Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,740,095 Members 40,553 Now Online
XDA Developers Android and Mobile Development Forum

[Q] Knox Boot Loader Exploration On Samsung Galaxy S4 SPH-L720

Tip us?
 
perezmarka
Old
#1  
Member - OP
Thanks Meter 7
Posts: 39
Join Date: Nov 2013
Default [Q] Knox Boot Loader Exploration On Samsung Galaxy S4 SPH-L720

I started looking at this issue in another thread HERE. I started thinking about this and knew there were others with more info that might help.

Everyone says you can't downgrade the Knox Boot Loader once it's been loaded. I want to try and understand why/how we can modify the system to overcome that.

Here's what I know and I've done:

After MF9, the Knox Bootloader was included in the update. Unknownforce has a great thread that has the modems with or without the boot loader. What I did first was unzip the tar files for MF9 (with and without the boot loader.)

Both files have:
modem.bin
NON-HLOS.bin
rpm.mbn
tz.mbn

When I compare the files in both, they seem identical. Same creation date, same size, ect. They may or may not be the same? But the boot loader version has some extra files.

Boot Loader Version has these files:
aboot.mbn
sbl2.mbn
sbl3.mbn

Process of elimination indicates that these have the Knox Boot loader encoded in some way. The sbl files are placed in the root directory /firmware-mdm/image/ . Try as I might, I can't find aboot.mbn. I did a nandroid backup of my system, then I deleted sbl2.mbn and sbl3.mbn using ES File Explorer. When I rebooted the phone, the files were back in the directory.

Another thing I did was a nand erase and re-partition of my phone using Odin. (Don't attempt this unless you have the pit file! You can easily brick your phone. On second thought, don't attempt this at all. I just got lucky I was able to bring it back up. As it was my Data partition was corrupted because of this but I was able to fix it.) I think I did everything right in re-installing. I put a knox free boot loader and recover with Odin first. Then booted into recovery and installed a Knox free rom. Knox boot loader was still there. I was hoping re-partitioning would wipe everything out but it was a no go. Anyone else have experience in this?

Here's my questions:

If we delete those three files and can keep them from reloading, will Knox Boot Loader be disabled?

What partition is aboot.mbn located in or stored in the system? Can it be assessed with adb commands and renamed or deleted?

Where are the sbl files being reloaded from?

Does anyone know if the similar files are the exact same files? If not how do we replace them with non-boot loader versions if the system regenerates them at each boot?

Is there a way to do a nand erase and re-partitioning in order to get rid of the bootloader?

Thoughts?
DEVICE: Samsung Galaxy S4 (Rooted)
KERNEL: Ktoonsez - KT-SGS4 @ 2.1GHz (2-05-2014)
ROM: RAWINTELLECT'S 4.3 Stock(ish) V06 "Only The Best For My Phone!"
PRL Version: 55017
RADIO: L720VPUFNAE
SUPERUSER: SuperSU v1.91
RECOVERY: Philz Touch Recovery 6.15.6
 
gavron
Old
#2  
Member
Thanks Meter 7
Posts: 62
Join Date: Jan 2005
Default My hard brick says aboot is in partition 6

Aboot is in partition 6. You can find this out by using a # heimdall print-pit command and
examining the output.

If you dd a different version of aboot.mbn atop that partition it will hard-brick the device,
meaning the screen won't come on and all it wants is a primitive USB serial connect
to some software I'm sure only Samsung has.

How do I know? I have three Dev S4s (VZW) and none of them will let me flash TWRP.
In order to try getting a "less locked aboot" I dd'd an older version (VRUAMDK) onto
that partition (mmcblk0p6). The device is now good to send back to Samsung or to
keep papers from flying -- unless someone knows the secret serial port protocol.

Sigh.

Ehud

Quote:
Originally Posted by perezmarka View Post
I started looking at this issue in another thread HERE. I started thinking about this and knew there were others with more info that might help.

Everyone says you can't downgrade the Knox Boot Loader once it's been loaded. I want to try and understand why/how we can modify the system to overcome that.

Here's what I know and I've done:

After MF9, the Knox Bootloader was included in the update. Unknownforce has a great thread that has the modems with or without the boot loader. What I did first was unzip the tar files for MF9 (with and without the boot loader.)

Both files have:
modem.bin
NON-HLOS.bin
rpm.mbn
tz.mbn

When I compare the files in both, they seem identical. Same creation date, same size, ect. They may or may not be the same? But the boot loader version has some extra files.

Boot Loader Version has these files:
aboot.mbn
sbl2.mbn
sbl3.mbn

Process of elimination indicates that these have the Knox Boot loader encoded in some way. The sbl files are placed in the root directory /firmware-mdm/image/ . Try as I might, I can't find aboot.mbn. I did a nandroid backup of my system, then I deleted sbl2.mbn and sbl3.mbn using ES File Explorer. When I rebooted the phone, the files were back in the directory.

Another thing I did was a nand erase and re-partition of my phone using Odin. (Don't attempt this unless you have the pit file! You can easily brick your phone. On second thought, don't attempt this at all. I just got lucky I was able to bring it back up. As it was my Data partition was corrupted because of this but I was able to fix it.) I think I did everything right in re-installing. I put a knox free boot loader and recover with Odin first. Then booted into recovery and installed a Knox free rom. Knox boot loader was still there. I was hoping re-partitioning would wipe everything out but it was a no go. Anyone else have experience in this?

Here's my questions:

If we delete those three files and can keep them from reloading, will Knox Boot Loader be disabled?

What partition is aboot.mbn located in or stored in the system? Can it be assessed with adb commands and renamed or deleted?

Where are the sbl files being reloaded from?

Does anyone know if the similar files are the exact same files? If not how do we replace them with non-boot loader versions if the system regenerates them at each boot?

Is there a way to do a nand erase and re-partitioning in order to get rid of the bootloader?

Thoughts?
Tags
bootloader, knox, seandroid
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes