J
jetlitheone
Guest
As far as I've heard YOU CAN so people need to relax and leave this thread for development purposes... Please lol
Sent from my SAMSUNG-SGH-I337 using Tapatalk 2
[GUIDE][I337UCUAMF3][STOCK][NEUTERED] MF3 OTA Update - Keep Recovery and Root! [7-12]
- Thread starter Aou
- Start date
As far as I've heard YOU CAN so people need to relax and leave this thread for development purposes... Please lol
Sent from my SAMSUNG-SGH-I337 using Tapatalk 2
Attempting to downgrade with Kies fails and causes a triangle download screen brick. DO NOT TRY IT! Hopefully once Kies gets the full MF3, it will pass whatever checks it needs to proceed with the flash.
Assuming:
- Your current build is the AT&T Stock I337UCUAMDL
- You have not uninstalled any bloatware (freezing/disabling is OK)
- You haven't modified any system files that might be otherwise be used by the MF3 patch
- You might need to wipe data, but you are welcome to try it without wiping. At least wipe your cache/dalvik. If you run into a lot of force-closes, you'll need to wipe data too.
- You should still flash UPDATE-SuperSU-v1.41.zip to root your new MF3 build, at the least. You can also flash the other patches as you need.
In a nutshell: you might be able to get away with it. If you want JUST the modem update, you can update just that int he bottom section of the OP. In any event, be sure to take a full nandroid backup first, so that you can easily revert back.
Good luck.
Careful flashing too many parts of that update! Last night I updated sbl2 and sbl3. Hard brick. Still troubleshooting today to see if I can get anything over UART, but it looks pretty hopeless. Currently I have no JTAG either. Perhaps someone like @AdamOutler could point me in the right direction? Looks like I need to get a JTAG adapter for the S4, and a riffbox or something. At least I pulled a copy of my original sbl1, sbl2, sbl3 and aboot before I bricked it.
If you're strictly following the guide, no problems. If you decide to create your own neutered package, be very careful regarding which parts you allow it to flash.
I must have interrupted this chain of trust thing that Adam speaks of.
If you're strictly following the guide, no problems. If you decide to create your own neutered package, be very careful regarding which parts you allow it to flash.
I must have interrupted this chain of trust thing that Adam speaks of.
J
jetlitheone
Guest
Careful flashing too many parts of that update! Last night I updated sbl2 and sbl3. Hard brick. Still troubleshooting today to see if I can get anything over UART, but it looks pretty hopeless. Currently I have no JTAG either. Perhaps someone like @AdamOutler could point me in the right direction? Looks like I need to get a JTAG adapter for the S4, and a riffbox or something. At least I pulled a copy of my original sbl1, sbl2, sbl3 and aboot before I bricked it.
If you're strictly following the guide, no problems. If you decide to create your own neutered package, be very careful regarding which parts you allow it to flash.
I must have interrupted this chain of trust thing that Adam speaks of.
Can you JTag it? Rumors going around saying samsung blew a Qfuse with this update
Just a question...
Are the wifi and sound issues due to a qfuse in the bootloader not popping?
Sounds like the firmware and bootloader dependant upon each other to load certain drivers from memory.
Please correct me if im wrong.
I thinking its like a og cd player. Some would play just a cd. Others would mp3 cd,wmp files and such, with only a change in the model number
Sounds like are making a move to identical devices with different feature sets. Blow a qfuse on a pbl or sbl can change everything.
Just saying sounds like hardware and software integration to lock down devices from modification.
Concidering that vzw and at&t are the two largest carriers in the country it may be a move from samsung not carriers to lock down our devices. Just saying!!!!
Small changes on identical hardware (qualcomm chip)and variations in firmware is like buying a Chevy or spending more and getting a Caddy . Same build quality premium features
Sorry for the rant just been reading alot about the s4 and s4a,and thats how I intrepid it.
Sent from my SAMSUNG-SGH-I337 using xda premium
Are the wifi and sound issues due to a qfuse in the bootloader not popping?
Sounds like the firmware and bootloader dependant upon each other to load certain drivers from memory.
Please correct me if im wrong.
I thinking its like a og cd player. Some would play just a cd. Others would mp3 cd,wmp files and such, with only a change in the model number
Sounds like are making a move to identical devices with different feature sets. Blow a qfuse on a pbl or sbl can change everything.
Just saying sounds like hardware and software integration to lock down devices from modification.
Concidering that vzw and at&t are the two largest carriers in the country it may be a move from samsung not carriers to lock down our devices. Just saying!!!!
Small changes on identical hardware (qualcomm chip)and variations in firmware is like buying a Chevy or spending more and getting a Caddy . Same build quality premium features
Sorry for the rant just been reading alot about the s4 and s4a,and thats how I intrepid it.
Sent from my SAMSUNG-SGH-I337 using xda premium
Last edited:
Careful flashing too many parts of that update! Last night I updated sbl2 and sbl3. Hard brick. Still troubleshooting today to see if I can get anything over UART, but it looks pretty hopeless. Currently I have no JTAG either. Perhaps someone like @AdamOutler could point me in the right direction? Looks like I need to get a JTAG adapter for the S4, and a riffbox or something. At least I pulled a copy of my original sbl1, sbl2, sbl3 and aboot before I bricked it.
If you're strictly following the guide, no problems. If you decide to create your own neutered package, be very careful regarding which parts you allow it to flash.
I must have interrupted this chain of trust thing that Adam speaks of.
Sorry to hear that. Let me know how it goes. All I'm trying to update is system and boot. Img..
On a side note. If you can't get it up and running again let me know. I might take it off your hands $$.
Sent from my SAMSUNG-SGH-I337 using xda premium
I see the rumors about a QFuse, but it is my understanding that a JTAG might be able to circumvent this anyway? I could be badly mistaken.
I did actually pull a system and boot dump before I borked my device, simply using DD. Also happened to grab sbl2, sbl3, aboot and maybe a couple others that are irrelevant.
Update:
Also, it looks like UART is hopeless. Tried many different resistances on the ID pin, and nothing. Tried as many combinations I could think of with power, battery, plugging, unplugging, etc. on every known resistance that gives download mode or UART. I'm pretty sure this thing is hosed. a JTAG "should" repair it, but again, I have no box or cable for this. Currently looking into my options here. It would be nice if Josh helped out some.
I did actually pull a system and boot dump before I borked my device, simply using DD. Also happened to grab sbl2, sbl3, aboot and maybe a couple others that are irrelevant.
Update:
Also, it looks like UART is hopeless. Tried many different resistances on the ID pin, and nothing. Tried as many combinations I could think of with power, battery, plugging, unplugging, etc. on every known resistance that gives download mode or UART. I'm pretty sure this thing is hosed. a JTAG "should" repair it, but again, I have no box or cable for this. Currently looking into my options here. It would be nice if Josh helped out some.
could u post the system.img ? and i must have missed something you bricked ur device ?
I'll see if I can get that uploaded to dev-host also once the dust settles here.
So, I CAN get some response from my device through QPST. I've found a copy of MPRG8960.hex and 8960_msimage.mbn (no idea if it's applicable to this device?). Still investigating, but with these files, and a few others, I might be able to generate a QPST-compatible .hex bootloader image. Probably going to use the .mbn files from @AdamOutler's thread on bootloader unlock. I've seen this is possible with the Note, and I don't see why it couldn't be done with the S4 (apart from having the correct files).
In other words, perhaps I can unbrick this with QPST? We shall see.
I'll see if I can get that uploaded to dev-host also once the dust settles here.
So, I CAN get some response from my device through QPST. I've found a copy of MPRG8960.hex and 8960_msimage.mbn (no idea if it's applicable to this device?). Still investigating, but with these files, and a few others, I might be able to generate a QPST-compatible .hex bootloader image. Probably going to use the .mbn files from @AdamOutler's thread on bootloader unlock. I've seen this is possible with the Note, and I don't see why it couldn't be done with the S4 (apart from having the correct files).
In other words, perhaps I can unbrick this with QPST? We shall see.
I hope you get it sorted out!!! and thanks man.. :good:
Interesting. Did you odin back to MDB stock or MDL stock? If you happen to have the MDL Odin (I still don't know where to find that?), then you'll probably get errors at that stage.
It's likely possible to do things in a slightly different order and skip some steps if you have the MDL Odin package. Otherwise, I posted what worked for me with what I had.
Interesting. Did you odin back to MDB stock or MDL stock? If you happen to have the MDL Odin (I still don't know where to find that?), then you'll probably get errors at that stage.
It's likely possible to do things in a slightly different order and skip some steps if you have the MDL Odin package. Otherwise, I posted what worked for me with what I had.
yes. I Odin'd back to MDB and followed your steps. I first tried with oudhs recovery then with TWRP. Just Odin'd to MDL and gonna start from step 13 like u advised. Will report back in a few.
edit....the flash seems to be working now.
I will report findings after the device is set up. Thanks again.
Last edited:
Interesting. Did you odin back to MDB stock or MDL stock? If you happen to have the MDL Odin (I still don't know where to find that?), then you'll probably get errors at that stage.
It's likely possible to do things in a slightly different order and skip some steps if you have the MDL Odin package. Otherwise, I posted what worked for me with what I had.
I have an mdl odin if you need one or you can get it from sammobile.com
But they are really slow.
Sent from my SAMSUNG-SGH-I337 using xda premium
Unfortunately, I'm kinda screwed at the moment (hard brick), but I'l check it out once I get some partition info here. I believe I have everything I need to get this thing back to working, but I need to translate some partition info into "dd" terms. :/
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
24Notice (4/16/14): I'm no longer here. I've said "goodbye" to AT&T and their locked bootloader schemes. I'm voting with my wallet - I've sold my I337 and switched to T-Mobile. My apologies to the community, but you're now on your own here.
NOTICE: These instructions are pretty much obsolete. If you'd like to run a pure stock MF3 rom based on this exact method of neutering the MF3 OTA update, then read this thread. This thread shall remain for informational purposes only.
A quick THANKS to djbliss (motochopper root exploit), TeamWin (TWRP recovery), Chainfire (SuperSU), and all of the Guinea pigs that tested some of this stuff out for me in this thread.
What is this?
This is not technically a ROM, but by the time you are done, you will be running the stock, (albeit rooted) I337UCUAMF3 ROM provided by AT&T. Unlike the original MF3 OTA patch, if you perform the steps outlined in this thread, you will not lose your custom recovery, and your bootloader (including aboot) will remain untouched.
Here's what the neutered version does:
- It will flash a new boot.img, which primarily includes the MF3 Kernel.
- It will flash the RPM partition, which as far as I can tell is strictly for power management. I kept it in the package because it seems harmless.
- It will update many files in your /system partition, bringing you up to the latest MF3 build (the whole point).
- It will flash the new MF3 modem/Baseband, along with its counterpart, the NON-HLOS partition as well. The NON-HLOS partition will cause some problems with your sound (keep reading), but I've added a patch here that will solve this problem while creating another (WiFi breaks). I've kept this included in the original neutered patch, just in case someone is able to find a very easy fix for the sound and/or WiFi.
Can I go back?
From my experience, if you do not update the bootloaders, it is fully possible to return to the I337UCUAMDB or I337UCUAMDL stock versions. I used Odin, personally, but you could simply restore nandroid backups or flash a new rom. Your modem/Baseband will stay at I337UCUAMF3, along with your RPM partition - unless you use Odin or otherwise flash older versions manually. Personally, I found ZERO side-effects of performing these steps and then restoring my MDL-based nandroid backup.
Bugs?
At this time, you will have to choose between either having sound, or having WiFi. Can't have both. This is completely related to the NON-HLOS modem that's included and expected in the MF3 build. As mentioned above, the new NON-HLOS modem will kill your sound capabilities without having the new bootloaders, etc. I have no idea why, so I've provided a "fix" for this - a flashable .zip that will restore your NON-HLOS modem back to the MDL version. If you revert to this MDL NON-HLOS modem, you will lose WiFi capabilities. If someone finds a more proper fix for this, please let everyone know. Otherwise, you're welcome to keep switching back and forth as you please. See the section in this post about flashing just the modems.
Anything else?
In addition to all this, I've provided a modified, deodexed SecSettings.apk that will not scan for SysScope and will not mark your system as "Custom". This add-on package also removes SysScope entirely from the OS. This add-on optional, and you can choose not to flash this part if you wish. This package is based on my previous mod, located here (some minor changes in Status.smali to match the new MF3 build, but otherwise the same steps were performed to create this new SecSettings.apk). Basically, if you perform all of the steps outlined in this method, you will find yourself with an "official" status, and will have the original "Galaxy S4" boot logo (not the custom/padlock logo), regardless of the root or custom recovery.
Warnings and Caveats:
I have not extensively tested the I337UCUAMF3 operating system, and I WILL NOT be providing tech support for this operating system. Take it AS-IS, and ask your questions about the OS in the Q&A forum. This thread will be only for the process of getting you to I337UCUAMF3.
NOTICE: This is only intended for the I337 - a.k.a. the AT&T Galaxy S4. I have only tried this on my 16Gb, original device. You may try it on other devices, but there is of course a very high risk of bricking your non-i337 device. You've been warned.
WARNING: I am not responsible if you brick your device. Follow the instructions very, very closely, and you will be fine.
ANOTHER WARNING: There are mixed reports about certain things being broken with the MF3 update, such as the "free unlock with hidden menu" and tethering, etc. If these are important to you, you might want to make a full backup of your EFS just in case. Most custom recoveries (including the provided TWRP recovery) can help you do this. The EFS partition does not appear to be touched during the update, but just in case the new kernel or new modem does something to it on-the-fly, it would be a good idea to have a backup.
Okay, great. So what do we do?
Click the "Click to show content" button below to begin.
But I only want to flash the new modem (Baseband). Do I have to do all that crazy stuff?
Certainly not! You can flash just the modem itself, very easily. You need to be rooted, or have a custom recovery first.
The Manual Method - requires root (advanced users, but technically easier and quicker!):
The Automatic Method - requires custom recovery (recommended for flashaholics):
CPA Poke has offered a flashable version of the modem as an option here.
I just want the original, unaltered I337UCUAMDF patch. Where can I find it?
You can download it here. This was taken straight from \cache\fota\2400258.cfg. You can rename it as a .zip if you'd like to mess with it. Please note that this file may not be flashable on your device if you have customized your /system partition or have made other modifications to your device. This patch performs a series of integrity checks, and will not install if it fails any of them. If it fails, you should be safe, as the patch sequence aborts before making changes if it fails the checks.
BE FOREWARNED: Flashing this file directly will cause you to lose root, lose your custom recovery, and lose the ability to obtain root in the future (as far as we know). In other words, DO NOT install this unaltered, original update if you EVER want to have root again, flash custom ROMs, or have the ability to make/restore nandroid backups. You've been warned.
How can I make my own neutered version of the OTA patch?
Check out post #2 in this thread for all the details on how to customize your OTA patch file, including the warnings and potential ways you can hard brick your device.
What was changed in this patch?
If you were to flash the original patch without neutering it first, you'll be stuck with a stock MF3 build (or higher). As far as we can tell, this patch does blow some e-fuses in the device, incrementing a number such that it is impossible to return back to an older build (MDB or MDL). There is currently no known cure for this condition if this is the case, especially considering we have locked bootloaders on the I337 at this time.
For a complete list of all the files that this patch touches on your system, you can check out my previous post here.
Can I use this in my own ROM?
Certainly! In fact I encourage it. I'd like to see some cool ROMs be built using the MF3 base. It's got some nice improvements on the MDL base, so any stock-based ROMs should benefit. You have my full permission to use this complete process or any parts/pieces/packages/methods herein. I would like to see my name mentioned in your "thanks" list if you have one, but this is of course completely optional.
Where can I download a full system and kernel dump of the work you did? (ADDED 7-12-13)
You can download it right here. Apart from the SysScope mod mentioned above and injecting root, this is the full, stock image. This is NOT directly flashable, so don't even try. This will only be useful for ROM developers and advanced users. The modems and bootloaders have nothing to do with these packages, but these might be required for everything to work correctly (i.e. sound and WiFi).
This was created from my device after performing all the steps above, using these commands while the device was in recovery, from a root ADB shell:Code:dd if=/dev/block/mmcblk0p16 of=/sdcard/system-MF3.img dd if=/dev/block/mmcblk0p20 of=/sdcard/boot-MF3.img
Do you have this available as a ROM I can flash? (ADDED 8-6-13)
Indeed! If you want to install this as a ROM, check out my newer thread here.
Anything I can do to help here?
If this information and tutorial helped you out, just simply hit the "THANKS" button. It's great to know the work was appreciated. Another way that you can help is to provide feedback in this thread about how it worked for you, and if there's any improvements that can be made. Lastly, if you're interested in helping financially to help recover the costs of the JTAG box I now need to recover my S4, you're certainly welcome to assist by using the donate link on the left. Keep in mind that I'm not technically a Dev here - I'm just another forum member that's providing information to other members. It's what this whole community is about.3How can I make my own neutered version of the OTA patch?
With lots of careful snipping. But first, you need a copy of the original OTA patch. You can download this from my post above, or you can download one yourself straight from AT&T.
To download your own copy, the process is not terribly complicated - just risky. Here's the steps I performed to obtain the original update file from AT&T:
Great - you've got the file. Time to grab the scissors and perhaps something to steady the hands and numb the pain. A keyboard works too in this case. Here's what to do:
- Save a backup copy of your update file. One copy for safekeeping (in case you want to start over) and another to work on. Do it now.
- Open the update file using basically any .zip editor. I used 7zip because it performed quickly, whilst Win7's zip capabilities were VERY SLOW dealing with this file.
[*]From the root directory of the file, delete:
- aboot.mbn
- sbl2.mbn
- sbl3.mbn
- tz.mbn
- The entire "recovery" directory.
- Within the file, browse to META-INF\com\google\android and pull a copy of the updater-script. This file does all the magic.
- Edit the updater-script using a text editor, preferably something like Notepad++ (great program! I recommend it). Make the following changes:
- Save it, and put the modified updater-script back inside the update file where you found it, replacing the old one.
- Upload it to your SDCard and flash. See all the warnings here in this post and in the original post about what to do with this thing.
NOTES and WARNINGS:
- A careful reader will be able to easily tell what each part of the updater-script does, and you can choose whether or not to keep it, modify it, or delete it.
- Keep in mind that the update will fail if it does not pass all of those integrity checks. You can technically remove all of the integrity checks, and the update will still process, patching files left-and-right. However, depending on how heavily you have modified your system, you will probably run into extreme problems (soft brick most likely).
- CRITICAL WARNING ABOUT BOOTLOADERS: At this time, do NOT allow the update package to only partially update your bootloader! Failure to update the entire bootloader will result in a hard brick. For example, if you were to include the parts that update sbl2 and sbl3, but not include tz and aboot... your chain of trust will be violated, and the device will refuse to boot normally (a.k.a. QDL Mode or Emergency Boot). The only theoretically known way out of this is JTAG. You don't want to go there. So, simply put: regarding bootloaders, it's all or nothing. The bootloader updates included in this package are: sbl2.mbn sbl3.mbn aboot.mbn tz.mbn. It's like any good D&D campaign - if you separate these party members, the campaign is toast.
- REMINDER: At this time, it appears that flashing the new bootloader will trip an e-fuse. This is a hardware device that is only capable of incrementing a number. If the number on the e-fuse is higher than the bootloader you are trying to flash (with Odin, for example), the device will refuse to take the update. In other words, if you flash the MF3 bootloader, there is no known way to return to the MDB or MDL bootloaders at this time.
2Interesting. Did you odin back to MDB stock or MDL stock? If you happen to have the MDL Odin (I still don't know where to find that?), then you'll probably get errors at that stage.
It's likely possible to do things in a slightly different order and skip some steps if you have the MDL Odin package. Otherwise, I posted what worked for me with what I had.
I have an mdl odin if you need one or you can get it from sammobile.com
But they are really slow.
Sent from my SAMSUNG-SGH-I337 using xda premium2Careful flashing too many parts of that update! Last night I updated sbl2 and sbl3. Hard brick. Still troubleshooting today to see if I can get anything over UART, but it looks pretty hopeless. Currently I have no JTAG either. Perhaps someone like @AdamOutler could point me in the right direction? Looks like I need to get a JTAG adapter for the S4, and a riffbox or something. At least I pulled a copy of my original sbl1, sbl2, sbl3 and aboot before I bricked it.
If you're strictly following the guide, no problems. If you decide to create your own neutered package, be very careful regarding which parts you allow it to flash.
I must have interrupted this chain of trust thing that Adam speaks of.1Nice...as usual. Just to help make it clear, are you allowing other developers to use this to put into their ROMs (with credit given of course)?
Again, thanks for your work.
