Develop Bugs

[Q] Explain to me why devs are unable to unlock the MJB bootloader

I've been curious about how the Bootloader is locked down and why it's so difficult/impossible to unlock. How does the mfg get the initial load onto the device when it's manufactured?
I read that this bootloader has some 2048 encryption and that it's impossible to crack. However, I feel like there should be a way to alter the systems firmware from a PC or some kind of connection to the device.

Buchez said:
I've been curious about how the Bootloader is locked down and why it's so difficult/impossible to unlock. How does the mfg get the initial load onto the device when it's manufactured?
I read that this bootloader has some 2048 encryption and that it's impossible to crack. However, I feel like there should be a way to alter the systems firmware from a PC or some kind of connection to the device.
Click to expand...
Click to collapse
The way I read it somewhere is this,
There are efuses built into the processor/motherboard/memory/whatever that the new bootloader "blows" when it is installed. These efuses are necessary pathways for the older bootloaders, hence why they won't install. I don't believe the new bootloader is "locked" per say, it just prevents earlier versions from being installed. There is also a guide somewhere on these forums to recover your device from a brick if you tried to downgrade the bootloader. The new bootloader also doesn't prevent you from installing earlier roms, as long as they are flashable from recovery. Just do not try to use Odin to revert to an earlier rom. That's what causes the bricks, and although there is a procedure to recover, it doesn't sound easy and you end up back on MJB when you're done anyway. Hope that helped.
To whoever wrote the original post I referred to above, my apologies for not giving credit.

Thanks for the reply.
I'm pretty solid with flashing ROM's and such. I have been wondering if it would be possible to use a regular PC and some cool software to reset or reformat the firmware on the system.
Here is a link to the article I was reading:
http://rootzwiki.com/news/att-locks-down-its-galaxy-s-iv-bootloader/
Say I have brand new S3 hardware right off the factory floor. How does that system get injected with the software? When the factories get damaged or "Bricked" units back and refurb them, how do they do that. I know that you can use the SD card trick to jump your phone back to life, but there has to be some master way to do this

Buchez said:
Thanks for the reply.
I'm pretty solid with flashing ROM's and such. I have been wondering if it would be possible to use a regular PC and some cool software to reset or reformat the firmware on the system.
Here is a link to the article I was reading:
http://rootzwiki.com/news/att-locks-down-its-galaxy-s-iv-bootloader/
Say I have brand new S3 hardware right off the factory floor. How does that system get injected with the software? When the factories get damaged or "Bricked" units back and refurb them, how do they do that. I know that you can use the SD card trick to jump your phone back to life, but there has to be some master way to do this
Click to expand...
Click to collapse
I don't have an S3, I'm on the S3 section because my mom broke her phone, so this is speculation based on when I owned an Optimus G:
There are qualcomm tools that can fix a lot more than Odin and Fastboot can, apparently, and manufacturers have access to those. When I had an Atrix 4G someone told me they replace the entire board when eFuses are burned incorrectly, but that sounds really expensive. Anyway, just my 2 cents, i'm out~

Sprint GS3 4.3 Boot.Img Knox Bootloader Hard Brick

I have Hard Bricked my SPH-L710 (noob mistake). I upgraded to 4.3 without reading up on features. Everybody now knows about the annoying KNOX security that comes with it but i did something so HORRIFIC lol i tried to downgrade. didnt end so well. little did i know trying to downgrade with KNOX causes a hard brick..:crying: everyones trying to do the SD card trick where you image the debrick image on the sd card. people are mad to find out that if you upgraded 4.3 you cant fix a hard brick that way anymore. UNLESS someone extracts the boot image from their rooted 4.3 SPH-L710 device then there is a chance that this method will work. use Philz recovery to root 4.3. and someone get this image for me!! dont just do it for me get it for other models too. be nice. or if there is, will someone link it to this thread. or any other way to fix this hard brick.
will a jig work ? i know how to fix it if i get to download mode.

BadThoughtss said:
I have Hard Bricked my SPH-L710 (noob mistake). I upgraded to 4.3 without reading up on features. Everybody now knows about the annoying KNOX security that comes with it but i did something so HORRIFIC lol i tried to downgrade. didnt end so well. little did i know trying to downgrade with KNOX causes a hard brick..:crying: everyones trying to do the SD card trick where you image the debrick image on the sd card. people are mad to find out that if you upgraded 4.3 you cant fix a hard brick that way anymore. UNLESS someone extracts the boot image from their rooted 4.3 SPH-L710 device then there is a chance that this method will work. use Philz recovery to root 4.3. and someone get this image for me!! dont just do it for me get it for other models too. be nice. or if there is, will someone link it to this thread. or any other way to fix this hard brick.
will a jig work ? i know how to fix it if i get to download mode.
Click to expand...
Click to collapse
i Bricked mines too, i have been looking for it too hopefully someone share's the file

Same here, bricked Boot Loader *sigh* Mine came from an idiotic move with the EZ-Unlock app tho. Suppose my next step is to invest in a Class 10 SD Card and pray for the best. There is some other threads around here that have various S3 unbrick images tho, just gotta poke around :good:

I'm in the same boat guys

Aggghh.....I pray for this file every night to fix both mine AND my hubby's GS3. Yup.....had so much confidence in myself (Really it was cockiness) that I bricked mine and then his!

me too...bah!
I missread the dev topic on the S3 Factory reset and counter and got burned. I was running a custom 4.3 and thought I was good...oh well.
I have tried the SD card method with several different images, but alas I am still in crapville without a shovel. $50 to send off for repairs or wait for something to come along. Right now I am hurting, hard to believe that phone was so important! Argh! Has anyone had luck?

Sigh...a little searching helps.
http://forum.xda-developers.com/showthread.php?t=2637424

EFS Professional does restore aboot

EFS Professional works. Restored my aboot today, as a test, and it does in fact work, at least the restore of it did.
No, I did not lock my device with a retail rom, nor did I do any other kind of brick. All I did was a backup and restore of the aboot.
Device is a Note 4 Developer Edition on the NJ5 rom
If, there is a "better" test, like complete loss of phone - e.g. brick etc. flash of retail rom (not sure I'm willing to do that... so easy)
but in other threads regarding EFS (unless they are really old, old threads) which state recovery of the aboot has not really been tried - a theory, yet the suggestion was to wait till something does go wrong rather than just try it for the heck of it. Well, I did not head warning, and tested it anyway...
any comments?

Where can I get that cause I messed up me efs trying to unlock my phone.

anticloud said:
EFS Professional works. Restored my aboot today, as a test, and it does in fact work, at least the restore of it did.
No, I did not lock my device with a retail rom, nor did I do any other kind of brick. All I did was a backup and restore of the aboot.
Device is a Note 4 Developer Edition on the NJ5 rom
If, there is a "better" test, like complete loss of phone - e.g. brick etc. flash of retail rom (not sure I'm willing to do that... so easy)
but in other threads regarding EFS (unless they are really old, old threads) which state recovery of the aboot has not really been tried - a theory, yet the suggestion was to wait till something does go wrong rather than just try it for the heck of it. Well, I did not head warning, and tested it anyway...
any comments?
Click to expand...
Click to collapse
I'm glad it worked. You are brave.
What version EFSPro? Did you just restore aboot.mbn.tar.gz?
Thanks

can root be achived in retail Note 4? is this a workaround?
radionerd said:
I'm glad it worked. You are brave.
What version EFSPro? Did you just restore aboot.mbn.tar.gz?
Thanks
Click to expand...
Click to collapse
EFS_Professional_2.1.80_BETA.zip; and yes, it was just the aboot. The phone did not even flinch, just works flawlessly.
For some reason I trusted it, right?
What I do not know is, could I have flashed my way to a retail version, locked my device, and reflashed using this utility, back to developer's edition, that'd be the idea, right? But I assume it'd not just be the aboot but all the backed up partitions.
Comment - I tried backing up the userdata partition, and it bombed during md5 verification - I will take a guess that the user data partition changed maybe as a result of the backup itself, maybe, do not know...
but here is what I want to know - and this could be the clincher... follow me on this...
could I not take a developer edition and root it, right? Then, use EFS Professional to back it up - just the system partition, is that not where root resides, yes? then push the backup file to androidfilehost with the instructions in XDA to use EFS Professional to reflash the system partition onto a retail edition, right? would that be a way to flash a rooted system partition in a crude way - on a retail device? how would the phone know? Then, once root is achieved, could a programmer who knows better than I get to the solution of finding a weakness once inside the unit. Is that possible...
What I could do, is take the phone back to absolute stock, with odexed files etc. root it, and save the system partition with root, but stock otherwise... save off the backup like I stated above. I just may do that - what would the worst that could happen, the user community would have to use odin to reflash the system partition and boom, back to stock, right?
I say it's worth a shot -
and, if it worked, would I be eligible for a bounty?

anticloud said:
EFS_Professional_2.1.80_BETA.zip; and yes, it was just the aboot. The phone did not even flinch, just works flawlessly.
For some reason I trusted it, right?
Click to expand...
Click to collapse
I will have to change my aboot backup guide From theory to confirmed I don't plan to flash aboot unless something tragic happens. "I am once bitten, twice shy". Last spring I corrupted my Note-3 DE. It was hard bricked for 6 weeks before I figured out what partitions were corrupt, and how to restore them.
anticloud said:
What I do not know is, could I have flashed my way to a retail version, locked my device, and reflashed using this utility, back to developer's edition, that'd be the idea, right? But I assume it'd not just be the aboot but all the backed up partitions.
Click to expand...
Click to collapse
I'm afraid to say "in theory yes", you might take it as a challenge, please don't, careful If aboot had gotten corrupted the phone then wouldn't boot. Other DE owners flashed Oden stock retail Tars, and some were able recovered to a stock locked device. But here is the hitch, EFS Pro needs root, and busybox. So from a locked device you would need to make and modify an oden tar of your saved aboot.mbn.tar.md5. Then flash via Oden, Fingers and toes crossed, aboot is restored, hopefully.
The PIT has aboot mapped, so it can be flashed via oden once the saved aboot is modified; stripped, and TAR'ed with md5. It then could be flashed. Some other partitions aren't mapped, and can't be flashed like this.
anticloud said:
Comment - I tried backing up the userdata partition, and it bombed during md5 verification - I will take a guess that the user data partition changed maybe as a result of the backup itself, maybe, do not know...
Click to expand...
Click to collapse
Userdata is huge, I backed mine up as soon as I had root and busybox. Before it grew too big, compressing and writing a single file @ +2.5gb to SD and computer is a tall order.
anticloud said:
but here is what I want to know - and this could be the clincher... follow me on this...
could I not take a developer edition and root it, right? Then, use EFS Professional to back it up - just the system partition, is that not where root resides, yes? then push the backup file to androidfilehost with the instructions in XDA to use EFS Professional to reflash the system partition onto a retail edition, right? would that be a way to flash a rooted system partition in a crude way - on a retail device? how would the phone know? Then, once root is achieved, could a programmer who knows better than I get to the solution of finding a weakness once inside the unit. Is that possible...
Click to expand...
Click to collapse
Designed security measures won't allow an easy solution, signed partitions, locked boot loaders... stuffs that makes my head hurt thinking aboot
anticloud said:
What I could do, is take the phone back to absolute stock, with odexed files etc. root it, and save the system partition with root, but stock otherwise... save off the backup like I stated above. I just may do that - what would the worst that could happen, the user community would have to use odin to reflash the system partition and boom, back to stock, right?
I say it's worth a shot -
and, if it worked, would I be eligible for a bounty?
Click to expand...
Click to collapse
Your enthusiasm is refreshing, you are reading, and thinking. Continue to dig into the forums. Search, study, and Be Careful man
If you want to continue this discussion, We should probably skedaddle out of the Developer only forum before we get hollered at. We can move over here

thanks
radionerd said:
I will have to change my aboot backup guide From theory to confirmed I don't plan to flash aboot unless something tragic happens. "I am once bitten, twice shy". Last spring I corrupted my Note-3 DE. It was hard bricked for 6 weeks before I figured out what partitions were corrupt, and how to restore them.
I'm afraid to say "in theory yes", you might take it as a challenge, please don't, careful If aboot had gotten corrupted the phone then wouldn't boot. Other DE owners flashed Oden stock retail Tars, and some were able recovered to a stock locked device. But here is the hitch, EFS Pro needs root, and busybox. So from a locked device you would need to make and modify an oden tar of your saved aboot.mbn.tar.md5. Then flash via Oden, Fingers and toes crossed, aboot is restored, hopefully.
The PIT has aboot mapped, so it can be flashed via oden once the saved aboot is modified; stripped, and TAR'ed with md5. It then could be flashed. Some other partitions aren't mapped, and can't be flashed like this.
Userdata is huge, I backed mine up as soon as I had root and busybox. Before it grew too big, compressing and writing a single file @ +2.5gb to SD and computer is a tall order.
Designed security measures won't allow an easy solution, signed partitions, locked boot loaders... stuffs that makes my head hurt thinking aboot
Your enthusiasm is refreshing, you are reading, and thinking. Continue to dig into the forums. Search, study, and Be Careful man
If you want to continue this discussion, We should probably skedaddle out of the Developer only forum before we get hollered at. We can move over here
Click to expand...
Click to collapse
I think I just did - posted a thread here...
thanks
rob

@yhenks
You can't. This is talking about dev edition devices which have an unlocked aboot partition to start. It is not possible to create your own such version of the partition as dev edition aboot's are tied directly to the device they come on. This is just how to restore a previously unlocked device if you accidentally lock it. Not how to unlock an initially locked device.

Looking for PIT files for SM-N910P

I'm looking for the PIT files for Sprint's Note 4. Or does anyone know if the PIT for SM-N910F will work. Is the (F) version compatible in all of the Sprint versions. I.E. when looking for Sprint programs there is no SM-N910(P) but always a SM-N910(F). Is it safe to use the F version? Or is there a safe way to update/redo the bootloaders? I flashed some bad files with Odin right around the BOB7 udate and my device has been spinning in circles around that since. Even if I go full stock and Odin the latest firmware my device is set back to that period from a protected file that is in between bootloaders. I can't touch it. The closest I can get is with a terminal command from TWRP [/sbin/recovery] I can then chmod the files and erase or do whatever with them but they are restored in cold boot. Even after flashing the official firmware it reverts to the files from BOB7. What's really crazy is I'm running stock firmware so can not use xposed but if I mount data and system wipe and then run uberwipe my device will boot with xposed apps functional. It is as if I am running two ROMS one that can not be removed or changed. I can see it happening but not from where exactly. In cold boot it loads the RO biuld from /dev/block/platforms/msm_scc1.by_name/hidden. I can find everything but the hidden. In the stock recovery logs it says the command to fix it is wipe_data_crypto but I can't accomplish it. Any suggestions?

PIT for Sprint Note 4 is here:
http://www.sammobile.com/forum/showthread.php?p=137840 No links are permitted by the developer; please respect that.
Not experiencing what you have and not attempting to fix what isn't broken, can't say what works but from what you describe, it sounds like you may have attempted to flash an older bootloader which isn't advised.
You may consider it's risky to try to undo that but first verify your reactivation lock is disabled. If your eMMC is OK, it might be OK to try to Odin PIT with repartition and nand erase all with an acceptable tar OG5 or higher loaded in AP slot. Always use PIT for repartition but only use if needed. And use at your own risk.
No guarantee but consider the risk and IF you have an issue with boot after Odin, you may need to factory reset in stock recovery and try the stock tar again (it's important to try that first without panicking). Always power down and pull battery before flashing stock tar. Also make sure you have ample battery charge. These days, 80% is recommended because there's a lot of weak batteries out there. Consider a new battery if older than 12 months or requiring frequent charging or phone shuts down before 0%. (I don't recommend full discharge, just that some batteries start shutting down around 20% when going bad. It only gets worse after that.)
Sent from my SM-N930P using Tapatalk

samep said:
PIT for Sprint Note 4 is here:
http://www.sammobile.com/forum/showthread.php?p=137840 No links are permitted by the developer; please respect that.
Not experiencing what you have and not attempting to fix what isn't broken, can't say what works but from what you describe, it sounds like you may have attempted to flash an older bootloader which isn't advised.
You may consider it's risky to try to undo that but first verify your reactivation lock is disabled. If your eMMC is OK, it might be OK to try to Odin PIT with repartition and nand erase all with an acceptable tar OG5 or higher loaded in AP slot. Always use PIT for repartition but only use if needed. And use at your own risk.
No guarantee but consider the risk and IF you have an issue with boot after Odin, you may need to factory reset in stock recovery and try the stock tar again (it's important to try that first without panicking). Always power down and pull battery before flashing stock tar. Also make sure you have ample battery charge. These days, 80% is recommended because there's a lot of weak batteries out there. Consider a new battery if older than 12 months or requiring frequent charging or phone shuts down before 0%. (I don't recommend full discharge, just that some batteries start shutting down around 20% when going bad. It only gets worse after that.)
Sent from my SM-N930P using Tapatalk
Click to expand...
Click to collapse
Yes I'm getting ready to flash bootloaders big AF. I will two the pit files first but if that doesn't work I've got a list. Involves downgrading to kit kat, rooting with auoto root (can't screw me thrice) running triangle away to lose the warranty bit, installing xposed and wanam so as to make it read official. Once samsungs stuff isn't all a scared anymore I delete the /dev/block/platform/msm1_byname/hidden/rape the dumbass that used to trust developers he didn't know until he knew better and the rape was done.
I'm not really looking to flash boot loaders per say. I realized that you can only install a newer version and I TiVo I'm out of updates if I need a new bootloader. Just went to erase the obtrusive piece of poo hidden in between the 2 bootloaders. I'm not even sure theres supposed to be 2 bootladers. I look at samsuny stock firmware it's nothing like the billithera of extra stuff I have on my device. Can't say for sure who caused it because I did some retarded stuff when I was even greener than I am now. But whether it be auto root or srs unlock that super su is obtrusive as it gets. The purpose of root was flee me the user to gain access tip everything. The whole limiting the user and granting permission to every creepy fook on this planet to stock me and my kids is not what I had in mind. These people are so adamant about their creepy stalking not only is my devices esp network cut by 90% they do dangerous stuff like hidden robuilds that has a value of 1 where the radio don't shut off I airplane mode.

samep said:
PIT for Sprint Note 4 is here:
http://www.sammobile.com/forum/showthread.php?p=137840 No links are permitted by the developer; please respect that.
Not experiencing what you have and not attempting to fix what isn't broken, can't say what works but from what you describe, it sounds like you may have attempted to flash an older bootloader which isn't advised.
You may consider it's risky to try to undo that but first verify your reactivation lock is disabled. If your eMMC is OK, it might be OK to try to Odin PIT with repartition and nand erase all with an acceptable tar OG5 or higher loaded in AP slot. Always use PIT for repartition but only use if needed. And use at your own risk.
No guarantee but consider the risk and IF you have an issue with boot after Odin, you may need to factory reset in stock recovery and try the stock tar again (it's important to try that first without panicking). Always power down and pull battery before flashing stock tar. Also make sure you have ample battery charge. These days, 80% is recommended because there's a lot of weak batteries out there. Consider a new battery if older than 12 months or requiring frequent charging or phone shuts down before 0%. (I don't recommend full discharge, just that some batteries start shutting down around 20% when going bad. It only gets worse after that.)
Sent from my SM-N930P using Tapatalk
Click to expand...
Click to collapse
I appreciate the advice. I hope to avoid allot with the PIT. That's what flashfire back up says it needs. Shutting the phone of is a good idea. The recovery log was actually making fun of me for not. Along with the simple command I needed to open /sbin/recovery then wipe cane and data crypto. The /sbin/recovery was an eye opener (try it from the emulator in twrp to see if root has crippled you. The thing is most of us use a universal supersu update to reinstall and that is not good. That is written to take out the marines if that's what it takes to accomplish root. Remember the food old days when superuser binary was a line compatible with your cu?
Anyways another good command people don't know is if odin fails don't pull the battery. I put am s4 tip sleep forever that way. volumedwn home and power reatart the bootloader and wipe the cache for the software out is rejecting.
Yes I'm getting ready to flash bootloaders big AF. I will two the pit files first but if that doesn't work I've got a list. Involves downgrading to kit kat, rooting with auoto root (can't screw me thrice) running triangle away to lose the warranty bit, installing xposed and wanam so as to make it read official. Once samsungs stuff isn't all a scared anymore I delete the /dev/block/platform/msm1_byname/hidden/rape the dumbass that used to trust developers he didn't know until he knew better and the rape was done.
I'm not really looking to flash boot loaders per say. I realized that you can only install a newer version and I TiVo I'm out of updates if I need a new bootloader. Just went to erase the obtrusive piece of poo hidden in between the 2 bootloaders. I'm not even sure theres supposed to be 2 bootladers. I look at samsuny stock firmware it's nothing like the billithera of extra stuff I have on my device. Can't say for sure who caused it because I did some retarded stuff when I was even greener than I am now. But whether it be auto root or srs unlock that super su is obtrusive as it gets. The purpose of root was flee me the user to gain access tip everything. The whole limiting the user and granting permission to every creepy fook on this planet to stock me and my kids is not what I had in mind. These people are so adamant about their creepy stalking not only is my devices esp network cut by 90% they do dangerous stuff like hidden robuilds that has a value of 1 where the radio don't shut off I airplane mode.

samep said:
PIT for Sprint Note 4 is here:
http://www.sammobile.com/forum/showthread.php?p=137840 No links are permitted by the developer; please respect that.
Not experiencing what you have and not attempting to fix what isn't broken, can't say what works but from what you describe, it sounds like you may have attempted to flash an older bootloader which isn't advised.
You may consider it's risky to try to undo that but first verify your reactivation lock is disabled. If your eMMC is OK, it might be OK to try to Odin PIT with repartition and nand erase all with an acceptable tar OG5 or higher loaded in AP slot. Always use PIT for repartition but only use if needed. And use at your own risk.
No guarantee but consider the risk and IF you have an issue with boot after Odin, you may need to factory reset in stock recovery and try the stock tar again (it's important to try that first without panicking). Always power down and pull battery before flashing stock tar. Also make sure you have ample battery charge. These days, 80% is recommended because there's a lot of weak batteries out there. Consider a new battery if older than 12 months or requiring frequent charging or phone shuts down before 0%. (I don't recommend full discharge, just that some batteries start shutting down around 20% when going bad. It only gets worse after that.)
Sent from my SM-N930P using Tapatalk
Click to expand...
Click to collapse
by chance i got one of these thats only in qloader9008 you got any ideas on that i am downloading the debrick img from sammobiles rite now. aint really ever had this issue on a samsung only lgs
thanks in advance man

TheMadScientist420 said:
by chance i got one of these thats only in qloader9008 you got any ideas on that i am downloading the debrick img from sammobiles rite now. aint really ever had this issue on a samsung only lgs
thanks in advance man
Click to expand...
Click to collapse
You may have discovered this thread. I haven't had the issue or tried fixing one bricked but marked this thread because of all the theories, examples and links, it seemed a place to start for answers but I couldn't know without experiencing an issue, myself. What works? Don't know.
http://forum.xda-developers.com/showpost.php?p=63848150&postcount=1
It's probably a starting point but nothing new if you've devoted time with success in finding methods to try. It suggests also it could be the eMMC failing which is all too common for Note 4. Either way, if it's just bricked, maybe you recover it. If it's component failure, main board replacement should fix it. Main boards can be found on eBay and Amazon but I think they're all used or remanufactured boards. Samsung repair may be an alternative if you're not to inconvenienced by waiting. Just recently, I got a quote from my local uBreakItIfixIt and the guy said it's not a fixed estimate store to store but he'd only charge $10 to replace a main board in store.
Best wishes for timely procedure or economical repair.
Sent from my SM-N930P using Tapatalk

samep said:
You may have discovered this thread. I haven't had the issue or tried fixing one bricked but marked this thread because of all the theories, examples and links, it seemed a place to start for answers but I couldn't know without experiencing an issue, myself. What works? Don't know.
http://forum.xda-developers.com/showpost.php?p=63848150&postcount=1
It's probably a starting point but nothing new if you've devoted time with success in finding methods to try. It suggests also it could be the eMMC failing which is all too common for Note 4. Either way, if it's just bricked, maybe you recover it. If it's component failure, main board replacement should fix it. Main boards can be found on eBay and Amazon but I think they're all used or remanufactured boards. Samsung repair may be an alternative if you're not to inconvenienced by waiting. Just recently, I got a quote from my local uBreakItIfixIt and the guy said it's not a fixed estimate store to store but he'd only charge $10 to replace a main board in store.
Best wishes for timely procedure or economical repair.
Sent from my SM-N930P using Tapatalk
Click to expand...
Click to collapse
i dont know the problem seems to have been in a update.. playing with it for a while it started charging and turned on and finished a update....
i got a s6 active did the same thing to me just started working i run it for like 6 months no probs
of coarse its on sprints black list just found out due to non payment of ezpay. but ill deal with that on my own as such talks are downed and frowned upon.
man i got this thing for 20 bucks.... even if nothing else my buddy needs a screen for one in his shop. but most def thank you for responding..
too further your post i do all my own repairs ussually the cheapest route currently behind the wheel of a unrootable verizon note 5 and a lgg4 which is rooted but no twrp method available. each i have very little invested in.

I never could find the files. The link was valid, samep, it just refused to let me have them. It turns out it is easier to get them off your own device and I've zero doubt they are for the 32gb Sprint Note 4. At least mine anyways. I tried the down grade to kitkat which would have worked because it downgrades you boatloader at least according to the page. I got a failed md5. So it wouldn't supirise me if these pit files are different than what the stock one was. Hard to tell what you have, for sure, when you are a flash junk that trusts random people on the inter web. At least I was/did. I gave myself this when it was brand new. It was hard to get it going again. I back up worked with plasma kernel then on the next official it was right again, well almost, I've had this problem almost two years now. I went without root for a while so didn't notice.
I
I hope this fixes it. If not I'll find the right files for the kk downgrade. It would be sweet to go back anyways. I'll leave a link in the next thread for the pit.

TheMadScientist420 said:
i dont know the problem seems to have been in a update.. playing with it for a while it started charging and turned on and finished a update....
i got a s6 active did the same thing to me just started working i run it for like 6 months no probs
of coarse its on sprints black list just found out due to non payment of ezpay. but ill deal with that on my own as such talks are downed and frowned upon.
man i got this thing for 20 bucks.... even if nothing else my buddy needs a screen for one in his shop. but most def thank you for responding..
too further your post i do all my own repairs ussually the cheapest route currently behind the wheel of a unrootable verizon note 5 and a lgg4 which is rooted but no twrp method available. each i have very little invested in.
Click to expand...
Click to collapse
Did you fix it? Your right totally worth it for the screen. You can unlock the imei. I only did it once just because some people are so adamant you can't. I like to believe anything is possible. I don't feel bad about getting those non paid because the phone companies are the thieves. Especially in the US. They bury a lot of people locking you down to have a phone and the policy on being to stupid to fix anything is raw. With two kids I paid out a lot of dead phones. It takes rooting one phone to have bested the entire knowledge of tech at sprint. That's the hard part. If they sold parts it would be nothing.
TheMadScientist420 said:
by chance i got one of these thats only in qloader9008 you got any ideas on that i am downloading the debrick img from sammobiles rite now. aint really ever had this issue on a samsung only lgs
thanks in advance man
Click to expand...
Click to collapse
Sent from my SM-N910P using XDA-Developers mobile app

PIT_SM_N910P
https://mega.nz/#!cJREFYqS
Sent from my SM-N910P using XDA-Developers mobile app

planb234 said:
Did you fix it? Your right totally worth it for the screen. You can unlock the imei. I only did it once just because some people are so adamant you can't. I like to believe anything is possible. I don't feel bad about getting those non paid because the phone companies are the thieves. Especially in the US. They bury a lot of people locking you down to have a phone and the policy on being to stupid to fix anything is raw. With two kids I paid out a lot of dead phones. It takes rooting one phone to have bested the entire knowledge of tech at sprint. That's the hard part. If they sold parts it would be nothing.
Sent from my SM-N910P using XDA-Developers mobile app
Click to expand...
Click to collapse
Y3a it just decided it was gonna start workin heck yea.
The battery is trashed on it. Im gonna order one here soon
Ive flashed a few roms on it. Rooted. But everytime i restart it the bat percentage is totally diffrent.. thank you. I got a s6 once same way
Wouldnt do nothing. Plyin with it and decided to boot up.
Again i know talks of bad imeis are not good conversation. But i use cdma workshop and basicly took a old sammy i had that was junk and destroyed it. Took the sticker and rewrite a new iemi. Havent done it yet but. When i get there i know i can.
Ofcoarse now i cant unlock it even if i follow all the guides. Ive tried and tried.

TheMadScientist420 said:
Y3a it just decided it was gonna start workin heck yea.
The battery is trashed on it. Im gonna order one here soon
Ive flashed a few roms on it. Rooted. But everytime i restart it the bat percentage is totally diffrent.. thank you. I got a s6 once same way
Wouldnt do nothing. Plyin with it and decided to boot up.
Again i know talks of bad imeis are not good conversation. But i use cdma workshop and basicly took a old sammy i had that was junk and destroyed it. Took the sticker and rewrite a new iemi. Havent done it yet but. When i get there i know i can.
Ofcoarse now i cant unlock it even if i follow all the guides. Ive tried and tried.
Click to expand...
Click to collapse
There's a couple of ways to calibrate the battery. the easiest is a root app in Play "Battery Calibrator" it resets the stats at 100% Another is *#0228# I believe you calibrate it then let it run all the way dry then charge it to full with the system off. Not too hard to find if you want to give it a shot. It's hard to say what the problem is. I just got a new one because the old was dying at 30%. I use both and they take turns on which one is weak. Neither is a problem with out root. I probably have too much working Or to much stuff in the background.
I've heard that about changing the sticker. i only change the sticker if I used another phone for the screen. It matches what is in the board that way, If you take it in the store to get it activated they may be a little less confused.
I took an S4 that was compiled of 3 previous ones and my daughters that just stoppede working to get activated at sprint. Of course he couldn't. His story the same "When you work on them .. . He was pretty adamant that as it. I couldn't figure out how that affected both of them. So i took it home and activated it myself. Turns out the S4 is a dual band so he generally has a 50% succes rate it will turn on in the mode.
The sticker definitly won't get it activated. I've got an LG3 that was given to me by some who did't care about sprint anymoe that was Imei locked out activated. It was $100 bucks for the server. The server was. It unlocked a s5 also that a jerk sold me was clean. It unlocked it too. It was through verizon so i never activated it. I was trying to flop it to sprint when it disappeard .I unloced my note 4 with it to. The SIM so the APNs aere never locked altough I'm not positve it could have been GTidonetehapp that did it. I did' know what I ws doing, I just like plaing with them. No real reason to unlock a phone you own. Well ther is the hotspot. I'm pretty sure that's how I crumbed up my note and my puter to. I dropped exec files in my win 32 folder and flashed in something with a crazy odin to get my phone unlocked. But again not positive, thier stuff workied so it was just to give my equiment herepes.

planb234 said:
PIT_SM_N910P
https://mega.nz/#!cJREFYqS
My bad. I did not know that there has to be a key for mega. This one should do better.
Fwd: https://www.dropbox.com/sh/b0b3ywj5rbiec7h/AAAUM9TvOLUCDPJXXZTZBd_Ea?dl=0
Click to expand...
Click to collapse

planb234 said:
There's a couple of ways to calibrate the battery. the easiest is a root app in Play "Battery Calibrator" it resets the stats at 100% Another is *#0228# I believe you calibrate it then let it run all the way dry then charge it to full with the system off. Not too hard to find if you want to give it a shot. It's hard to say what the problem is. I just got a new one because the old was dying at 30%. I use both and they take turns on which one is weak. Neither is a problem with out root. I probably have too much working Or to much stuff in the background.
I've heard that about changing the sticker. i only change the sticker if I used another phone for the screen. It matches what is in the board that way, If you take it in the store to get it activated they may be a little less confused.
I took an S4 that was compiled of 3 previous ones and my daughters that just stoppede working to get activated at sprint. Of course he couldn't. His story the same "When you work on them .. . He was pretty adamant that as it. I couldn't figure out how that affected both of them. So i took it home and activated it myself. Turns out the S4 is a dual band so he generally has a 50% succes rate it will turn on in the mode.
The sticker definitly won't get it activated. I've got an LG3 that was given to me by some who did't care about sprint anymoe that was Imei locked out activated. It was $100 bucks for the server. The server was. It unlocked a s5 also that a jerk sold me was clean. It unlocked it too. It was through verizon so i never activated it. I was trying to flop it to sprint when it disappeard .I unloced my note 4 with it to. The SIM so the APNs aere never locked altough I'm not positve it could have been GTidonetehapp that did it. I did' know what I ws doing, I just like plaing with them. No real reason to unlock a phone you own. Well ther is the hotspot. I'm pretty sure that's how I crumbed up my note and my puter to. I dropped exec files in my win 32 folder and flashed in something with a crazy odin to get my phone unlocked. But again not positive, thier stuff workied so it was just to give my equiment herepes.
Click to expand...
Click to collapse
I do my own i jusf activate sim cards the sticker is basicly for my refrance i sell a lot of phones but i keep ones like this for myself. So theres no issues i just swap sims all the time so no need for activations

planb234 said:
I never could find the files. The link was valid, samep, it just refused to let me have them. It turns out it is easier to get them off your own device and I've zero doubt they are for the 32gb Sprint Note 4. At least mine anyways. I tried the down grade to kitkat which would have worked because it downgrades you boatloader at least according to the page. I got a failed md5. So it wouldn't supirise me if these pit files are different than what the stock one was. Hard to tell what you have, for sure, when you are a flash junk that trusts random people on the inter web. At least I was/did. I gave myself this when it was brand new. It was hard to get it going again. I back up worked with plasma kernel then on the next official it was right again, well almost, I've had this problem almost two years now. I went without root for a while so didn't notice.
I
I hope this fixes it. If not I'll find the right files for the kk downgrade. It would be sweet to go back anyways. I'll leave a link in the next thread for the pit.
Click to expand...
Click to collapse
I do believe you have to sign into Sammobile to download files.
The PIT can also be found in the first stock tar for each OS update; the developer I linked says that the PIT hasn't changed. I've seen methods to extract PIT from phone but they don't match md5 when checked. I checked your linked PIT in the post above and it doesn't match either. I wouldn't recommend using that one.
If your phone has ever updated beyond OB7, you can't Odin full stock KitKat tars or OB7 stock tar. The bootloader will block the Odin flash.
Not looking at your phone, it's hard to say what's going on. But I hope the feedback helps. Ask if you have further questions; I'll try to reply, but I haven't experienced what you've having issues with. Best wishes for resolution.
Sent from my SM-N910P using Tapatalk

samep said:
I do believe you have to sign into Sammobile to download files.
The PIT can also be found in the first stock tar for each OS update; the developer I linked says that the PIT hasn't changed. I've seen methods to extract PIT from phone but they don't match md5 when checked. I checked your linked PIT in the post above and it doesn't match either. I wouldn't recommend using that one.
If your phone has ever updated beyond OB7, you can't Odin full stock KitKat tars or OB7 stock tar. The bootloader will block the Odin flash.
Not looking at your phone, it's hard to say what's going on. But I hope the feedback helps. Ask if you have further questions; I'll try to reply, but I haven't experienced what you've having issues with. Best wishes for resolution.
Sent from my SM-N910P using Tapatalk
Click to expand...
Click to collapse
Yeah it didn't work . It just shut down . I'll explain what has going on. Thank you for this post. It's good to know there's more options.
I actually did take a note 4 and s4 back. It dependes on how they upgraded. The bootloader doesn't change in an fota. I could do the s4 again now.
Thanks again for the awesome info.

TheMadScientist420 said:
I do my own i jusf activate sim cards the sticker is basicly for my refrance i sell a lot of phones but i keep ones like this for myself. So theres no issues i just swap sims all the time so no need for activations
Click to expand...
Click to collapse
You don't have to unlock the SIM or anything? Even if you do that's a lot less than getting the imei forgot about. Don't you have to get an msl from a comany. I know it's very possible send easy in free countries but i live in murica. You pay and pay here and the still put a cap on the data. If we're not careful we may use up all that data and then there would be no way to watch us 24-7 just we might go rogue.
A sticker that changes the sim? Details please.

samep said:
You may have discovered this thread. I haven't had the issue or tried fixing one bricked but marked this thread because of all the theories, examples and links, it seemed a place to start for answers but I couldn't know without experiencing an issue, myself. What works? Don't know.
http://forum.xda-developers.com/showpost.php?p=63848150&postcount=1
It's probably a starting point but nothing new if you've devoted time with success in finding methods to try. It suggests also it could be the eMMC failing which is all too common for Note 4. Either way, if it's just bricked, maybe you recover it. If it's component failure, main board replacement should fix it. Main boards can be found on eBay and Amazon but I think they're all used or remanufactured boards. Samsung repair may be an alternative if you're not to inconvenienced by waiting. Just recently, I got a quote from my local uBreakItIfixIt and the guy said it's not a fixed estimate store to store but he'd only charge $10 to replace a main board in store.
Best wishes for timely procedure or economical repair.
Sent from my SM-N930P using Tapatalk
Click to expand...
Click to collapse
I've been trying to reply to this for 2 days. You see it's not the way my phone runs that is the issue it is my network that is completely raped. I can't lose my parasite. I screwed up my bootloader petty bad when I was learning about Samsung. If you ask how to unlock a bootloader the most common answer you get is "you don't, you use auto root". Auto root is as amazing for sure but I can tell there is a lot of people who don't read anything and just do. The the disclaimer is "don't use this with a locked boot loader, you will likely brick your device." As i mentioned I'm a flash junky. I didn't know once you blew the hole in thy boot you only needed a custom recovery forever. I like changing roms so i rooted with it a couple more times. Things for real bad after I ran the kitkat auto root on lollipop. I could use one of my back ups and add plasma kernel for a few months until the next update. Worse than that i flashed a something from an unlock sight with a special version of Odin. I didn't even need to because i had all ready changed the csc to xas so my apns were open. The effects were scary but cool. I got locked out of my phone for awhile except for virtual access on my puter screen. My home network for straight raped after that. I had everything set to home and share because i didn't think there would be even more bored than me so as to waste there life watching my life. There is and they are smart as #. I go in intervals of being angry to amazed. I thought they were gone but no. I was not keen on interweb when i got on here. Now that i could protect myself I can't keep the evil at bay because it lurks in the dark spaces I can't reach. FlashFire says it can remove the seemles. It is incredible to but I don't think so. It definitely can't mine. What's crazy is I've had a couple new bootloaderers since then but it remains. I'm with out root at the moment and am able to look at some of the data and dev were files. I can see the usb files that block adb is in but still no. Even though auto root totally changes the way and where from the device boots, I'm needing to extract or other wise terminate what is probably one card a ftp or smb. I can see in my win logs that if uses a machine to confuse the system in a barrage of security log ins while opening a door for daddy. I had the xml explaing how it's done but then a brand new 125gb card magically went to sleep forever. Some script out there is beyond amazing to me. Virtual net adapters that aren't on top of actual hardware blow my mind. It would have never crossed my mind in a million years they there is going to be a need for antivirus software on hardware like a Bluetooth keyboard.

planb234 said:
You don't have to unlock the SIM or anything? Even if you do that's a lot less than getting the imei forgot about. Don't you have to get an msl from a comany. I know it's very possible send easy in free countries but i live in murica. You pay and pay here and the still put a cap on the data. If we're not careful we may use up all that data and then there would be no way to watch us 24-7 just we might go rogue.
A sticker that changes the sim? Details please.
Click to expand...
Click to collapse
this device had a bad iemi person i got it from said they didnt pay for it on the sprint ezpay.
i checked and that was the truth. so i changed the iemi with another old sammy i had and put the sticker in for my records. so i know what the new iemi is without the device being turned on.
im trying to sim unlock it so i can use it on domestic gsm but no go sofar always invalid sim.
i guess i need to take this dissussion to another thread as so i dont get to far off the orig topic here

@planb234
I'm not following well what you've tried since getting a PIT file. Did you get the PIT file from Sammobile yet? Did you try the latest stock tar? If older ones, which ones fail?
If Odin fails, can you post the log and text on screen?
I believe what you're talking about is not needing to root if flashing a custom ROM. After a stock tar, you could Odin TWRP and flash a custom ROM. Custom ROMs include root and su. If using Chainfire Auto Root for Note 4, make sure to use the right one and latest for Lollipop and Marshmallow. KitKat had its own Auto Root. But the auto root uses a modified stock recovery which may make its use redundant if flashing a custom or even wanting just TWRP for backups if stock rooted.
Some fun facts for you:
The bootloader on Sprint Note 4 is unlocked. Flashing a stock tar will un-root it. Factory reset will cause you to lose systemless root. But flashing a full stock tar successfully will replace the bootloader. If you're trying to flash OB7 or older KitKat stock tar, your bootloader won't be replaced. As far as OTA, it patches existing baseband, bootloader and effected system files and partitions that need patched. Even if it's just a revision number in the update, it gets rolled up to match the update revision. While I feel stock tar updates are full and need no patching, the patching is sequential and should match the Odin'd bootloader and baseband once sequentially rolled up accordingly. So IMO, a patched bootloader is same as newly Odin'd bootloader. I could be wrong about the patching so not necessarily a fact.
I think your problem is unsuccessful flash of full stock tar. A blown eFuse may cause that but from what I've read in past posts of others that had issues back then is that flashing the correct stock tar after full wipe in stock recovery overcomes the flash. It leads me to believe it's only activating reset protection to try to roll the bootloader back to OB7 or KitKat. Maybe I'm wrong but if your phone isn't suffering a hardware issue, you should be able to recover it.
Other bootloaders between OB7 and OG5 like OE1 and OF5 were also exhibiting an inability to downgrade but bootloaders OG5 and up can so far can be downgraded to OG5. I haven't tried downgrading bootloader to OE1 or OF5 though.
I've seen phone info from posters claiming to roll their bootloader back to OB7 or older and they've actually reported a newer bootloader, post OB7.
As far as I know, the only true way to get KitKat ROM to flash and boot is to flash a newer kernel after ROM flash, but prior to initial boot attempt. Currently, I'm only aware of Android 5.1.1 kernel and post OB7 bootloader booting a KitKat ROM after bootloader is updated beyond OB7.
If you're capable of doing otherwise, I'd like to see legit screenshot of phone info or galaxy tools application.
https://play.google.com/store/apps/details?id=org.vndnguyen.phoneinfo
Sent from my SM-N910P using Tapatalk

[G975U] DISCUSSION on Root/BL Unlock

Hello!
I just picked up a SM-G975U to play with.
Before you get your hopes up, Root and BL Unlock is NOT POSSIBLE on USA variants at this time!
I created this discussion so those willing and able can brainstorm with me with hopes of achieving root or unlock.
Now I wouldnt be creating this thread if I didnt think it was possible or without some form of teasers.
Dont ask me how but flashing combo is possible. I cannot and will not share the method/files as they are not mine to do so.
I noticed on combo this time around if you toggle oem unlock there is a tag that says "OEM Unlocked" when you enter download mode. When you long press vol up it also takes you to the unlock screen. After pressing vol up to accept it reboots and wipes data.
I am not sure the steps after this but so far havent been successful in flashing modified firmware. It is possible this is just a visual but I feel this is closer than any past devices ive owned. Anyone with know how on where the flash lock bit is stored would be of great help.
I should be able to flash some partitions after modifying them such as vbmeta or dtbo etc. to hopefully unlock the BL if I only knew what to modify.
This is not a how-to or dev thread so dont expect me to share any files. It is merely to discuss how the BL is unlocked on SD S10 devices to hopefully lead to an unlock down the road.
To my understanding, toggling the oem unlock sets a bit that tells the system that oem unlocking is allowed as well as disables security such as frp. This persists across reboots and firmware flashes etc.
After that, in DL mode there is a tag that also says device is oem unlocked. At this point you need to actually hold vol up to actually oem unlock the device.
After this I am unclear. We should be able to flash custom firmware at which verified boot state will be orange and the flash lock bit is 0. In my case, verified state is still green and flash lock is still 1 and flashes fail unless officially signed.
I know the dtbo is related to verity and vbmeta to verified boot. Vaultkeeeper to rlc. Then you have metadata, a few "keys" related partitions etc etc.
What is everyones take on this? Any ideas/suggestions are greatly appreciated in advance!

some screens

Welcome aboard! Appreciate all your work from the Note9! Kudos

Hey OP I know you from somewhere.... epic touch 4g forums?? I cant remember what device you had but anyways great to see you here. You think maybe chatting with the people that got root on enoxy may point you in the right direction. I know its enoxy and we got SD which is different but maybe a shot?*

krazy_smokezalot said:
Hey OP I know you from somewhere.... epic touch 4g forums?? I cant remember what device you had but anyways great to see you here. You think maybe chatting with the people that got root on enoxy may point you in the right direction. I know its enoxy and we got SD which is different but maybe a shot?*
Click to expand...
Click to collapse
haha I did own an epic 4g touch back in the day.. was more lurking way back then but who knows lol
for an update, no luck yet lol. been messin with combo on g975u but no easy way in yet. I have managed to change some stuff on efs and other partitions.
the binary checks sammy implemented starting in the s9 devices sucks.
I am still looking though.

i now have uid 1000 access.. with how selinux contexts and ownership is in pie tho i can only access stuff that is mounted rw and system user/group which so far is cache, carrier, efs, data, qdmdbg and various files spread throughout.
dev block wise i can access persistent, and steady partitions.. other than that i can write to the ones that are already mounted.
uid 1000 is a step in the right direction tho... beats shell 2000 uid

not to mention the method for uid 1000 should be there on any sammy device with combo firmware lol

Hi is there anything i can do to help at all cause if so i am willing i have found some stuff online as well posted it in a different post but can share it here if u are interested

I am definitely interested in learning more and being a part of this convo fellas! I have been in the Bus for at least 8 years now and want to learn the next step which is how to navigate around the S10 S10+ Security Features. Anyone mind showing me a few ropes please?

elliwigy said:
not to mention the method for uid 1000 should be there on any sammy device with combo firmware lol
Click to expand...
Click to collapse
This is similar to the techniques used to write imei on cpid phones. Can you share the scripts? You use for temp root.

Chibisuke1219 said:
Hi is there anything i can do to help at all cause if so i am willing i have found some stuff online as well posted it in a different post but can share it here if u are interested
Click to expand...
Click to collapse
Any good reads is welcome!

Vell123 said:
This is similar to the techniques used to write imei on cpid phones. Can you share the scripts? You use for temp root.
Click to expand...
Click to collapse
There is no scripts lol. I can't share the method or files to get to combo.
An update however, I noticed with system prices you can access the efs folder.
I found a way to pass kernel cmdline to the bootloader to set ro props.
I am still messing with it and need an rma as I messed up my efs and can't get cell service now lol

Is S10+ Snapdragon will get root / magisk in anytime soon?
Sent from my MI 8 using Tapatalk

Vuska said:
Is S10+ Snapdragon will get root / magisk in anytime soon?
Click to expand...
Click to collapse
Who knows lol. Similar to N9 seems like I'm only one working on it lol
Currently stuck In a boot loop as i found a exploit for kernel cmdline injection and set ro.secure=0 which it didn't like. I didn't read the info sammy posted on new securities on s10 lineup around additional security around RKP and Knox Verified Boot. It is not the same as say pixel devices as they added onto it

I was told in the other thread that what i had found was more than likely BS but if u still what the link i can give it also am still willing to use my phone as some help if u need it
Edit: switching phone sry guys but keep workin hard i will keep looking for new s10 + finds even though i wont have it and ill keep u updated with whatever i find

Try and flash G97500 I know on older devices it would boot if you used flash fire not sure if you can dd it or not Odin probably wont like it but worth a try just make a system tar and flash it but you would also need that combo firmware.

I'm rockin' the s10+ (am g975u)....
I want root!
I will make pwmage!
Stay tuned!

Ph3n0x said:
Try and flash G97500 I know on older devices it would boot if you used flash fire not sure if you can dd it or not Odin probably wont like it but worth a try just make a system tar and flash it but you would also need that combo firmware.
Click to expand...
Click to collapse
wont work.. secure check fail since signed with dif keys

elliwigy said:
i now have uid 1000 access.. with how selinux contexts and ownership is in pie tho i can only access stuff that is mounted rw and system user/group which so far is cache, carrier, efs, data, qdmdbg and various files spread throughout.
dev block wise i can access persistent, and steady partitions.. other than that i can write to the ones that are already mounted.
uid 1000 is a step in the right direction tho... beats shell 2000 uid
Click to expand...
Click to collapse
Since you have UID 1000 access, wouldn't you be able to dump the partitions off the phone?
If so, why not dump each of the writable partitions and then compare checksums/bits before and after doing the unlock?

I have the g975u and am willing to help however