[EXPERIMENTAL][i9505] Possibility to Downgrade to an old Bootloader!
- Thread starter Kaito95
- Start date
- Status
Yes , use tz.mbn from XXUAMDE ,tz.mbn from first post FAIL on Odin.
I suppose that tz.mbn is responsible for Knox Warranty Void.Several of my friends sent they S4 for repair and after that they was returned with Knox Warranty:0x0
hi all
can any one write me where is install aboot , rpm , sbl1, sbl2 , sbl3 ,tz on i9505 i talk about mmcblk0px ????
I try do id script to change this file using adb that same like one guy do it on n7100
EDIT
okay i modded script from n7100 to i9505
If you want use you must download zip pack from zippyshare and extract ---> http://www2.zippyshare.com/v/14458107/file.html
if any one have file from MGA witch sbl1 you can change in folder I9505_RESTORE_OLD BOOTLOADER_TEST i try using MK8 ALL FILE AND ITS WORK . On zip pack i added MK8 all file
not responsible for damage to your smartphone
everything you do on your own responsibilty
can any one write me where is install aboot , rpm , sbl1, sbl2 , sbl3 ,tz on i9505 i talk about mmcblk0px ????
I try do id script to change this file using adb that same like one guy do it on n7100
EDIT
okay i modded script from n7100 to i9505
If you want use you must download zip pack from zippyshare and extract ---> http://www2.zippyshare.com/v/14458107/file.html
if any one have file from MGA witch sbl1 you can change in folder I9505_RESTORE_OLD BOOTLOADER_TEST i try using MK8 ALL FILE AND ITS WORK . On zip pack i added MK8 all file
not responsible for damage to your smartphone
everything you do on your own responsibilty
Last edited:
aboot = /dev/block/mmcblk0p6
rpm =/dev/block/mmcblk0p7
sbl1 =/dev/block/mmcblk0p3
sbl2 =/dev/block/mmcblk0p4
sbl3 = /dev/block/mmcblk0p5
tz =/dev/block/mmcblk0p8
hidden =/dev/block/mmcblk0p27
carrier =/dev/block/mmcblk0p28
efs =/dev/block/mmcblk0p10
mdm =/dev/block/mmcblk0p2
apnhlos =/dev/block/mmcblk0p1
param =/dev/block/mmcblk0p19
That is from SPH-L720, now if only I had the file from MF9 for the Sprint version, but I only have the new files as my phone has already been updated to 4.3
---------- Post added at 11:54 AM ---------- Previous post was at 11:49 AM ----------
Incidentally, if someone does accidentally hard brick their phone, I searched until late last night and found this thread confirming the files I posted work to unbrick your device
http://xdaforums.com/showthread.php?t=2363418
I did a search for galaxy_S4_9505.rar, kind of like a reverse number lookup and found a few threads where people hard-bricked their devices and used this program to un brick it, so in the untimely event that this happens, you can do the same for complete instructions
---------- Post added at 12:16 PM ---------- Previous post was at 11:54 AM ----------
Ha! I just ran your script and the phone turned off, and my computer started trying to install Qsub drivers or whatever they are
I just hardbricked my phone, if this was to get me to try and see if I can get the software I posted to work, it worked..now I have to unbrick my phone, I will report back shortly...I have to run to the store first, then maybe I iwll make a video of it just for a walkthrough, I will post it if I am successful
Last edited:
I have i9505 international and i have MK8 firmware and i try with orginal file from this rom and script work ok but tell me do you freez knox on your rom???
Wysłane z mojego GT-I9505 international przy użyciu Tapatalka
Wysłane z mojego GT-I9505 international przy użyciu Tapatalka
Last edited:
Its dead, its the third phone too. I used the galaxy_S4_9505 boot repair QHUSB method and it returns a cannot find specified file, so I don't know what I am doing wrong
L
LastStandingDroid
Guest
I don't want to say anything against you but can it be, that this is malware created in Visual Basic? It was recognized as a virus und the software looks like a fake.
Gesendet von meinem GT-I9505 mit Tapatalk 2
not a virus, it's a "recovery" tool to send bootloader to dead boot phones but it might not work
but it isn't being warned for a virus, any tool that isn't "signed" is going to give you this message,
not a virus, it's a "recovery" tool to send bootloader to dead boot phones but it might not work
but it isn't being warned for a virus, any tool that isn't "signed" is going to give you this message,
I totally hard-bricked my phone, I am trying to use this tool to resurrect it, but it doesn't seem to to do anything, there are no instructions online that I can find. I make sure the drivers are installed and the program finds my device on the proper com port, I hit the button recover device, and a command prompt opens, then a second one opens, and closes before I have a chance to read it....I am obviously doing something wrong, any help or guidance would be appreciated...
Try open exe file and see where you must install gualcomm USB drivers i dont remember but its C:/Qualcomm/and Here must have drivers
Wysłane z mojego GT-I9505 przy użyciu Tapatalka
The command prompt from the i9505 recover program gives an error, "Status 27: cannot write to specified device"
Its probably because Samsung has aboot.mbn write protected now...
Sent from my A501 using xda app-developers app
Its probably because Samsung has aboot.mbn write protected now...
Sent from my A501 using xda app-developers app
Downgrade from witch bootlader to MK8 ? Your Knox is 0x0 or 0x1 ?
I think is possible to downgrade from MK* to MK* without problem with ODIN.
Did someone try to flash OLD 4.2.2 wit Z3X-Box ?
My knox is 0x1 but my s4 i my only fone what I have and I don't try downgrade I tested only on that same file what I have in my s4
Wysłane z mojego GT-I9505 przy użyciu Tapatalka
Wysłane z mojego GT-I9505 przy użyciu Tapatalka
Qualcomm HS-USB drivers?
Does anyone know how to get windows 7 to recognize Qualcomm HS-USB drivers? Windows sucks, I have windows 7 Professional and windows 7 Home Premium....Win7Pro doesn't allow programs like the phone recover program I am using because I don't have permission (even though I built this computer and every piece of it is mine I can't get permission), Windows 7 Home premium refuses to load the drivers because they are not signed...I never had this problem before...I tried everything as Administrator and nothing seems to work...
Looks Like I am building a Linux machine today...Its about time, I suppose
Does anyone know how to get windows 7 to recognize Qualcomm HS-USB drivers? Windows sucks, I have windows 7 Professional and windows 7 Home Premium....Win7Pro doesn't allow programs like the phone recover program I am using because I don't have permission (even though I built this computer and every piece of it is mine I can't get permission), Windows 7 Home premium refuses to load the drivers because they are not signed...I never had this problem before...I tried everything as Administrator and nothing seems to work...
Looks Like I am building a Linux machine today...Its about time, I suppose
Thanks, I never would have thought of that...I have been searching everything too, to try and get this working...
So the answer is to get to the PC Administrator account, something we never learned in school...
by running a command prompt as administrator and cd back to the prompt and type
net user administrator /active:yes
Then when you log off, the Administrator will have a login prompt, awesome...it works...
Last edited:
nope, hard-bricked my phone trying....I will continue trying when I get my replacement...I was on my way to CPR cell phone repair to have my phone resurrected and lost my phone before I got there somehow while I was Christmas shopping, so Asurion is sending me a replacement that I will receive tomorrow. The script a few posts back worked apparently but only re-wrote all the firmware except the aboot.mbn because my phone went to reboot and then the Qualcomm HS-USB drivers started installing on my computer which is a tell-tale sign the phone is toast.
Glad that got you on the right track.
That is a "feature" of all home edition windows os's XP and beyond.
Sent from my One using Tapatalk
- Status
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
12before you read -> please use at your own risk!! I am not responsible for any damage!! Use it only if you have a jtag or a riffbox
Hello dear Developer,
I offer you modified files which may possible to Downgrade to an old Bootloader. Every file has the new Samsung Certificate from Android 4.3 Bootloader (XXUEMK8).
This Bootloader is based on Android 4.2.2 firmware (XXUBMGA).
My presumption is that the new Bootloader has something to do with the new Samsung Certificate inside the new Knox enabled Bootloader.
If we flash a newer firmware it will fail because the KNOX bootloader checks the certificate while we flash an older/newer bootloader.
We know that is not possible to Downgrade to an old Bootloader if it has not the same certificate.
aboot.mbn -> https://www.dropbox.com/s/isb22plz7kvnve8/aboot.mbn
rpm.mbn -> https://www.dropbox.com/s/sng6w4lyc6p8w22/rpm.mbn
sbl2.mbn -> https://www.dropbox.com/s/x8hh3livuqh6xku/sbl2.mbn
sbl3.mbn -> https://www.dropbox.com/s/inzx4396x4zdcj1/sbl3.mbn
tz.mbn -> https://www.dropbox.com/s/973ue0rdp80qgbn/tz.mbn
I'll attach you five modified files (aboot.mbn, tz.mbn, sbl2.mbn, sbl3.mbn and rpm.mbn). It's from the XXUBMGA files which has the new certificates from XXUEMK8.
I edited the old Bootloader and I replace the old certificate with the new one from Android 4.3 Bootloader. There are a few differences between the both certificates.
That means:
Updating from MJX to a newer version -> possible
Downgrading from 4.3 to 4.2.2 -> not possible -> Certificates doesn't match with the new one or with the current one
Updating the same firmware (e.g. 4.3 XXUEMK8 -> XXUEMK8) --> also possible
Older firmware like XXUEMJ5 (older than XXUEMK8) is not possible unless we include the modified files to a odin flashable firmware. If we get newer firmwares with new bootloader (certificates) we will not able to flash my modified bootloader.
UPDATE:
Now with Odin flashable tar.md5 file. Big thanks to @mike_galaxy_s
→ Download
FLASH IT AT YOUR OWN RISK!
Some useful information concerning the Mount Points from GT-i9505 from Android 4.3 XXUEMKE
best regards,
Kaito954
So basically, the only way to re-write the bootloader is by hardbricking the device and using the QHSUSB drivers to recover and re-flash the software? That is what we had to do with the EVO3D....hmmm...food for thought...
but, I think the reason the MC2 back to stock works on the note2 is because there is a script to bypass mmcblk0 when it reboots into a temporary cache partition, i might be wrong, and I probably am, but if it is possible to bypass aboot or mmcblk0boot0 into a temporary partition like fota, like samsung uses, then it may be possible to write over these partitions from the temporary, like chainfire's triangle away does to change the flash count back to zero....off topic, just for laughs I sent an email to Samsung's tech support explaining how my phone was infected by a terrible virus that has taken control of everything and won't let me do anything, and asked them if they could point me in the direction of an anti-virus that could get rid of the Knox virus3
Apparently you have no idea how digital signatures work.
The signature uses the input data, hashes it, then signs it with the private key. The public key, which is distributed with the certificate, is used to verify the signature. If you don't have the private key, you can't make a valid signature from new input. Copying certificates around won't help you unless you have the private key that corresponds to the certificates that you're playing with.2Could be
I thought that the private keys are inside the certificate. While I editing the files, I saw lines that redirect to a http website. As I already have said, there are more things that we must change!
Nope. The public key is in the certificate. The only way you're going to get the private key is via a leak.
The URLs in the certificate are most likely CDPs (certificate revocation list distribution point) or OCSP (Online certificate status protocol) addresses. Those permit the certificate issuer to invalidate it if it becomes compromised.1
To be blunt, AES encryption will take a lot more than your 5 computers to even put a dent in it via brute force.
Folks:
No disrespect intended but I'm tempted to close this thread as it seems to be another wild goose chase thread.
While I'm in support of people trying to find a way around that, recent conversation doesn't seem headed that way.
Please keep the discussion relevant or move on to other things.
