Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[Q] Knox Boot Loader Exploration On Samsung Galaxy S4 SPH-L720

OP perezmarka

30th March 2014, 07:57 PM   |  #1  
OP Member
Thanks Meter: 7
 
39 posts
Join Date:Joined: Nov 2013
More
I started looking at this issue in another thread HERE. I started thinking about this and knew there were others with more info that might help.

Everyone says you can't downgrade the Knox Boot Loader once it's been loaded. I want to try and understand why/how we can modify the system to overcome that.

Here's what I know and I've done:

After MF9, the Knox Bootloader was included in the update. Unknownforce has a great thread that has the modems with or without the boot loader. What I did first was unzip the tar files for MF9 (with and without the boot loader.)

Both files have:
modem.bin
NON-HLOS.bin
rpm.mbn
tz.mbn

When I compare the files in both, they seem identical. Same creation date, same size, ect. They may or may not be the same? But the boot loader version has some extra files.

Boot Loader Version has these files:
aboot.mbn
sbl2.mbn
sbl3.mbn

Process of elimination indicates that these have the Knox Boot loader encoded in some way. The sbl files are placed in the root directory /firmware-mdm/image/ . Try as I might, I can't find aboot.mbn. I did a nandroid backup of my system, then I deleted sbl2.mbn and sbl3.mbn using ES File Explorer. When I rebooted the phone, the files were back in the directory.

Another thing I did was a nand erase and re-partition of my phone using Odin. (Don't attempt this unless you have the pit file! You can easily brick your phone. On second thought, don't attempt this at all. I just got lucky I was able to bring it back up. As it was my Data partition was corrupted because of this but I was able to fix it.) I think I did everything right in re-installing. I put a knox free boot loader and recover with Odin first. Then booted into recovery and installed a Knox free rom. Knox boot loader was still there. I was hoping re-partitioning would wipe everything out but it was a no go. Anyone else have experience in this?

Here's my questions:

If we delete those three files and can keep them from reloading, will Knox Boot Loader be disabled?

What partition is aboot.mbn located in or stored in the system? Can it be assessed with adb commands and renamed or deleted?

Where are the sbl files being reloaded from?

Does anyone know if the similar files are the exact same files? If not how do we replace them with non-boot loader versions if the system regenerates them at each boot?

Is there a way to do a nand erase and re-partitioning in order to get rid of the bootloader?

Thoughts?
17th May 2014, 12:19 AM   |  #2  
Member
Thanks Meter: 7
 
64 posts
Join Date:Joined: Jan 2005
My hard brick says aboot is in partition 6
Aboot is in partition 6. You can find this out by using a # heimdall print-pit command and
examining the output.

If you dd a different version of aboot.mbn atop that partition it will hard-brick the device,
meaning the screen won't come on and all it wants is a primitive USB serial connect
to some software I'm sure only Samsung has.

How do I know? I have three Dev S4s (VZW) and none of them will let me flash TWRP.
In order to try getting a "less locked aboot" I dd'd an older version (VRUAMDK) onto
that partition (mmcblk0p6). The device is now good to send back to Samsung or to
keep papers from flying -- unless someone knows the secret serial port protocol.

Sigh.

Ehud

Quote:
Originally Posted by perezmarka

I started looking at this issue in another thread HERE. I started thinking about this and knew there were others with more info that might help.

Everyone says you can't downgrade the Knox Boot Loader once it's been loaded. I want to try and understand why/how we can modify the system to overcome that.

Here's what I know and I've done:

After MF9, the Knox Bootloader was included in the update. Unknownforce has a great thread that has the modems with or without the boot loader. What I did first was unzip the tar files for MF9 (with and without the boot loader.)

Both files have:
modem.bin
NON-HLOS.bin
rpm.mbn
tz.mbn

When I compare the files in both, they seem identical. Same creation date, same size, ect. They may or may not be the same? But the boot loader version has some extra files.

Boot Loader Version has these files:
aboot.mbn
sbl2.mbn
sbl3.mbn

Process of elimination indicates that these have the Knox Boot loader encoded in some way. The sbl files are placed in the root directory /firmware-mdm/image/ . Try as I might, I can't find aboot.mbn. I did a nandroid backup of my system, then I deleted sbl2.mbn and sbl3.mbn using ES File Explorer. When I rebooted the phone, the files were back in the directory.

Another thing I did was a nand erase and re-partition of my phone using Odin. (Don't attempt this unless you have the pit file! You can easily brick your phone. On second thought, don't attempt this at all. I just got lucky I was able to bring it back up. As it was my Data partition was corrupted because of this but I was able to fix it.) I think I did everything right in re-installing. I put a knox free boot loader and recover with Odin first. Then booted into recovery and installed a Knox free rom. Knox boot loader was still there. I was hoping re-partitioning would wipe everything out but it was a no go. Anyone else have experience in this?

Here's my questions:

If we delete those three files and can keep them from reloading, will Knox Boot Loader be disabled?

What partition is aboot.mbn located in or stored in the system? Can it be assessed with adb commands and renamed or deleted?

Where are the sbl files being reloaded from?

Does anyone know if the similar files are the exact same files? If not how do we replace them with non-boot loader versions if the system regenerates them at each boot?

Is there a way to do a nand erase and re-partitioning in order to get rid of the bootloader?

Thoughts?

Post Reply Subscribe to Thread

Tags
bootloader, knox, seandroid
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes