no longer switching ROM's for EPST, as there IS a way without the ability to ##3242 in CM7 to enable DIAG mode.
(NOTE: This is also useful for those of you already on CM7 WITH Verizon/Alltell who would like to follow the guide in the Development section Droid Incredible Wiki regarding switching to the whole Verizon PRL/Alltell Hybrid PRL, along with other guides involving EPST or ## codes found there)
Simply go to (via adb shell/terminal emulator) /sys/devices/virtual/usb_composite/diag and run (1 for on and 0 for off, respectively)
Code:
echo 1 > enable
echo 0 > enable
To simplify all this I've included a zip file which includes Gscript.apk for you to install, and two scripts in the Gscript directory (place entire Gscript directory on root of sdcard). Open Gscript application, then once open - menu button>add script>load file>diag on/off.sh>save for each script respectively. Then you can simply toggle on/off DIAG mode from the Gscript application (or even add shortcut>gscript>diag on/off from CM7 home screen, for each script respectively). And without further excess explanation, here's the .zip gscript_diagscripts.zip
By the way, if a mod reads this, could you please move to the Development section and remove my restriction? I know I don't have my whole 10 posts etc, etc, but I don't really have enough to say or the patience to say it most of the time to post 10 posts. However, I've lurked these boards and been rooting phones and flashing phones via this forum since my first android phone back from what feels like ages ago. (going on 4 rooted and flashed to cricket android phones now, all sold except my current, Dinc)
Click to expand...
Click to collapse
so wait let me get this straight. this mod is so we can update our prl??? or is this for people that would like to still run the altel hybrid prl?
because a simple *22899 will let you update it. i know this because i have been on cm7 nightly from day one and there was 1 update of the prl and it worked.
EVO + CM 7 + this solution = GO (GREEN LIGHT) WORKS.
Is there any way of running the ##3282# (if it's a file you run or an APK you install?)
Hows about this
i got one better for ya.
Code:
am start -a com.android.dmcommandservice.START -n com.android.dmportread/.DMPortActivity
what is so great about getting to Diag mode this way you say?
1. well it doesn't require root access.
2. its cross model supported. (well any model with the DMPortRead.apk installed which i have yet to see one without).
btw you can do the ##3282# in the same way... the apk is call EPST.apk. just look in the Android-Manifest.xml for the info.
tronoftroy said:
i got one better for ya.
Code:
am start -a com.android.dmcommandservice.START -n com.android.dmportread/.DMPortActivity
what is so great about getting to Diag mode this way you say?
1. well it doesn't require root access.
2. its cross model supported. (well any model with the DMPortRead.apk installed which i have yet to see one without).
btw you can do the ##3282# in the same way... the apk is call EPST.apk. just look in the Android-Manifest.xml for the info.
Click to expand...
Click to collapse
Remember, Im on CM7 GingerBread, not SENSE....
Ok so it should work on the EVO since the architecture is pretty much the same as the DINC. Now as far as it being for updating the PRL, yes it can be for that. But it is for people who need to use a program such as QPST or CDMA Workshop to change carrier based settings on their phones(IE the "flashing" [no not as in rom flashing, but carrier]). Where *228 and such is not a feasible replacement for doing so and would prevent their phone from functioning correctly, such as with mine which is flashed to cricket.
Any sort of *228 business breaks my cricket flash, and I used to have to make a backup and go back to restore a sense rom to go into the EPST app with ##778 or to be able to dial ##3424 to put the phone into DIAG mode where I could revise the settings again to make it function properly, THEN flash back since CM7 does not have the EPST.apk which supports both of these features.
With this you can avoid the whole hassle of all this if you have the QPST application for your PC by simply putting your phones DIAG mode ON or OFF. Where you can manually put in what ever PRL you want and manually set any carrier-specific settings. Not as convenient as EPST and its ##778 feature, but much more so than the previously described process.
ALSO I've now included all of this in a simple .zip file flashable from recovery to streamline this crude process a little more. Get it HERE. The file in the original post has been updated too.
m4f1050 said:
Remember, Im on CM7 GingerBread, not SENSE....
Click to expand...
Click to collapse
if CM7 doesn't have DMPortRead.apk couldn't you just push it to you framework/app folder? or even install the apk and just run that when ever you need to connect to the Diag port? (for Qpst, or what ever you need it for) i'm not very familiar with CM7 so i could be wrong.
i use it to send my own serial commands. i find qpst to be more of a hassle then helpful. manuf. have been making there own NV items that are not listed in Qpst models for a while now. ie. the ERI banner for some hero's is not pulled from the usual eri.xml but instead read from the NV items. i think NV item 8042.
now, i while i was snooping around with the flash command. i notice that you can use "-s" (i think, i could be thinking of fastboot.) to specify your own memory location to flash an img file to.
now if we can find the mem location of the NV items you can simply read your entire NV items as an .img then use flash cmd to write all your NV items at once, and maybe even with the Recovery update.zip. im looking into the recovery source atm. if anyone knows where the NV items are stored plz let me know. is it mtd or mem location?
Can you check if you have the file /sys/devices/virtual/usb_composite/diag/enable? If you do.. Create a GScript that echoes 0 or 1 (0 for disable and 1 for enable) to the file /sys/devices/virtual/usb_composite/diag/enable it works like a charm!
tronoftroy said:
if CM7 doesn't have DMPortRead.apk couldn't you just push it to you framework/app folder? or even install the apk and just run that when ever you need to connect to the Diag port? (for Qpst, or what ever you need it for) i'm not very familiar with CM7 so i could be wrong.
i use it to send my own serial commands. i find qpst to be more of a hassle then helpful. manuf. have been making there own NV items that are not listed in Qpst models for a while now. ie. the ERI banner for some hero's is not pulled from the usual eri.xml but instead read from the NV items. i think NV item 8042.
now, i while i was snooping around with the flash command. i notice that you can use "-s" (i think, i could be thinking of fastboot.) to specify your own memory location to flash an img file to.
now if we can find the mem location of the NV items you can simply read your entire NV items as an .img then use flash cmd to write all your NV items at once, and maybe even with the Recovery update.zip. im looking into the recovery source atm. if anyone knows where the NV items are stored plz let me know. is it mtd or mem location?
Click to expand...
Click to collapse
Hmmm... Can you write to NVItem 0,1 or 2 this way?
m4f1050 said:
Hmmm... Can you write to NVItem 0,1 or 2 this way?
Click to expand...
Click to collapse
yes. you can write any nv item through DM Mode. well almost any.
i guess some call the NV item image file SPL???... poking about on the forums seems like you are unable to backup the radio and the nvitems maybe stored within. just a guess though.
tronoftroy said:
yes. you can write any nv item through DM Mode. well almost any.
i guess some call the NV item image file SPL???... poking about on the forums seems like you are unable to backup the radio and the nvitems maybe stored within. just a guess though.
Click to expand...
Click to collapse
in EFS you can access NV items locked (on some HTC devices, tested with EVO 3D and EVO 4G) by creating folder "open sesame door" rebooting phone then going back to EFS the folder NVM should not have the lock, allowing you to see / write these NV items. So if you lack an easy to use NV Item browser you can use this approach.
Can you please update the link for the update.zip file to flash in recovery? Or if someone has it can you point me in the right direction?
I am trying to get QPST working with Sensation.
After echo'ing 1 to enable, the USB modem driver shows up. I dunno which driver u have used but I am using this one: http://forum.xda-developers.com/showthread.php?t=801570
and in QPST it doesn't recognize phone model so I can'T pull NV data from it.
any suggestions?
BTW I have QPST 2.7 Build 366
Curious! said:
I am trying to get QPST working with Sensation.
After echo'ing 1 to enable, the USB modem driver shows up. I dunno which driver u have used but I am using this one: http://forum.xda-developers.com/showthread.php?t=801570
and in QPST it doesn't recognize phone model so I can'T pull NV data from it.
any suggestions?
BTW I have QPST 2.7 Build 366
Click to expand...
Click to collapse
yeah, just open up your QPST Configuration. and set the Comport then your phone will show in QPST.
Hmmmm, modem? You're on 64 bit Windows 7? I recommend 32 bit..
Does this work on the evo??
Hi Devs,
I've just joined and am uncertain of the proper place for this thread. Apologies if inaccurately posted.
I have the T337A, which I have rooted on ANF4, but I cannot find a recovery. I have read and read but am not finding the solution to my little project. I would like to get a safestrap on this locked bootloader so that I can install and learn to write custom ROMs. I have tried a safestrap but it was not for this specific device and did not work. I have also installed and purchased CWM Recovery and TWRP Recovery, in my learning process. The problem with the recovery is that there is no custom recovery written for this device and the bootloader is locked, as this is the AT&T WiFi/LTE version. So it looks to me like I need to figure out the partitioning image somehow in order to make a safestrap work on this device...as step 1. Is there anything else that I can do with this locked bootloader? I would love to have some help in writing a custom recovery and ROM for this device but I am a tiny tiny noob here and not a hard core programmer. If I could get some feedback on places to start for such a daunting task, it would be great. I guess one thing that I do not understand is why I cannot make my current rooted ROM the default recovery in TWRP. It asks me to choose from the list of supported devices. I understand that it goes: NAND --> aboot.img/bootloader --> recovery/or/kernel --> OS/or/ROM? If this is close to accurate then I would have to write something to the NAND?, which I'm not sure what is yet, in order to hijack the factory bootloader and then write the partitions on the sdCard for the ROM, like the safestrap folks wrote? It looks to me like they also included a version of TWRP touch which I used on the S4 yesterday and was really cool, so I guess that would be needed as well and is also why TWRP does not work for me now...it cannot hijack the locked bootloader. How do I hijack this hard headed thing? fastboot does not work to this device. In the process of this project, I have also run into a roadblock trying to update the /system/framework/framework-res.apk, in the manner that a flash needs to be done, I think. I want to change the /res/values/bools/bools.xml switch "voice_capeable" to true. AT&T or Samsung disable this on this version of the tablet, I guess to sell tethering or something else I'm not familiar with...but the way it looks to me, everything is configured on the device and I have a phone number provisioned for data at least. Why can't I turn on this switch and use the phone portion of the device? Any time I tickle the running framework-res.apk, it kills the OS. I tried compiling an update.zip aligned and signed with test keys or something like that but when I flash it, it fails with wrong footer and invalid signature...then it wipes me back to the stone ages. I warned I was a noob..! ...but not scared to brick some shtuff in order to learn this and write some custom solutions. An after thought...is there a solution for a bootable extSdCard for Android? This might lead to some options if it is possible.
Gathering phone info...
Collecting information. Be patient! Do NOT disconnect the phone!
Model: SM-T337A
Android Version: 4.4.2
Sales Code: ATT
PDA Version: T337AUCU1ANF4
Phone Version: T337AUCU1ANF4
CSC Version: T337AATT1ANF4
Product Code: SM-T337AZWAATT
HIDSw Version: T337AUCU1ANF4/T337AATT1ANF4/T337AUCU1ANF4/T337AUCU1ANF4
Board Platform: MSM8226
Serial Number: R32FA00PMRF
Imei: 3534.............
Unique Number: C1604.......
Connections: AT,MTP,MTP
Battery Status: 4.28V (94%)
Network Type: GSM
SuperSU Pro v2.40
TWRP donate latest
CWM donate v5.5.3.7
BusyBox Stericson donate v1.23.0
Titanium Backup Pro latest
xPosed v2.7.1
Wanam xPosed v3.3.1
NinjaMorph Pro v2.8.2
ROM Toolbox Pro v6.0.6.5
RootLogger Pro v1.9
Nandroid Backup v4.4.5
Next Launcher 3D Shell v3.20
Root Firewall Pro v2.1
SetCPU v3.1.2
w/respect. PitPin
Sir,
Please wait until mods will move this thread to the device specific forum for more relevant answers.
Stand by
Good luck
We had a dev working to get safestrap, but he struck out. So if you can get it, I'll test. I too have the 337a. Sucks to have a locked bootloader and no dev interest.
pre4speed said:
We had a dev working to get safestrap, but he struck out. So if you can get it, I'll test. I too have the 337a. Sucks to have a locked bootloader and no dev interest.
Click to expand...
Click to collapse
Thanks pre4speed. I am taking a look at the two tasks again tonight and decided to take the res/bool = voice_capable issue on first since this will determine how brickable this device can be for me. If I can use it as a regular modem phone then I might be a bit more careful with the bootloader project I did some more tinkering with the framework-res.apk ...specifically the /res/values/bools/bools.xml resource and tried the following:
-------
Factory wipe
Flashed sammobile.com T337AATT1ANF4 firmware
Rooted
SuperSU
Busybox
Froze AT&T update service and others involved
Titanium backup and pulled a good backup
Online Nandroid and pulled a good backup
Installed my XDA app. of course..!
-------
Framework-res.apk:
Used total commander to copy the running apk off to the sdCard and then my PC.
Decompilled in APKStudio2.0.3b-Windows (I am also using Ubuntu 14.04 if there is a better way here..also Android Studio on both OS...just learning).
Edited my value.
Recompiled with zip align/sign option.
***Now here in lies the problem, if I haven't already created one above ***
The random article I dug up said that in order to get past the wrong footer and signature issue, and stone-age wipe, when attempting this via abd sideload with an update.zip, is to now copy the edited file back into the original APK using 7zip in order to retain the original signing keys. When I open the original APK archive, it does not show the resource folders deemed "important and I should not jack with them" in the compiled APK (mainly values/* folder). The article mentioned the resource folders such as res/values/bools are compiled and hidden and that I needed to copy over the new resources.arsc file. I see this in the newly compiled APK I made but it also put the Manifest.xml and /res folder in there. Do I need to copy all of that or just the compiled resources.arsc file? I did all and it boot looped me so I'm guessing that I either did something wrong or this was not the right answer. The last part was to chmod the new APK, use total commander to mount the folder as rw, copy over the file, and reboot. All of that worked and I had to reboot many many times...loop.
That is where I am on the modem part and am going to attempt copying just the resources.arsc in a few. I will post more on the bootloader side soon, as I've been researching what goes on from the time I push the power button until the time I swipe the first screen. Lots of reading
w/respect - PitPin
Copying only the resources.arsc file from within the newly compiled apk back to the original framework-res.apk made some progress. Now I have the phone dialer app icon in my apps drawer... but it is failing complaining about contacts. On to the next round of research..!
PitPin said:
Copying only the resources.arsc file from within the newly compiled apk back to the original framework-res.apk made some progress. Now I have the phone dialer app icon in my apps drawer... but it is failing complaining about contacts. On to the next round of research..!
Click to expand...
Click to collapse
Stalled out temporarily on the tab project as laptop hard drive bought the farm. Back in action and made some progress on the tab voice_capable issue. Everything appears to be there and in working order but the SMS modules. I think this has something to do with why the contacts app is blowing up but not sure yet. GoSMS and EXDialer seem to work together without blowing up but the dialer taps the modem and then dies. Taking a break from this to start a thread on rooting the AT&T Alpha. I'm about half way through the exploit on that project. Any input on what might be my SMS problem on the tab 4 would be appreciated. Attached are a few screens.
Does anyone know how to removed the caution sign on the left corner it keep telling me unauthorized action have been detected.
I am in the same boat, I so wish this would come through because I do love this little tab.
same boat
/baker said:
I am in the same boat, I so wish this would come through because I do love this little tab.
Click to expand...
Click to collapse
so did you finally get it going or what?I have been wanting to get my Tab going as well. I've Rooted it and paid for an unlock even, which worked fantastic by the way...Thanx XDA!!! The rooting guide I got from here was right on point,no problem at all!!But anyways, I have it on metro pcs now on the unlimited $60 plan which is awesome (.REAL unlimited internet with NO THROTTLING ) for me because now at home I run pda.net, which gives me very good, fulltime, internet for my home computers as well as the ability to stream everything onto a large screen or even via windows when we want to watch with all the bells and whistles! No lag at all usually,and I don't use my hotspot because of the usb internet connect on pda.net. When I do use the wireless connect, it doesn't take any of the allotted hotspot usage up either!!All in all it's a great deal for me. I just got a new sim for it, called in the imei to metro ,which in turn gave me a phone number and data account, and presto!Been on the net ever since! Now that I've had it for over a month ,I wanna get the voice capability to work as well, being that I am paying for 2 lines now. Although I can use the old trusty hangouts dialer with the GoogleVoice easily enough. I want to be able to use my metro number mainly because these phone companies charge and charge and charge, never caring about us,or our need to have communication at our disposal at all times.Cell phones are by far not inexpensive and the internet wasn't started for us to pay aan arm and a leg to use.Anytime I come out good while dealing with a wireless company. it's a stupendous event,I'm telling you!! Heck ,I'm writing from my home computer now, going through the Tab at this very moment! Nevertheless, I'm wanting for the devs, to come through as well. With maybe even a new rom,sans the at&t stuff, of course, since I do now have a different carrier? Heck, the Tab is even great for when we travel! 24/7 unlimited internet /streaming , and the screen size is much better than the phone screen ever was!I just really wanted to thank XDA for the work they put in to help us part - timers out,Ive been rooting and unlocking and bricking and un-bricking for quite some time now,I even repair phones now actually,but the programming and the putting it all out here for guys like me to have fun and tinker with these phones would be entirely impossible without the DEV'S and their hard work for SURE...Thanx Guys!!You ROCK!
Models: SM-G930_, SM-G935_ (Flat & Edge, all Snapdragon variants, NOT Exynos)
Developer thread only!
Work in Progress!
DONT flash anything on your phone unless you either a)Dont care of the result or b)Know what you're doing! I will take NO RESPONSIBILITY for you breaking your phone! Know the risks!
Research & Development Thread for Unlocking S7 bootloader
What is this thread?
This is a thread with all information (research) I can find regarding the locked bootloader for the S7 Snapdragon (Exynos has been unlocked so this thread will NOT cover that.) There are a lot of great seasoned Devs out there, but it seems all have given up, or remained in the dark. Flagships like the S7 we all bought because they're amazing phones, but it appears the future is locked bootloaders; if you're here then you're interested in custom ROMs. If we give up and can't 'crack this', then I'm afraid amazing phones like this will never get custom ROMs, ie, that will be a thing of the past.
In other words, there doesn't appear to be any development anymore on trying to unlock the bootloader. Hope is lost... or is it? Therefore, we need new talent. We need a new generation of developers walking into the game knowing that what they're trying to do is almost impossible. I'm hoping this thread will quickly bring any developer up to speed so we can get some "unlocking Dev rookies". We are recruiting! Come here and ask questions regarding this so hopefully you can figure this out!
I'm going to update from time to time the first few posts with critical info, links to info, etc. My goal with this thread is to put all of the great information from the community in one place. I don't way people to have to search this entire thread, rather get the info quick so they can begin developing quick, so we can get an unlocked bootloader, QUICK!
Remember, there were previous locked bootloaders, but many of them have been cracked so let's take away the 'impossibility factor'!
Who is this thread for?
Anyone that wants to quickly be brought up to speed on the S7 locked bootload status, all the hurdles, etc
Developers that want to be part of the future of locked bootloaders and something great!
Who can post and what posts are allowed?
Anyone with PRODUCTIVE comments towards unlocking the bootloader or efforts already completed (regarding of fail or success)
Developers working on this initiative
Developers with questions for other developers regarding this
Wanna-be developers with questions (There is no shame, and you never know if YOU just might be the rookie dev we're looking for to unlock this! If you're willing to try something to potentially brick your device, then you can play here Or maybe you might throw out an idea that might spark an idea with someone else that leads to an unlock.)
Links to things that have been attempted
Information you think people should know regarding this, that's not already listed. Or information you think should be in the original post so people can easily see it. (I don't want great info hidden deep in the thread, rather on the first page)
Keep me honest! If I post nonsense or inaccurate information, WE NEED you to correct me! Last thing I want to do is steer anyone in the wrong direction!
What NOT to post:
"+1"
"Thanks"
Petitions
Bounties
ANYTHING NEGATIVE! Negative Nancy, PLEASE go away!!
Etc. In other words, DONT waste thread space with nonsense. (Don't let that comment confuse you however with the 'very welcoming' questions from developers; This SHOULD be a collaborative thread. Productive input certainly welcome.) The idea is to QUICKLY allow someone to read this and get ALL the info to start trying to crack this. Going through pages and pages of irrelevant or useless comments will only make the goal more difficult, or prevent our new rookies from coming up to speed and trying to unlock this bootloader.
Who am I and what am I trying to get out of this?
I'm an application engineer and developer that bought an S7 from Tmobile and found out the hard way it had no way to get a custom rom, despite TMobiles past of typically allowing this. I'm frustrated like you all & want my phone unlocked, pure and simple! Besides, this is a community, and what better of an agenda than to try and conquer what others have said, "that's impossible"!
Other Notes:
MANY, many thanks to all the contributors out there!!! I got most of this information from other forums on XDA!
Following few posts will have resources and additional links. This thread is new so I'll find a good organization method in time.
PLEASE subscribe if you are (or want to be) a contributing developer, or have anything to add - or if you can answer others questions. I think a lot of this knowledge will expand to other devices, and not just Samsung, but future devices as well.
Please let me know of anything to fix with this thread, like tags, thread description, etc.
Make sure to send the link to this thread to people you think might be interested (but don't spam them!) Or post a link to this thread in other seemingly dead threads on unlocking this bootloader. Alone it just may be impossible to do this...but as a community, sharing all of our knowledge...we can do this!
Still not motivated to do this? Try this: https://www.google.com/webhp?source...=1&espv=2&ie=UTF-8#q=s7+bootloader+bounties&*
If you found this thread useful hit "Thanks"!
.
Information
Quick facts
Exynos bootloader is unlockable, which is why we won't talk about that here!
S7 Variants https://en.wikipedia.org/wiki/Samsung_Galaxy_S7#Variants
US & China use a Snapdragon processor, all other locations use the Exynos
Knox counter: will void warranty (if you still have one!) Most could careless if there's a remote possibility of unlocking the bootloader. Methods or tampering could possibly trip this counter.
Mostly when people say a phone is "locked", they mean locked to a CARRIER. That is NOT what we're talking about here - we're talking about a locked bootloader which allows you to install a custom ROM.
FRP: (Factory Reset Protection) Requires username/pass after factory resetting http://www.androidcentral.com/factory-reset-protection-what-you-need-know Reset: https://forum.xda-developers.com/galaxy-s7/how-to/samsung-factory-reset-protection-gmail-t3446788
Bootloader version: PhoneSettings->AboutPhone->Baseband version: 5th from last number.
Ex: Bbaseband: G935UUES4AQC1 = Bootloader version 4 @thescorpion420 (Tmobile & U = ver4, China=ver2)
Locked bootloader
Easy way to tell you bootloader locked status(?)
What is the bootloader? Part of the Android boot process. See all about it here: http://newandroidbook.com/
Why can't we currently unlock the bootloader? There is something called the chain of trust, whereby 'everything' from when the phone first turns on, through each 'piece' it verifies the contents of the flash is legit and from a listed trusted source (either Samsung or carrier). What controls this is the current, existing software/FW on your phone. So if we took what's there and removed these checks, we currently don't have a way to write this to your phone, since "we" aren't from the list of trusted sources. How do they enforce this? The images need to be digitally signed.
What does it mean to digitally sign a file (or image, FW in our case)? There is a private key and public key. Samsung and/or Carrier have the private key, your phone has the public key. Author writes a new SW package, then uses a tool to get a checksum. The checksum gets encrypted with the private key. The encrypted checksum gets appended to the SW package. Using OTA (over the air deployment) or ODIN, we push the package to the phone. The phone decrypts the appended encrypted checksum using its public key, does a checksum on the remaining package, and makes sure they both match. Now you can see why we can't fake this! Only way would be to find an exploit or get the private key so we can sign these ourselves!
Links (relevant threads)
Potential way to unlock bootloader? https://forum.xda-developers.com/tmobile-s7-edge/help/potential-to-unlock-bootloader-t3544220
ROOT DISCUSSION / TEKXv2 Dev Thread Extension SM-G935T - Dev Section / Discoveries https://forum.xda-developers.com/tmobile-s7-edge/how-to/root-discussion-future-sticky-root-t3327399
G935AVPT cross bootloader, flash Chinese Version , support ALL lte band,Knox stil 0!! https://forum.xda-developers.com/ve...ross-bootloader-flash-chinese-t3432190/page15 or
https://forum.xda-developers.com/att-s7-edge/how-to/g935avpt-cross-bootloader-flash-chinese-t3435043
High-level explanation on whats going on with this locked bootloader: https://www.xda-developers.com/galaxy-s7-bootloader-lock-explained-you-might-not-get-aosp-after-all/
Resources
Android Internals: A Confectioner's Cookbook http://newandroidbook.com/
Many thanks to Jonathan Levin for releasing that to the public for free, but please support his work via the other listed means. Also Reverse Engineering Aboot: http://newandroidbook.com/Articles/aboot.html
Samsung Source (Tmobile) http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=SM-G930T
Bootloaders, Encryption, Signing http://www.androidpolice.com/2011/0...ncryption-signing-and-locking-let-me-explain/
LOCK download mode (opposite but might have useful info) https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
Tools
Phone Apps
Root Browser app (doesnt need root) access all files on phone (across ALL partitions?) https://play.google.com/store/apps/details?id=com.jrummy.root.browserfree&hl=en
Phone INFO (get info about phone) https://play.google.com/store/apps/details?id=org.vndnguyen.phoneinfo&hl=en
Other
S7 USB driver http://samsungodin.com/SamsungUSBDriver/USB_Drivers_1.5.27.0.rar
ADB (Install Android SDK)
DD: https://forum.xda-developers.com/showthread.php?t=1153991 (can be "disk destroyer" if used stupidly)
Sandbox: Possible to make a virtual S7 to test on? (including ALL partitions such as aboot, etc)
Ubunto VM: How to build a Linux VM for Dev & testing on this: http://imicrov.com/small-tech/android-development/android-development-with-ubuntu-in-virtualbox VMWare: http://www.vmware.com/products/player/playerpro-evaluation.html Ubunto image: http://www.osboxes.org/ubuntu/
Flashing
Info https://code.tutsplus.com/articles/an-introduction-to-android-firmware--cms-26791
Firmware (Android ROM) is stored in a writable form of memory called NAND flash memory, the same type of memory that is used in storage devices, such as USB sticks and SD cards
Bootloader more info
Ways to Flash
ODIN - Odin3_v3.12_PrinceComsy (ODIN is Samsungs replacement of Fastboot) https://www.androidfilehost.com/?fid=24591023225177749 or http://samsungodin.com/ (?)
ODIN is the only possible way (that we know of). You push a download from PC to phone, it runs checksum and signature verification, if it doesnt match what it expects, it never writes from memory to phone and throws away image. This intense security likely due to Samsung pay.
ADB - No standard way to do this, but maybe something creative might work...
Heimdall https://forum.xda-developers.com/galaxy-s7/how-to/guide-heimdall-to-flash-firmware-t3452904 (still work? couple years since updated) Sourcecode: https://github.com/Benjamin-Dobell/Heimdall
USB jig: https://forum.xda-developers.com/galaxy-s7/accessories/usb-jig-t3347793/page4 eBay: http://www.ebay.com/sch/i.html?_odk....H0.Xusb+jig+s7.TRS0&_nkw=usb+jig+s7&_sacat=0 Or make your own: http://www.instructables.com/id/USB-JIG-to-give-life-to-your-Bricked-mobile/
SD card: https://forum.xda-developers.com/showpost.php?p=69235306&postcount=38
Z3X Box: eBay: http://www.ebay.com/itm/2016-Z3X-BO...I-Unlock-Flash-Tool-C3300KCable-/291810363162
Safestrap(?)
Flash Errors & What they mean:
Failed aboot Fused 2> binary 1 - bootloader error: ?
SECURE CHECK FAIL: No Bueno! You're trying to flash something that's not digitally signed correctly
Firmware/Files:
AP (Application Processor or PDA or Android Partition): Android. System partition with recovery, etc. Recovery, kernel and ROM will be in this file. This is the only FW that is open source.
Typical contents of update.zip:
android-info.txt: Text file specifying the prerequisites of the build, such as the version numbers of the bootloader and the radio firmware that the build needs
boot.img: Binary file that contains both a Linux kernel and a ramdisk in the form of a GZIP archive. The kernel is a boot executable zImage that can be used by the bootloader. The ramdisk, on the other hand, is a read-only filesystem that is mounted by the kernel during the boot process. It contains the well known init process, the first process started by any Linux-based operating system. It also contains various daemons such as adbd and healthd, which are started by the init process More info
recovery.img: Very similar to boot.img. It has a boot executable kernel file the bootloader can use and a ramdisk. Consequently, the recovery image too can be used to start an Android device. When it is used, instead of Android, a very limited operating system is started that allows the user to perform administrative operations, such as resetting the device's user data, installing new firmware, and creating backups.
system.img: Partition image thats mounted on the empty system directory from boot.img. Contains the Android OS binaries as well as system apps, fonts, framework JAR files, libraries, media codecs, bloatware, etc. (Most used for flashing a custom ROM)
userdata.img: Partition image that will be mounted on the empty data directory from boot.img. Custom ROMs typically come with this image as blank so that it resets the contents of the data directory.
BL (Bootloader): Proprietary code that is responsible for starting the Android operating system when an Android device is powered on. Typically, it checks if the operating system it is starting is authentic as well. (Checks if the boot partition has been signed using a unique OEM key, which belongs to the device manufacturer, & is private.) Ie, Locked bootloader. Fastboot, IF allowed on a device, disables this check.
CP (Core Processor): Modem. This proprietary Radio firmware is another operating system on an independent processor called a baseband processor, independent of Android. This adds the cellular radio capabilities of the device like 3g & LTE. Qualcomm, etc develop this FW.
CSC (Consumer Software Customization): It is specific to geographical region and carriers. It contains the software packages specific to that region, carrier branding and APN setting. Eg Wi-Fi Calling. Flashing will lose your data (factory reset). Variations of CSC may retain data.
PIT files (Partition Information Tables) (Danger! Dont flash these unless you know what youre doing!)
Different variants of the S7 have different partition sizes; same phone/same carrier with different storage size have different PIT. One issues people were having flashing images for other variants is that the partition would fill up. A workaround would be to reformat with a correct PIT file and check "repartition" in ODIN. More info via @[Ramad] https://forum.xda-developers.com/sho...d.php?t=999097
"Get PIT for mapping" error while flashing (indicates you need a PIT file to flash what youre trying to flash)
-Extract current PIT file from phone: http://www.**********.com/how-to-ext...alaxy-devices/ (need root)
Unlock Methods
High-Level Ways to Unlock:
Get leaked private key so we can sign our own images
Find exploits
Dev bootloader gets leaked
?
What does work:
Can flash digitally signed images
Can write to partitions with engineering kernel
Ideas:
Use engineering kernel that has root to somehow modify bootloader partition to remove digital signature checks - at level/entry point can or should this be done? (ie, where in boot process at a minimum do we need to remove the check?)
Thread on installing LineageOS on bootloader locked Note 3: (this possible on our device?) https://forum.xda-developers.com/redmi-note-3/how-to/kate-guide-install-lineage-os-locked-t3546154
Thread on Recovery for locked bootloaders by @hsbadr : (work on our device?) https://forum.xda-developers.com/an...g/tool-multirom-recovery-replacement-t3102395
...Reading sdd10 line by line. I did find an entry "Device is unlocked! Skipping verification...". I'm starting to think we need to look into recovery-side exploits" @Flippy125 https://forum.xda-developers.com/tmobile-s7-edge/help/potential-to-unlock-bootloader-t3544220/page2
Back rev bootloader version (or other partition) to reintroduce security exploits (dont believe you can backrev though, easily) dd Chinese version? (Hard brick?) https://forum.xda-developers.com/showpost.php?p=70977356&postcount=39 @thescorpion420
Exploits: (known existing)
SD card most vulnerable?
Samsung Source available I believe (in its entirety though? See Resources links above) Perhaps viewing this may reveal exploits
?
Attempted Methods:
OEM Unlock in Android Settings menu: YES! We tried that!
Flashed Chinese images via ODIN. People used PIT (Partition Information Table) files and checked reformat partitions in ODIN and still failed.
Result: Errors during flash process, won't take, "Thread Failed" error
Chinese bootloader is v2 where all US models are v4(? How to determine?)
Convert Chinese ROM to another variant: https://forum.xda-developers.com/android/general/guide-how-to-convert-chinese-roms-based-t3577469
Use CROM app (Chinese phones have this app to unlock their phones):
Result: This app communicates to Samsung servers and ends up writing a flag (kiwibird?) to STEADY partition. US phones dont have this partition so this currently wont work.
Dirty cow exploit - (didnt work) indicated by @Binary100100
Android OS & Everything about it
Engboot kernel write protection seems to be off, so it appears you can use dd to write to normally write protected partitions such as the bootloaders (ex: "dd if=/sdcard/aboot of=/dev/block/sdd10"). In my testing I was successfully "dd" a backed up aboot (secondary bootloader) partition and also write to the modem partition and have it stick @qwewqa
MBN files: Multi boot binary firmware. Mostly used with Samsung, binary data for storing the device's memory partitions, such as the resources and power manager, secondary boot loader, AP boot loader, and trust zone. Can't just edit, need source then compiling creates mbn files? Info: https://www.quora.com/What-is-mbn-file-format-where-is-it-used https://forum.xda-developers.com/showpost.php?p=29787988&postcount=31
Create MBN: https://forum.xda-developers.com/showpost.php?p=28145975&postcount=198 Moreinfo: https://forum.xda-developers.com/showpost.php?p=28149932&postcount=212
Cook custom ROM: https://forum.xda-developers.com/showthread.php?t=901417
Extract mbn files using unyaffsmbn: https://forum.xda-developers.com/showpost.php?p=6303911&postcount=827
How to get existing versions, eg, bootloader version? (Many versions are in Phone->Settings->About device)
Partitions... needed to be modified(?) @qwewqa https://forum.xda-developers.com/tmobile-s7-edge/help/potential-to-unlock-bootloader-t3544220
- rpm (Resource and Power Manager / Primary Bootloader) located at /dev/block/sdd1 (/dev/block/bootdevice/by-name/rpm)
- aboot (AP Bootloader / Secondary Bootloader) located at /dev/block/sdd10 (/dev/block/bootdevice/by-name/aboot)
- xbl (Extended Bootloader) located at /dev/block/sdb1 (/dev/block/bootdevice/by-name/xbl)
- ? located at /dev/block/sdc1
- Sdd1 is the primary bootloader
Boot Process @qwewqa
RPM = Resource and Power Manager = Primary Bootloader
ABoot = AP Bootloader = Secondary Bootloader
I believe the boot process is "RPM > ABoot > boot.img (Main OS)", so both the rpm and aboot file would be needed
Partitions (Correct? via @silentwind827)
https://forum.xda-developers.com/android/general/info-android-device-partitions-basic-t3586565
https://source.android.com/devices/bootloader/partitions-images
http://davinci-michelangelo-os.com/2017/01/22/edit-init-rc-android/
ls -l /dev/block/bootdevice/by-name/
cat /proc/partitions
/dev/block/sda1 => modemst1
/dev/block/sda2 => modemst2
/dev/block/sda3 => fsc
/dev/block/sda4 => ssd
/dev/block/sda5 => persist
/dev/block/sda6 => efs
/dev/block/sda7 => param
/dev/block/sda8 => misc
/dev/block/sda9 => keystore
/dev/block/sda10 => devcfg
/dev/block/sda11 => frp
/dev/block/sda12 => bota
/dev/block/sda13 => fota
/dev/block/sda14 => persistent [edited]
/dev/block/sda15 => apnhlos
/dev/block/sda16 => modem
/dev/block/sda17 => boot (Kernel, RAMdisk, & boot images get flashed here see link above for details)
/dev/block/sda18 => recovery
/dev/block/sda19 => persdata
/dev/block/sda20 => system
/dev/block/sda21 => cache
/dev/block/sda22 => userdata
/dev/block/sdb1 => xbl
/dev/block/sdd1 => rpm
/dev/block/sdd2 => tz
/dev/block/sdd3 => hyp
/dev/block/sdd4 => fsg
/dev/block/sdd5 => sec
/dev/block/sdd6 => pmic
/dev/block/sdd7 => dsp
/dev/block/sdd8 => dip
/dev/block/sdd9 => mdtp
/dev/block/sdd10 => aboot
/dev/block/sdd11 => devinfo
/dev/block/sdd12 => bluetooth
/dev/block/sdd13 => lksecapp
/dev/block/sdd14 => keymaster
/dev/block/sdd15 => cmnlib
/dev/block/sdd16 => cmnlib64
/dev/block/sdd17 => apdp
/dev/block/sdd18 => msadp
/dev/block/sdd19 => dpo
/dev/block/sdd20 => ddr
/dev/block/sdd21 => pad
Restore Stock Methods
(Since we need a way to fix a bricked phone while we're trying to break it!)
Hard bricks likely not restorable though?)
Note: Not all of these methods will work, depending on how bad you bricked your phone.
https://www.androidsage.com/2016/03/...ware-download/
How to Fix a Bootloop: Turn off your device and reboot into recovery mode by press and holding Power + Volume down + Home keys for a few seconds. From the Recovery, select Wipe Data / Factory Reset. Confirm the action and reboot once done. Your device should now boot up.
Samsung Kies & Samsung Smart Switch https://forum.xda-developers.com/galaxy-s7/how-to/guide-revert-to-stock-anytime-kies-t3396314
Stock Files
Stock Files Collection https://forum.xda-developers.com/galaxy-s7/how-to/s7-s7e-stock-rom-bootloader-modem-t3383963
[Collection] Firmware/ROM Full, PIT Files https://forum.xda-developers.com/galaxy-s7/how-to/collection-firmware-rom-pit-files-t3326707
Alternatives to unlocked bootloader
A Quick and Simple Summary list of things to get by until we get custom roms:
[ROM][TMOBILE][S7_SM-G930T][Oreo Rooted]
Use Engineering kernel to get root https://forum.xda-developers.com/tm...eres-how-rooted-nougat-s7-edge-g935t-t3567502 (SOME people complain of lag with the engineering kernel)
Remove bloatware:
Debloater by @gatesjunior (Works on latest Android with root) https://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
Other apps: Titanium Backup, Package Disabler Pro, Root Package Disabler
Freeze these apps: https://forum.xda-developers.com/galaxy-s7/how-to/touchwiz-bloatware-save-to-remove-list-t3330241
Stock ROM Engineering kernel modified, with root (NOT installed traditionally via recovery like TWRP) Ex: https://forum.xda-developers.com/tmobile-s7-edge/development/rom-t3572739 by @jrkruse or https://forum.xda-developers.com/tm...ekx-dev-deodex-systemui-3minit-multi-t3411776 by @TEKHD
xposed not available yet for nougat as of 4/1/2017
kevin712467 said:
Alternatives to unlocked bootloader
A Quick and Simple Summary list of things to get by until we get custom roms:
Use Engineering kernel to get root https://forum.xda-developers.com/tm...eres-how-rooted-nougat-s7-edge-g935t-t3567502 (SOME people complain of lag with the engineering kernel)
Remove bloatware:
Debloater by @gatesjunior (This still work?) https://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
Other apps: Titanium Backup, Package Disabler Pro, Root Package Disabler
Freeze these apps: https://forum.xda-developers.com/galaxy-s7/how-to/touchwiz-bloatware-save-to-remove-list-t3330241
xposed not available yet for nougat as of 4/1/2017
Click to expand...
Click to collapse
Not on the newer versions of Android unless rooted, then it does.
Does anyone know if the phone boots differently when using a)the SD card boot & b)USB jig? Or z3x box? If so, how? (I'm guessing the jig boots the same as button pressing into download mode, but wanted to leave no leaf unturned!) Knowing this might open some doors of vulnerability if it boots differently. All the reading I did about this, I haven't read about anyone trying to flash an image via either of these methods. (I'm assuming & hoping this is even possible & you can actually boot off the SD card, if not at least install via SD) Testers?! (Reference "Flashing -> Ways to Flash" above for details, links.)
can try on your phone 7 edge
kevin712467 said:
Alternatives to unlocked bootloader
A Quick and Simple Summary list of things to get by until we get custom roms:
Use Engineering kernel to get root https://forum.xda-developers.com/tm...eres-how-rooted-nougat-s7-edge-g935t-t3567502 (SOME people complain of lag with the engineering kernel)
Remove bloatware:
Debloater by @gatesjunior (Works on latest Android with root) https://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
Other apps: Titanium Backup, Package Disabler Pro, Root Package Disabler
Freeze these apps: https://forum.xda-developers.com/galaxy-s7/how-to/touchwiz-bloatware-save-to-remove-list-t3330241
Stock ROM Engineering kernel modified, with root (NOT installed traditionally via recovery like TWRP) Ex: https://forum.xda-developers.com/tmobile-s7-edge/development/rom-t3572739 by @jrkruse or https://forum.xda-developers.com/tm...ekx-dev-deodex-systemui-3minit-multi-t3411776 by @TEKHD
xposed not available yet for nougat as of 4/1/2017
Click to expand...
Click to collapse
well ive been reading the BL.mdf file and how ive done it if you delete the mdf extension and etract it as a tar file youll get three files with encryption, some of it is readable i'm studying the code and looking for loop holes. however i have tried flashing the G935F BL file on my G935V and it gives me an device ID not supported error so if we can somehow implant the US models device ID to the G935F BL file we should have an unlocked bootloader. it's just a theory but i believe this would be a great start for us models of the s7 edge.
kenshin6106 said:
well ive been reading the BL.mdf file and how ive done it if you delete the mdf extension and etract it as a tar file youll get three files with encryption, some of it is readable i'm studying the code and looking for loop holes. however i have tried flashing the G935F BL file on my G935V and it gives me an device ID not supported error so if we can somehow implant the US models device ID to the G935F BL file we should have an unlocked bootloader. it's just a theory but i believe this would be a great start for us models of the s7 edge.
Click to expand...
Click to collapse
The 935f bootloader is for exynos, you want to flash the 9350 bootloader. Odds are if you succeeded in flashing the 935f bootloader you'd have a nice shiny paperweight.
kenshin6106 said:
well ive been reading the BL.mdf file and how ive done it if you delete the mdf extension and etract it as a tar file youll get three files with encryption, some of it is readable i'm studying the code and looking for loop holes. however i have tried flashing the G935F BL file on my G935V and it gives me an device ID not supported error so if we can somehow implant the US models device ID to the G935F BL file we should have an unlocked bootloader. it's just a theory but i believe this would be a great start for us models of the s7 edge.
Click to expand...
Click to collapse
Where are you finding a "BL.mdf" file? I'm looking at stock images and see mostly mbn, bin, and img files. Is this an extraction of one of these files, images? Not sure this will help but here they talk about "brushing" (flashing) 'pick and choose' images making a compilation for a full flash (like pick US modem, with chinese bl, etc) & the Chinese are successful using US "pieces"/images despite having a different phone variant https://forum.xda-developers.com/ve...g935v-cross-bootloader-flash-chinese-t3432190 Another possible way could be the opposite of what you're trying: implant the international device ID on our phone so the image can flash without your error. (via engineering kernel possible to change this value, wherever it sits?)
Also, another thought: I wonder if there's a way to modify the PC ODIN tool (or Heimdall since that source is easily available) to add functions to talk to "hidden functions" on ODIN (on the phone) to unlock it that way. Or modify it to turn it more into an interactive console so we can navigate and investigate the phone's ODIN program. Does anyone know if the ODIN source for the phone side has been leaked? If not, any intelligent folks out there know how to 'reveal' all methods so we can go through it and maybe find exploits? (This been done already?)
One more thing: Those thinking the S8 is nearly out now so let's give up... Well, can anyone predict the future like I can?!! I'm SURE it will be locked as well. I wouldn't be surprised however if any exploit we can find for the S7 will be relevant on the S8!
Thanks for the efforts kenshin6106 ! And all the viewers of this thread make sure to hit the "Thanks" button on the bottom right of the developers posts to show your support. Remember, most think this is a dead subject, let's change that mentality!!
Can anyone please indicate what images or partitions are allowed to be downgraded, version-wise (if any)? I'm reading conflicting information - or its hard to tell if the bl rejected it due to a fundamental error or because it will not allow down-reving, whereby it would be possible had an acceptable image been used. eg, I read the bootloader cannot go from ver4 (US) to ver2 (Chinese). I'm not sure what's accurate. And Does ODIN/bootloader allow you to go from Nougat to Marshmellow? Knowing this will help with our unlocking methods...
Any instructions on how to flash g930p to u firmware I get errors
Bump.
I have a rooted SM-G930v using the engineering kernel, but I find the limitations of having a locked bootloader hyper-frustrating. In fact, I started researching which non-samsung android phone will be my next. (Looking at the Huawei P10/P11). I've been trying to use Magisk, TWRP, and a few other tools and have come to the realization that none of these are possible with a locked bootloader. Why is it that the Chinese variants have unlocked bootloaders? Samsung surely didn't make the decision to lock down their devices. It must be the US carriers that insist on locking down their devices and systems so that people can't modify certain apps, systems, and roms. Like bloatware for example. We just can't have nice things.
I wish I had more time to work on this, but I am not very experienced and I would almost rather get a similar device that is easier to root. I will however follow this thread and contribute what I can.
Chiller252 said:
I have a rooted SM-G930v using the engineering kernel, but I find the limitations of having a locked bootloader hyper-frustrating. In fact, I started researching which non-samsung android phone will be my next. (Looking at the Huawei P10/P11). I've been trying to use Magisk, TWRP, and a few other tools and have come to the realization that none of these are possible with a locked bootloader. Why is it that the Chinese variants have unlocked bootloaders? Samsung surely didn't make the decision to lock down their devices. It must be the US carriers that insist on locking down their devices and systems so that people can't modify certain apps, systems, and roms. Like bloatware for example. We just can't have nice things.
I wish I had more time to work on this, but I am not very experienced and I would almost rather get a similar device that is easier to root. I will however follow this thread and contribute what I can.
Click to expand...
Click to collapse
Check out this thread - https://forum.xda-developers.com/s7...heoretical-variant-bootloader-unlock-t3627286
We need testers!!