Dear Administrator or moderators...
Once this thread went to a conflict with gekkehenkie11 and according to that I spent about a week time researching this "knox" thing without having normal sleep even it was the limit for me, when by the words of gekkehenkie11 he pointer at me boing uselessly wasting people's time and like I'm being a liar. I got finally mad and deleted(overwritten own original posts). I need a 3-4 days to come down and think if I continue development of this KNOX thing(pointing at me like a liar and noob is a very bad motivation to continue, but maybe I will continue just for other people who didn't point at me that way). So far, Admin and moderators it's up to you to decide either to restore original posts from backup(if you have ones) or delete this topic. Any your decision will be accepted without any protest from my side. (I personally didn't leave any backups for myself).
Thanks for understanding!
i dont want to come across as a boyscout or anything, but isnt this essentially committing fraud (possibly insurance fraud)?
it depends
deleted
phoenix91140 said:
Hi Guys. Hope here are some programmers.
I have a good news for all Galaxy Note 4 users and owners, who have ever rooted it and got "KNOX WARRANTY VOID: 1" message. So from now(if developers, who write cf-auto-root tool) will use my advice, you can forget about warranty void. I'm linux expert and C/C++ programming expert too. So, once Samsung told me, that because of root warranty is void and they don't wanna repair factory cauzed mainboard damage(short-circle on mainboard), I wondered, how to solve that problem. And I found the solution(will do it on my own for my device when it gets back from service center) to hack that warranty void thing. So, first of all you go there sammobile.com /firmwares/database/SM-N910C/ to get original firmware(in my case SM-N910C, but choose yours, or you'll kill your device). You'll get original firmware. And KNOX uses value to print if warranty is 0 or 1 (0x0 or 0x1). But actually it makes no sence, since in service centers they just place Odin boot to check if it's 0 or 1. More over, they not goig to place root on it, to figure out, if knox works fine or not.
WARNING!!! READ CAREFULLY!!!
Any kind of warranty or usability are voided! By using this hacking method you accept, that you USE IT ON YOUR OWN RISK!!! This info basically is meant for xda-developers crew to release a massive hack. Any broken, died etc phone - IS YOUR OWN FAULT! If you don't know what you're doing - DON'T USE IT, UNTILL YOU KNOW WHAT YOU'RE DOING!!!
NEW!!! Since new Android Lollipop released, it's unknown behavior on android 5 firmware. I strongly reccomend to get a default stock firmware(Kitkat 4.4.4), cauze this hack was made on Kitkat and not tested on Lollipop(Android 5),
So guide to disable KNOX WARRANTY void:
1) download original firmware
2) unzip file you get(it is about 1.6 GB).
3) Need to modify sboot.bin image. Suitable is disassembler, or hex editor like Octeta for linux.
4) Search "KNOX WARRANTY VOID" text in sboot.bin file. You'll find something like (test device) ??? KNOX WARRANTY VOID: %d. In my case start position is 2786.
5) Now need to make it print Zerro (0). They use ordinary printf() command. "%d" symbol means, that digital value(number) gonna be printed. Here we can place statical Zerro, or if you're good at assembler and hacking, can search what varriable is used and where it comes from. But regular 0 on Odin near field of "KNOW Warranty void" is enough. So we take "%d" down and placing "0 " (ZERO + SPACE, 2 chars must be used, otherwise you you'll break binary file geometry and it will crash on execution time causing segmentation fault. Probably, if you break geometry of bin file device will die) instead.
6) When sboot.bin hacking is done, you'll need to pack all contents back again(images we got from original firmware archive, including hacked "sboot.bin" file), then upload new firmware(original + hacked sboot.bin inside) and reboot device.
7) Place reset to factory firmware(turn off phone, hold volume up + home button + power button) on emergency recovery during boot(so that root will be lost).
8) Done. Run Odin, and see that Odin shows Warranty void 0. Now warranty restored and you can go to nearest repair center, and make them note, that warranty void is 0. If they update firmware and it's 1 again, it's not your problem anymore.
Hope XDA-DEVELOPERS crew will release new cf-auto-root with this hack, or make a firmware(factory default) with KNOX warranty void hacked.
To those, who are not a programmers, please ask xda-developers to apply that stuff to firmware on this site.
Now the question, can we cooperate with xda-developers to make that hack publicly available?
To those of you, who used that hack, please provide feedback(phone model, sboot.bin availability and the result of odin status(mean if that helped you to get 0 or not). If you have any problems, ask xda-developers crew, or me for assistance.
Enjoy.
PS. I attach photo so, that you can see where to search warranty void stuff. I believe it's the same story for all new Samsung mobile phones.
Enjoy once again.
Click to expand...
Click to collapse
if this actually works, it doesn't change the FUSE-based KNOX warranty flag. i.e., it makes the software/bootloader prints 0x0, but this will change once you flash official firmware.
it's a fake value, but it helps
deleted
phoenix91140 said:
Yes, it works and yes, on firmware reinstallation it will get back 1(I wrote about it in my first post). But, if you have the latest firmware installed with that hack, they only check knox warranty void status(they have no reason for installing again the same firmware). But there should be an official status(that's why you need official firmware). And if problem on device carries hardware deffect issue(short-circuits, damaged BGA etc) and you can show the deffect in action - then they repair device(they do not change chips etc, they replace entire mainboard). Sure, if have broken bootloader and your device is a "software brick" it will not help, and it's already your fault. But for hardware issues it will pass. More over, even KIES on software update crash can set 1 to knox warranty void, so, even if they flash firmware, they will see 0 at first place and then see, that their action made it 1. And believe me, they not gonna look KNOX WARRANTY VOID twice. If at the time they flash firmware it's 0 and you have broken hardware(factory deffect) they will replace it. Also Samsung service friend told me that all damaged mainboards are destroyed after replacement, cauze they will place the same IMEI and the same S/N to new mainboard and the reason for that is that on network carrier cann't be at the same time 2 devices with the same IMEI.
Samsung services don't have programmers there and they have no idea about such hack and how to identify that. But to be serious, it's up to you to choose to fake "know warranty void" and get ~90% chance for warranty works or to pay on your own for repair works. And if xda-developers will take a look at that file, there should be assembler instructions for getting that warranty void value, so can track where it comes from and try to reset it.
Click to expand...
Click to collapse
I know it's a fake trick that may help in your situation with warranty claim.
Unfortunately, this is confusing when compared with real KNOX reset for Exynos Note 3 (N900) by a leaked firmware. Moreover, it seems that you own N910C while your thread is posted on N910V section where the majority (retail editions) are on LOCKED bootloader & without ROOT access (so, they can't even flash any modified images).
deleted
phoenix91140 said:
OK. I'll write to moderator once again. I'm newbie here, and didn't find the correct section for this topic.
Click to expand...
Click to collapse
No problem! Thanks for sharing your trick
deleted
+1 amazingly nice solution. will it work if a knox container tries to access the value as well ?
sounds like it will since youre hard coding the knox value in the kernel.
yes, it will
deleted
You can check knox status even when Phone is powered on, here is a simple app that can do that https://play.google.com/store/apps/details?id=it.ale32thebest.galaxywarrantycheck (I'm the dev of the app, if can help i can tell you how i read the value) if can help, i have n910f and i tried the app on it and other internarional samsung Phone model (s3-s4-s5)
deleted
phoenix91140 said:
You're welcome. At the moment I simply don't know ARM assebler well, since I'm linux programmer and there basically x86 & x86_64 assembler instructions used. But if you want to hack counter itself, it's also a good place to start from, cauze this sboot.bin originally has access to that "0x1" value and disassembling the code we could find out where and how it comes from. This hack is just a temporary solution for the cases of factory deffects revealed and warranty voided cauze of rooting device.
Click to expand...
Click to collapse
does it mean if I know where the variable comes from, I can modify KNOX mechanism so that. I can.flash everything without tripping it. maybe I can modify the official firmware so that even my device doesn't know KNOX fuse exist?
PS: I have voided my warranty, can I still use Kies to update in this way?
deleted
Sent from my SM-N910C using XDA Free mobile app
Great work man,hats off
Sent from my SM-N910G using XDA Premium 4 mobile app
phoenix91140 said:
Yep. Point is, that even if imagine, that we cann't overwrite 0x1 flag to set it real 0x0, we still can if we find where knox(except bootloader, cauze I showed already how to make it show 0) print 0 and think its 0. Such way we make it lie like it's all ok. That is option number 1.
Second option is to disassemble sboot.bin and see on low programming level where it takes value and try to make it overwrite it to 0 back. But it's already much harder. For warranty terms its enought if bootloader lies like its all ok. You can also hack KNOX libs too. There are always much more then one option to hack the system
There is one more great solution, but I would need xda crew help for that. Look. We could hack bootloader(the one I did) and make it on firmware update ignore new sboot.bin or replace it with itself. So then it would be odin mode ALWAYS 0 even on firmware update. But to do it alone not easy. Even one more improovement. We could make sboot.bin to load new sboot.bin or delete it is some file contains some magic key.
Sent from my SM-N910C using XDA Free mobile app
Click to expand...
Click to collapse
I see! can I say in this way? sboot.bin does nothing but to void our warranty, if we just leave this bit*ch alone, don't touch her, we.are free to flash into whatever we want without tripping knox?
---------- Post added at 05:30 AM ---------- Previous post was at 05:19 AM ----------
phoenix91140 said:
Yep. Point is, that even if imagine, that we cann't overwrite 0x1 flag to set it real 0x0, we still can if we find where knox(except bootloader, cauze I showed already how to make it show 0) print 0 and think its 0. Such way we make it lie like it's all ok. That is option number 1.
Second option is to disassemble sboot.bin and see on low programming level where it takes value and try to make it overwrite it to 0 back. But it's already much harder. For warranty terms its enought if bootloader lies like its all ok. You can also hack KNOX libs too. There are always much more then one option to hack the system
There is one more great solution, but I would need xda crew help for that. Look. We could hack bootloader(the one I did) and make it on firmware update ignore new sboot.bin or replace it with itself. So then it would be odin mode ALWAYS 0 even on firmware update. But to do it alone not easy. Even one more improovement. We could make sboot.bin to load new sboot.bin or delete it is some file contains some magic key.
Sent from my SM-N910C using XDA Free mobile app
Click to expand...
Click to collapse
lol, looks like you just need two more posts to express your terrific idea to the developer. I strongly believe it will be a millstone in Samsung mobile, please, just make it happen! what you did will be great appreciated by note4. and S6 and later Samsung device community!
Oh boy, this is a hell of a risky hack. The file sboot.bin is the secondary bootloader. If you somehow screw up the change, such as... say adding a 00 instead of replacing it in the file - a very common screwup when hexediting, I might add - you will have a HARD BRICK on your hands that cannot be fixed or reverted without Samsung repair. The phone will appear to no longer power up as the sboot.bin file is executed before anything the user would notice.
So yeah.... just be really careful.
I know. And to be EXTREMELLY CAREFULL. AND ANY WARRANTY IS VOID. Use at your own risk
Sent from my SM-N910C using XDA Free mobile app
deleted
Related
So, There's always paranoia about Flashing. No surprise there.
Here I will list the major worries and hopefully some aces will give opinions on all.
1) Network Locked Phones? - Does it REALLY matter if your phone is network locked before flashing a new Firmware? (i.e. CSC/PHONE&MODEM)? [If so, what firmware are/were you on?]
2) IMEI numbers - There have been various reports of IMEI numbers going down the drain on certain flashes.
EFS folders CAN be backed up but is it only ADB that can sucessfully back this folder up without restoration problems? And more questions...
3) Bricking - Seems like it's hard to brick any SGS entirely, but, whats the realistic percentage? 5%, 10% or up to 50%?
4) Warranty problems. Flashing does not necessarily void your warranty. ROOTING DOES, correct?
4a) OMG MY PHONE IS BRICKED! HOLY CAPERS BATMAN EVERYTHING IS RUINED!
Whilst unfortunate, seems like if a phone in this state is sent to samsung/ a repair centre they will have no idea what's gone on and replace it anyway, even if there was root. Discuss......
Flake x
aahhh come one guys, after 150+ views, someone MUST have something to say about this...
It's never safe 100% to do any flashing, but maybe a weigh up of the problems might be useful to first timers... pleeaase
F x
n99flake said:
So, There's always paranoia about Flashing. No surprise there.
Here I will list the major worries and hopefully some aces will give opinions on all.
1) Network Locked Phones? - Does it REALLY matter if your phone is network locked before flashing a new Firmware? (i.e. CSC/PHONE&MODEM)? [If so, what firmware are/were you on?]
2) IMEI numbers - There have been various reports of IMEI numbers going down the drain on certain flashes.
EFS folders CAN be backed up but is it only ADB that can sucessfully back this folder up without restoration problems? And more questions...
3) Bricking - Seems like it's hard to brick any SGS entirely, but, whats the realistic percentage? 5%, 10% or up to 50%?
4) Warranty problems. Flashing does not necessarily void your warranty. ROOTING DOES, correct?
4a) OMG MY PHONE IS BRICKED! HOLY CAPERS BATMAN EVERYTHING IS RUINED!
Whilst unfortunate, seems like if a phone in this state is sent to samsung/ a repair centre they will have no idea what's gone on and replace it anyway, even if there was root. Discuss......
Flake x
Click to expand...
Click to collapse
-i have a network locked phone, no problems at all.
-imei, just root your phone and backup the /EFS folder, although if you dont check EFS remove or wipe in odin, anything should happen.
-bricking is hard... almost allways you can run into download mode (and if usb isnt hw damaged will repair your phone)
-flashing and rooting both void your warranty, if you have a hw issue and want to send it, just take sure to flash a stock rom.
-if aint booting, and anything can be done by you, just cross your fingers send it, and never say what you did.
(all those questions are answered tons of times, thats why pple dont answer)
Nice one, cheers!
Don't suppose you know the best way to backup EFS?
n99flake said:
Nice one, cheers!
Don't suppose you know the best way to backup EFS?
Click to expand...
Click to collapse
I used Nitrality (from market) to backup my efs. Open it, click tools, then click backup efs. ***Note: your phone must be rooted and have superuser for Nitrality to be able to perform this backup***
That is one nice app.
Thanks again!
imo, just copy&paste /EFS folder is safe enough, to repair imei just copy back...
apps might make images or dunno...
cheers^^
-I backed up my efs folder with root-explorer. Just zip it with root-expl and send it to yourself via mail.
-My phone is network locked, i flashed a couple of fws and not any problem so far.
-For flashing only use trusted fws, like Ramad's, and don't tuch the phone during you flash the phone (because the contact of the USB port). So it should be all right!
Regards
Disclaimer: I try my best to produce valid answers, but if you have no idea what you're doing, don't do it.
Terms and Definitions
NVflash / APX mode
This is the lowest level of software that can talk to an Nvidia Tegra device. Basically this is the Holy Grail of memory modification, which can even fix a damaged bootloader.
To use it, one boots the tablet with [Vol +] + [Power]. This will lead to the PC detecting an "APX" device. The screen stays blank.
This is no working solution for anything yet, as not only there is no leaked NVflash binary yet, but also the communication is encrypted via an unique 128bit AES key. This key is at no stage accessible, but can be used to encrypt data during boot. This is where the wheelie tool for previous transformers was of help. The Communication itself happens via a protocol called nv3p, which actually is open source, but as long as the key is unreachable, that's not a lot of use. NOTE: I will create an extra post with a lot more details about this.
Fastboot
The Android Bootloader.
This is the essential part of software which loads Android/a Recovery image/rooting ramfs/etc.
This is the most delicate part in the Android boot process, as fastboot is the lowest level of communication we have so far. In other words: The only way to fix a damaged bootloader would be NVflash, which is not yet available for this device.
Generally the Bootloader is locked as a method to prevent unauthorized access to data stored on the device. A locked Bootloader means no Fastboot.
Bootloader unlocking
To gain access to fastboot devices, the Bootloader needs to be unlocked. This can be as simple as installing an APK provided by the manufacturer or running "fastboot unlock".
Unlocking the Bootloader always leads to three resulting actions: Fastboot now works, all data on the device is wiped, the device's warranty is now void.
Unlocking the bootloader via unlock app can require you to have internet access and a valid google account. This can be problematic in the case of one-time-passwords, as the normal password will possibly not work (and you'll wonder why the heck it doesn't run).
Bootloader locking
This is (at least currently) not possible. Warranty void remains permanent.
RamFS
Simple file system in a file, which gets loaded into RAM. We use this for rooting.
Boot image
A file generally called "boot.img". This contains the kernel.
Recovery image
A partition image that contains a bootable linux kernel and file system, which server the purpose of creating and restoring nandroid backups and perform related tasks.
Brick - general
A device with messed up software, not being able to boot let alone perform any higher task other than being a brick.
Soft brick
A device not booting, which still responds to fastboot queries.
Hard brick / Brick
Fastboot doesn't work anymore. Maybe a visible boot loop, maybe nothing. The only point in which this differs from scrap is the ability to get into APX mode.
Chances are, there will be a way to use NVflash to fix this sometime.
Unbrick
Fixing a bricked device. Currently only soft bricked devices can be unbricked.
Root
General term for having super user abilities on a linux powered device. This can be used for reading/writing/executing restricted files, modifying things, loading custom ROMs etc.
Also having Root can mean "running with scissors", as there's not much left to prevent you from deleting important files and bricking your device.
Remember: Having Root is a very useful device, but with power comes responsibility. Also there is Android malware, which specifically targets rooted devices.
Rooting
The process of gaining Root. In early methods this generally starts with unlocking the device's Bootloader, then booting a Kernel with a purposely prepared ramfs to install and modify certain files.
As always, unlocking the Bootloader means all data will be wiped. By chance at some point someone will figure out a way to do this without unlocking.
ROM
A stock or custom Android ROM image. This contains everything needed for a running system. Custom ROMs contain tweaks, themes, improvements, styles, preloaded apps etc. Also more often than not, a load of bloat ware will be removed.
Bloat ware
Apps nobody needs/many fail to understand what they actually do/bring new ways to crash your device/sniff your precious data/revive long fixed and forgotten security leaks/the manufacturer adds to promote sales ("hey look, we've got an app for that pre installed").
Most importantly, cannot be removed from your device without Root.
Stock
A mint Android ROM, just like what the device gets shipped with.
Guides
Rooting
Requirements: Currently none
Compatible versions: anything > 10.14.1.47
Method: Booting custom Kernel and ramfs
Status: Proven
Link: http://forum.xda-developers.com/showthread.php?t=2516215
Recovery
Creator: Drgravy
Version: 6.0.3.7
Status: Abandoned but functional
Requirements: Bootloader <= 10.14.1.47 (this will not work with 10.26.1.7. Trying to do so will not work, but still boot Android as usual.)
Link: http://forum.xda-developers.com/showthread.php?t=2524401
Recovery
Creator: lpdunwell
Version: 6.0.4.5
Status: Experimental, WIP
Requirements: Bootloader >= 10.26.1.7
Link: http://forum.xda-developers.com/showthread.php?t=2556944
Various information
Hardware assembly date
On the box, rear side label.
Partition information / Unbricking
Link: http://forum.xda-developers.com/showthread.php?t=2546941
Keyboard key remapping
The physical keyboard has custom keys, with functions of debatable value. Here's how to remap them to suit your needs.
Note: This also works for other ASUS Transformers.
Warning: Backup any file you attempt to edit!
Method: The keyboard mapping is described in /system/usr/keylayout/asuspec.kl. The structure is pretty straight forward.
After saving the file, reboot the device.
Code:
Key: Function: Key number: Text:
lock Delete 142 "key 142 FORWARD_DEL WAKE UNLOCK"
search ALT 217 "key 217 ALT_LEFT WAKE UNLOCK"
HDMI configuration
The HDMI resolution can be adjusted. This can be handy under certain circumstances, although results may vary.
Method: Via terminal; disable frame buffer 1, change resolution, enable frame buffer 1
Info: To get a list of valid settings, run "cat /sys/class/graphics/fb0/modes".
This will reset at reboot.
This example enforces 1920x1200 @ 59Hz, in my case to force a HP Compaq monitor to keep running (without this it'll go to sleep for whatever reason).
Code:
echo 0 > /sys/class/graphics/fb1/device/enable
echo "D:1920x1200p-59" > /sys/class/graphics/fb1/mode
echo 1 > /sys/class/graphics/fb1/device/enable
Teardown
Teardown with two images and a brief description of the process: http://forum.xda-developers.com/showthread.php?t=2564143
Q&A
Q: "I have never rooted anything before. Can you send me some fairy dust to fix my bricked tablet if anything goes wrong?"
A: No. And if you are not absolutely sure of what you're doing, there's a fair chance you'll mess it up. Been there, done that.
Q: "What are known causes of bricked TF701?"
A:
Failed upgrade
Flashing incompatible boot.img and blob
Flashing something other than blob to staging
Removal of important files after rooting
Q: "I had a quick look at your instructions for xxx and I don't understand..."
A: Tough luck.
Q: "I re-read your instructions for xxx, searched the forum and I still cannot understand..."
A: Check if there's a matching thread. If there isn't create one with a diagnostically conclusive title. Use as much detail as possible.
Final notes
I hope this helps. As always, updates will follow.
Want to see your tutorial/guide/etc. here? Send me a detailed PM with the subject "TF701 Q&A extension".
You can help making this even better!
Found a mistake or believe I'm wrong about something? Let's discuss it.
Has this helped you? Consider clicking thanks.
THANK YOU for the hack to get a forward delete on the keyboard! That has been bugging me for a year!
Works just the same on the TF700 keyboard, btw.
Ask the mod to make it sticky, then it will always be at the top of the main thread.
Sent from my superfast Asus Infinity TF701with Dock
Snah001 said:
Ask the mod to make it sticky, then it will always be at the top of the main thread.
Sent from my superfast Asus Infinity TF701with Dock
Click to expand...
Click to collapse
he is retired .... Doesnt reply to any request ...
berndblb said:
THANK YOU for the hack to get a forward delete on the keyboard! That has been bugging me for a year!
Works just the same on the TF700 keyboard, btw.
Click to expand...
Click to collapse
yeah, the keymapping crap...
I found tons of "unpack this apk, edit soandso..." but I wanted to have it changed on a lower level. the remapping should work on most if not all transformers, and be easily portable to anything that has a hardware keyboard...
Rikodu said:
he is retired .... Doesnt reply to any request ...
Click to expand...
Click to collapse
Huh? Wut?????
Considering this is the first "Q & A" post, I will sticky it.
Provided the OP updates and maintains it.
MD
I'm pretty sure the resolution hack can be improved, but it's all I needed for now...
anybody write an app for that?
Moscow Desire said:
Huh? Wut?????
Considering this is the first "Q & A" post, I will sticky it.
Provided the OP updates and maintains it.
MD
Click to expand...
Click to collapse
go for it, it's sinking...
cheers
lpdunwell said:
go for it, it's sinking...
cheers
Click to expand...
Click to collapse
Seeing if you were paying attention..... :good:
lol
Maybe you could explain where to see the build date.
As far as I know its in the serial number after the characters. But in my case (and maybe others) I canĀ“t see a date in 160074 .
done
hard bricked tf701t
Dear lpdunwell,
I have a bricked tf701, only asus logo available and loopboot, fastboot menu is broken as well. Only APX mode working, but I could not find appropriate nvflash for my pad (s I see there is no nvflash currently available for my tab)
In your explanation about bricked device, you wrote that there is possibility to recover tf701?
Please describe what nvflash version should I use to succeed?
Thanks in advance,
stream1313
stream1313 said:
Dear lpdunwell,
I have a bricked tf701, only asus logo available and loopboot, fastboot menu is broken as well. Only APX mode working, but I could not find appropriate nvflash for my pad (s I see there is no nvflash currently available for my tab)
In your explanation about bricked device, you wrote that there is possibility to recover tf701?
Please describe what nvflash version should I use to succeed?
Thanks in advance,
stream1313
Click to expand...
Click to collapse
Sorry mate we don't have nvflash and it is too late for you now anyway If you only have access to APX you are hard bricked. Best to sell it for parts and move on.... Or if you want to revive it send it to Asus to fix at a cost or source a replacement mainboard and do it yourself.
sbdags said:
Sorry mate we don't have nvflash and it is too late for you now anyway If you only have access to APX you are hard bricked. Best to sell it for parts and move on.... Or if you want to revive it send it to Asus to fix at a cost or source a replacement mainboard and do it yourself.
Click to expand...
Click to collapse
Hi man.. Why do you think I have to forget about my toy.. It was my Christmas (New Year in Tbilisi, Georgia, opposite planet side) present to myself But it is all the lyric only
Pls explain - do you really think that for ex., several weeks / months later, smb will create the nvflash or any similar SW which will be able to fix my problem? Actually I believe that until all electronic components are ok, device is not "dead" forever... Why you so pessimistic exactly for 701 transformer tab? Pls if you have time reply me
Kind regards,
Stan
stream1313 said:
Hi man.. Why do you think I have to forget about my toy.. It was my Christmas (New Year in Tbilisi, Georgia, opposite planet side) present to myself But it is all the lyric only
Pls explain - do you really think that for ex., several weeks / months later, smb will create the nvflash or any similar SW which will be able to fix my problem? Actually I believe that until all electronic components are ok, device is not "dead" forever... Why you so pessimistic exactly for 701 transformer tab? Pls if you have time reply me
Kind regards,
Stan
Click to expand...
Click to collapse
the way nv flash works is you need to flash the special bootloader to extract your device blobs and device specific keys. As you haven't been able to do it and you CANNOT do it once you have bricked you will have no chance. How are you going to flash a bootloader that you need fastboot for?
Sorry to bring bad news but if you only have APX with no saved nv flash files (which is not yet avail for our device) then you currently have 0% chance of recovering.
sbdags said:
the way nv flash works is you need to flash the special bootloader to extract your device blobs and device specific keys. As you haven't been able to do it and you CANNOT do it once you have bricked you will have no chance. How are you going to flash a bootloader that you need fastboot for?
Sorry to bring bad news but if you only have APX with no saved nv flash files (which is not yet avail for or device) then you currently have 0% chance of recovering.
Click to expand...
Click to collapse
Thanks a lot for reply (as well as for my another, initial thread reply) I have only CWM backup of my tab, on the MD card. But I do not know, does this backup contain all needed stuff? At list, I did not found there saved nv flash or blob files. Just "blobgenerator" (462Kb) and "blobtester" (370Kb), also some system files with "nv" in the name. But I do not have Idea, does CWM saving the low level loader files, at list I was not able to recognize them there...
my apologize for too many questions as well as for my poor English - it is not my native lang
Kind regards,
Stan
stream1313 said:
Thanks a lot for reply (as well as for my another, initial thread reply) I have only CWM backup of my tab, on the MD card. But I do not know, does this backup contain all needed stuff? At list, I did not found there saved nv flash or blob files. Just "blobgenerator" (462Kb) and "blobtester" (370Kb), also some system files with "nv" in the name. But I do not have Idea, does CWM saving the low level loader files, at list I was not able to recognize them there...
my apologize for too many questions as well as for my poor English - it is not my native lang
Kind regards,
Stan
Click to expand...
Click to collapse
No having CWM backups saved won't help you as you have no way of getting to the bootloader which would then be used to open the recovery so you could restore. WIthout a working bootloader you can't proceed. NV Flash uses APX mode to restore the blobs via the wheelie binary. You haven't captured the blobs to restore and as they are encrypted to your device you can't use anyone elses.
It's a new main board or nothing I'm afraid.
sbdags said:
No having CWM backups saved won't help you as you have no way of getting to the bootloader which would then be used to open the recovery so you could restore. WIthout a working bootloader you can't proceed. NV Flash uses APX mode to restore the blobs via the wheelie binary. You haven't captured the blobs to restore and as they are encrypted to your device you can't use anyone elses.
It's a new main board or nothing I'm afraid.
Click to expand...
Click to collapse
I see, everything is clear. Thanks for your time man. But I beleive that Asus has some kind of "backdoor" for such cases, for internal usage, of course. Asus manifest about "mainboard replacement" probably just for business, normally must be some way to crack this protection. I hope somebody from Asus will share some useful info or even software for public usage... Maybe it's my dreams only, I'm realistic (I'm working as IT/IS/GSM/WCDMA, but I'm so far from programming..)
Again, thank you. Pls notify me in case of any news about K00C hack
Problems flashing CWM recovery
stream1313 said:
I see, everything is clear. Thanks for your time man. But I beleive that Asus has some kind of "backdoor" for such cases, for internal usage, of course. Asus manifest about "mainboard replacement" probably just for business, normally must be some way to crack this protection. I hope somebody from Asus will share some useful info or even software for public usage... Maybe it's my dreams only, I'm realistic (I'm working as IT/IS/GSM/WCDMA, but I'm so far from programming..)
Again, thank you. Pls notify me in case of any news about K00C hack
Click to expand...
Click to collapse
----------------------------------------------------------------------------------------
Sorry I am not yet familiar with how to ask questions.
I recently bought a TF701T having used a TF700T now for two years and before that the TF101, TF201 and TF300T.
All these tabs I installed a recovery: CWM or TWRP and flashed the best ROM I could find. Usually Cyanomod or CROMi-X.
Everything worked fine so I was very excited when I got hold of the TF701T with its incredible Q-ratings and smoothness.
Unlocking worked just fine but installing CWM just does not work: flashing with Fastboot works OK but when I boot into recovery the little green man falls down and stays there
FYI: I am on the latest BL: 10.26.1.28, so newer than the mentioned 10.26.1.18 !
Please could anyone respond ?
Regards, JOTX10 from the Netherlands.
I've ran into this problem twice now either using .img to .tar tool that isn't set up properly with an incompatable version of stock rom or a corrupt dump of a stock rom or even using a proper stock rom. Or if you just so happen to accidently turn off O..E.M unlock... and your phone died or you restarted it.... Download mode spits out some red code usually or fails or even can complete but not in any case I've ever seen and boot sucessfully.... usually if you try to many times with odin you'll end up with a blue screen that comes up stating something went wrong during update process and to use Samsung's smart switch program on a pc. Only problem is at this point you've already tripped Knox and your warranty is now void so downloading smart switch and typing in your serial and one I will only give you another error stating that your phone is not comparable with smart switch due to Knox being tripped at 0x1......
At that point there are a couple options claim insurance if you have it, $200 or if you don't have insurance. Samsung will give you a spill about how your 1yr warranty is over and even if it isn't when they get your phone they will see your Knox status of 0x1 and tell you sorry your warranty is void due to end user tampering. So they offer a reflash for a cool $80 without warranty and that will reset your phone back to O.E.M specs with a Knox of 0x0 fix it for a mere $80. Smartswitch won't reflash firmware do to Knox being tripped. Sorry. You are more than welcome to try....*
COLOR="red"]NEVER, I REPEAT, NEVER TURN OFF O.E.M. UNLOCK UNDER ANY CIRCUMSTANCES IF YOU HAVE ROOTED YOUR PHONE, OR PUT A CUSTOM KERNEL OR FLASH A CUSTOM RECOVERY OR YOUR FAIL TO BOOT.[/COLOR]If you turned off O.E.M unlocking. Basically O.E.M unlocking is telling your phone it's okay that Knox is tripped. O.E.M unlock allows the skipping verified samsung signature checks on the first rom based bootloade rduring the boot sequence alowing it to bypass into the secondary bootloader and kernel.*
O.E.M. stands for "Original Equipment Manafacturer" i.e. being Samsung in this case so when you have not done anything to your phone when it comes brand new out of the package. Developer mode is hidden and unacessable for a reason.... O.E.M unlock means that in download mode you can flash unofficial code, i.e. C.W.M., TWRP, Other unsigned code from various developers. With no hassle due to Samsung being so kind to us developers and allowing us the option to manually unlock our bootloaders.*
Usually what happens specifically is Samsung has a secure bootloader which uses digital certificates to ensure that the software loaded before the operating system is trusted to boot the linux kernel shell we all know and love as android OS when you load a custom bootloader such as anything not signed by Samsung it fails to pass the signature checks and that's exactly what turning off O.E.M unlock did.*
But with us all being blessed with the option to manually unlock our Bootloaders through O.E.M unlock now so many options are open to us so as but not limited to.: Roms, MODS, Hacks, Busybox, Root, Xposed, Various Root Applications, Magisk, Kingoroot, GeoHots stuff, HashCodes stuff, even have the oppourtunity to create and test various of our own creations.*
Once upon a time Bootloaders were locked, meaning, No Roms, No kernels, etc, etc... Very, Very difficult to even root phone's. The reason I go into all of that is Because with great power comes great responsibility. Always back up your eds partition, and always always if you root and like to run custom rom Roms and all the development for this scene that only continues to grow and evolve Make sure you do one thing if nothing else and that is to read, read, read and know your phone inside and out. I am a developer and I work with software as much as I do hardware. I can afford to make mistakes as these aren't my daily drivers. I suggest if you like to unlock the full potential of your devices then please heed my warning about reading and knowing all the dos and dont's for what your devices is capable of and what will turn it into a very expensive paper weight. I'm not being a **** I'm trying to help. Because you have now tripped your Knox counter meaning it is permanently stuck in the state of your phone now having a void warranty and there is no going back.*
Once you turn O.E.M mode off you lock your bootloader and if you've already tripped Knox you can't flash a stock bootloader or Rom because your phone's hardware is preventing anything unauthorized from making it past the kernel checks..... clear some things up for You? I don't care the people say they have work around forCOLOR="red"]"custom binary frp lock"[/COLOR]because I have yet to see a phone recover. P.S. word to the wise that is one error you never, and I mean never want to see on your boot screen...
I came back from it once with a zeroed out serial number and a null one I. Once and that's a whole nother ball of wax. Claim warranty, play stupid if still covered if not Sammy will know so just shell out the $80 send it to them. They will reflash it and that's the end of that.
Hi
I just bought a 2nd handed phone from my friend and all of the samsung apps said my phone has been rooted.
I'm quite sure my phone is not rooted and Knox still stay at 0x0
I have gone to samsung warranty service and know that this phone has broken the contract with some kind of 3rd party certified reseller, for that reason it will cause my phone to void the warranty and the phone will keep in rooted state.
Is anyone have any idea about this?
Thanks
romi1996 said:
Hi
I just bought a 2nd handed phone from my friend and all of the samsung apps said my phone has been rooted.
I'm quite sure my phone is not rooted and Knox still stay at 0x0
I have gone to samsung warranty service and know that this phone has broken the contract with some kind of 3rd party certified reseller, for that reason it will cause my phone to void the warranty and the phone will keep in rooted state.
Is anyone have any idea about this?
Thanks
Click to expand...
Click to collapse
probably was rooted. go to dl mode and check "warranty:
romi1996 said:
Hi
I just bought a 2nd handed phone from my friend and all of the samsung apps said my phone has been rooted.
I'm quite sure my phone is not rooted and Knox still stay at 0x0
I have gone to samsung warranty service and know that this phone has broken the contract with some kind of 3rd party certified reseller, for that reason it will cause my phone to void the warranty and the phone will keep in rooted state.
Is anyone have any idea about this?
Thanks
Click to expand...
Click to collapse
Are you using an app to check if Knox is 0x0 ? Apps are telling me Knox is not tripped, when it is! Best way to check is go into download mode, check via there!
bober10113 said:
probably was rooted. go to dl mode and check "warranty:
Click to expand...
Click to collapse
N1NJATH3ORY said:
Are you using an app to check if Knox is 0x0 ? Apps are telling me Knox is not tripped, when it is! Best way to check is go into download mode, check via there!
Click to expand...
Click to collapse
I have reached Download Mode as you guys have asked and noticed some lines like this, take a look
Current BINARY : Samsung Official
KG STATE: CHECKING
FRP LOCK: OFF
OEM LOCK: OFF
WARRANTY VOID: 0 (0x0000)
romi1996 said:
I have reached Download Mode as you guys have asked and noticed some lines like this, take a look
Current BINARY : Samsung Official
KG STATE: CHECKING
FRP LOCK: OFF
OEM LOCK: OFF
WARRANTY VOID: 0 (0x0000)
Click to expand...
Click to collapse
looks good then.
maybe you should just reset phone. go to recovery mode and wipe cache a data maybe?
im at a loss
bober10113 said:
looks good then.
maybe you should just reset phone. go to recovery mode and wipe cache a data maybe?
im at a loss
Click to expand...
Click to collapse
I did try soft restore in phone setting except recovery one but no luck, maybe recovery mode and wipe everything should do the trick I think.
I heard they have mentioned something like F.nox (Similar to locked carrier phone contract) that caused all of this.
More confusing, this phone somehow broke out the contract with "F.nox" and work like global except Knox involved Samsung apps.
romi1996 said:
I did try soft restore in phone setting except recovery one but no luck, maybe recovery mode and wipe everything should do the trick I think.
I heard they have mentioned something like F.nox (Similar to locked carrier phone contract) that caused all of this.
More confusing, this phone somehow broke out the contract with "F.nox" and work like global except Knox involved Samsung apps.
Click to expand...
Click to collapse
oh if it was a rental?
maybe but again try a reset in recovery if you can't then yeah maybe its the mdm that the rental company activated that is causing this
edit:
maybe it jsut needs a good old fashion reflash of stock firmware via odin
bober10113 said:
oh if it was a rental?
maybe but again try a reset in recovery if you can't then yeah maybe its the mdm that the rental company activated that is causing this
edit:
maybe it jsut needs a good old fashion reflash of stock firmware via odin
Click to expand...
Click to collapse
I have quite some baddddddddd memories with odin but maybe yeah I should think about that solution too.
EDIT : Last time I flashed my note 2 with it. It blown my imei and baseband away
romi1996 said:
I have quite some baddddddddd memories with odin but maybe yeah I should think about that solution too.
EDIT : Last time I flashed my note 2 with it. It blown my imei and baseband away
Click to expand...
Click to collapse
sounds like modem issue.
but regardless, ive not herd of such issues lately.
anyways ill let you decide.
a good way to get non corrupt firmware is to use samfirm tool 0.3.6 just enter phone model: SM-N960F
and your region code.
when using odin 3.13.1
fill all slots but for csc use regular csc.md5 not the one with home.
bober10113 said:
sounds like modem issue.
but regardless, ive not herd of such issues lately.
anyways ill let you decide.
a good way to get non corrupt firmware is to use samfirm tool 0.3.6 just enter phone model: SM-N960F
and your region code.
when using odin 3.13.1
fill all slots but for csc use regular csc.md5 not the one with home.
Click to expand...
Click to collapse
Thanks, I'll try it out later, currently, I'm trying to test if the recovery mode work or not. I hope it work.
Possible that the device had a bad IMEI/ESN and was a new CERT file was created to allow network access.
So as some of you know I have been chasing an audio problem with my Note 9 for a few weeks now.
Somebody I trust as a good guide + my own research indicated problems with a hidden partition after the update. To android 10. (This is what caused some google pixel phones to fail after the update). Also when I adb Shell into my phone I see one hidden partition has zero space free on it. Maybe this is causing the problem.
So my doing a re-set is kind of pointless. As it only formats the data partition.
I was told to take the phone to a service center and get them to re-flash the s/w from scratch.
This will format all partitions hidden or other wise.
I did this went to Samsung service explained the problem and asked them to re-flash. They took the phone in and 15 min latter returned saying sorry its still not working.
Then they kept it for a week saying they would look into it. After a week they said sorry its out of warranty. If you want your problem fixed replace the main board.
So I took my phone back.
When I reached home I found that the phone connected to my wifi. Without asking for a password.
This basically means they did not re-flash anything.
I have some exp with rooting the last phone I rooted was my Note 4.0. When the note 4 developed a problem they refused to fix it saying warranty is void as you rooted it. When I had issues with my other Note they said you did not buy this phone in India so no support. So this time I purchased the phone in India. I did not root it.
Also I use Samsung Pass so do not want to root it.
How can I do a factory / service center re-flash at home.
My limited memory tells me Odin should work.
But I am not sure what options to pick and what not to. And what to backup (From my old phones I think I need to backup the EFS). My personal data is not an issue as I have re-set data over 10 times.
Help I need. Want to keep Samsung pass working at any cost.
1. Which firmware to load and where to get it from.
2. Which Odin to use (I see patched Odin being recommended in some places).
3. What options to pick in odin to make sure all partitions hidden / system / all get formated.
4. Should I use SD card or USB cable.
If this fails my next option is to do a chip level repair job of the board. I have ordered the Max98512 IC from China.
Will take pics and detail the repairs to help others.
Attached is what I have on the phone right now. Security patch is 1 July 2020.
Yes I know I should spend some time reading. Have been at it for the past 20 hours. Samsmobile is where I need to head for next I guess. But I also read that Samsung Changed the boot loader so do not wish to brick my phone.
===================
Found this seems to match and has link to odin and some instructions.
https://www.sammobile.com/samsung/galaxy-note9/firmware/SM-N960F/INS/download/N960FXXU6ETG3/354308/
RonChinoy said:
So as some of you know I have been chasing an audio problem with my Note 9 for a few weeks now.
Somebody I trust as a good guide + my own research indicated problems with a hidden partition after the update. To android 10. (This is what caused some google pixel phones to fail after the update). Also when I adb Shell into my phone I see one hidden partition has zero space free on it. Maybe this is causing the problem.
So my doing a re-set is kind of pointless. As it only formats the data partition.
I was told to take the phone to a service center and get them to re-flash the s/w from scratch.
This will format all partitions hidden or other wise.
I did this went to Samsung service explained the problem and asked them to re-flash. They took the phone in and 15 min latter returned saying sorry its still not working.
Then they kept it for a week saying they would look into it. After a week they said sorry its out of warranty. If you want your problem fixed replace the main board.
So I took my phone back.
When I reached home I found that the phone connected to my wifi. Without asking for a password.
This basically means they did not re-flash anything.
I have some exp with rooting the last phone I rooted was my Note 4.0. When the note 4 developed a problem they refused to fix it saying warranty is void as you rooted it. When I had issues with my other Note they said you did not buy this phone in India so no support. So this time I purchased the phone in India. I did not root it.
Also I use Samsung Pass so do not want to root it.
How can I do a factory / service center re-flash at home.
My limited memory tells me Odin should work.
But I am not sure what options to pick and what not to. And what to backup (From my old phones I think I need to backup the EFS). My personal data is not an issue as I have re-set data over 10 times.
Help I need. Want to keep Samsung pass working at any cost.
1. Which firmware to load and where to get it from.
2. Which Odin to use (I see patched Odin being recommended in some places).
3. What options to pick in odin to make sure all partitions hidden / system / all get formated.
4. Should I use SD card or USB cable.
If this fails my next option is to do a chip level repair job of the board. I have ordered the Max98512 IC from China.
Will take pics and detail the repairs to help others.
Attached is what I have on the phone right now. Security patch is 1 July 2020.
Yes I know I should spend some time reading. Have been at it for the past 20 hours. Samsmobile is where I need to head for next I guess. But I also read that Samsung Changed the boot loader so do not wish to brick my phone.
===================
Found this seems to match and has link to odin and some instructions.
https://www.sammobile.com/samsung/galaxy-note9/firmware/SM-N960F/INS/download/N960FXXU6ETG3/354308/
Click to expand...
Click to collapse
Here are the answers to your questions:
1. Use frija tool. It will download the latest firmware for your model automatically.
2. Odin 3.13 should do.
3. Check Nand Erase and Re-Partition. You can extract the pit file from the CSC file of the downloaded firmware. Put that pit file in the Pit tab of Odin.
4. USB Cable.
Hope this helps.
try combination firmware. and test the sound in combination firmware to make sure that this is hardware or software problem.
Munawar Mehmood said:
try combination firmware. and test the sound in combination firmware to make sure that this is hardware or software problem.
Click to expand...
Click to collapse
No idea what that is. I will try and google it.
Ok found this.
https://combinationfirmware.com/combination-samsung-galaxy-note-9/
Will it void my Knox.
Ok no combination file for N960FXXS6ETF7 I have left a request.
I also cant find a youtube video which shows you what tools are included or how they are used.
Audio works via blue tooth. But not for phone calls.
All speakers and mics dead.
Sound recorder hangs when I try to use it.
Another question I am looking for is which IC do I need to replace Max98512 or 9896b
Extracting the PIT file sounds complicated. Maybe I will just try erase first.
Fingers crossed that I don't brick the phone. Or make the problem worse.
Ok I could not find the pit file. Can I erase nand without using pit file ?.
Or can you tell me path to pit file.
Also, there are two files for CCS
CSC_OMC_OXM_N960FOXM6ETG3_CL18803598_QB32888639_REV00_user_low_ship.tar
And
HOME_CSC_OMC_OXM_N960FOXM6ETG3_CL18803598_QB32888639_REV00_user_low_ship.tar
Which one do I use.
(answer to this found here
https://technastic.com/csc-home-csc...e is to,phone while keeping everything intact.
And what file do I use for user data in Odin.
I need to remove my google account before I do anything. But I cant seem to remove my Samsung account. Hope that does not cause a problem.
Mods you can delete this post.
I did a complete erase and fresh install and it did not help my problem.
Have escalated the problem with Samsung and if they still do nothing my chips / spares will land up from China is few weeks.
RonChinoy said:
Or can you tell me path to pit file.
Click to expand...
Click to collapse
I can see you have already completed the erase and fresh installation but for future reference, if you ever need to extract PIT file, you can just open your CSC file with 7zip or Winrar and there you can see .PIT file, you can drag and drop it out of the zipped file.
RonChinoy said:
And what file do I use for user data in Odin.
Click to expand...
Click to collapse
User Data can be left blank.