Related
Dear Administrator or moderators...
Once this thread went to a conflict with gekkehenkie11 and according to that I spent about a week time researching this "knox" thing without having normal sleep even it was the limit for me, when by the words of gekkehenkie11 he pointer at me boing uselessly wasting people's time and like I'm being a liar. I got finally mad and deleted(overwritten own original posts). I need a 3-4 days to come down and think if I continue development of this KNOX thing(pointing at me like a liar and noob is a very bad motivation to continue, but maybe I will continue just for other people who didn't point at me that way). So far, Admin and moderators it's up to you to decide either to restore original posts from backup(if you have ones) or delete this topic. Any your decision will be accepted without any protest from my side. (I personally didn't leave any backups for myself).
Thanks for understanding!
i dont want to come across as a boyscout or anything, but isnt this essentially committing fraud (possibly insurance fraud)?
it depends
deleted
phoenix91140 said:
Hi Guys. Hope here are some programmers.
I have a good news for all Galaxy Note 4 users and owners, who have ever rooted it and got "KNOX WARRANTY VOID: 1" message. So from now(if developers, who write cf-auto-root tool) will use my advice, you can forget about warranty void. I'm linux expert and C/C++ programming expert too. So, once Samsung told me, that because of root warranty is void and they don't wanna repair factory cauzed mainboard damage(short-circle on mainboard), I wondered, how to solve that problem. And I found the solution(will do it on my own for my device when it gets back from service center) to hack that warranty void thing. So, first of all you go there sammobile.com /firmwares/database/SM-N910C/ to get original firmware(in my case SM-N910C, but choose yours, or you'll kill your device). You'll get original firmware. And KNOX uses value to print if warranty is 0 or 1 (0x0 or 0x1). But actually it makes no sence, since in service centers they just place Odin boot to check if it's 0 or 1. More over, they not goig to place root on it, to figure out, if knox works fine or not.
WARNING!!! READ CAREFULLY!!!
Any kind of warranty or usability are voided! By using this hacking method you accept, that you USE IT ON YOUR OWN RISK!!! This info basically is meant for xda-developers crew to release a massive hack. Any broken, died etc phone - IS YOUR OWN FAULT! If you don't know what you're doing - DON'T USE IT, UNTILL YOU KNOW WHAT YOU'RE DOING!!!
NEW!!! Since new Android Lollipop released, it's unknown behavior on android 5 firmware. I strongly reccomend to get a default stock firmware(Kitkat 4.4.4), cauze this hack was made on Kitkat and not tested on Lollipop(Android 5),
So guide to disable KNOX WARRANTY void:
1) download original firmware
2) unzip file you get(it is about 1.6 GB).
3) Need to modify sboot.bin image. Suitable is disassembler, or hex editor like Octeta for linux.
4) Search "KNOX WARRANTY VOID" text in sboot.bin file. You'll find something like (test device) ??? KNOX WARRANTY VOID: %d. In my case start position is 2786.
5) Now need to make it print Zerro (0). They use ordinary printf() command. "%d" symbol means, that digital value(number) gonna be printed. Here we can place statical Zerro, or if you're good at assembler and hacking, can search what varriable is used and where it comes from. But regular 0 on Odin near field of "KNOW Warranty void" is enough. So we take "%d" down and placing "0 " (ZERO + SPACE, 2 chars must be used, otherwise you you'll break binary file geometry and it will crash on execution time causing segmentation fault. Probably, if you break geometry of bin file device will die) instead.
6) When sboot.bin hacking is done, you'll need to pack all contents back again(images we got from original firmware archive, including hacked "sboot.bin" file), then upload new firmware(original + hacked sboot.bin inside) and reboot device.
7) Place reset to factory firmware(turn off phone, hold volume up + home button + power button) on emergency recovery during boot(so that root will be lost).
8) Done. Run Odin, and see that Odin shows Warranty void 0. Now warranty restored and you can go to nearest repair center, and make them note, that warranty void is 0. If they update firmware and it's 1 again, it's not your problem anymore.
Hope XDA-DEVELOPERS crew will release new cf-auto-root with this hack, or make a firmware(factory default) with KNOX warranty void hacked.
To those, who are not a programmers, please ask xda-developers to apply that stuff to firmware on this site.
Now the question, can we cooperate with xda-developers to make that hack publicly available?
To those of you, who used that hack, please provide feedback(phone model, sboot.bin availability and the result of odin status(mean if that helped you to get 0 or not). If you have any problems, ask xda-developers crew, or me for assistance.
Enjoy.
PS. I attach photo so, that you can see where to search warranty void stuff. I believe it's the same story for all new Samsung mobile phones.
Enjoy once again.
Click to expand...
Click to collapse
if this actually works, it doesn't change the FUSE-based KNOX warranty flag. i.e., it makes the software/bootloader prints 0x0, but this will change once you flash official firmware.
it's a fake value, but it helps
deleted
phoenix91140 said:
Yes, it works and yes, on firmware reinstallation it will get back 1(I wrote about it in my first post). But, if you have the latest firmware installed with that hack, they only check knox warranty void status(they have no reason for installing again the same firmware). But there should be an official status(that's why you need official firmware). And if problem on device carries hardware deffect issue(short-circuits, damaged BGA etc) and you can show the deffect in action - then they repair device(they do not change chips etc, they replace entire mainboard). Sure, if have broken bootloader and your device is a "software brick" it will not help, and it's already your fault. But for hardware issues it will pass. More over, even KIES on software update crash can set 1 to knox warranty void, so, even if they flash firmware, they will see 0 at first place and then see, that their action made it 1. And believe me, they not gonna look KNOX WARRANTY VOID twice. If at the time they flash firmware it's 0 and you have broken hardware(factory deffect) they will replace it. Also Samsung service friend told me that all damaged mainboards are destroyed after replacement, cauze they will place the same IMEI and the same S/N to new mainboard and the reason for that is that on network carrier cann't be at the same time 2 devices with the same IMEI.
Samsung services don't have programmers there and they have no idea about such hack and how to identify that. But to be serious, it's up to you to choose to fake "know warranty void" and get ~90% chance for warranty works or to pay on your own for repair works. And if xda-developers will take a look at that file, there should be assembler instructions for getting that warranty void value, so can track where it comes from and try to reset it.
Click to expand...
Click to collapse
I know it's a fake trick that may help in your situation with warranty claim.
Unfortunately, this is confusing when compared with real KNOX reset for Exynos Note 3 (N900) by a leaked firmware. Moreover, it seems that you own N910C while your thread is posted on N910V section where the majority (retail editions) are on LOCKED bootloader & without ROOT access (so, they can't even flash any modified images).
deleted
phoenix91140 said:
OK. I'll write to moderator once again. I'm newbie here, and didn't find the correct section for this topic.
Click to expand...
Click to collapse
No problem! Thanks for sharing your trick
deleted
+1 amazingly nice solution. will it work if a knox container tries to access the value as well ?
sounds like it will since youre hard coding the knox value in the kernel.
yes, it will
deleted
You can check knox status even when Phone is powered on, here is a simple app that can do that https://play.google.com/store/apps/details?id=it.ale32thebest.galaxywarrantycheck (I'm the dev of the app, if can help i can tell you how i read the value) if can help, i have n910f and i tried the app on it and other internarional samsung Phone model (s3-s4-s5)
deleted
phoenix91140 said:
You're welcome. At the moment I simply don't know ARM assebler well, since I'm linux programmer and there basically x86 & x86_64 assembler instructions used. But if you want to hack counter itself, it's also a good place to start from, cauze this sboot.bin originally has access to that "0x1" value and disassembling the code we could find out where and how it comes from. This hack is just a temporary solution for the cases of factory deffects revealed and warranty voided cauze of rooting device.
Click to expand...
Click to collapse
does it mean if I know where the variable comes from, I can modify KNOX mechanism so that. I can.flash everything without tripping it. maybe I can modify the official firmware so that even my device doesn't know KNOX fuse exist?
PS: I have voided my warranty, can I still use Kies to update in this way?
deleted
Sent from my SM-N910C using XDA Free mobile app
Great work man,hats off
Sent from my SM-N910G using XDA Premium 4 mobile app
phoenix91140 said:
Yep. Point is, that even if imagine, that we cann't overwrite 0x1 flag to set it real 0x0, we still can if we find where knox(except bootloader, cauze I showed already how to make it show 0) print 0 and think its 0. Such way we make it lie like it's all ok. That is option number 1.
Second option is to disassemble sboot.bin and see on low programming level where it takes value and try to make it overwrite it to 0 back. But it's already much harder. For warranty terms its enought if bootloader lies like its all ok. You can also hack KNOX libs too. There are always much more then one option to hack the system
There is one more great solution, but I would need xda crew help for that. Look. We could hack bootloader(the one I did) and make it on firmware update ignore new sboot.bin or replace it with itself. So then it would be odin mode ALWAYS 0 even on firmware update. But to do it alone not easy. Even one more improovement. We could make sboot.bin to load new sboot.bin or delete it is some file contains some magic key.
Sent from my SM-N910C using XDA Free mobile app
Click to expand...
Click to collapse
I see! can I say in this way? sboot.bin does nothing but to void our warranty, if we just leave this bit*ch alone, don't touch her, we.are free to flash into whatever we want without tripping knox?
---------- Post added at 05:30 AM ---------- Previous post was at 05:19 AM ----------
phoenix91140 said:
Yep. Point is, that even if imagine, that we cann't overwrite 0x1 flag to set it real 0x0, we still can if we find where knox(except bootloader, cauze I showed already how to make it show 0) print 0 and think its 0. Such way we make it lie like it's all ok. That is option number 1.
Second option is to disassemble sboot.bin and see on low programming level where it takes value and try to make it overwrite it to 0 back. But it's already much harder. For warranty terms its enought if bootloader lies like its all ok. You can also hack KNOX libs too. There are always much more then one option to hack the system
There is one more great solution, but I would need xda crew help for that. Look. We could hack bootloader(the one I did) and make it on firmware update ignore new sboot.bin or replace it with itself. So then it would be odin mode ALWAYS 0 even on firmware update. But to do it alone not easy. Even one more improovement. We could make sboot.bin to load new sboot.bin or delete it is some file contains some magic key.
Sent from my SM-N910C using XDA Free mobile app
Click to expand...
Click to collapse
lol, looks like you just need two more posts to express your terrific idea to the developer. I strongly believe it will be a millstone in Samsung mobile, please, just make it happen! what you did will be great appreciated by note4. and S6 and later Samsung device community!
Oh boy, this is a hell of a risky hack. The file sboot.bin is the secondary bootloader. If you somehow screw up the change, such as... say adding a 00 instead of replacing it in the file - a very common screwup when hexediting, I might add - you will have a HARD BRICK on your hands that cannot be fixed or reverted without Samsung repair. The phone will appear to no longer power up as the sboot.bin file is executed before anything the user would notice.
So yeah.... just be really careful.
I know. And to be EXTREMELLY CAREFULL. AND ANY WARRANTY IS VOID. Use at your own risk
Sent from my SM-N910C using XDA Free mobile app
deleted
I had kept my bootloader unlocked for flashing new ROMs but unfortunately i lost it on train and now i can understand that the theif can easily flash a new rom and so i can never retrive my device as far as i understood that i have to keep my bootloader locked but this means that i have to unlock and relock my bootloader each time i want to flash a new rom so this is very problematic for losing internal data too every time.
Also i don't have a job else i would have brought a new OP3T. I hope that in future OP can introduce some hardwire based tracking for lost devices , what do you people suggest?
samwidd said:
I had kept my bootloader unlocked for flashing new ROMs but unfortunately i lost it on train and now i can understand that the theif can easily flash a new rom and so i can never retrive my device as far as i understood that i have to keep my bootloader locked but this means that i have to unlock and relock my bootloader each time i want to flash a new rom so this is very problematic for losing internal data too every time.
Also i don't have a job else i would have brought a new OP3T. I hope that in future OP can introduce some hardwire based tracking for lost devices , what do you people suggest?
Click to expand...
Click to collapse
I suggest that if the thief is able to flash a new ROM, he will be perfectly able to open the bootloader. So I recommend that you do not worry about having the bootloader open.
As for the tracking system, I think Google has already developed certain functions aimed at this use. When I have time I will investigate about this topic and update this post.
Please, be awere.
idcampo95 said:
I suggest that if the thief is able to flash a new ROM, he will be perfectly able to open the bootloader. So I recommend that you do not worry about having the bootloader open.
As for the tracking system, I think Google has already developed certain functions aimed at this use. When I have time I will investigate about this topic and update this post.
Please, be awere.
Click to expand...
Click to collapse
Try Google device manager. Thats the tracking tool you searching for. ?
not a big deal to reset FRP. Samsung and LG FRP takes only few minutes to be removed with z3x box. i think even stock rom have some bugs to bypass FRP. Best way is not to loose your phone.
It won't help you now, but take a screenshot of your imei, then back it up to your photos. If your phone is lost or stolen report it and depending on what country you live in, it will be black listed. Then it won't work on any carrier, no matter which rom is flashed.
Bjarne73 said:
Try Google device manager. Thats the tracking tool you searching for.
Click to expand...
Click to collapse
Since I had kept my bootloader unlocked I believe that can easily flash a new rom so Android device manager won't be useful at all
Jowhee said:
It won't help you now, but take a screenshot of your imei, then back it up to your photos. If your phone is lost or stolen report it and depending on what country you live in, it will be black listed. Then it won't work on any carrier, no matter which rom is flashed.
Click to expand...
Click to collapse
Ya I know that I have already submitted FIR in police with the IMEI number but I believe these days they remove all the parts and sell the parts differently so very less chance in recovery
acmerw said:
not a big deal to reset FRP. Samsung and LG FRP takes only few minutes to be removed with z3x box. i think even stock rom have some bugs to bypass FRP. Best way is not to loose your phone.
Click to expand...
Click to collapse
Ya I know but if there is very strong FRP in apple iPhone devices i hope it comes to Android too
Today I got up real pissed with Samsung for being so restrictive around ROM flashing, rooting, flashing custom firmware or even stock firmware, so wanted to create this post to help anybody considering to get a Samsung phone to stay away from it.
This post is not intended to recommend any specific brand or model of android phone, but to recommend the exact opposite, which brand and model NOT TO EVEN THINK of purchasing.
This post relates to Samsung Galaxy S9 G9600 model which is Snapdragon architecture, but since Samsung is coming up with a bunch of "security features" I tend to think this may be the case for other models as well. I browsed all around XDA and other sources for guides on how to root and install custom roms, and it turns out Samsung manages to have limitations for EVERY step of the way.
Getting a few facts straight
Reference post: https://forum.xda-developers.com/ga.../rom-lineageos-17-1-s9-s9-snapdragon-t4093301
Ok, so there is a solid thread about a custom firmware and looks like several users got hands on it, but they might have been able to get passed though all Samsung security crap before it came out or before it got so tightened up. I'll list below every limitation I found:
OEM Unlock
There is a step where we need to tick OEM Unlock from the phone developer settings, it turns out Samsung has put a 7-day timer for this option to even appear listed to enable. If you do factory reset of the phone, the 7-day timer restarts. There are a few posts around on how to get passed this timer, but to me they were all crap, none of them worked. STRIKE ONE!
Bootloader unlock
After 7-days, we get the OEM Unlock option to appear, at this point you may think: Hurray!! .... WRONG! Now next step is to unlock the bootloader using an utility called CROM Services... And as you may have already guessed, did not work! I'm able to install the apk, but on launch it complains about wrong android version. (Tried with Android 8 and 10) STRIKE TWO!
There are some posts and guides claiming to be able to unlock bootloader by using fastboot utility, I can't reach to understand how, since fastboot commands rely on the bootloader to be previously unlocked (?). I least that is my understanding, correct me if wrong. Needless to say fastboot did not work for me. ADB lists my device but fastboot doesn't. There are a few troubleshoot guides around to try selecting proper USB driver from windows device manager, tried all that, tried a couple of ADB installations, fastboot didn't work.
Knox and RMM state
After some lookup in the web, Samsung incorporates some security features trying to prevent device theft and such things. For us power users this is in reality just a whole load of crap preventing us to get all the juice out of our phones.
Reference: https://www.goandroid.co.in/unlock-bootloader-of-galaxy-s9-plus-snapdragon/84688/
TWRP Recovery
Next step would be to flash a custom recovery such as TWRP with Odin or adb/fastboot, but since we are not able to unlock the bootloader in previous step, this is not doable at all. STRIKE THREE! OUT!
Fastboot utility doesn't recognize the device in download mode, so we can't send any commands to the phone.
Odin complains it is only able to flash signed stock roms, so since TWRP is not, we cannot flash it.
Rooting
Needless to say that if we don't have TWRP, we cannot flash the corresponding packages to root. Although this step may not be needed to install custom firmware, rooting has not been possible.
Stock ROM Flashing
Ok, so let's stay out of custom firmware - let's play around with stock firmwares. At this point, since flashing stock firmwares is kind of allowed by Samsung I was able to try out a couple from android 8 to 10 with Odin
Stock ROM Source: https://www.sammobile.com/samsung/galaxy-s9/firmware/#SM-G9600
But watch out! Once you get to install a specific build version, you cannot go back or downgrade to ROMS with previous Android build version. So now that I got Android 10 cannot go back to 8 or 9, this is probably because locked bootloader and unable to unlock. Here, Odin complains with FAIL! (AUTH) message.
STRIKE FOUR! EVEN OUTTER!
SIM Unlock
Ok, let's stay out of Samsung S9 G9600 model, let's crash it to the wall and throw it away to the garbage! Ok no, let's have it carrier unlocked and sell. Unlockbase is a well known and trusted sim unlock provider, I purchased a license to unlock by USB cable, but... GUESS WHAT! G9600 is not supported for unlocking operator network with this software... what a surprise!! I was able to apply for a refund and got my money back, so no worries here.
Note that flashing carrier free ROM does not unlock sim to use with any network operator.
I'll be trying to unlocking by code soon, as this is based on IMEI number, I may think this is independent to the phone model and edition, so I hope I have more luck with this option.
Conclusion
G9600 is a really crappy phone to mess around with. I may have ran low on luck with this specific Samsung Galaxy model since I got it as a gift, which is the latinamerican crappy edition. I wonder if other S9 editions and other Samsung models run with better luck than mine on this scenery... But as a lesson to myself, I will stay away of any Samsung smartphone in the foreseeable future.
OEM Unlock
The 7-day lock prevents stolen phones from being factory reset, leaving the thief with a phone permanently protected by your account. While a minor inconvenience, it's actually effective and not the worst compared to other manufacturers.
Bootloader Unlock
After OEM Unlocking, flashing TWRP through ODIN is effectively unlocking the bootloader. This is possible on both exynos and snap.
Knox and RMM
While this is an inconvenience, from Samsung's point of view, it's worth it. It makes the phone look more secure in the eyes of potential customers. If you really wish for NFC payments, I'm still able to use GPay with Magisk on a custom ROM.
TWRP Recovery
TWRP is flashed through ODIN, not fastboot. Look up an actual guide before complaining.
Root
Yes you can
Stock ROM Flashing
The one thing I could agree on with you is Samsung disabling OTA updates when OEM unlocking. I don't see the point really, but you're free to flash whatever you want through ODIN. Downgrading shouldn't be an issue. Not sure what's up with that.
Before buying a phone, how about you do some research before crying on forums. As a power user coming from the Oneplus One, I don't regret going for Samsung in the least.
Thanks for your reply, I had dropped all hope after several attempts over last few weeks. Found this option and I was able to get past my blocking issue with TWRP and moved on.
https://forum.xda-developers.com/ga...er-development/g9650zhu6dta7-android-t4051751
I have G960F and have to admit I totally disagree with your original post. I've been using custom ROMs on nearly every phone I ever had and don't think S9 (G960F) is bad in terms of unlocking. Just did an OEM unlock, waited a week, flashed TWRP through Odin, booted straight to TWRP and immediately flashed a custom ROM from it (because a boot to the stock ROM would replace TWRP back with the stock recovery IIRC). In the end I got sick of all the problems with Magisk and non-working google pay that I went back to the stock ROM - making S9 the first phone I use with a stock ROM even though it can be flashed. I think it's a great phone for power users.
And as far as SIM unlock goes - Samsung is not to blame, the carrier the phone was made for (and purchased from) is. Phones that Samsung itself sells are unlocked. I wonder why there's still some countries where SIM locking remains legal.
This thread is a prime example of how people end up with bricked devices. So much misinformation in one page LOL
I had the 9650 and most of what I'm doing here is user error. This was one of the best devices I've ever owned. I mention of fast boot and such you obviously just do not know samsung devices. You can't blame samsung on your own ignorance
My friend flashed a ROM onto his NAND via TWRP and he bricked it, so he gave it to me. Can't get PC to recognize over USB, even after downloading android usb drivers
what do
if all else fails ill contact samsung and try to get a warranty replacement
Write the device info, and the ROM he used, and the state of the device right now.
Is the device completely black? Does it boot to download mode? Is TWRP accessible?
Once you flash TWRP, your warranty is over, your KNOX is tripped. The only thing you can do is to either fix this issue, or replace the motherboard (you'll pay for that).
Mohamedkam000 said:
Write the device info, and the ROM he used, and the state of the device right now.
Is the device completely black? Does it boot to download mode? Is TWRP accessible?
Once you flash TWRP, your warranty is over, your KNOX is tripped. The only thing you can do is to either fix this issue, or replace the motherboard (you'll pay for that).
Click to expand...
Click to collapse
what do you mean device info, like, IMEI?
this was a while ago, so it was some kind of Lineage OS ROM
It's completely black
PC notices when it's plugged in, but doesn't recognize what it is.
doesn't boot into download mode
There's nothing could go wrong, the TWRP and ROM are working fine with other users, the problem you are facing is caused by a broken block device system.
Means your friend may have flashed the wrong ROM. Your device is Snapdragon, which comes usually locked, and have to pay to unlock it.
Of course there won't be a lot of development for it, however, Exynos variants are unlocked, and has tremendous amount of development.
If you flashed a ROM built for Exynos, on your Snapdragon device (if TWRP error 7 did not stop you), it will cause this problem.
The reason is, the Exynos Kernel does not work on Snapdragon.
There's only two things I can advise you to do:
Use a Dongle Box.
Replace the motherboard.
!!! This is a HIGH RISK method of performing any form of modification, if you are on a T-Mobile ne2217 !!!
There are unidentified files that your device might have conflict with, and cause a bootloop!
Proceed at your own risk! You have been warned!
OK, first lemme explain. The NE2217 (10 pro) itself does not have any special restrictions on it, unlike the CPH 2419 (10T) which is an exclusive T-Mobile variant. My guide on region swapping the CPH2419 (10T, link below) is still valid for the NE2217 (US- NA) . But there are conditions required or you will enter an infinite bootloop which becomes un-recoverable, without an edl flash. I do not have the specifics as to exactly which partitions cause this, but basically the bottom line is, IF YOU HAVE NOT UNLOCKED YOUR BOOTLOADER, EVEN IF YOU ARE SIM UNLOCKED, do not attempt to region swap.
There are a couple of partitions that are specially locked, that ONLY become write capable using the fastboot command, "Unlock Critical". Without a Bootloader unlock, the Oxygen Updater/Local Update programs, CANNOT make the needed changes to the Kernel, as well as these other important partitions, which have instructions that implicitly block changing to other regions. I cannot confirm if this exists in other countries with carrier locks, but i do know for a fact that T-Mobile has this enforced on all of the 10 Pro (ne2217) purchased through them.
As mentioned in previous threads that ive replied in, I suspected that the apps Oxygen Updater and Local Update, do not have the permissions capable to make direct changes to the boot.img, or recovery.img directly, primarily because those partitons cannot be altered while the system is currently running. These images can only be altered through Fastboot, or EDL thus the need for an MSM Tool if you cannot unlock your bootloader via conventional methods. So what happens is upon "Pre-boot" those special instructions i spoke of, take authority and put the carrier specific files, into an untouchable state that are locked behind the USERDATA partition, so these applications just copy the updated files to the inactive partition and performs the changes during the next boot, and even a hard wipe factory reset does not have the authority to erase the carrier instructions. The only way they are removed is by Unlocking your Bootloader! When you do that, the Qualcomm Processor has an embedded command, which is required to ERASE the entire Userdata partition, to protect the encrypted files protected by the bootloader lock! You can read about that by googling "Qualcomm Bootloader Unlocking".
Hope that makes sense to the majority of you. So again, the ONLY requirement for you to be able to go from 'ne2217', to any other fw is YOUR BOOTLOADER MUST BE UNLOCKED!
Failure to follow that one requirement will indeed force your device into an unusable, infinite bootloop, which can be resolved only by an EDL flash, which as of right now we do not have the tools that can perform this on CONSUMER level. You will have to RMA, your device, or go thru third party channels, which in itself is very risky, and puts you at risk of viruses/malware/wormholes/zombie-apocalypse because you must give someone full access to your computer remotely, and pray that the person only does what you requested. (NOT IDEAL).
Now if you're on a T-Mobile locked device, you are NOT hopeless... as I am on a T-Mobile locked device, and i am now bootloader unlocked as well! These two conditions are independent of each other, but trust me when i tell you that YOU DO NOT WANT TO GO THRU WHAT I HAVE EXPERIENCED, IN ORDER TO REACH THIS GOAL!
In so I will not publicly disclose how i was able to enter the real Fastboot Mode, so that i could pull the unlock code needed to request the unlock token from T-mobile.
(If you are so inclined to do this that you are willing to forgo ALL precautions and risk the possibility of bricking your device, or you have already landed yourself in an unrecoverable bootloop state, and are willing to try ANYTHING, you can join Bootloopers Anonymous, by clickiing it, and drop a message. This is a brand new telegram channel, and i will try to watch it for your requests. And again i strongly advise that you DO NOT embark on MY adventure, but if Unlocked Bootloader by Any Means Necessary is your ultimate goal, and nothing less is acceptable, i will try to help you achieve it... *** YOUR DEVICE WILL ENTER A COMPLETELY UNUSABLE STATE FOR A MINIMUM OF 7 DAYS!! *** but bear in mind that EVEN IF you have to use my method, you will be still subject to the 7-day waiting period outlined by OnePlus company policy. No one can overcome that, as the unlock token comes thru a separate division of Oppo/Oneplus that only generates the token through an automated request which is pushed after the expiration of 7 full days (1-week) has passed. YOU HAVE BEEN WARNED!)
The 10-Pro doesn't require the "In-Depth Testing" app to get your BL unlocked. That said, it also does not mean that OPPO has not designed one for this device because indeed they have. That application is individually encoded with device specifications so that only devices and regions EXPRESSLY AUTHORIZED by Oppo, can submit a request to unlock. DO NOT TRY sideloading any "In Depth Testing" apk floating around on the internet, as these can be altered to contain malware or worse, and then if your device becomes corrupted by it, Oppo can deny you an RMA on your device, thus charging you for the repair as there are warnings that you must acknowledge to even run the app, and attempting to circumvent the safeguards that this app already has in place is considered a violation of ToS.
If OPPO adds your device/region to the list of allowed devices, you will be able to download this application through OFFICIAL channels, and it will be made known to the public.
Once you are completely knowledgeable that your BL has indeed been fully unlocked, you can proceed to follow the instructions in the link to my guide below. The guide is for the CPH2419 (10T), but the instructions are completely compatible with the 10 Pro entire series, assuming your BL is unlocked. On the 10T this is not a requirement, and i honestly do not understand why this enforcement was put into our 10 Pro model, released almost a year earlier. Probably just an oversight by T-Mobile which might be corrected in future builds.
How to use Oxygen Updater + Local Update apks to switch regions.
EDIT: Local Update downgrade it currently installing
No Go, The update installed and downgraded but it just loads to the welcome screen and crashes and boot loops
supercobaltss said:
EDIT: Local Update downgrade it currently installing
No Go, The update installed and downgraded but it just loads to the welcome screen and crashes and boot loops
Click to expand...
Click to collapse
again, what most ppl are failing to do is follow my guide exactly as i defined. The VERY 1st thing you MUST DO... prior to unlocking the Bootloader... Prior to even downloading ANY rollback packages is, you MUST go and Download ANY of the Android 13 beta updates that are available in Oxygen updater. Turn on advanced mode, and select the whichever model you prefer... Its actually best to choose the region you plan on swapping to, for easier transition with the rollback package. IMHO i would always pick the EU model whenever attempting this, simply because that one usually has more bands available. But the main idea behind this is to make the phone, first BREAK the connection it has with T-Mobile's custom kernel, and modem... which is done just by upgrading to an Android 13 beta, as T-Mobile does not EVER release any beta builds, so by doing an actual OS upgrade, your phone must load the OS kernel, and several other partitions/files which i am sure that T-Mobile has branded in the 2217. Upgrading to a newer OS will without a doubt overwrite the carrier locked files, because the Upgrade comes from a higher authority in the chain of trust. Until TMO releases an update, then this is a requirement so that the rollback package of that region can safely downgrade the files, in their correct partitions. If you download a beta 13 thru oxygen updater, you can local update flash it, without problem. I did it myself to several demo devices at Tmobile stores here in Texas to test the technique, after i bricked mine by using a rollback package first!
Remember the 2217 is a T-Mobile EXCLUSIVE! No other carrier may sell this same model... but ALL of the internals are the exact same, and as im sure we are all well aware of, T-Mobile doesnt have the fastest adaptations when it comes to OS updates.
But there are several key identifiers which point to a custom made BL, Kernel, and Modem: 1. The build for all T-Mobile versions is on a revision that no other model has released... This alone could cause BL because if you flash a build that is older than the one you have currently, several files have anti-downgrade measures built into them. This is why we need the signed rollback packages to downgrade. But even if OPPO signed a rollback, unless they released one with T-Mobiles file specs, then anything you flash can create a conflict with an existing file... BL! But i know of about 13 ppl who have attempted my method, plus i just did another one myself last night for someone who contacted me and offered to compensate me royally if i would meet them since we were local logistically. 2. AFAIK, when installing a different rom to a device, you cannot downgrade the modem version. I know this is apparent with Samsung... as if you try to flash a rom with a lower modem version, it usually bricks, and you have to use odin to flash the newer modem back, in order to boot. Again this is taken care of by installing the NEWEST beta for Android 13, unless you had my situation which is, my phone CAME WITH updated security, and build already installed for October 2022. I havent heard of anyone who has said they even have the option to update theirs past August. So new purchases have to be careful. T-mobile sold mine with a blocked Fastboot, that doesnt respond to the button combo. Which clearly identifies they modified the recovery partition. 3. E-fuses have become a staple in Android devices for the past 5+ years.
Sure we have not heard of anything being in the T-mobile fw... but also who here can say that they have a FULL BUILD of the Tmo fw to examine? No one.... there is a generic 2217 build floating around that claims to be official, yet it is the ONLY build that does not have an OTA formatted file structure. All the 10 Pro OTA have been in payload.bin format, yet this happens to come only as a decrypted OFP, or a compressed OFP. *** OPPO is not directly supporting the 10 Pro 2217 or 10 T 2419 ! As these are proprietary T-Mobile builds. This is why you cannot find either of those models fw in the Oppo repository. So if OPPO doesnt release builds for TMO, then how exactly did an "Official 'OFP' for 2217" get released? *** OFP is an Official OPPO format for all the OPPO model phones. 10 Pro is still branded Oneplus, thus just about any OFP file you find in the wild, is almost 100% guaranteed NOT to be an official released build for our phones. Every package for this and the 10T that they have OFFICIALLY released, has been in Payload.bin format, because they havent released any full images yet! So in theory, who's to say that TMO didnt place an efuse into their specific model? Its only code, and if set, then it could have been burned during the initial release, or a later update, like AMAZON did with updates to the Firestick/FireTV devices, which would ONLY allow newer updates to certain files in THEIR build. That would totally explain a bootloop, because the rollback packages all push you back to 11_A.013 .... that build is from Feb-March 2022. Rolling back would almost guarantee that some files are overwritten with older components, which would cause a brick by e-fuse standards. We had to be lucky enough to catch it early in the FIrestick forum, to stop ppl from installing the update. Everyone who did, had their ability to unlock/load custom fw to their devices blocked, and there is still today no way to circumvent it. Sure new methods to mod became available, but only minimal changes, cuz the e-fuse blocked downgrading to exploitable builds. Since TMO has gone this far to stop us from modifying this phone, you can bet solidly on the fact that they have several safeguards in place to protect their investment.
Now im not trying to discourage anyone or discredit anything anyone has said or experienced regarding this phone, but look at the NUMEROUS unanswered replies to handfuls of problems that only happen to 1 or 2 ppl... they all have the same final result, but its astounding how many different scenarios ppl have found, that no one else has experienced, yet it leads to another bricked device. If this problem was rampant among a significant number of users, and it was triggered by the exact same scenario, then TMO would have to address it with an update... But all we know for sure is that there is some file(s) that is not compatible with any other model except the 2217. Til we have an EXACT culprit identified, all we can do is speculate, which is why I am going to re-label this as HIGH RISK in the OP. It has about a 40-50% chance of causing a bootloop, and about a 10% chance to leave your device unresponsive! There have been several released guides for other devices that have close to the same success rate / risk factor. All i can do is share what I have done, and what i know from personal exp.
Im sorry if anyone lands themselves on the wrong side of that equation, but it is a risk that only you can decide if its worth taking. For me, that answer is and always will be YES because i will not own a device that i do not OWN! For others this may be a touch more out of their league, and if thats true they should steer clear, until I or another user can get hold of an official TMO OTA, to examine the diff files in each.
****** Now all of that being said.... if ANYONE wishes to contribute to finding a solution to this dumpster fire, I am not asking for donations.... What i am asking, is for SOMEONE who might have a T-Mobile 10Pro on the release build, or any build PRIOR to 11_A.13 and is looking to help, we NEED an exact copy of an OTA update that might be sitting in your notifications. All updates download to the /sdcard/ partition of your phone in a folder that is accessible without root permissions. If you accept the download for the update, and DONT begin the install immediately, you can locate and pull that OTA to your computer, then delete the file from your phone, and it will cancel the update on reboot. No loss to you, but EXTREMELY HELPFUL to us, because we will have something from TMO to work with, which may give us a clue as to what we need to remove from the updater script ! *******
and FYI the signatures used to sign some of the OTA we already have, are already deciphered and as such can be used to create new signatures after making some changes to the respective regions package. But to make having these be of any value, we need to know what to take out or change in the manifest, that will prevent alterations of the files causing bootloops. If anyone can help with an upload of a TMO-OTA please share publicly or dm myself or one of the other devs who have expressed interest in this issue.
Thanks
I can probably pull the update from my wifes phone. She never updates anything. I did get my 10 pro to boot to android 13 but everything just says its disabled. This is only the 3rd phone ive done this with so ill warranty another one if i have to lol.
supercobaltss said:
EDIT: Local Update downgrade it currently installing
No Go, The update installed and downgraded but it just loads to the welcome screen and crashes and boot loops
Click to expand...
Click to collapse
Yup, this happened to me as well. Setup wizard crashes before I even get very far in it, and I've wiped multiple times trying to complete it somehow.
GuyInDogSuit said:
Yup, this happened to me as well. Setup wizard crashes before I even get very far in it, and I've wiped multiple times trying to complete it somehow.
Click to expand...
Click to collapse
Ive tried to convert multiple different ways. Upgrading to 13 basically screws you with the disabled apps BS, Downgrading just crashes the device. Either way its broken. I've went through 3 devices now messing around.
So I guess it's time to replace it, then? Crap.
GuyInDogSuit said:
So I guess it's time to replace it, then? Crap.
Click to expand...
Click to collapse
Start a RMA on OnePlus website, don't go through T-Mobile. They will have you send in phone and then either reflash your phone and send it back or just send you a new phone which is what they did when I had to do it. All that bs about voiding warranty when unlocking bootloader is just that, bs. They fix or replace without any issues but you have to go through OnePlus.
FML.
I've gotten it working for the most part, but what's most concerning is that there's no IMEI. And it doesn't charge or even acknowledge the cable. Fantastic.
jeffsga88 said:
Start a RMA on OnePlus website, don't go through T-Mobile. They will have you send in phone and then either reflash your phone and send it back or just send you a new phone which is what they did when I had to do it. All that bs about voiding warranty when unlocking bootloader is just that, bs. They fix or replace without any issues but you have to go through OnePlus.
Click to expand...
Click to collapse
I can't even request an RMA as I don't have an IMEI to provide. It's blank in the phone. I think I'm screwed. Or try T-Mobile. Dunno. This sucks.
GuyInDogSuit said:
I can't even request an RMA as I don't have an IMEI to provide. It's blank in the phone. I think I'm screwed. Or try T-Mobile. Dunno. This sucks.
Click to expand...
Click to collapse
The T-Mobile version has your IMEI sketched into the back cover of your phone. You should be able to use that.
jeffsga88 said:
The T-Mobile version has your IMEI sketched into the back cover of your phone. You should be able to use that.
Click to expand...
Click to collapse
Oh. Uh.... completely forgotten about that.
I just updated to Android 13 on the TMO NE2217, device not unlocked, still financed. And now have the option to unlock the BL.
beatbreakee said:
All updates download to the /sdcard/ partition of your phone in a folder that is accessible without root permissions. If you accept the download for the update, and DONT begin the install immediately, you can locate and pull that OTA to your computer, then delete the file from your phone, and it will cancel the update on reboot.
Click to expand...
Click to collapse
Is this still useful, with the NE2217_11_C.26 update? And either way, how can I delete it? I couldn't find anything big in /sdcard. Thanks!
deleted
psm321 said:
Is this still useful, with the NE2217_11_C.26 update? And either way, how can I delete it? I couldn't find anything big in /sdcard. Thanks!
Click to expand...
Click to collapse
^
^
^
^
^
THIS Please my phone ignored my saying no and next reboot the damn thing will go off on me ... so frustrating that even when you set the darn thing to OFF on auto update and such it STILL does this BS...
Damn TMobile and their special lock junk UGH ...
anyway ... please can one direct with a screen shot and file manager they used to find this file so I can delete the thing? ... I have tried to find it and struck out ... but having got the notification today and the Oxygen app is showing 'REBOOT' instead of 'resume' when I ignored the update previously has me thinking if I reboot I will see android 13 pop up and in this case means I will lose my whoop as something with it breaks pairing my wearable ... whoop has offered no timetable for a fix