Originally Posted by Scott
- Either would probably work. I believe the Qualcom would be better but would need EDL tools and appropriate files to load. That may prove difficult. f Samsung firmware then we may be able to get right in as in past devices that have had such leaks. The Samsung firmware method depending on the version can be rooted and reinstalled with a samsung engineering bootloader. That bootloader accepts unsigned images for testing. Or something like that. It keeps the bootloader locked so no full ROM but can flash the engineering files to play with.
- We would need the unlocked engineering bootloader. This would be the best place to start.
Do you have such things or have connections to such things?
EDL has been restricted since the 9 devices which have write protection even in edl mode which doesnt allow flashing to lun0.. also since 9 devices you cannot flash any eng firmware without an eng token.. also to add even flashing actual eng bootloaders in my s10+ g975u when I had it didnt do anything and wouldnt boot with anything due to vbmeta.. an eng token is needed to allow custom binaries to be flashed but even then my source who had eng token/device said it no longer allowed custom binary and only allowed eng firmware to be flashed.
With that being said, you would need an eng token and the full eng firmware to be rooted.BL will still be locked.
To add, eng tokens are device specific as they need to be created using device specific info such as DID IMEI and other info if you can even find it at which point they cost sometimes in the 1000s per one token. It also needs to be officially signed during the process its created.
Also to add, full eng firmware is also very difficult to find and if you can will probably also cost anarm and a leg.
People often confuse factory/combination firmware with ENG firmware but they are two completely separate things.
Usually high end tech companies that have a partnership with samsung can sometimes purchase a license to be able to generate eng tokens and are assigned or given access to a samsung server. They take the device info and send to the server that generates and signs the eng token that could then be flashed to the device. This ability I have heard can cost 10s of thousands of dollars as well as they charge for each individual token.
I imagine big companies like this would fire their employees or possibly be repremanded by samsung if its being used against their policies which is why you rarely if ever see this anymore as its not viable and can get ppl in a lot of trouble.
Even eng firmware (unlike stock or factory) needs to be "leaked" but since its essentially useless without a token many arent willing to lose their jobs or burn their sources by leaking it.