Can I flash SGS5 SM-G900A ROM with Baseband Version (G900AUCU2ANCE) on SGS5 SM-G900A with Baseband Version (G900AUCU4BOF3)? Or any other baseband version?
FrankAm20177 said:
Can I flash SGS5 SM-G900A ROM with Baseband Version (G900AUCU2ANCE) on SGS5 SM-G900A with Baseband Version (G900AUCU4BOF3)? Or any other baseband version?
Click to expand...
Click to collapse
https://forum.xda-developers.com/att-galaxy-s5/general/guide-merry-christmas-heres-t3516196
FrankAm20177 said:
Can I flash SGS5 SM-G900A ROM with Baseband Version (G900AUCU2ANCE) on SGS5 SM-G900A with Baseband Version (G900AUCU4BOF3)? Or any other baseband version?
Click to expand...
Click to collapse
Really it depends on what baseband you're trying to work with. To better understand the answer I'm giving, I'm going to tell you about Samsung Knox and Qualcomm Secure Boot.
For Samsung Galaxy S devices after the S3, Samsung implemented a new security suite called Knox, which served to make devices enterprise-compatible by providing extensive anti-corruption and anti-tampering functions. One part of this was the locking of the bootloader, which is actually facilitated by Qualcomm Secure Boot, we'll get to that in a minute.
Another thing that Knox provides is this thing called Anti-Rollback Protection, which serves to prevent the exploitation of patched security flaws by defining exactly how far back the system can be downgraded. This is controlled by a thing called a qFuse (or an eFuse depending on who you ask). When you upgrade (or downgrade) to a new version of Android, the system checks that fuse value to see if it should accept the update or not. If the version's fuse value is the same as the value on the device, the update is accepted and nothing else happens. But when you upgrade to a version of Android with a higher qFuse version, the fuse on the device is "blown", and increments to that version, and the update is accepted.
If you try to downgrade lower than the fuse version, the update will fail the check, and the update will be rejected with an error saying "FAIL! (fuse x binary y)", with x representing the value on the device, and y representing the value of the update.
Now, this is a bit confusing, so I'll illustrate an example using our firmware.
The first thing you should know is that you can find the qFuse version of a firmware binary from the baseband version:
Example: G900AUCU4COI5, the qFuse version is 4
Example: G900AUCU2ANCE, the qFuse version is 2, so you would not be able to flash this over OI5.
Now, to your example, flashing a baseband from G900AUCU2ANCE over G900AUCU4BOF3, the update would not flash due to the binary's fuse value being lower than the value on the device.
And now you would ask something like "well why not just use FlashFire instead of ODIN and bypass the fuse check?" Well in theory that could work, but in practice it really doesn't, and this is where Qualcomm Secure Boot comes in.
When you flash something with FlashFire, it circumvents Knox's fuse check temporarily, and directly writes its payload to the target partition.
But both Samsung and Qualcomm foresaw something like this occurring, and they put in boot-time protections to shut that down.
When your device boots, it uses something called Chain-Of-Trust to boot the device in a sequence. It all starts with an RSA key held in a read-only part of the device. This key is used to verify the signature of every binary that comprises the bootloader, which is actually made of a whole bunch of different parts. The read-only key verifies a sub-bootloader. That sub-bootloader verifies another sub-bootloader, which verifies another part of the bootloader, and so on until you get to the application bootloader (aboot). The aboot is responsible for verifying and executing the Android Kernel, which is the first part of the system that's actually Android. Now the cool thing about the aboot is that you could break the chain of trust between it and the Kernel if the bootloader is unlocked, and the device would still boot. But since the bootloader on our devices is locked, the aboot verifies the Kernel, and then the kernel boots the system (that's right, no signature checking for the system itself, only the kernel).
That's the Qualcomm side of things, now here's where Samsung comes in, and things get a little weird.
In theory, Samsung reinforced Secure Boot further by making the bootloaders check qFuse versions along with signatures. BUT, I have seen some instances where the system allows an older kernel to boot. This is the case with NCE flasher and Safestrap, what NCE flasher does is flash the NCE kernel on the device so you can boot into Safestrap on newer versions of Android, with the requirement that you have to re-flash your old kernel before you can boot back into Android. You could in theory flash the /system partition from NCE along with the kernel, and leave everything else alone, but you would probably run into issues very quickly, mainly with the other bootloaders because they also check if the kernel has SELinux set to Enforcing, and the NCE kernel would fail the check because its SELinux is set to Permissive (you would get an error saying "KERNEL IS NOT SEANDROID ENFORCING")
TL;DR: If you wanted to flash just the kernel, it might work through FlashFire but you wouldn't be able to boot into OF3, you would have to flash the /system partition to NCE, and at that point there's not enough research to tell us what would happen next.
I want to flash the same android version with a different baseband.Is it possible
So in theory, if the qFuse versions were the same in both but the last 4 characters were different would the flash succeed?
AptLogic said:
and the device would still boot. But since the bootloader on our devices is locked, the aboot verifies the Kernel, and then the kernel boots the system (that's right, no signature checking for the system itself, only the kernel).
That's the Qualcomm side of things, now here's where Samsung comes in, and things get a little weird.
In theory, Samsung reinforced Secure Boot further by making the bootloaders check qFuse versions along with signatures. BUT, I have seen some instances where the system allows an older kernel to boot. This is the case with NCE flasher and Safestrap, what NCE flasher does is flash the NCE kernel on the device so you can boot into Safestrap on newer versions of Android, with the requirement that you have to re-flash your old kernel before you can boot back into Android. You could in theory flash the /system partition from NCE along with the kernel, and leave everything else alone, but you would probably run into issues very quickly, mainly with the other bootloaders because they also check if the kernel has SELinux set to Enforcing, and the NCE kernel would fail the check because its SELinux is set to Permissive (you would get an error saying "KERNEL IS NOT SEANDROID ENFORCING")
Click to expand...
Click to collapse
I'm still thinking that just like the same & related source branch(s) of the other samsung android flagships circa 2015/16 we should be able to backport the exploits made on newer devices to this old EOL device. I've seen the same kind of FW on the Note5, which has the same SoC as the the GS6 line too. If it worked on the generation after what you(we) are discussing, why couldn't be even more applicable to and older generation of source & hw? I had what seemed like the Combination Rom Kernel for my Rev3 Note5, it allowed official ODIN to bypass the revision rollback protection check for all pieces except cm.bin & param.bin ad still boot up.
We actually just need the stock custom rom put together compiled for the device and has all the version codes updated for a spoof. Dot the T's and Cross the I's. I can work if setup prior to a check and is diligently prepared. But is on a per device basis.
With so many Encryption Collision algorithms now though, I bet if we really revisited the S5 and the S3 red models, we can get farther into diverting and re-routing the chain of trust. They are EOL of devices anyhows that could use some ability to update still. And people wouldn't use them as daily drivers anymore anyways.
Samsung devices needed a System Root up until Nougat builds though. Everyone else upgraded to system-less style with 5.1 kinda yeah. Samsung, GIVEN YOU VERIFIED NO SYSTEM PARTITION signature check, we can dirtycow and persistent payload to defeat DM-Verity. Including the Recovery kernel here. I don't see why we couldn't hijack the Secure Boot PRocess and have it issue an unlock command, even temporally.
MattMadness said:
So in theory, if the qFuse versions were the same in both but the last 4 characters were different would the flash succeed?
Click to expand...
Click to collapse
Also look at the original package case-sensitive file name, the build.props, the system's(app/priv-app/*.rc) date/version #/version codes, file sizes, and default timestamps w/noatime, and then maybe use 7-Zip and it's CRC analyzer, as well the packages compression level, compression format, and the date of the compression algorithm itself too. Newer 7-Zip version 1909 will lzma/lz4 compress something in a slight different hex format than say the older versino 1806, we see this problem when compiling the "simg2img" packages as well. Same problem, fixed the same way though.
We can mod the early 6.0.1 CSC FW's this way with the Cache, we have the PoC's out there, they need integrated together though. An emmc flasher could maybe change the fuse value. Or we can replace all the build fingerprints from an older build and try and to flash it as a spoof at Run-Time. I've seen parts of it work with DirtyCow and the S6 Edge and Note5. So the S5 is older. Without the same problems and hurdles.
ATT and Verizon were the only ones that locked the bootloader of the S5
Related
NEW METHOD - DOESN'T WORK ON Bootloader 10 AKA THE CSF1 BUILD OF OREO.
RECOMMENDATION: USE 3B MODDED ODIN.
So, I said before in this post, before editing, that you could use older FW on the AP and CSC slots in odin, but that no longer works, so here's a new method that doesn't work on the 10th bootloader revision, also it's 6.0.1. Sorry. I can't do anything for you.
Use these files:
G935AUCU9ASA1 (Marshmallow, untested) - https://androidfilehost.com/?fid=1395089523397911894
Notice the A in ASA1 instead of C for CSA1.
Also use 3B Odin. - https://forum.xda-developers.com/and...-13-1-t3762572
3B will help.
I changed up the method because the old method was outdated for bootloader V9, and it also made bootloops happen for some people, and mine ended up bootlooping.
It reboots fine because you haven't actually downgraded the bootloader, you are just running an older software image on the newer bootloader. That (to my knowledge) has always been possible with Prince Comsey's Odin, though it's not always stable.
Do you have links to the firmware so I can downgrade?
jshamlet said:
It reboots fine because you haven't actually downgraded the bootloader, you are just running an older software image on the newer bootloader. That (to my knowledge) has always been possible with Prince Comsey's Odin, though it's not always stable.
Click to expand...
Click to collapse
When I still had my AT&T Note 5, I had a Revision 3 "sboot.bin" that would boot a LP build. It could only do that because it came from the Factory Binary Firmware, every other revision 3 bootloader booted MM kernels.
So yeah, on my Note 5 I could technically downgrade my AP file all the way back to the beginning, because I had a bootloader capable of booting a Lollipop Kernel.
That eng "sboot.bin" I had was a real eng bootloader too from the N920AUCU3APH1 factory build. ODIN 3.12 would actually allow me to flash a Revision 2 sboot.bin overtop of the 3aph1 sboot.bin. I even got the phone to boot up too using an older Lollipop AP firmware.
However downgrading the AP like that can sometimes re-open valuable loopholes, if trying to do something not exactly specific to the bootloader.
asdf2345 said:
Do you have links to the firmware so I can downgrade?
Click to expand...
Click to collapse
Well, I tried the method I said I had in this post and it bootlooped, so now, I just found a file which seems kinda bootleg, but it's a combination file that swings you to 6.0.1.
It's for G935A, so use 3B Odin.
There's not much info on this combination firmware, but sources lead me to believe this is 6.0.1 because
6.0.1 builds were G935XXXXXAXXX
7.0 builds were G935XXXXXBXXX
and Oreo Builds are G935XXXXCXXX
also if your firmware is G935AUCUACSF1 instead of U9CSC1 you can't use this.
G935AUCU9ASA1 (Marshmallow? - Not Tested By Me, Will Test Later Today) - https://androidfilehost.com/?fid=1395089523397911894
3B Odin (I know this works, so...) - https://forum.xda-developers.com/android/software/patched-odin-3-13-1-t3762572
Hi everyone,
I was one of the early "plungers" for the XZ1c, so I unlocked my bootloader without any TA key backup, flashed Oreo (47.1.A.12.145), and got by with Xperifix. But now I want to upgrade to Pie for a plethora of reasons (e.g. development).
I did a bit of reading here and there, and I came up with a set of steps for me to follow (and maybe anyone else who wants to attempt the same). Please do correct me if I'm wrong, and risk a brick:
Method A:
Backup all my stuff (a combination of manually, TitaniumBackup, Google, Sony)
Download the official stock firmware for Pie (47.2.A.10.45) via Xperifirm.
Flash Pie with a full format, to prevent any instabilities from apps.
Flash j4nn's bootloader unlock hide kernel to get root + Magisk (v18.1).
Restore backups.
Method b:
Backup all my stuff (a combination of manually, TitaniumBackup, Google, Sony)
Download the latest firmware and kernel for Pie (47.2.A.8.24) from janjan's thread.
Flash Pie with a full format, to prevent any instabilities from apps.
Flash janjan's kernel to get root + Magisk (v?).
Restore backups.
I'm leaning towards method A, as it'll be a newer version of Pie, but I do have some questions I couldn't manage to find a clear answer for:
Will Google Pay work with either method? This is kind of a deal breaker for me, as contactless payments are prevalent in my region.
Is there a reason to use Newflasher over Flashtool? I had used Flashtool for my XZ1c (even before they added official support in 0.9.24.3).
Does the gimmicky slo-mo video camera feature still work?
Is it possible to get TWRP with j4nn's method?
@TheFuzzy, concerning janjan's kernel, there is no drmfix included in pie releases, so that kernel seems to be only somehow tuned stock kernel.
My kernel releases are stock identical, no tuning at all, the only difference to stock is the kernel patch to hide bootloader unlocked state.
I believe this is a great benefit even in case of lost drm keys, if you need to use google pay or such apps. And yes, by following alternate use guide, my kernel can be flashed and used with twrp.
As tested by @russel5 (with some help and ideas from me), google pay now seems to use Android Attest Key (as I've expected long ago to happen) to truly detect bootloader unlock state.
In case you have Android Attest Key _working_ (see here to find out), even my kernel would not help to hide bootloader unlock (you can test that with the linked Auditor app even while running my kernel).
Destroying Android Attest Key seems to help to make google pay working as tested by russel5 - I did not test that myself, but @russel5 might confirm (thanks again for your testing and your finds, russel5).
But it seems to be irreversible change - we might still try to do some backup and restore tests...
@j4nn Thanks for the info! It is a bit confusing to keep up with the differences between the different methods.
I used your bootloader with 47.2.A.10.45, and it works like a charm.
I flashed your kernel directly as I'm not interested in FOTA. I've not tried to flash TWRP as I was afraid it might break the bootloader hide unlock patch (unless there is a specific order to follow, i.e. flashing it over TWRP or vice versa).
I ended up using Newflasher too, as I had read about not flashing the persist.sin file, and it seemed too tricky to do it with Flashtool.
One odd side effect is that I required the patched kernel to be flashed instead of booted from via adb, otherwise the device would boot loop and boot with the stock kernel instead.
I wasn't able to use your patched Auditor app as I don't have another phone at Nougat to verify. Indeed, Google Pay did pick up on the bootloader unlock status (maybe because of the Attest Key), but I was able to re-enable it using the SQLite trick mentioned here. My banking apps work fine with MagiskHide, too.
@TheFuzzy, you may use my patched Auditor app just with your single phone, which you like to check your attest key in.
Just install the patched Auditor and scan the QR code available on google play store in the Auditor's screenshots, instead of using a second phone.
That will trigger the verification just fine and then the audit results are simply displayed on the phone.
Salutations everybody. I haven't had a phone from sammy in a while. Finally invested in a SM-N950F note 8. It's oreo. Tried to root earlier today using the pinned guide in the Guides forum. After going through the process, and flashing twrp. Then formatting data. And rebooting it to twrp (which I did a couple of times) (May been where I messed up,but it doesn't seem likely to me) I flashed the oreo n950f oem issue zip and rooted with magisk. Upon rebooting & enabling dev options. The oem toggle was missing. The guide didn't say what to do in the event that it was missing. Just that it was safe to reboot if it was there, and enabled.
Me being rushed for time rebooted anyway, and now when I try to boot up I get only official released binaries may be flashed, and the phone shuts off.
I'm aware I can restore to stock via odin. But I have a couple of questions.
A. Can I use the same odin version I used for the root process to return to stock, or do I need a different one?
And
B. There are loads of options for country and carrier on sammobiles site. I bought the phone used and have no idea of its country of origin. There is a version that says unknown for country and (bat) for carrier. Is that one safe to use, and is there any difference between the firmwares other than carrier setting being preinstalled (would be my guess of the only difference.)
Thanks in advance for any help you can provide.
This msg Only official released binaries are allowed to be flashed cause of the new security patch lock which called RMM or KG and since u were rooted before then u got this error that's cause you flashed a new BL to your device or you were connected to internet before editing kernel to prevent samsung to add the new lock to your device anyway a normal flash through odin will solve your problem and your device will be ready to use it again without any problems but also without any custom files like TWRP and Magsic which means u will not be able to root your device before editing kernel to remove the new security patch lock
ZeroXO said:
This msg Only official released binaries are allowed to be flashed cause of the new security patch lock which called RMM or KG and since u were rooted before then u got this error that's cause you flashed a new BL to your device or you were connected to internet before editing kernel to prevent samsung to add the new lock to your device anyway a normal flash through odin will solve your problem and your device will be ready to use it again without any problems but also without any custom files like TWRP and Magsic which means u will not be able to root your device before editing kernel to remove the new security patch lock
Click to expand...
Click to collapse
Okay I was thinking I might of missed something. The patch for oem issue I thought covered that.
Is the unknown (bat) firmware the one I need to flash to stock?
Sent from my OnePlus6T using XDA Labs
TheLogicalGamer said:
Salutations everybody. I haven't had a phone from sammy in a while. Finally invested in a SM-N950F note 8. It's oreo. Tried to root earlier today using the pinned guide in the Guides forum. After going through the process, and flashing twrp. Then formatting data. And rebooting it to twrp (which I did a couple of times) (May been where I messed up,but it doesn't seem likely to me) I flashed the oreo n950f oem issue zip and rooted with magisk. Upon rebooting & enabling dev options. The oem toggle was missing. The guide didn't say what to do in the event that it was missing. Just that it was safe to reboot if it was there, and enabled.
Me being rushed for time rebooted anyway, and now when I try to boot up I get only official released binaries may be flashed, and the phone shuts off.
I'm aware I can restore to stock via odin. But I have a couple of questions.
A. Can I use the same odin version I used for the root process to return to stock, or do I need a different one?
And
B. There are loads of options for country and carrier on sammobiles site. I bought the phone used and have no idea of its country of origin. There is a version that says unknown for country and (bat) for carrier. Is that one safe to use, and is there any difference between the firmwares other than carrier setting being preinstalled (would be my guess of the only difference.)
Thanks in advance for any help you can provide.
Click to expand...
Click to collapse
Using odin 13.1.3 is recommended.
As you have the N950F, it is part of the multi OXM CSC, so you can flash the filmware for you country and carrier if desired (N950F)
If you want to root, I suggest just flashing a custom rom or kernel, as they have been patched for the RMM KG state issue.
I'm looking for a good source of firmwares, i know the famous sites but some firmwares doesn't seem to be listed. I know in the time os Samsung KIES there were tools which communicated directly with samsung.
For example these firmware builds for the SM-G975Ux aren't listed on most firmware sites but have the December secutiry update with binary/bootloader version 8: G975USQS8IVL1 and G975USQS8IVL2
All the big sites have ROMs for that phone (same one I have). There is no "Ux" model... it's *U or *U1, with the latter being unlocked. IF you search for U1 ROMs you have many selections, but most get the XAA version which will usually change carriers automatically based on the SIM card.
The latest BL=8 version I see there is https://www.sammobile.com/samsung/g...M-G975U1/XAA/download/G975U1UEU8IWB6/1741280/ which is the February 2023 security update. I believe this is the last one we are getting (but I could be mistaken as there may be 1 more security patch, I don't remember).
There's U U1 0 W F N .... I'm looking for the oldest firmware with binary version 8, but it seems the sites don't show all firmwares available.... i'm looking for the oldest firmware with U8 bootloader (or any compatible bootloader with binary 8 version), i could have a look at all sites and try my luck... but they don't seem to have all data. but like i said i prefer some original source xml files... i saw some url's to original samsung servers but can't find them anymore.
There is already a firmware available with the march update.... but you have to be lucky to find them... i'm looking for original sources. like update.zip's and such
Found the first one....
https://fota-cloud-dn.ospserver.net/firmware/TMB/SM-G975U/version.xml
I'd recommend around sammobile and samfw. These are the two sources I use the most
hey!
after I wanted to update my g973f from "G973FXXUGHVK1" to "G973FXXSGHWC2" (I tried odin 3.13 and odin 3.14) and an error occurred, I can't install anything anymore... recovery and download mode work, and I can also flash the original firmware, but the device no longer boots into the system! even custom roms don't want to boot anymore
Can anybody help me further?
Ben1987 said:
hey!
after I wanted to update my g973f from "G973FXXUGHVK1" to "G973FXXSGHWC2" (I tried odin 3.13 and odin 3.14) and an error occurred, I can't install anything anymore... recovery and download mode work, and I can also flash the original firmware, but the device no longer boots into the system! even custom roms don't want to boot anymore
Can anybody help me further?
Click to expand...
Click to collapse
Do you mind explaining a bit more? Do you mean like that it boots you into recovery only or?
WooBLOATERRRR said:
Do you mind explaining a bit more? Do you mean like that it boots you into recovery only or?
Click to expand...
Click to collapse
if i flash a new rom (whether original or custom rom) nothing happens after the reboot... download mode works too, flashing twrp works too! however, the system boot does not work via twrp either... not even a bootloop, the cell phone does not react at all! the task combination for
Right now I don't even care if I get the original firmware or a custom rom running... I hope I didn't brick it (((
My old device was a G930F, its unbreakable make sure you flash the right rom and wipe data and dalvik cache after flashing.... THis ons is locked so it doesn't have fastboot. My G-930F came with fastboot enabled so you can always fastboot a recovery.img. like TWRP
Did you try to download TWRP from twrp.me and "fastboot boot twrp-3.7.0_9-0-herolte.img" ? it should boot to twrp in fastboot mode (hold volume down + home + power).
Ben1987 said:
if i flash a new rom (whether original or custom rom) nothing happens after the reboot... download mode works too, flashing twrp works too! however, the system boot does not work via twrp either... not even a bootloop, the cell phone does not react at all! the task combination for
Click to expand...
Click to collapse
1. is your KG status is broken?
2. Is your bootloader unlocked?
You know how to flash lineageos through twrp right? and how to use odin?
Maybe flash lineageos to see if everything works.... and then revert to original software. Be sure to wipe cache/dalvik and userdata
DaanNL said:
There's U U1 0 W F N .... I'm looking for the oldest firmware with binary version 8, but it seems the sites don't show all firmwares available.... i'm looking for the oldest firmware with U8 bootloader (or any compatible bootloader with binary 8 version), i could have a look at all sites and try my luck... but they don't seem to have all data. but like i said i prefer some original source xml files... i saw some url's to original samsung servers but can't find them anymore.
There is already a firmware available with the march update.... but you have to be lucky to find them... i'm looking for original sources. like update.zip's and such
Found the first one....
https://fota-cloud-dn.ospserver.net/firmware/TMB/SM-G975U/version.xml
Click to expand...
Click to collapse
Yes, I know there are many other variant firmwares out there, but for a U phone (snapdragon) there is really only U and U1... the rest are incompatible.
There is no "older" firmware with binary 8, because the firmwares are packaged with the proper/compatible binary already. Basically, the "binary" is the bootloader version. On Snapdragon phones, you must have the proper BL/binary to flash, as you already know. You can't interchange the binary/BL with the ROM and security updates because they are not made that way.
The update.zip you're looking for are updates sent by Samsung directly, and they can update the ROM (and Binary) from one stock version to another... but, again, they will update both the binary/BL as well as the ROM, so they can't be broken up to only do one or the other.
It sounds like you're trying to get to an older ROM version (for whatever reason) with an older security patch level as well? Basically, this cannot be done on Snapdragon phones. Once you're on an updated binary/BL, you're stuck there (at least today you are).
WooBLOATERRRR said:
I solved the problem! I had unlocked the bootloader, but I also had to deactivate verity via CMD with twrp+adb "adb disable-verity"
ok i've solved the problem now, but does anyone know why i couldn't even start the original stock roms? Actually, the stock ROM should set everything to factory settings...
Click to expand...
Click to collapse
WooBLOATERRRR said:
1. is your KG status is broken?
2. Is your bootloader unlocked?
Click to expand...
Click to collapse
Thank you for helping so quickly with ideas... I would not have expected such quick help with such an old model, even samsung customer service didn't want to help me yesterday
Ben1987 said:
Thank you for helping so quickly with ideas... I would not have expected such quick help with such an old model, even samsung customer service didn't want to help me yesterday
Click to expand...
Click to collapse
Samsung/apple support in a nutshell
schwinn8 said:
Yes, I know there are many other variant firmwares out there, but for a U phone (snapdragon) there is really only U and U1... the rest are incompatible.
There is no "older" firmware with binary 8, because the firmwares are packaged with the proper/compatible binary already. Basically, the "binary" is the bootloader version. On Snapdragon phones, you must have the proper BL/binary to flash, as you already know. You can't interchange the binary/BL with the ROM and security updates because they are not made that way.
The update.zip you're looking for are updates sent by Samsung directly, and they can update the ROM (and Binary) from one stock version to another... but, again, they will update both the binary/BL as well as the ROM, so they can't be broken up to only do one or the other.
It sounds like you're trying to get to an older ROM version (for whatever reason) with an older security patch level as well? Basically, this cannot be done on Snapdragon phones. Once you're on an updated binary/BL, you're stuck there (at least today you are).
Click to expand...
Click to collapse
I've tried different firmwares, its all about snapdragon. You can also flash SM-G975W parts and other snapdragon variants.... there's a lot of variants out there.
I first upgraded and then downgraded to the parts i wanted and am on a rom now with security patch level December 2022, as long as the binary version is the same there's no problem. I've got the latest modem installed and the oldest firmare and bootloader for the latest binary version, i can upgrade or downgrade my bootloader. I already asked someone before if this was possible and if he could confirm because before i was only able to flash CSC and AP i think.
If there's no updates comming anymore why not downgrade and wait for a new leak
I'm also sure we can unlock the bootloader, i'm trying to make an lposed module. I've installed lspatch and lposed and they work fine for some modules. The bootloader unlock has several prerequisites (properties and such) if i can make it look for other properties or something like that we might get an unlock option. Also it looks for an encrypted file on EFS, if someone with an unlocked samsung phone could copy that file we would be a lot further.
It's called /efs/sec_efs/sktdm_mem/encmembership.txt and should be an encrypted file, also if anyone knows how to set ro properties without root (like a stub before the preference controller starts) this would be very usefull.
With every boot Samsung always shows the "no security updates or patches for you" warning, which has gotten me curious: Is it possible to get those updates anyway? Through some app or module?
Okay thanks
You may need to search for a threat about your specific device. But from what I know, on Samsungs Magisk breaks OTA and you would have to patch new firmware again and flash im Odin. There may be ways to keep your data, but it probably depends on a particular device
Will heimdall work (don't think Odin's getting a linux port anytime soon)