I believe should goes to development section, but i don't have enough premisson.
Sorry but I worte down this in hurry, i'll provide more details and needed files later
Inspired by doveOrz 's post: http://forum.xda-developers.com/showthread.php?t=1474775, I try to workaround safestrap on xt883.
One major difference between xt883 and xt862 (I believe they have the same hardware) is the partition table, xt862 have about 2Gb /data and 500 Mb /preinstall while xt883 have 2.5Gb /data and a unused 512kb /preinstall. Safestrap use the /preinstall as the secondary system, this is why it doesn't work on xt883.
At first i try to repartition using parted or fdisk, but it just mess things up... Until I realized that MOTO just flash in the partition table, but not accutaly partitioning the disk.
Howto:
1. Download the xt883 (2.3.4 57.1.60) & xt862 SBF file (easily found in development section) and uncompress them.
2. copy the xt862's cdt.bin, mbr, and ebr and replace the xt883's, modify the corrsponding "MD5" value in xt883's xml file.
3. copy the xt862's allow-mbmloader-flashing-mbm.bin, mbmloader.bin, and mbm.bin to xt883, add the following on the top of <steps> section in xml file:
HTML:
<step operation="flash" partition="mbm" filename="allow-mbmloader-flashing-mbm.bin" MD5="1c5fe78a10bb79533934015b8eaddf8b" />
<step operation="reboot-bootloader" />
<step operation="flash" partition="mbmloader" filename="mbmloader.bin" MD5="b09feb246298ca721e2ae6b3becdd1b4" />
<step operation="flash" partition="mbm" filename="mbm.bin" MD5="6e062a68fe054ec128d4b253f1f3bd19" />
<step operation="reboot-bootloader" />
4. Optional. copy xt862's preinstall.img to xt883, and add following to the bottom of <steps> section in xml file:
HTML:
<step operation="flash" partition="preinstall" filename="preinstall.img" MD5="c91a9cc7746732888e75483f9449cd8a" />
I believe it will make the /preinstall partition ready to use, or else you'll have to make filesystem manually, but didn't tested.
5. use RSD Lite the flash in the modified "SBF"
6. Boot the phone, dial *#*#2468#*#* and reboot, now you unlock the gsm/wcdma
7. reboot to recovery, flash the gapps for xt883
8. in recovery, install the 2.3.6 (60.3.250) update. reboot
It should be ok the directly modify and flash the 2.3.6 sbf, but rumors says that it cannot unlock the gsm/wcdma and have difficulity installing gapps in 2.3.6, so i flash 2.3.4 and do the update.
9.root it with the D4 root exploit, and install safestrap (i recommand the 1.08d console version).
10. Optional, if you skipped step 4. Reboot to the recovery, open adb shell (contained in the d4 root exploit) or the console from 1.08d, input these command:
Code:
mkfs.ext2 /dev/block/mmcblk1p23
tune2fs -j /dev/block/mmcblk1p23
Maybe xt860/me863 users can use the same techique.
It's Done.
=============================
about cm9, and maybe other xt862-based roms:
after flash the roms in safesystem, replace the /system/lib/libmoto_ril.so with xt883's, edit /system/build.prop, changes:
ro.mot.eri=1 >>> ro.mot.eri=0
ro.cdma.nbpcd=1 >>> ro.cdma.nbpcd=0
ro.telephony.gsm-routes-us-smsc = 1 >>> # ro.telephony.gsm-routes-us-smsc = 1
ro.cdma.home.operator.isnan=1 >>> # ro.cdma.home.operator.isnan=1
find ro.kernel.android.ril=yes, and append these 2 lines:
persist.ril.rssi.enable.param6 = 1
persist.ril.baudrate=230400
many thanks to dmc_universe
can this be simplified to just fix the partition table without flashing xt883.
Does anyone try this need help ?
does anybody have the gapps file? i've got safestrap to work on droid 3. put the chinese rom but no gapps.
chagla said:
does anybody have the gapps file? i've got safestrap to work on droid 3. put the chinese rom but no gapps.
Click to expand...
Click to collapse
refer to this post -http://forum.xda-developers.com/showthread.php?p=35126235#post35126235
yea above method works , m using the modified version of 862 and 883 rom.
Yes please
NIGHTMARE- said:
Does anyone try this need help ?
Click to expand...
Click to collapse
the flashing process fails on step 6/18. any ideas ?
thanks : )
I need help
Hamza.abdulwali said:
the flashing process fails on step 6/18. any ideas ?
thanks : )
Click to expand...
Click to collapse
Hello everyone,
How do I know I need to do this safetrap procedure?
I bought an unlocked XT862 and was following this thread,
http://forum.xda-developers.com/showthread.php?t=1249720&page=24
and someone pointed to your thread.
Related
I did not see anything that really walked through what you should do in one place. This is the method I used to restore my device to factory condition. It can also be used to unbrick the device.
You should be comfortable with the command line before proceeding. You cannot downgrade at this tome, so download the version that was on your phone previously.
Files needed:
Verizon 5.5.959 or Verizon 5.6.890
moto-fastboot for linux, download the appropriate version for your arch
HowTo:
1. Extract the zip you downloaded and moto-fastboot.zip to the same working directory. You will get several .img files, moto-fastboot, and an .xml
2. Create a new file named "reset" in your working directory and fill it with the following code.
Code:
#!/bin/bash
./moto-fastboot flash mbm allow-mbmloader-flashing-mbm.bin
./moto-fastboot reboot-bootloader
sleep 30
./moto-fastboot flash mbmloader mbmloader.bin
./moto-fastboot flash mbm mbm.bin
./moto-fastboot reboot-bootloader
sleep 30
./moto-fastboot flash cdt.bin cdt.bin
./moto-fastboot erase userdata
./moto-fastboot erase cache
./moto-fastboot flash lbl lbl
./moto-fastboot flash logo.bin logo.bin
./moto-fastboot flash ebr ebr
./moto-fastboot flash mbr mbr
./moto-fastboot flash devtree device_tree.bin
./moto-fastboot flash system system.img
./moto-fastboot flash radio radio.img
./moto-fastboot flash boot boot.img
./moto-fastboot flash recovery recovery.img
./moto-fastboot flash cdrom cdrom
./moto-fastboot flash preinstall preinstall.img
./moto-fastboot reboot
3. Change directory to your working directory. Make moto-fastboot and the script executable.
Code:
chmod a+x moto-fastboot
chmod a+x reset
4. Execute the script you created in step 2 (with supercowpowers). It should read "< waiting for device >"
Code:
sudo ./reset
5. Make sure your phone is >%50 charged for good measure. Turn off your phone. Hold the 'M' key on the keyboard and turn your phone back on. Press Vol - to scroll down to "AP Fastboot". Press Vol + to select. Connect the USB cable.
6. Sit back and relax, the phone is now flashing back to factory. It will reset a few times. Eventually it will boot up like normal and you'll be all set!
Notes:
You can change sleep to 10 seconds to speed it up. I recommend 30 because I don't know how fast your system picks up usb devices.
The parameters I used to create the script are from the .xml file, in case you were wondering.
[Source for files]
http://rootzwiki.com/showthread.php?5103-SBF-Droid-3-Fastboot-files-(5.5.959-and-5.6.890)
If this helped you, press thanks so others know
If it didn't, please post why to help improve this guide
We have a easier method now, rsd.
Sent from my DROID3 using XDA App
ourtut said:
We have a easier method now, rsd.
Sent from my DROID3 using XDA App
Click to expand...
Click to collapse
RSD doesn't run natively on Linux
I get it now. Good tut for ppl with linux.
Sent from my DROID3 using XDA App
Thanks for this! I hate having to drop to windows for this kind of stuff, especially considering that linux is under the android framework.
Sent from my DROID3 using XDA App
thank you now i never have to mess with rsd lite and windows .. and drivers you know. thanks
Sent from my DROID3 using Tapatalk
Why does the script need superuser (sudo)? I like the script and will for sure use it, thank you for sharing. I think it would work fine without sudo though
Sent from my DROID3 using XDA App
jweber228 said:
Why does the script need superuser (sudo)? I like the script and will for sure use it, thank you for sharing. I think it would work fine without sudo though
Sent from my DROID3 using XDA App
Click to expand...
Click to collapse
I don't feel like trouble shooting peoples permissions issues. Running as superuser will eliminate those problems. Some systems\configurations do require those permissions.
Why is this thread no stickied? all other RSD lite threads are, and we cant use RSDlite in linux.
Darksurf said:
Why is this thread no stickied? all other RSD lite threads are, and we cant use RSDlite in linux.
Click to expand...
Click to collapse
because you have to msg the forum mod...cheif_tony and request it
thanks for this one!
a few questions,
is this possible with the new 906 zip?
http://forum.xda-developers.com/showthread.php?p=27315518#post27315518
can you please explain points 3 and 4 more detailed for newer linux/ubuntu users?
what do you mean "3. Change directory to your working directory. Make moto-fastboot and the script executable." and "Execute the script you created in step 2 (with supercowpowers)" how do i get supercowpowers?
The original post's "Verizon 5.6.890" link to the 890 install brings me to LNX.lu and requires a login. I've been waiting a while for their emailed account confirmation - is there another place to grab this file?
Also, you mention Arch - is this process the same in Ubuntu?
EDIT: Hah! Works like a charm. One last step - THANK YOU GamezR2EZ!
Hey all - I'm trying to restore my D3 to stock, when I try to flash the mbmloader.bin over to the device, this is the error I get, any ideas? Can I just skip this file?
Code:
VRZ_XT862_5.5.1_84_D3G-20_TA-9_1FF_01>moto-fastboot flash mbmloader mbmloader.bin
sending 'mbmloader' (39 KB)... OKAY [ 0.004s]
writing 'mbmloader'... INFOimage and IC type differ-EMU vs. HS
FAILED (remote: )
What ver were you running be for you flashed .890 if so I don't think u can down grade to that file u need the one with 55 in it sorry on phone or I would be more help
Sent from my DROID3 using XDA App
nautical34 said:
Hey all - I'm trying to restore my D3 to stock, when I try to flash the mbmloader.bin over to the device, this is the error I get, any ideas? Can I just skip this file?
Click to expand...
Click to collapse
You can just skip the file, yes. 05gsxrk5 is right about the versions though. You are probably flashing the wrong version. You may check that you are not having any other issue with the other files though.
use RSDLite5.5,flash rom is very easy
sorry my english,look below.
<step MD5="1c5fe78a10bb79533934015b8eaddf8b" filename="allow-mbmloader-flashing-mbm.bin" partition="mbm" operation="flash"/>
<step operation="reboot-bootloader"/>
<step MD5="b09feb246298ca721e2ae6b3becdd1b4" filename="mbmloader.bin" partition="mbmloader" operation="flash"/>
<step MD5="6e062a68fe054ec128d4b253f1f3bd19" filename="mbm.bin" partition="mbm" operation="flash"/>
Click to expand...
Click to collapse
You can't skip the mbmloader, it is for all intents and purposes where the lock on the bootloader is stored and checked and the reason why you can't flash it it because it is impossible to revert it once it has been incremented to a new version with the new encrypted signature.
This is done specifically to prevent flashing back to any previous version once you have run any OTA update.zip that contains an mbmloader newer than the one on your device.
Hey guys - I managed to just skip this file and flash all the other required ones and it booted (very surprised)
After it booted I was able to update via OTA and everything has been working great!
Thanks!
I searched the forums for a post that resembled my problem but was unable to find one.
Phone: Motorola Droid Bionic
Purchased it as soon as it was released on Sept 2011
Rooted it on Feb 2012 using this forum's instruction (don't remember which method I used...)
On safe partition, I have the a mod installed (i believe it is created by liquid)
On 11/28/2012, I foolishly returned to my unsafe partition and updated the phone since I was excited about the ice cream release. I completely forgot to check the forums for the correct way to update a rooted phone. It successfully installed up to 5.9.905 and according to Root Checker Basic, the phone remains rooted.
My main issue is that I no longer have access to the safe partition. When I moved from the safe partition to my unsafe partition, my phone automatically backed up my partition but now I can't access that partition since my safestrap menu doesn't appear...
Please excuse me if this issue has been previously posted.
TriStarGod said:
I searched the forums for a post that resembled my problem but was unable to find one.
Phone: Motorola Droid Bionic
Purchased it as soon as it was released on Sept 2011
Rooted it on Feb 2012 using this forum's instruction (don't remember which method I used...)
On safe partition, I have the a mod installed (i believe it is created by liquid)
On 11/28/2012, I foolishly returned to my unsafe partition and updated the phone since I was excited about the ice cream release. I completely forgot to check the forums for the correct way to update a rooted phone. It successfully installed up to 5.9.905 and according to Root Checker Basic, the phone remains rooted.
My main issue is that I no longer have access to the safe partition. When I moved from the safe partition to my unsafe partition, my phone automatically backed up my partition but now I can't access that partition since my safestrap menu doesn't appear...
Please excuse me if this issue has been previously posted.
Click to expand...
Click to collapse
905 is still gingerbread for u to be on ICS u need to be on 246. I would use house of bionic http://www.droidrzr.com/index.php/topic/4026-samurihls-house-of-bionic/. Then you need to install safe strap 3.05 to get your partition back. 3.05 is a TWRP recovery so your old CWM back ups will not work.
Sent from my Icarus Bionic
Thanks for the response. My immediate goal is to recover my safe partition. After I save some of the files from that partition to my computer, I will proceed to upgrade to ICS. Do I have to revert to an older version of gingerbread in order to gain access to safestrap? If so, could you please point to a tutorial or explain how I might do so?
TriStarGod said:
Thanks for the response. My immediate goal is to recover my safe partition. After I save some of the files from that partition to my computer, I will proceed to upgrade to ICS. Do I have to revert to an older version of gingerbread in order to gain access to safestrap? If so, could you please point to a tutorial or explain how I might do so?
Click to expand...
Click to collapse
You can't downgrade your stock ROM, so stick with .905 for now and re-install an old version of safestrap (stick to the 1.x versions, as 2.x and 3.x is for ICS only).
All cred goes to Hashcode...
Anyways, here is the safestrap APK. Please make sure your device is rooted and busybox is installed, and you re-install safestrap.
Good luck!
Others, please note this is an OLD VERSION OF SAFESTRAP, do not use unless you know what you're doing!
It seems safestrap was already on the phone but wasn't being given root access. I discovered that only after I installed busybox. Now my phone loads up safestrap but doesn't give my options to access my safe partition. Instead, it starts boot looping my android os (shows the bionic screen then crashes and repeats). Now I truly am in trouble.
I have on my computer nandroid backup (at least I believe it is). Its called nonsafe-2012-02-06.02.55.07. Is it possible to recover my phone using that? Do I have to take the rsd lite path to recover my phone?
Why don't you rsdlite your phone with .905. Instead of using the standard XML files though, you should copy the XML and remove any of the parts that are erasing use data and emmc. You should be able to reroot on .905 then reinstall safestap and get access to your old data.
Sent from my XT894 running CM10
Wow, I had no idea that could be done.
I downloaded the fxz file from:
http://forum.xda-developers.com/showthread.php?t=1771993
I downloaded the latest usb bionic drivers from
https://motorola-global-portal.custhelp.com/app/answers/detail/a_id/88481
I downloaded the latest RSD lite from
http://forum.xda-developers.com/showthread.php?t=1771993
I unzipped the file and edited the xml.
I am going to delete the following erase lines (those are the only lines I see):
<step operation="erase" partition="cache" />
<step operation="erase" partition="userdata" />
What do you mean "use data and emmc"?
By saying "use data and emmc", do mean that I should replace the word erase with data and emmc in the two following line?
<step operation="data" partition="cache" />
<step operation="emmc" partition="userdata" />
I will post a complete version of the xml before using rsd lite on my phone this evening.
TriStarGod said:
By saying "use data and emmc", do mean that I should replace the word erase with data and emmc in the two following line?
<step operation="data" partition="cache" />
<step operation="emmc" partition="userdata" />
I will post a complete version of the xml before using rsd lite on my phone this evening.
Click to expand...
Click to collapse
Sorry for the poor wording. Just remove the user data line, that fast boot file doesn't delete the external memory (emmc). The cache will need to be recreated anyways. Let me know how it goes.
Sent from my XT894 running CM10
<?xml version="1.0" encoding="UTF-8"?>
<flashing>
<header>
<phone_model model="TARGA" />
<software_version version="5.5.1_84_DBN-74" />
<interfaces>
<interface name="AP" />
</interfaces>
</header>
<steps interface="AP">
<step operation="flash" partition="mbm" filename="allow-mbmloader-flashing-mbm.bin" MD5="f6102e4b34c74cfefd5e80151a6913ff" />
<step operation="reboot-bootloader" />
<step operation="flash" partition="mbmloader" filename="mbmloader.bin" MD5="b0c30799c8509c4d66599550e3fbdd82" />
<step operation="flash" partition="mbm" filename="mbm.bin" MD5="da0b9ae7f38048a2987e0ae24593fb4b" />
<step operation="reboot-bootloader" />
<step operation="flash" partition="cdt.bin" filename="cdt.bin" MD5="fd8c44b060415dfd963fa870ae7a4f35" />
<step operation="erase" partition="cache" />
<step operation="flash" partition="lbl" filename="lbl" MD5="239bbc49a9cdb329577074ba60bbf1e5" />
<step operation="flash" partition="logo.bin" filename="logo.bin" MD5="06c07c2970460a4e656a3206859a3617" />
<step operation="flash" partition="ebr" filename="ebr" MD5="4c6df9afcd64661036a982e03eb1aa1a" />
<step operation="flash" partition="mbr" filename="mbr" MD5="712e3e3757219ecfd925eb43be14f944" />
<step operation="flash" partition="devtree" filename="device_tree.bin" MD5="2404a4f245f1da389d3422d0d59be24a" />
<step operation="flash" partition="system" filename="system.img" MD5="8e306ac58dd4fcf01566c517eabc098d" />
<step operation="flash" partition="boot" filename="boot.img" MD5="b64b38a48897c51fe229cf80a095d235" />
<step operation="flash" partition="recovery" filename="recovery.img" MD5="ce9ee505c7fc708f7394617907ae5694" />
<step operation="flash" partition="cdrom" filename="cdrom" MD5="6bdf130ecaa5183c0e463d2f3fa5d966" />
<step operation="flash" partition="preinstall" filename="preinstall.img" MD5="f7f2ff434d2b0c819c1e28744d1b4d01" />
<step operation="flash" partition="webtop" filename="grfs.img" MD5="c9502cd8fd6fa7206c64e4dae3ed9b50" />
<step operation="flash" partition="radio" filename="radio.img" MD5="683184cc2522ba00e6a0c38d321a8806" />
</steps>
</flashing>
Awesome, my phone is back up and running. I am searching for a way to root it and the common solution is via motofail. However, all the motofail's I've download contain back door trojans (based on results from several scanners via virustotal). Is there a clean version or is it several false readings?
I've tried:
http://forum.xda-developers.com/showthread.php?t=1737347
http://forum.xda-developers.com/showthread.php?t=1810373
Is there a better program I can use?
Once I do root it, is safestrap 1.0 compatible with .905? Was it a fluke when it boot looped the first time?
TriStarGod said:
Awesome, my phone is back up and running. I am searching for a way to root it and the common solution is via motofail. However, all the motofail's I've download contain back door trojans (based on results from several scanners via virustotal). Is there a clean version or is it several false readings?
I've tried:
http://forum.xda-developers.com/showthread.php?t=1737347
http://forum.xda-developers.com/showthread.php?t=1810373
Is there a better program I can use?
Once I do root it, is safestrap 1.0 compatible with .905? Was it a fluke when it boot looped the first time?
Click to expand...
Click to collapse
I haven't had any problems with motofail, even at work (we use mcafee on our systems). Since it is an exploit, it might list motofail as a trojan, make sure you get motofail from a link on this board to be sure it's the right one.
The version of SS I posted is compatible with my phone running .905. I think your SS got corrupted when you did the upgrade, so reinstalling it should be fine at this point. Worst case at least you know how to fix it.
Hmm, now that I'm thinking about it though... the old SS1.0 used the /preinstall partition for the second system... I might have killed your old safestrap data partition, unless you swapped safestrap before going.
Check your internal memory for large zip files, you might be able to reinstall the rom to /preinstall and somehow out the data back in.
Sent from my XT894 running CM10
I used ES File Explorer to check /sdcard/safestrap
It has 2 folders within it called orig and safe.
Are these my backups of my original setup?
There is a big data.ext3.tar file located in each folder with 2 different sizes. I also found in my downloads folder my original Bionic Safestrap 1.0.apk
I am pretty sure that's your old data. Take a backup of it and put it on the computer, then try installing safestrap and see what options it gives you.
Sent from my Nexus 7 using Tapatalk 2
danifunker said:
I am pretty sure that's your old data. Take a backup of it and put it on the computer, then try installing safestrap and see what options it gives you.
Sent from my Nexus 7 using Tapatalk 2
Click to expand...
Click to collapse
Thanks so much for your help. While I was scanning my sd card, it seems my note program (which is the reason I want to get my safe partition backup) had automatically backed up my notes. I have recovered my notes and in the process of updating my phone to the newer android version.
So, before I go doing anything to crazy, I'd like a little verification if possible.
I'm in the process of attempting to push a custom recovery, but I'm unclear on a few pertinent bits and I need some clarification before I can feel secure moving on.
So, following Xdabbeb's thread to get onto 4.4.2, I'm given these instructions: (follow bolded figures for relevance)
If you want a custom recovery, then you have a few more steps. JackpotClavin has already written up an excellent guide on how to do so HERE. Follow his steps 5-8 (as you've theoretically already followed this guide to get to 24A), and substitute one of the .lok files included in this archive for the file named "boot.emmc.win" in step 7. If you have already gone through that procedure and have a custom recovery, you can simply flash either of the following two zips:
Click to expand...
Click to collapse
So, there I went, after downloading the file, and I'm given this:
Step 7: THIS IS IMPORTANT! The old aboot is incompatible with the new boot image that comes from the 24A OTA, so you must install a boot image that's compatible with stock KitKat and also works with the old aboot, so download this boot image and verify its md5sum
Code:
Code:
200eb4b8fc165751aa24d770737b2716 [B]boot.emmc.win[/B]
and then write it to your boot partition with:
Code:
Code:
dd if=[B]boot.emmc.win[/B] of=/dev/block/platform/msm_sdcc.1/by-name/boot
Click to expand...
Click to collapse
So, the files in the archive provided are named, "boot_xdabbeb_24a_google.lok" and "boot_xdabbeb_24a_linaro.lok"
I realize I only need one of them, and I'm fairly proficient with Samsung-flavored android, I'm simply new to the LG and it's inner workings.
What I need to know is: Do i rename the "boot_xdabbeb....lok" to boot.emmc.win
or
Do I change the command like to reflect the name of the boot image from the downloaded archive. I hope I've provided enough info. Thanks in advance.
It doesn't matter what you rename it to, you rename it to something else in the next step. You don't even have to rename it. Just make sure to replace whatever the file is called when you start typing the steps into the steps where
Code:
boot.emmc.win
is.
I appreciate you trying to be helpful, but what you're saying doesn't really make that much sense to me.
this is the command I'm given:
Code:
dd if=boot.emmc.win of=/dev/block/platform/msm_sdcc.1/by-name/boot
My file is called
Code:
boot_xdabebb_24a_google.lok
One of two things needs to happen here:
A) the command is revised to resemble this
Code:
dd if=boot_xdabebb_24a_google.lok of=/dev/block/platform/msm_sdcc.1/by-name/boot
or
B) I rename
Code:
boot_xdabebb_24a_google.lok
to
Code:
boot.emmc.win
That's what I need to know.
Hi everyone and thanks for your time. I will get straight to the point:
All these tests were made on G925V 5.1.1 , rooted with eng boot. (Look at my profile for my post on how to downgrade from 7.0 ,and all below, to 5.1.1 and for for root turorial)
-The samsung downgrade mechanism relies on a flag set in the different partitions to determine its version.
- The phone looks for the flag "SYSMAGIC X" where X is the version. (Starting from 0, meaning SYSMAGIC 0= version 1)
-The following partitions have the flag:
*BOTA0 <----gets its files from sboot.bin (bootloader first partition)
* BOTA1 <-------gets its files from cm.bin (bootloader second partition)
*BOOT <----- from boot.img
*CACHE <-----from cache.img
*RECOVERY <----from recovery.img
*SYSTEM <------from system.img
*sdb <---- which is the bootloader as a whole I believe, don't quote me in this, just a deduction.
All these files can be accessed through a full tar or by dumping them using dd if of.
Bota0, bota1, boot, system,recovery,cache..etc can be found in :
/dev/block/platform/15570000.ufs/by-name
Putting any of these in a hex editor, you will find the line "SYSMAGIC 3" (in my case for 5.1.1, binary version 4).
If you dump /dev/block/sda18 , edit with hex editor and edit the SYSMAGIC to one version lower. Save then dd back to sda18, reboot the phone and guess what?
SYSTEM REV. CHECK FAIL. DEVICE:3 BINARY:2.
All this is assumption but the line is there and it seems to pass every check and just assumes thats the version.
Hope someone can take it further. I unfortunately bricked my s6 writing the wrong partiton back over the bootloader...and well...bad bootloader....no more download mode.
Be careful, devs please help. Anyone with a device willing to use as a ginny pig, pm me.
dragoodwael said:
Hi everyone and thanks for your time. I will get straight to the point:
All these tests were made on G925V 5.1.1 , rooted with eng boot. (Look at my profile for my post on how to downgrade from 7.0 ,and all below, to 5.1.1 and for for root turorial)
-The samsung downgrade mechanism relies on a flag set in the different partitions to determine its version.
- The phone looks for the flag "SYSMAGIC X" where X is the version. (Starting from 0, meaning SYSMAGIC 0= version 1)
-The following partitions have the flag:
*BOTA0 <----gets its files from sboot.bin (bootloader first partition)
* BOTA1 <-------gets its files from cm.bin (bootloader second partition)
*BOOT <----- from boot.img
*CACHE <-----from cache.img
*RECOVERY <----from recovery.img
*SYSTEM <------from system.img
*sdb <---- which is the bootloader as a whole I believe, don't quote me in this, just a deduction.
All these files can be accessed through a full tar or by dumping them using dd if of.
Bota0, bota1, boot, system,recovery,cache..etc can be found in :
/dev/block/platform/15570000.ufs/by-name
Putting any of these in a hex editor, you will find the line "SYSMAGIC 3" (in my case for 5.1.1, binary version 4).
If you dump /dev/block/sda18 , edit with hex editor and edit the SYSMAGIC to one version lower. Save then dd back to sda18, reboot the phone and guess what?
SYSTEM REV. CHECK FAIL. DEVICE:3 BINARY:2.
All this is assumption but the line is there and it seems to pass every check and just assumes thats the version.
Hope someone can take it further. I unfortunately bricked my s6 writing the wrong partiton back over the bootloader...and well...bad bootloader....no more download mode.
Be careful, devs please help. Anyone with a device willing to use as a ginny pig, pm me.
Click to expand...
Click to collapse
That is great news. What else do you know of the magic bytes at the footer of the system image?
I'm going to look into this.
All of those partitions, probably even the cache partition with it's metadata file from the CSC, have points that have access to the private signing key burned into the Trust Zone firmware.
Hi, I followed your tut on downgrading my SM-G925V to 5.1.1 and also got root which was great, but I guess its pretty worthless as its only temporary til reboot, has there been any further progress on permanent root on the G925v? Great work btw all involved!