Related
UPDATE:
Just thougth I'd update this for anyone who stumbles on this thread in the future.
While everything about the phone from the outside and most of the stuff shown by Device Info indicated it was in fact a T999, apparently it did have an SGH-i747 bootloader. I overwrote that bootloader with an SGH-T999 bootloader, and hardbricked it.
So don't do that.
Talked to a JTAG-er who said that if the download screen says SGH-i747, it has an i747 motherboard.
Word of caution to others who end up with a refurb frankenphone.
I need some help understanding some things here. I'm a bit of a noob when it comes to this android stuff, though I have rooted my Nook once (then unrooted it) and I made an SD card for it with CM7 on it. And I have worked in IT since 1988 and have been a SysAdmin for at least half that time. So I do get most computer-related concepts and I've flashed firmware on everything from disk subsytems to my DSLR.
So here's my story:
I ordered an unlocked, refurbished Galaxy S3 off of Amazon. It's an SGH-T999 from T-Mobile, and T-Mobile is my carrier.
I noted something was awry when it wouldn't register to update. I also notice it doesn't have the wifi calling feature under settings, which it should have if it were stock. And that's a feature I used with my old HTC G2 a lot.
So I've been pouring over this forum for a few days trying to figure out what's up and what I should do to make it do what I want it to.
It has SuperSU on it, and the phone's status is "Modified". It's running 4.1.2, and the build is T999UVMD5-chag-multi-vT (it also lists a baseband version of T999UVDMD5 ... I'm guessing that's the modem version)
I assumed it was rooted because it has SuperSU on it, so I bought Mobile Odin to see if it would even run. It says it wants root (no shock there, but I thought I had it).
SuperSU says the binaries need updating, but it won't update them (it tries and says it failed). There's no SuperUser under "Settings", so I can't enable it.... so I'm starting to think it was rooted, flashed, then unrooted. Though the RootValidator app says I "might" have root since it was denied access. But SuperSu doesn't work right so I can't grant it SU permissions.
So first, I need help with a theory of the state of the phone. Frankly, it works great the way it is except I don't have the T-Mobile WiFi calling feature, which I'd really like. It DOES let me use the hotspot without an extra hotspot plan. Which is very cool (I don't use it much, but I like the option).
I've seen there's a 4.3 build out there based on the T999 that doesn't have Knox ... which I'm assuming is good from what I've read as far as being able to and keep root and control the hotspot feature. But I don't really know.
I've considered going back to an earlier stock version and letting it update OTA or via Kies, but then I'm afraid it might get certain things (like hotspot) disabled by the carrier. I'd really like to keep that feature.
But first ... how do I figure out if I have root on the phone already? I'm getting conflicting info.
Perhaps there is some kind knowledgeable soul who can help me find my way.
Much appreciated if anyone can help.
It was probably rooted and then the root was lost somehow.
Just flash it with the non knox 4.3 rom from mrrobinson.
you can revert back to the latest stock firmware with only root injected\implemented into it. you'll have all the stock features(and bloat, which you can remove, since you'll have root access, using an app like titaniumbackup.
download the firmware in this thread:
http://forum.xda-developers.com/showthread.php?t=1949687
you want the latest official pre-rooted firmware(listed below), where it says T999. make sure it's for T999, and NOT T999L!
T999_UVUEMJC
Official JB Firmware - Latest JB 4.3 Firmware
and you'll need Odin for PC, to flash the firmware:
http://www.androidfilehost.com/?fid=9390275921635705049
follow these instructions on how to flash, starting from "Second"
http://forum.xda-developers.com/showthread.php?t=1771687
Thanks guys.
Got Odin. Watched a good root video. Now to download the ROM I want. 4.3 sounds intriguing, as long as it still has WiFi calling.
I'll go read that thread. I can be taught, but sometimes I need help finding where to start.
flipster64 said:
Thanks guys.
Got Odin. Watched a good root video. Now to download the ROM I want. 4.3 sounds intriguing, as long as it still has WiFi calling.
I'll go read that thread. I can be taught, but sometimes I need help finding where to start.
Click to expand...
Click to collapse
4.3 absolutely has WiFi calling. that's a T-Mobile feature that will always remain on the OTA(over the air) updates, unless they decide to do away with that technology. there were many changes made from 4.1.x to 4.3. by the way, to disable the wi-fi from always scanning in 4.3, you have to turn off\uncheck the option in Settings > Wi-Fi > press "Menu" > Advanced > "Always allow scanning", when you do the update.
4.3 features, as per wiki;
Bluetooth low energy support.[112]
Bluetooth Audio/Video Remote Control Profile (AVRCP) 1.3 support
OpenGL ES 3.0 support, allowing for improved game graphics[112]
Restricted access mode for new user profiles[112]
Filesystem write performance improvement by running fstrim command while device is idle[113]
Dial pad auto-complete in the Phone application[112]
Improvements to Photo Sphere[114]
Reworked camera UI, previously introduced on Google Play edition phones[115]
Addition of "App Ops", a fine-grained application permissions control system (hidden by default)[116]
4K resolution support[117]
Many security enhancements, performance enhancements, and bug fixes[118]
System-level support for geofencing and Wi-Fi scanning APIs
Background Wi-Fi location still runs even when Wi-Fi is turned off
Developer logging and analyzing enhancements
Added support for five more languages
Improved digital rights management (DRM) APIs
Right-to-left (RTL) languages now supported[112]
Clock in the status bar disappears if clock is selected as lockscreen widget
http://en.wikipedia.org/wiki/Jelly_Bean_(operating_system)#Jelly-Bean
Ok, there's one thing holding me back now. I've read a few things about different modem (baseband) flashes, and that I might have to flash a different modem onto my Galaxy S3 SGH-T999 for this to work. I note that my current baseband is T999UVDMD5 which matches the stock image name for 4.1.2 (which is also my current OS version) but the name of the stock image for 4.3 is T999UVUEMJC ... which would suggest to me that this is different modem firmware. Or do I not need to worry because the modem is included in the 4.3 firmware tar file? I have a hunch the latter is the case because it isn't mentioned on that HOWTO page but I really want all my ducks in a row to minimize my chances of bricking or losing data.
T-Mobile Image
November 2013 - 4.3 JellyBean - New!
Note: This is based off of the stock image TMO T999UVUEMJC
Do not flash a prior release after flashing this, it has been reported to cause bricks, read the thread for more information.
Perm Mirror: Download - root66_TMO_T999UVUEMJC_2.7z
April 2013 - 4.1.2 JellyBean
Note: This is based off of the stock image TMO T999UVDMD5
Perm Mirror: Download - root66_TMO_T999UVDMD5.7z
Incidentally, I've been looking for a good primer page like this ... this is excellent.
Ok... modem is basically firmware, from what I'm reading.
I've tried to download the root66_TMO_T999UVUEMJC.tar to the phone using Odin, but I'm getting a secure check fail sbl2 error when I do. Not finding any information on why that might be.
It is a bit strange to me that when I boot into the recovery mode it's telling me it's an i747, though the sticker and the "about" in the os say SGH-T999... but they may be the same thing for all intents and purposes.
I CAN transfer the file to the SD card using Kies, and I have, but it doesn't show up as an option to load from external storage, and I'm guessing the Odin connection and settings do something special to cause the flash to be available and work in the first place.
So ... have we seen a secure check fail sbl2 before, and do we know what it means? I'm going to keep looking but I've had no luck so far.
Well no good luck anyway.
Here's what Odin is telling me on the PC side
<ID:0/009> Added!!
<ID:0/009> Odin v.3 engine (ID:9)..
<ID:0/009> File analysis..
<ID:0/009> SetupConnection..
<ID:0/009> Initialzation..
<ID:0/009> Get PIT for mapping..
<ID:0/009> Firmware update start..
<ID:0/009> sbl2.mbn
<ID:0/009> NAND Write Start!!
<ID:0/009>
<ID:0/009> Complete(Write) operation failed.
<OSM> All threads completed. (succeed 0 / failed 1)
Yeah ... this is where I'm stuck. Odin won't flash that de-knoxed 4.3 tar from DocHoliday. It did let me flash Clockwork Mod and I can get into that and back things up, and I was able to add the SuperSU zip (but I don't see the SU program after it boots so I don't think I actually have root.) It's weird.
I read on one forum I might have to flash an alternate recovery onto it to get it to work. I have it downloaded but I'm a little leery of that until I understand the possible implications. I noticed last time I looked at the recovery console it says the counter's up to 3 (after CM... it was at 2 when I bought the thing) and then there's something about Qualcomm Secureboot being set to Enable, but I can't tell if that's good or bad from reading posts on it. My phone didn't come with a warranty so I'm not terribly concerned with tripping the counter (though it would be cool to reset it at some point, it's not a priority at all).
Anyway, I'm still trying to learn more about what all this means before I proceed.
I have visions of bootloaders and img files and tar files and zip files flying around my head. Meantime I'm still on 4.1.2, apparently a de-bloated T-Mobile build with no wifi calling.
It sounds like Odin might be falling due to your phone having an att build.prop. If you are sure it is an sgh-t999, want to keep root, and have the know how, you can make this process a lot easier by updating your firmware to the last one before the 4.3 update (otherwise you will be stuck with Knox). Afterward update your recovery and flash a more current touchwiz ROM.
Make sure to read the entire OP of these threads and flash in recovery.
To update your firmware without having to use Odin, read the following thread:
http://forum.xda-developers.com/showthread.php?t=2282603
There is a few options when it comes to choosing a custom recovery. I'm currently using Philz. If you get Philz, make sure to get the d2lte version. The thread for Philz recovery is below:
http://forum.xda-developers.com/showthread.php?t=2201860
Sent from my SGH-T999 using Tapatalk
When put the phone in download mode it says product name is SGH-i747 ... but I've never seen another SGH-T999, so for all I know they all say this. Is this why you're thinking it has an ATT build.prop? It does have the T-Mobile logo when starting up and shutting down. I can go read more on that. I wonder if there's an Android OS for dummies book.... I've been working with DOS, Windows, & Linux for decades, it can't be THAT hard to understand.
I need to get comfortable doing CM backup and restore. Yeah, you're right, I don't want Knox -- but there is a de-knoxed 4.3 build out there on the forum which is what I intend to flash when I finally get to a point where Odin will let me flash it. Or I see you've linked some threads that talk about other ways.
I'll go read those threads you linked and see what I can absorb from them. Thanks!
flipster64 said:
When put the phone in download mode it says product name is SGH-i747 ... but I've never seen another SGH-T999, so for all I know they all say this. Is this why you're thinking it has an ATT build.prop? It does have the T-Mobile logo when starting up and shutting down. I can go read more on that. I wonder if there's an Android OS for dummies book.... I've been working with DOS, Windows, & Linux for decades, it can't be THAT hard to understand.
I need to get comfortable doing CM backup and restore. Yeah, you're right, I don't want Knox -- but there is a de-knoxed 4.3 build out there on the forum which is what I intend to flash when I finally get to a point where Odin will let me flash it. Or I see you've linked some threads that talk about other ways.
I'll go read those threads you linked and see what I can absorb from them. Thanks!
Click to expand...
Click to collapse
Most T-Mobile and AT&T s3 ROMs are cross compatible. It sounds like it is a sgh-t999. If it has an AT&T ROM on it, that would make ODIN throw out errors (to prevent bricking your phone) until you have your build.prop identity the device as an sgh-t999.
Sent from my SGH-T999 using Tapatalk
Oh, man. The road blocks. They are legion. And sometimes circular
I've tried updating the bootloader (from CM v6.0.3.1) as described here:
http://forum.xda-developers.com/showthread.php?t=2282603
But CWM aborts the installation:
Finding update package
Opening update package
Installing update
assert failed: getprop(ro.product.device) == "dttmo" || getprop("ro.build.product") == "d2tmo"
error in external/sd/T999_UVDMD5_firmware_v4.zip
(Status 7)
Installation aborted.
Which I figured has something to do with what it's finding in build.prop as mentioned above. Except I just looked in my build prop, and it says it's an SGH-T999 made by samsung.
ro.build.product.model=SGH-T999
ro.product.brand=samsung
But then it says that ro.product.model is obsolete, and to use ro.product.device ... which looks like it's set to ... canada? ro.product.device=d2can
Which certainly doesn't match dttmo or d2tmo.
So ... edit the build.prop file, then?
I downloaded an editor to do it. It does whine about not being able to open /storage/sdcard0/buildprop.tmp, not sure if that's going to be an issue. I "re-rooted" with CWM_SuperUserv3.0.7 so I can now use root explorer again (which is how I looked at the build.prop file) ...
At that point I guess I'd flash the radio/bootloader above, reboot to Odin mode, and try the Knox-Free 4.3 flash again?
Any red flags going up?
flipster64 said:
Oh, man. The road blocks. They are legion. And sometimes circular
I've tried updating the bootloader (from CM v6.0.3.1) as described here:
http://forum.xda-developers.com/showthread.php?t=2282603
But CWM aborts the installation:
Finding update package
Opening update package
Installing update
assert failed: getprop(ro.product.device) == "dttmo" || getprop("ro.build.product") == "d2tmo"
error in external/sd/T999_UVDMD5_firmware_v4.zip
(Status 7)
Installation aborted.
Which I figured has something to do with what it's finding in build.prop as mentioned above. Except I just looked in my build prop, and it says it's an SGH-T999 made by samsung.
ro.build.product.model=SGH-T999
ro.product.brand=samsung
But then it says that ro.product.model is obsolete, and to use ro.product.device ... which looks like it's set to ... canada? ro.product.device=d2can
Which certainly doesn't match dttmo or d2tmo.
So ... edit the build.prop file, then?
I downloaded an editor to do it. It does whine about not being able to open /storage/sdcard0/buildprop.tmp, not sure if that's going to be an issue. I "re-rooted" with CWM_SuperUserv3.0.7 so I can now use root explorer again (which is how I looked at the build.prop file) ...
At that point I guess I'd flash the radio/bootloader above, reboot to Odin mode, and try the Knox-Free 4.3 flash again?
Any red flags going up?
Click to expand...
Click to collapse
I'd highly recommend updating your recovery before doing much. Once you do that, try flashing the bootloader and the 4.3 ROM.The only red flag would be if you plan to use Odin since it is identifying as a different phone due to the build.prop.
Also, it sounds like the previous owner messed up when they modified the build.prop. You really shouldn't need to worry about editing it if you plan to switch ROMs since any new ROM is going to replace it anyways.
Sent from my SAMSUNG-SGH-T999 using Tapatalk
By recovery I think I understand you're saying the latest version of CM ... which I see for my phone is 6.0.4.5 (SGS3 T-Mobile).
I am also reading I can flash a ROM with CM, though all of the ROMs I've seen so far (including the one I want to use) are .tar files and I think CM uses zips.
I don't suppose you can just un-tar the ROM and zip it ... can't be that easy ... can it?
Right, you will need to either update CWM or change to a different recovery such as TWRP or Philz (Philz is based on CWM but has a lot more features.
You're right. Most ROMs are installed/flashed in a custom recovery in ZIP format rather than Odin. Making an Odin package compatible with recovery isn't nearly as simple as unpacking a .tar file and zipping it.
You can find a lot of ROM options that are possible to flash in the development section of this board.
Sent from my SAMSUNG-SGH-T999 using Tapatalk
I've updated to Philz CM 6.07.9.
My modem is already T999UVDMD5 ... if I flash the update in this thread (http://forum.xda-developers.com/showthread.php?t=2282603) I'm guessing it will overwrite CM and put the stock recovery back. So I decided to skip that part and try the update again.
I'm getting this here...
<ID:0/006> Added!!
<ID:0/006> Odin v.3 engine (ID:6)..
<ID:0/006> File analysis..
<ID:0/006> SetupConnection..
<ID:0/006> Initialzation..
<ID:0/006> Get PIT for mapping..
<ID:0/006> Firmware update start..
<ID:0/006> sbl2.mbn
<ID:0/006> NAND Write Start!!
<ID:0/006> FAIL! (Auth)
<OSM> All threads completed. (succeed 0 / failed 1)
I have root ... I can go in and look at build.prop and edit it, but it won't let me save it.
I guess I need to find a different way to flash.
Well, I THOUGHT my bootloader must be locked.
But I'm unsure now ... I mean ... I'm rooted. I can flash stuff with Philz Custom CWTouch ...
It's that FAIL! (Auth) that's getting me.
flipster64 said:
Well, I THOUGHT my bootloader must be locked.
But I'm unsure now ... I mean ... I'm rooted. I can flash stuff with Philz Custom CWTouch ...
It's that FAIL! (Auth) that's getting me.
Click to expand...
Click to collapse
Odin will continue to fail until your build.prop is fixed. Really, all you need to do is pick a custom ROM from these forums and flash using Philz. Afterward, you should be back in order. Just make sure you follow the instructions in the ROM's thread and also make sure the ROM is for the t999
Sent from my SAMSUNG-SGH-T999 using Tapatalk
So there are custom roms that are zips instead of .tars on this forum, then?
Or Can Philz flash a .tar?
I'll look for a custom rom zip out there for my phone.
I'm having some trouble flashing 4.1.1 on a 4.1.2 phone. I was linked to this site and grabbed the 4.1.1 firmware from there. I've tried both Odin 3.07 and 3.09 but I get a "complete(write) operation failed" error with both.
What's odd is this device is most assuredly an i747, yet on the phone's screen in Download Mode the Device Name field shows T999 for some reason. Might that have something to do with this failure to flash?
I was able to successfully flash a file earlier that rooted the device, successfully from the looks of it. SuperSU seems to be working fine.
Any ideas on how I can get this flashed so I can unlock the phone for use on Smart Talk?
Edit: After doing a factory reset from recovery I now get this from Odin:
<ID:0/004> Odin v.3 engine (ID:4)..
<ID:0/004> File analysis..
<ID:0/004> SetupConnection..
<ID:0/004> Initialzation..
<ID:0/004> Get PIT for mapping..
<ID:0/004> Firmware update start..
<ID:0/004> aboot.mbn
<ID:0/004> NAND Write Start!!
<ID:0/004> FAIL! (Auth)
<OSM> All threads completed. (succeed 0 / failed 1)
Looks like there is a bootloader mismatch that it's causing the write failure.
audit13 said:
Looks like there is a bootloader mismatch that it's causing the write failure.
Click to expand...
Click to collapse
Audit, could it be that it's got the BL for T999 which is what's causing the errors? However, wouldn't that have been likely to cause a soft brick in the first instance unless the rest of the system is compatible? I guess he could check system information under Settings to see if this really has i747 firmware or someone's previously successfully "changed" it to a T-Mob phone. Not sure that's possible but I was just thinking ... perhaps a previous J-Tag operation especially if it was purchased in the secondary market.
Larry2999 said:
Audit, coup as t be that it's got the BL for T999 which is what's causing the errors? However, wouldn't that have been likely to cause a soft brick in the first instance unless the rest of the system is compatible? I guess he could check system information under Settings to see if this really has i747 firmware or someone's previously successfully "changed" it to a T-Mob phone. Not sure that's possible but I was just thinking ... perhaps a previous J-Tag operation especially if it was purchased in the secondary market.
Click to expand...
Click to collapse
It was purchased as a refurb. Everything under System Setting - About Phone shows up as i747. Completely stuck at this point.
Edit: I just installed an app called Info that shows all relevant build information.
Bootloader version shows as T999UVDMD5
Model is SGH-I747
Build ID I747SEMC1
How can I fix this mismatch?
Headcase_Fargone said:
It was purchased as a refurb. Everything under System Setting - About Phone shows up as i747. Completely stuck at this point.
Edit: I just installed an app called Info that shows all relevant build information.
Bootloader version shows as T999UVDMD5
Model is SGH-I747
Build ID I747SEMC1
How can I fix this mismatch?
Click to expand...
Click to collapse
That would explain it then. Thankfully T999UVDMD5 would appear to be the Bootloader for the T-Mob version running Android 4.1.2 (and not the inflexible 4.3). Have you tried flashing the 4.1.2 bootloader via recovery or, if you are feeling adventurous, the 4.1.1 version? You may find both via the links below ...
(http://www.androidfilehost.com/?fid=23269279319197288)
http://www.androidfilehost.com/?fid=23269279319197287
See also previous thread on updating bootloaders (http://forum.xda-developers.com/showthread.php?t=2321310)
Larry2999 said:
That would explain it then. Thankfully T999UVDMD5 would appear to be the Bootloader for the T-Mob version running Android 4.1.2 (and not the inflexible 4.3). Have you tried flashing the 4.1.2 bootloader via recovery or, if you are feeling adventurous, the 4.1.1 version? You may find both via the links below ...
(http://www.androidfilehost.com/?fid=23269279319197288)
http://www.androidfilehost.com/?fid=23269279319197287
See also previous thread on updating bootloaders (http://forum.xda-developers.com/showthread.php?t=2321310)
Click to expand...
Click to collapse
Tried flashing the first one from stock recovery and got:
Verifying update package...
E:signature verification failed
Installation aborted
I read somewhere that this happens when trying to flash a non-signed file in stock recovery so I installed Clockwork recovery and tried flashing both of those files. They both yield this error:
E:Error in (file path and name)
(Status 7)
Installation aborted.
Tried flashing via TWRP and get:
E:Error executing updater binary in zip (file path and name)
Updating partition details...
Failed
So apparently this phone is already unlocked. Never bought a refurbished phone before so didn't even think to try before unlocking it.
So I guess I don't need to downgrade to 4.1.1 afterall. Where does that leave me? I still have this mismatched bootloader (for the T999 model).
Am I okay to just try flashing a recent ROM like AOKP 4.4?
Headcase_Fargone said:
So apparently this phone is already unlocked. Never bought a refurbished phone before so didn't even think to try before unlocking it.
So I guess I don't need to downgrade to 4.1.1 afterall. Where does that leave me? I still have this mismatched bootloader (for the T999 model).
Am I okay to just try flashing a recent ROM like AOKP 4.4?
Click to expand...
Click to collapse
Looks like we learn all the time. I didn't know you could install a bootloader for one system on another system and still get it to work. Thankfully your phone is unlocked. If the phone is working normally, your best option may be to leave it that way for now although, as we've seen, this could seriously limit firmware upgrade possibilities. It's doubtful whether flashing a custom ROM would help because even custom ROMs don't have their own bootloaders and still have to rely on the manufacturer's bootloader to run. A custom ROM would, therefore, probably leave things the way they are with the bootloader. I'm sure there would be a way to get this done. We just have to research a little bit more.
Maybe, now the phone is unlocked and you probably don't need the lower firmware anymore, you may try updating to 4.3 JB. At this stage, you really have nothing to lose so it may be worth trying.
Hello why you want to downgrad maaaaaaaaad
Sent from my GT-S7500 using xda app-developers app
laith al shishani said:
Hello why you want to downgrad maaaaaaaaad
Sent from my GT-S7500 using xda app-developers app
Click to expand...
Click to collapse
Just wanted to downgrade in order to unlock, but it appears to already be unlocked so that's no longer necessary.
Larry2999 said:
Looks like we learn all the time. I didn't know you could install a bootloader for one system on another system and still get it to work. Thankfully your phone is unlocked. If the phone is working normally, your best option may be to leave it that way for now although, as we've seen, this could seriously limit firmware upgrade possibilities. It's doubtful whether flashing a custom ROM would help because even custom ROMs don't have their own bootloaders and still have to rely on the manufacturer's bootloader to run. A custom ROM would, therefore, probably leave things the way they are with the bootloader. I'm sure there would be a way to get this done. We just have to research a little bit more.
Maybe, now the phone is unlocked and you probably don't need the lower firmware anymore, you may try updating to 4.3 JB. At this stage, you really have nothing to lose so it may be worth trying.
Click to expand...
Click to collapse
So just try flashing AOKP or CM or something via TWRP? Don't the newer ROMs require an updated bootloader?
Edit: Got impatient and tried flashing Cyanogenmod. I used the CM Windows installer to minimize any chances of me screwing up the process. Followed the instructions, installer said installation complete, successfully installed, etc. All it did was do a factory reset. Touchwiz 4.1.2 is still on there.
I'm just curious if any one has tried to reload the n910vvu2bog5 and not have an issue doing so like tripping knox. Then pick apart this version and others and try to remove those patches that is if it's possible. possibly reverse engineer the firmware, I know one can with apps I'm just not 100% sure if you can do that with firmware. I'm kind of new with firmwares.
I've seen some talk about issues downgrading to BOAF firmware... which in turn allows you to downgrade to 4.4.4 ANJ5. The problem as you pointed out is the booloader and KNOX. Both the BOAF and BOG5 firmware have their respective bootloaders as part of the images. aboot.mbn and sbl1.mbn. I'm curious about removing those files from the BOAF firmware and attempting to downgrade. I know that will leave the current locked bootloader in tact, but I'm not sure if it will function properly. Maybe someone can "edit" the mbn files and get past the "lock" and essentially unlock the bootloader.
Yeah that's what I'm going after
Disregard. Only will work for phones prior to having knox
** STOP & DO NOT **
Pass Go (... or collect 200 dollars ...)
Attempt this without reading the first page entirely at least
Attempt this without knowledge of how to recover from softbrick status
Flash any non official Firmware if you're banking on a warranty claim later {It may or may not work}
Post in this thread, any super negativity, disbelief, or naysaying.
Blame any Project/Thread contributor(s) for what YOU did, when YOU flashed your device. Please, no one forced you to press start in ODIN.
Preface
*****
[FOR THE LATEST UPDATE: GO TO POST #185 for the next steps towards rev 4/5 bootloaders.]
https://forum.xda-developers.com/showpost.php?p=79764173&postcount=185
Bootloader v3 and v4 devices currently on MM or Nougat can use the Factory Binary for their particular bootloader version in order to install a 5.1.1 based ROM that can have an untethered full root. To downgrade back to 5.1.1 use the combination firmware available for your bootloader revision. From there you CAN root 5.1.1 un-tethered.
** I do believe using the Binary 5 Combination Firmware, you can still root using the method for the v4 Bootloader, if you don't mind downgrading back to 5.1.1 and being on the combination firmware.
** I still haven't got a root method for fully rooting 6.0.1, or rooting 7.0 at all. These root methods will have your device ending up on a 5.1.1 build of Android.
For rooting Bootloader v4, please see @droidvoider 's Post #110, Post #110
Since there have been many threads scattered throughout the N920A forums about how to root 6.0.1/5.1.1, and how to downgrade the AT&T Galaxy Note 5 MM Builds back to LL builds, I've decided to collect up all the information I've had time to gather. This thread pertains to downgrading marshmallow builds to lollipop builds, and it covers gaining a tethered root system. What I am also going to cover is what I've discovered about the Factory Binary Firmware for this device. This includes what I call the Eng Modem & Eng Sboot, and how the PB2 Eng Kernel can be used with all three of the above.
Throughout all of my testing on the device, I have never once tripped my KNOX counter. The warranty remained valid on the device and it has been persistently rooted.
@TechNyne66 has outlined {proven} instructions for attaining a Tethered Root. I know there are already a few threads circulating the forum here about Root Status & Progress of the Note 5, and I hate just adding one more to the mix, but this isn't meant to be a general discussion thread.
I spent a lot of time reading over the last two years about the Exynos7420 SoC and I am always trying to learn more than high level google searches can give to me. There are a lot of hardware level topics involved I need more information on, hopefully the devs on XDA with this kind of knowledge would contact me. Because google does not always have the answers we search for when it comes to mobile hardware. It is in the minds of the devs here, and not always posted publicly. Not everyone in the world who wants the abilities granted by root access, is ready/able to deal with the potential hazards and security risks to their Device & Personal Lives. But they never will be ready, if we cannot study what those risks are in the first place.
Just remember, there is a reason things like SuperSu exist in the first place. Without a method to manage access to root privelages by installed apps, you'd be using an Open Source Universal Remote that knows everything about you, its surrounding environment, and knows how to manipulate said data. Given the nature of the Exynos7420's 64bit Architecture, all known variants of the SM-G920, SM-G925, and SM-N920 should theoretically be able to run or boot any code we could ever write for a computing device. We have the build-tools. It's just a matter of using a specific version of a particular tool depending on the timing & current context. Ideally.
My Device Results
*****
The firmware that was initially installed on my particular AT&T Note 5 when I first got it, was the August 1st 2016 build "UCS3BPH4". I have the Full ODIN Package, as well as the OTA.zip that upgrades PE6 to PH4. I also have the OTA.zip for upgrading PB2 to PE5.
I really need, if anyone has some, any unreleased official OTA updates for adb instead of just all ODIN files. I'd also like some advice on how examine how the bootloader loads a kernel, and what it looks for when it does. The update chain of OTAs to the PE5 build would be great. The N920A is odd in the sense that AT&T released two different update paths for their devices. Some devices ended up on the left path, and some on the right path.
When I flashed the Unlocked PH4 Modem, my device became carrier unlocked and opened the APN Editor. I consider it an Eng Modem.
When I flashed the Eng PH1 Sboot.bin from the Factory Binary and the Eng PB2 Kernel, I became able to Flash+Root a Lollipop Build that would stick on rebooting. Using a device with a Version 3 Bootloader. If there are other ways to downgrade to lollipop from marshmallow without using the Eng Sboot, please tell me.
I'm not trying to say at this point that the 3APH1 Firmware is actually a real eng binary like they found for the S8. But the system image on the firmware does have some interesting tidbits I haven't seen in any other Factory Binary I've messed with. It's more than normal.
If you cannot find any of the items I'm referring to in the links below. PM Me.
*****
What I understand about 3BPH4
Included Files in Full ODIN Package:
AP_N920AUCS3BPH4_CL7563702_QB10603229_REV00_user_low_ship.tar.md5
BL_N920AUCS3BPH4_CL7563702_QB10603229_REV00_user_low_ship.tar.md5
CP_N920AUCS3BPH4_CL7563702_QB10603229_REV00_user_low_ship.tar.md5
CSC_ATT_N920AATT3BPH4_CL7563702_QB10603229_REV00_user_low_ship.tar.md5
NOBLELTE_USA_ATT.pit
If I remember reading correctly, ODIN FW whose CSC file does not include a 'hidden.img' in their Cache.img are technically Unbranded ROMs. If this is still true today, then this firmware minus CSC is actually unbranded but uses the AT&T multi-cert CSC. Unless I didn't look hard enough, I did not find a hidden.img when I used CacheRipper to unpack the Cache.img -- I don't remember what post I read this in, I read many threads all the time, I can't confirm at this moment this assumption still holds in modern builds or this device series. Still testing other theories.
I'm not sure about other N920a's, but I have a multi-CSC cert on the device, meaning it should be able to accept any firmware compatible within the same series. At least that's how I remember it being. Same goes for my VZW S5 & S6 Edge. -- I don't know how common Multi-CSC certs are still. I honestly can't remember NOT having a Multi-CSC on any of the Samsung Devices I've owned. Mine all have them. I just have some intuitive feeling the Multi-CSC is basically a requirement for Unlocking.
I have successfully downgraded the AP file many times to earlier builds by flashing the AP by itself. I have successfully done a full cold boot after downgrading the PH4 AP file to PB2, OJ1, and OGG. I successfully flashed the PE6 AP file as well.
I have successfully downgraded the CSC file many times when downgrading the AP file as well. I cannot remember at this moment if I had success downgrading the CSC by flashing only the earlier FW CSC file. The One time I can remember, I flashed only the '.PIT' file included with PH4 & the CSC file of the earlier FW. I do know that I've downgraded the AP file and not the CSC with no errors. I have NOT yet tried to downgrade the CSC file by itself to an earlier version than the Installed AP. -- It remains to be tested in more detail how the AP File and PIT File affect the flashing of a different CSC.
The PH build series is the first publicly available FW for the N920A to use a Level 3 Bootloader Binary. I notice this change from Binary 2 to Binary 3 on most devices going from 5.1.1/6.0 to 6.0.1 Builds on Samsung Devices. With the Exception of Verizon, who has been using a Level 4 Bootloader Binary for quite some time, most Carriers are just now getting around to Level 3 Binaries in their Firmware. Leading many people to believe it is completely locked to a level 3 and can never boot anything designed for an earlier binary. -- While I have so far not been able to test a method for fully downgrading all parts of the BL File from Binary 3 to Revision 1 or 2, a Revision 3 bootloader can still boot a Binary 2 ROM. Although I'm told it is possible to fully downgrade all parts of the PH4 bootloader to an earlier version, but have not successfully done so.
I have successfully downgraded the 3BPH4 sboot.bin included within the BL File of the Full ODIN Package. I did it by packaging the earlier sboot.bin into a tar by itself and flashing in the BL slot of ODIN (3.10.6). Anytime I try to flash a full revision 2 bootloader it quite expectedly fails the flash at param.bin. It trips the alarm in Download Mode by stating the error Binary 2 Device 3. In my successes here, Download Mode still showed Official Device Status, Valid KNOX Bit/Warranty Status, Passing DM-Verity Verification. In all my flashes thus far I've never tripped KNOX. Once, the device status changed from Official to Custom, but KNOX was still showing valid. It wouldn't boot due to an error about invalid kernel length, but everything was valid status under the hood. -- The two downgrades I'm referring to, are the downgrades from
N920AUCS3BPH4 sboot -> N920AUCU3APH1 engsboot
Using the Bootloader from the Factory Binary, we can downgrade from Android 6.0.1 to 5.1.1. I also have the N920C_XXU3API1_ENGSBOOT, but ODIN wouldn't even start to flash it before failing. I don't have the param.bin or cm.bin for either of the ENGSBOOT files. If they even exist publicly or privately.
N920AUCS3BPH4 sboot -> N920AUCU2APB2 sboot
Like I mentioned above, I downgraded the sboot from a binary 3 to a binary 2, by flashing only the sboot.bin and not trying to downgrade the param.bin or cm.bin. But I think having the stock PH4 param.bin & cm.bin could be what is leading to a couple roadblocks. While the flash to PB2 sboot went off without a hitch, and did successfully do a full boot, it only lasted for about 20 minutes. When more tests caused it to stick in a bootloop to prevent itself from tripping the KNOX warranty bit due to invalid kernel length causing failed boot. This is also the only time in all my tests that my Device changed from Official to Custom status. Reflashing the Full PH4 package returned everything back to Stock. I also flashed Systemless Root (Which worked btw! But Verity Caught it, hence why the session lasted only 20 minutes or so) during this test session which could have also done it potentially.
My Best experience flashing most of the files I've tried successfully, came from using ODIN v3.10.6, and it does not seem to be a standard ODIN. Instead of just Odin3.exe & Odin3.ini, these are the files that came bundled inside the Odin zip:
Odin Downloader Release Notes.xlsx
Odin3 v3.10.6.exe
Odin3.ini
S1PlugIn.bundle_141117.zip
SS_DL.dll
But it seems like this version of ODIN has some kind of FTP mode within it for grabbing something I have no idea at this moment. So insights from someone smarter than me would be nice. I think FTP mode was enabled by connecting the Device to odin, while in RNDIS USB Mode. If not, I know that connecting to ODIN in that connection mode did something odd in one of the ODIN versions I have. ALSO, what are all the modded versions running around supposed to be used for exactly? And how were they modded? Often times they fail to flash simple things this v3.10.6 flashes successfully without blinking.[/color]
*** *** ***
Rooting/Downgrading Files Involved
I.Note5 Online Repo - https://drive.google.com/folderview?id=0B4PoJYLnmv1BNzY2OXB3QlFfcVk
** This is the folder where I'm keeping all files referenced here + other N920A related material.
II. Binary 3 Lollipop Bootloader (N920AUCU3APH1 sboot.bin, FRP eng Bootloader) - https://drive.google.com/folderview?id=0B4PoJYLnmv1BQ19qeVFUd2cxaWM
** This sboot can be flashed overtop of the Stock PH4 sboot.bin and IT WILL NOT trip KNOX. This is the only "binary 3" bootloader for our device I've found that will boot 5.1.1 based ROM's or Kernels. Using this bootloader, you can flash 5.1.1 based ODIN AP Firmware Files (ROMS) & continue to have Official Device status for Warranty/KNOX Purposes.
III. 2APB2 Lollipop Eng Kernel - https://drive.google.com/folderview?id=0B4PoJYLnmv1BQVBfQUdYeE5IR1U
** This is a 5.1.1 based, rooted kernel. As far as I know this is a leaked Engineering Kernel from the 2APB2 build. Flashing this Kernel and the PH1 eng sboot, overtop of Stock PH4, gives access to an ADB Root Shell during the bootloop/failure. Flashing this kernel overtop of a stock LL based Kernel allows a bootable rooted system.
IV. Metalcated g920a 5.1.1 Root v4 -
** This is Metalcated's Root Method for the Galaxy S6. This zip is used for the Root-Install & Root-Boot script files. The Root-Install command should be ran once the PB2 Kernel has been flashed and successfully rebooted the first time. Afterwards, the Root-Boot command should be ran during the device's next boot process, to continue using the PB2 Kernel & maintain a bootable system.
*** *** ***
6.0.1 Downgrading Instructions (tested using full Stock PH4 FW)
1.) Enable Developer Options
2.) Enable OEM Unlock
3.) Enable USB Debugging (For a safe bet I make sure to "always remember the device" by saving the RSA Key)
4.) Power Off then Boot into Download Mode
5.) Flash the Binary 3 Lollipop Bootloader using the "BL" slot in ODIN. (Listed Above)
6.) Once Bootlogo Appears, reboot into download mode by holding, VOL Down + HOME + POWER
7.) Now Flash the AP File of the Lollipop FW you want to install. (The OGG ROM, has no DM-Verity in Recovery Mode)
8.) Boot into Recovery Mode
9.) Wipe Data/Factory Reset
10.) Reboot
*** *** ***
5.1.1 Tethered Root Instructions (tested on PB2 & OJ1 ODIN AP FW/ROM's)
1.) Enable Developer Options
2.) Enable OEM Unlock
3.) Enable USB Debugging (For a safe bet I make sure to "always remember the device" by saving the RSA Key)
4.) Power Off then Boot into Download Mode
5.) Flash the PB2 eng Kernel (Listed Above)
6.) Once Booted, recheck steps 1-3, then run the "root-Install" script (.cmd for Windows, .sh for Linux) from Metalcated's zip archive.
7.) During Device Boot Up, make sure the device the connected to your PC, and run the "root-Boot" script from Metalcated's zip archive. And the device should finish booting successfully with the PB2 eng Kernel still intact.z
removed outdated information about Note 5 source codes.. Please see links by Delgoth for updated info
** too many words on someone elses thread **
I think the main problem for you is that you are on a binary 4. I have not tested any of this using a device that starts on binary 4.
But thank you for this, and I will go over these a little later today. I do already have the MM sources for the N920A/V/C and am working on that this week.
Flashing the PB2 flashed a LL rooted kernel, thats why on a device with MM installed it will hang. But during that hang plug it into the pc and open ADB
See if you have root shell.
Just wondering if anyone got anywhere with this. I know nothing about what you guys are talking about but I have N920AUCS4CPL1 and was wondering if anyone figured out a root for it
We have another thread up in the General Android Q&A Forum. I currently have adb shell with eng kernel running Lollipop U1AOGG AP running the U3APH1 eng bootloader.
I also have Busybox support, and can make persistent changes to the /system & /data directories
Droidvoider has also created a type of custom odin/heimdall flashing application used during runtime.
This is big stuff!!!
https://forum.xda-developers.com/android/help/injecting-root-setting-selinux-stages-t3573036/page2
in binray 3 not working, tested
What do you mean when you say it did not work for binary 3? Which FW build did you test? And how did you use ODIN when you flashed?
What tests of yours failed specifically? Because I've successfully downgraded to Lollipop from both the PHA & PH4 builds. I haven't actually tried PJ1. But with the corrupt bootloader issue people have mentioned. It would depend on if you upgraded to a Binary 4 sboot or not.
Sent from my Galaxy Note5 using XDA Labs
Does this thread only apply to the at&t note 5?
shawtypanda said:
Does this thread only apply to the at&t note 5?
Click to expand...
Click to collapse
Yes! This isn't going to work on Verizon.
Actually it could potentially work for Verizon.
If you substitute the Verizon Combination Firmware for the AT&T and apply the same principles accordingly.
So you're saying that there could be a root for the verizon version of this phone?
shawtypanda said:
So you're saying that there could be a root for the verizon version of this phone?
Click to expand...
Click to collapse
I need a Verizon tester for my stuff. Your security patch level can not exceed October, 2016. Please check in Settings|Device|About what your security patch level is. If your patch level is 2017, it is not likely I will be attempting to gain root. Unless there are reports of issues such as battery drain, or if enough people complain about not being able to switch carriers again. freddierice connected the dots with his tools which I have altered to be mine.
Greyhat Root Project - Root Console is a tool which executes commands from a text file, not a root shell
trident is freddierice's tool exactly being converted for the Note 5 (yes verizon also) It is a root shell so to speak, but I'm still working on sepolicy injection (read no context hack yet, limited by context)
Greyhat Root Project -- Root Console
Build a cmd_list.txt to issue commands as root. It also replaces screencap with dirtycow so you can use dirtycow with the two contexts. root + system_server or install_recovery. From install_recovery I am able to switch to init context, maybe a couple others, this feature is being finalized today. But ultimately until I finish trident we don't have reload init, can't reload policy
trident Note 5 version
This is still being converted it does work but the INIT_OFFSET needs to be worked out still, then it should reload init which will reload sepolicy correctly.
edit
The binaries for Greyhat Root Project -- Root Console are specific to each build of Android. You can certainly try the Android 6 or Android 5 toolbox / applypatch on your device but if it fails I need to compile a version specifically for your build. Please PM me with build number, obtain as follows
1. Plug in your device and ensure you can connect to adb shell
2. adb shell getprop ro.build.id
(if you're in the shell already leave off the adb shell) getprop ro.build.id
3. PM me that number, should look like MMB29K
I'm on the latest ota update so I'm assuming I don't qualify but if there's a way for me to downgrade or something so I can test this then I will. But how's the progress? I'm curious
What's this funny stuff about us being able to root our EQC6 (Did we have this update? I don't remember) firmware lol ?? I'm not sure this is even close to the truth, I can already see the bricks happening to mislead ppl. Check it out and tell me (us) what we really wanna hear or give us the sad but real truth
http://www.teamandroid.com/2017/05/...d-70-att-galaxy-note-5-n920a-nougat-firmware/
If someone need I can test verizon version if it ever will be..
I'm on 5.1.1. Was waiting for root, but now thinking of upgrading to nougat. Would be a good idea if waiting for root, or should just stick with 5.1.1
Aurey24 said:
What's this funny stuff about us being able to root our EQC6 (Did we have this update? I don't remember) firmware lol ?? I'm not sure this is even close to the truth, I can already see the bricks happening to mislead ppl. Check it out and tell me (us) what we really wanna hear or give us the sad but real truth
http://www.teamandroid.com/2017/05/...d-70-att-galaxy-note-5-n920a-nougat-firmware/
Click to expand...
Click to collapse
Yeah that looks to be an auto generated page.
I think we're almost done. Basic Shell root is achieved. I had SuperSU half installee before I reflashed. On MM builds.
But on the Note 5 and S6 edge it is coming quickly. Ive just been too busy the last two weeks to check out the signatures.
just recently got my hands on a Note 5 but didn't realise that the N920A was near impossible to root. I was just about to update this phone to the stock nougat but then found this thread today and it looks promising.
Currently running the PB2 firmware. If this root ends up being successful, will it only allow for a permanent root on 5.1.1 or 6.0.1? Or will you be able to flash a ROM like Nougat Nemesis and everything will be okay? Understandable that time will only tell. I'm currently using the Nemesis Nougat on my s6 Edge as my daily driver but would much rather use the Note 5 with Nemesis as my daily driver.
I can see why people love the Note. It truly is a great phone.
is this still a thing?
Hello,
is it possible to download the factory image from samsung directly?
I want to avoid any shady sides which do not provide any way to verify that the file is legit and not tampered with.
All those sites (sammobile...), which seem to provide those roms have to get it from somewhere?
cheers
I think SamMobile is legit (but not official). OTA also works after a SamMobile / Odin flash right?
Sammobile does not provide a way to verify that the downloaded file is legit. I'm used to download files and verify them. (like google for all the nexus devices, they provide a checksum on a https encrypted site.)
I don't want to flash any unknown firmware on my device.
YRIDgmtedYdVc said:
Sammobile does not provide a way to verify that the downloaded file is legit. I'm used to download files and verify them. (like google for all the nexus devices, they provide a checksum on a https encrypted site.)
I don't want to flash any unknown firmware on my device.
Click to expand...
Click to collapse
Download Samfirm. It downloads direct from Samsungs servers.
https://forum.xda-developers.com/galaxy-tab-s/general/tool-samfirm-samsung-firmware-t2988647
I have to say you're a little paranoid, Odin does its own integrity checks which are good enough.
I've literally downloaded hundreds of firmwares from various Samsung download sites and never had a bad or suspect download.
ashyx said:
Download Samfirm. It downloads direct from Samsungs servers.
https://forum.xda-developers.com/galaxy-tab-s/general/tool-samfirm-samsung-firmware-t2988647
I have to say you're a little paranoid, Odin does its own integrity checks which are good enough.
I've literally downloaded hundreds of firmwares from various Samsung download sites and never had a bad or suspect download.
Click to expand...
Click to collapse
This is not paranoid. E.g. no sane sysadmin would just download centos or a microsoft iso from the internet and use it on a production server without any verification that no one tampered with it.
I'm also using my smartphone for 2fa and sometimes mobile banking. You see why I'd like to verify the integrity of the file?
YRIDgmtedYdVc said:
This is not paranoid. E.g. no sane sysadmin would just download centos or a microsoft iso from the internet and use it on a production server without any verification that no one tampered with it.
I'm also using my smartphone for 2fa and sometimes mobile banking. You see why I'd like to verify the integrity of the file?
Click to expand...
Click to collapse
No, I dont. We're not talking about some flaky MS system, were talking about a Linux/Unix system
It's practically impossible to modify a stock Samsung firmware without the device knowing about it.
Samsung have pretty much the most secure devices in the world.
The integrity checks the device does and Samsungs multi layer security ensures it.
Secure bootloaders and kernels, dmverity, verified boot, TEE, Selinux, TIMA, knox, frp are all in place as protection.
If the device says its official and not custom you can be pretty sure it is.
I used sammobile for my firmware to flash with odin. No problems what so ever.
i confirm at 100% :good: that sammobile is 100% safe and full official ...and un theory it doesn't trip the knox at all (witness, if there are a vever very very small changes on the firmware ,this flagship will tripped)
For any devs or pirate ,it's impossible to recompile with Samsung encryption for security and integrity a modification of extracted parts of a firmware ==>it will be not allowed at all to flash with ODIN .
never a dev have found how to flash modified firmwares directly with odin or some modidificatiin (like zip with customs recovery) exept TWRP who "definitively": trip knox ,declare the phone "not saf" ,void waranty,loose some samsung parts and patents ....
For my phone,providing to a carrier firmware ,i have flashed an unbranded original firmware for my country ( 2 reasons: more reactive for OTA updates with security patches ...and among the first firmwares for future Nougat 7 releases )
my knox is not tripped....
how can I back to stock firmware
Hi
I tried to root my phone A520F/DS bought in Dubai but something went wrong I guess the version of android I used was bad. And tried to get back on my previous original version by following steps on the treads here and also did not succeed. So in short since I forgot to copy my original information about my phone and now I don't know where to start. For example Baseband version, Build number, PDA, CSC version (is the same now as in the original version), and how to go back.
@ashyx I have a custom ROM right now on my A520F and I want to go back to stock and still have TWRP. Should I flash TWRP after flashing BL, AP, CP & CSC? What CSC should I use, the one with "HOME" or the other one? Thank you!