Search results

Hi, I'm the guy who did the bootloader unlock. It's kind of a complicated situation, upgrading bootloaders after having an unlocked retail bootloader. The issue is that once you have a dev device (CID + matching RSA signature, the extra 256 bytes), the bootloader write-protects the eMMC where...

Just an FYI, you need to run the sasmung_unlock_n4 application twice. The first time, it will write your eMMC CID to the correct one, and the second time you execute, it will write the CID signature/blob to the bootloader - completing the unlock process. Glad to see you got it working.

Just wanted to pipe in again, I occasionally read this thread. Barring any logical mistakes in the code, the RMA/Citadel functions will most likely require a special key that's derived by Google and device-unique. It will not be possible to "bruteforce" or "crack" this key. The device most...

For now ;)

Yeah, if your device is in developer mode, the bootloader will set eMMC write protection on the bootloader partition. The only way to flash it is through Odin or re-lock the bootloader. It complicates things a bit if you are trying to upgrade.

To unlock the Pixel 3, you need root (which I don't have, nor a Pixel 3, just chiming in to help). To enable OEM unlocking temporarily to unlock the bootloader, you'd need to set the last byte in the FRP partition to 0x01 and then re-hash the partition and store the SHA256 hash at like offset...

I'm taking a look at it. Best not take any OTAs.

PLEASE don't do that. Just leave EFS alone. I'm going to look into a couple things for now, you can set your CID back to 00000001 if you want and flash back to normal.

Could you try unlocking (fastboot flashing lock_critical) and then toggle the OEM unlock option, then lock, then try unlocking again? Sorry for the rat race, just want to see if we can persistently lock/unlock bootloader with CID change.

If you login and activate, does OEM unlocking button change?

Was this after a wipe? Can you try going through initial setup and seeing if it'll let you enable OEM unlocking?

Thanks. After reboot, try checking the CID again to see if it stuck.

This is a different type of CID. This one is just an HTC SKU specifier. Let me dig a little deeper with the writecid command. UPDATE: Try fastboot oem setcid 00000000 (they renamed the command for some reason)

Verizon devices are 00000001 and Google/unlocked devices are 00000000. The writecid command was present in an earlier bootloader... hmm...

Someone wanna try something a little goofy for me? (Need a VZW device) Once you've unlocked a Verizon Pixel 2, run the following command: fastboot oem writecid 00000000 Then lock your bootloader. Then try unlocking the normal way: fastboot flashing unlock

It sounds like your eMMC is failing

Did you try to flash a factory image and get stuck in the bootloader? If so, extract 'image-walleye-[build number].zip' and flash each image manually. fastboot -w update doesn't work for some reason. After you flash all the images, do fastboot format userdata, and you should be back to normal...

All development is waiting on the release of the kernel source for the Pixel 2. I'd imagine it'll surface close to when the next OTA comes out with the October/November security patch. Seems like they aren't interested in releasing source and factory images for the current production build. I'd...

Turning on the flashlight seems to make the hiss go away. Just an observation.

There is no kernel source released for the Pixel 2/XL yet. It is based on the 4.4 kernel, this should make development very smooth.

Ingram Micro - Carol Stream, IL

The only evidence you have of your eMMC failing is a low benchmark from AndroBench?

To fix the voltage issue, we wouldn't replace the PMIC. We would adjust the device tree to increase voltage for each frequency step in the cpufreq tables. No need to replace hardware here.

I don't think the voltage is wrong, I don't think there's enough and the chips were not properly binned.

Yeah, from the sounds of it now, the 20nm process the Snapdraon 810 was built on wasn't finFET and wasn't very great. So I'm wondering if they just binned very 'generously' and some chips slipped out of the factory that really shouldn't have. It would explain the PLL issue I guess, who knows.

Let me know if you need help. I'd like to note I believe this might be the case because not every device is affected, and there's been obvious issues with the quality and consistency of batteries amongst devices. Definitely worth giving a shot. If the issue were the PLLs, you'd think the issue...

RE: Hardware fault. I'm starting to wonder if chips were binned improperly, and that the voltage/frequency table could use a little adjustment in the device tree. It almost seems as if they aren't getting enough power. Have you looked into this at all? I don't have a failing device but it'd be...

Honestly, the Note 4 is a fine phone, but I wouldn't spend any money on it at this point. This point was a 2014 flagship. I'd spend that money towards a more recent model. You'll really appreciate the newer Snapdragon 820/821/835 over an antiquated 805, which is a quad-core Cortex-A15. It's a...

I'll see if I can build you a T-FLASH image sometime today or tomorrow when I get the chance. Luckily we shouldn't have any problems fixing it.

It will not, unfortunately.

If anyone has a developer edition S3, I'd be willing to take a look.

In the United States, a fingerprint does not share the same legal protections that a password does (plausible deniability.) A fingerprint is not protected under the 5th amendment, but a password is. Just a warning. I believe Google has done this on purpose.

The only way to accomplish what you're talking about, is by the eMMC controller. What you suggest would require sending commands to the eMMC controller. I think that's the disconnect and confusion here. You can't do any of that without commands.

It doesn't matter what box you have, unless they reverse engineer the Toshiba vendor commands (they haven't, there is no such solution on the market, even if you buy a $5,000 ISP programmer, they have no business having the firmware commands except for maybe update) it will never happen. Toshiba...

Think of the eMMC as it's own computer, complete with a microcontroller and RAM. We want to modify data contained within that system, but the only link we have to it is a couple data lines, and command/clock lines. All we can send across this interface is requests for reading/writing/erasing, in...

Your proposed solution is partially correct, but not in the way we would want it. The CC data does indeed contain a flag for write protection on certain partitions like the modem if the device is determined to be modified (rooted, etc.). Unfortunately, the WP flag we want is actually set by...

That is specific for the N900V bootloader. It will not work with this device. You're lucky you didn't brick your tablet. The unlock doesn't work for this device.

Correct. Even if you had Samsung eMMC, you are still missing a developer signature blob. Verizon and ATT use different keys for that. I've never seen an ATT sig or heard of anyone having them.

That's partially my fault for the fragmented releases. Some bugs were fixed by beaups and I recompiled and updated the unlock OP with the new binary. This fixes some of the issues people were having with 4.4 and stuff. The unlock binary in the official unlock thread is the one you want to use...

I'll take a look at this and see what I can do

I've upgraded to a Nexus 6P, but I still check this thread and will make occasional updates as I see fit. Currently waiting on latest stock source to be released from Samsung.

That's a factory build. It's different than engineering, pre-release, and userdebug. It's for provisioning and programming things like IMEI, device root key, etc... They aren't very useful unless you own a GSM shop.

If you read beaups write-up on the Samdunk eMMC backdoor, you'll see he credits me for the bootloader research, nothing with the eMMC. There would be no unlock without him. I figured out how the unlock mechanism worked in aboot and how to 'clone' a developer device, but that would have been...

I know this is old, but I figure I can contribute. The QFPROM base for this device is 0xFC4B8xxx. TrustZone protects this region with xPUs, although most of the region can be read. You'll need a TrustZone bug if you want to mess with the fuses.

I'm debating removing zzmoove, I'm not so sure it's optimized for this platform. Do you guys have any requests for proven/stable governors?

I'm about to upload r13 which *should* fix JasmineRom issues, thanks to some help from hsbadr, let me know how it works.

Everything default for nightmare. I hard-coded some of my desired values into there. Should be ready to rock as is. I got 5hr of SoT yesterday.

Personally I am testing out Nightmare and I use MSM Hotplug with BFQ IO scheduler. Yankactive is pretty good with battery, but Nightmare gives a little more fluidity which I like. FIOPS is a good IO scheduler too. Play around and see what works best for you.

Sure, no problem [Multi quote fail]

That has to do with your ROM/root and not the kernel. You can fix this issue by disabling/freezing the system app SecurityLogAgent.