I have try to flash an unsigned sbl with the foolowing command:
adb shell su -c "dd if=/sdcard/Sbl.bin of=/dev/block/bml4 bs=4096"
but with no working result. After reading the sbl again:
adb shell su -c "dd if=/dev/block/bml4 of=/sdcard/Sbl.bin bs=4096", it is still the same as before.
Also i have flashed an unsigned zImage in this way.
The kernel can flashed, but after flashing, the Tab don't start up.
I must flash an signed kernel again to reactivate the Tab.

m.tom59

so my tab is SIGNED, what does that now actually mean ? which roms can be flashed and which can not ? tnx

Quote:

Originally Posted by abuser0815

Heimdall is not stating an error on flashing those parts as kernel, pbl and sbl.

In order to get a useful log out of Heimdall, you need to flash from the command line and pass the --verbose option

Code:

[user@localhost]$ ./heimdall
Usage: heimdall <action> <arguments> [--verbose] [--delay <ms>]

action: flash
arguments:
    --repartition --pit <filename> --factoryfs <filename>
    --cache <filename> --dbdata <filename> --primary-boot <filename>
    --secondary-boot <filename> --param <filename> --kernel <filename>
    --modem <filename>
  or:
    [--pit <filename>] [--factoryfs <filename>] [--cache <filename>]
    [--dbdata <filename>] [--primary-boot <filename>]
    [--secondary-boot <filename>] [--secondary-boot-backup <filename>]
    [--param <filename>] [--kernel <filename>] [--recovery <filename>]
    [--efs <filename>] [--modem <filename>]
description: Flashes firmware files to your phone.

Quote:

Originally Posted by Jesterz

@chainfire,

What's the status of this? maybe we can pool resources with more people looking into this.

also, I assume (?) you played around with bmlunlock by koush ?

https://github.com/CyanogenMod/andro...sung_bmlunlock
Precompiled binary here: http://koush.tandtgaming.com//samsung/bmlunlock

After running bmlunlock on the samsung device, one can flash the kernel using the following command: dd if=/sdcard/zImage of=/dev/block/bml7 bs=4096


(yes i'm catching up, didn't read through 19 pages so excuse me if double posting )

Now I can understand you haven't been able to catch up with everything that has been said in every single page. However, the bmlunlock thing is mentioned even in the first post. Also, you could have tried "searching this thread" for bmlunlock, which would give you many references to it. As an FSM, both should have occurred to you. ( :P )

As for current status, nothing yet. There isn't much that I can do without an operational Tab.

Regarding resources, pooling, and people, there's enough people on the job. Right now it's just a bit of a waiting game for everyone to get their equipment in order to start testing. I'm still analysing a lot of dumps myself, trying to figure out some things about the BLs. Rotohammer is on the job and waiting for his RIFF BOX (JTAG unit) to arrive. Richthofen is waiting for a Tab + RIFF BOX to help figure this out (expected within days), and also going through the tech docs trying to figure out how to make a "factory mode" JIG (quite similar to the "download mode" JIG for SGS) which can possibly revive my Tab. In the meantime, Da_G has offered to ship his own JTAG unit + tools to me, and if Richthofen's "factory mode" JIG doesn't work out, I'll take Da_G up on this offer. Da_G and cmonex' expertise is also just an IRC connection away should I need them

Really, we have enough people on the job with enough knowhow to fix this, and I don't expect the fix is much more than a week or so away. Right now everyone is pretty much just waiting on the hardware to allow testing in a safe way.

Quote:

Originally Posted by kromosto

or the mechanism to determine if sbl is signed or not not working well. also can be a nethod for forceing flash that might be our solution if we can find it.

I'm not sure what's wrong with the SBL, I've analysed one of these unsigned SBLs between signed PBL and kernel, and it does actually seem to be unsigned. Maybe it's sneakily using SBL2, or the bml dump got garbled (blocks out of order) which is also completely possible. There's some weird stuff still with the PBL dump as well, hopefully we'll figure out soon why/what/how.

Quote:

Originally Posted by Jesterz

I've played with dd fun before in the "old" days, somewhat scary, however bml7= kernel, which should be still reflashable using odin etc. bml1&2 is the scary part as that contains the bootloaders.

Edit:

Maybe a better way is to use the samsung OTA tool, redband_ua, didnt have time to dig in, however its in heavy use on the Galaxy S, might work on Tab
http://forum.xda-developers.com/show...=765724&page=2

However i'm assuming ChainFire is this far and I don't want to duplicate work, but detailing what is done already is useful

I've looked a bit at redbend (not very extensively), do you know how to flash multiple parts without rebooting ? Also of course we do not know whether flashing through redbend involves the checks.

Quote:

Originally Posted by abuser0815

you should definitely be able to flash jk5 kernel, because i have the same constellation, and it works like this:

EDIT: I´m not responsible if it fails, as this is just decribing what I did...

1. backup everything.

2. factory reset and formatting internal sd

3. repartition with odin (just pit file which is adecuate for jk5)

4. don´t reboot go straight back to downloading screen by holding vol down after flashing pit

5. heimdall graphical frontend (sorry geeks, it works and its comfortable) everything from jk5; but i would go to a former firmware as jk5 which includes all, also boot.bin and sbl.bin; put in heimdall everything from your firmware you like to flash except pit and recovery-->

6. press start in heimdall; the process on the computer should go without any error

AND NOW

7. your tab get stucked at aproximately 87 % update process; NO Panic

8. disconnect your device from your pc and start it, you should come to a very basic bootscreen "tab---warning---computer"

9. start odin and do just the step 3 again

10. while rebooting hold volup to make sure it starts installing the rest

11. voila, you should have your wished firmware installed.

ATTENTION, it might show again that the primary bootloader and kernel is still signed, but .....

12. flash your dbdata and install your tab new

that was how i made it working, can somebody confirm it please??

That's just a very elaborate way to flash a different ROM without replacing PBL, SBL and kernel. Has been discussed before in this thread.

Quote:

Originally Posted by KarlMarsh

Here is the output from a stock ATT ROM. Probably no surprises here.

Edit: Noob question: Why does the output say it transfered the file successfully but then says it can't find the files? Did I do something wrong?

Code:

========================================================
= Samsung Galaxy Tab Bootloader Check v1.0             =
= Copyright (C) 2010 Chainfire                         =
=                                                      =
= Please make sure your device is connected, rooted,   =
= and USB debugging is enabled !                       =
=                                                      =
= Accept the SuperUser prompt when it shows up !       =
========================================================

Press any key to continue . . .

========================================================
= Dumping PBL, SBL and kernel ...                      =
========================================================

su
rm /sdcard/bml1.bin
rm /sdcard/bml4.bin
rm /sdcard/bml7.bin
dd if=/dev/block/bml1 of=/sdcard/bml1.bin bs=4096
dd if=/dev/block/bml4 of=/sdcard/bml4.bin bs=4096
dd if=/dev/block/bml7 of=/sdcard/bml7.bin bs=4096
exit
exit
$ # # # # 64+0 records in
64+0 records out
262144 bytes transferred in 0.050 secs (5242880 bytes/sec)
# 320+0 records in
320+0 records out
1310720 bytes transferred in 0.171 secs (7665029 bytes/sec)
# 1920+0 records in
1920+0 records out
7864320 bytes transferred in 0.699 secs (11250815 bytes/sec)
# $
========================================================
= Retrieving files ...                                 =
========================================================

Could Not Find C:\Documents and Settings\Karl\My Documents\Android\SGTBootloader
Check-1.0\boot.bin
Could Not Find C:\Documents and Settings\Karl\My Documents\Android\SGTBootloader
Check-1.0\sbl.bin
Could Not Find C:\Documents and Settings\Karl\My Documents\Android\SGTBootloader
Check-1.0\zimage
331 KB/s (0 bytes in 262144.000s)
384 KB/s (0 bytes in 1310720.003s)
374 KB/s (0 bytes in 7864320.020s)

========================================================
= Here come the results ...                            =
========================================================

SGT-BootloaderCheck v1.0 - Copyright (C) 2010 Chainfire

boot.bin: Unsigned
sbl.bin: Unsigned
zImage: Unsigned

Assessment:
-- Bootloaders: Unprotected, can flash all bootloaders and kernels
-- Kernel: Unsigned, can only be flashed on unprotected bootloaders

Press any key to continue . . .

The "Could not Find ..." is because the script deletes old files (if present) before transferring the new dumps. The first time you run it, there won't be any old files present, hence the error message trying to delete them.

Quote:

Originally Posted by m.tom59

I have try to flash an unsigned sbl with the foolowing command:
adb shell su -c "dd if=/sdcard/Sbl.bin of=/dev/block/bml4 bs=4096"
but with no working result. After reading the sbl again:
adb shell su -c "dd if=/dev/block/bml4 of=/sdcard/Sbl.bin bs=4096", it is still the same as before.
Also i have flashed an unsigned zImage in this way.
The kernel can flashed, but after flashing, the Tab don't start up.
I must flash an signed kernel again to reactivate the Tab.

m.tom59

Interesting. It has been attempted to flash both bml1 AND bml4, resulting in full bricks. Maybe both need to flashed in order to make any difference stick ?

But really people, STOP TRYING TO OVERWRITE BML1 AND BML4 IF YOU DO NOT HAVE A JTAG UNIT AND KNOW HOW TO USE IT. If you mess it up, only a JTAG unit (or possibly a "factory mode" JIG) will be able to revive your device.

Wow! 22 pages of some hard working people. Keep it up guys!

Hi Happy New year!

Help me please, I brick my tab
I have T-mobile with JJB firmware version and try to load full(with PIT)
russian ver P1000XWJJ7 via Odin 1.7 (Im from Russia).
After start I wait long time with no result, then I power off my tab
and now see "PC -!- phone" pic only. No download mode,
but if I press both vol bat and plug USB I see
"Power rest or Unknown upload mode" and Odin see my tab.
What I sould do to unbrick my tab?
Help me please

Quote:

Originally Posted by Ilia_Z

Hi Happy New year!

Help me please, I brick my tab
I have T-mobile with JJB firmware version and try to load full(with PIT)
russian ver P1000XWJJ7 via Odin 1.7 (Im from Russia).
After start I wait long time with no result, then I power off my tab
and now see "PC -!- phone" pic only. No download mode,
but if I press both vol bat and plug USB I see
"Power rest or Unknown upload mode" and Odin see my tab.
What I sould do to unbrick my tab?
Help me please

Flash Roto-JME to get back to a working state, then decide what you really want after.

Thanks for all your hard work guys. Got my Tab a few a weeks back but held off flashing for a while to take some time to read up on it all. Thanks to your info I successfully flashed up to JMC from T-Mobile JJ3 (UK) a few days back without getting a signed boot.bin or sbl.bin, and am now going to flash Roto's JME.

It's possible to use this, to install the ClockworkMod Recovery and come back to unsigned firmware with nandroid backup?

what does it mean if sbl.bin isn't signed, but kernel and boot.bin are!

am i affected?