[HOW-TO]UnBrick the UnBrickable Vibrant

Search This thread
By:
Advanced…
AdamOutler

AdamOutler

Retired Senior Recognized Developer
Feb 18, 2011
5,224
9,827
Miami, Fl̨̞̲̟̦̀̈̃͛҃҅͟orida
6o1rbb.png

Introduction:

After months of research and development, both hardware and software... I'm happy to announce UnBrickable Mod is a matter of modifing your phone once, with a single small wire. From that point on, you can click a button to unbrick. This can even be applied to a phone which is already bricked.

This is an example from the Captivate. The procedure is the same on the Vibrant.


Instructions


Unbricking:
1. Apply UnBrickable Mod to your device:http://xdaforums.com/showthread.php?t=1273083
2. Run UnBrickable Resurrector: Get it from THIS POST: http://xdaforums.com/showthread.php?p=17135277#post17135277 This will only work on linux currently. Install Linux or dual boot if you have windows.
3. Run Heimdall One-Click http://xdaforums.com/showthread.php?t=1278683
4. repeat steps 2 and 3 with bootloader flashing enabled (Heimdall One-Click has a safety mechanism which requires you to flash once before flashing bootloaders).




conclusion
You've unbricked the unbrickable captivate... This should not have been difficult. If it was, you should learn teh computer better... Really. And with that said, I'm happy to announce that you no longer have to flash with a fear of bricking.

HIBL
The HIBL is the key to resurrecting a S5PC110 based processor. I'm going to let Rebellos explain the inner workings of the Hummingbird Interceptor Bootloader. It's really quite amazing. While my work is more hardware and high level tasks like making things into one-clicks, Rebellos' work involves reverse software engineering, assembly language, and more...
Rebellos said:
Okay, so, what is Hummingbird Interceptor Boot Loader (HIBL)?

Basically: It allows to load any amount of data (limited by size of RAM block, the biggest one single block available is 256MB) through USB connection with PC under any specified address into memory and then execute it.

Technically: It does consist of 2 pieces fused together - BL1_stage1 and BL1_stage2.

Each stage starts from 16bytes (4 ARM WORDs) of secure boot header. In stage1 these are mandatory, in stage2 they can be random (nulled them in my code), so EntryPoint of each stage does start at its 0x10 offset.

BL1_stage1, loaded under 0xD0020000 address, is short code, digitally signed by Samsung. It has been released to break "Chain of Trust" and alter Secure Boot into Non-Secure Boot process. Literally stage1 just do some compare operations and then jumpout to BL1_stage2. (Yes, I also see no point of releasing hardware secured CPU version together with software which is bypassing it's security)

BL1_stage2, must be placed at 0xD0022000 address (it's fused together with stage1 into HIBL, so it's at 0x2000 offset of HIBL.bin) it is unsigned because Secure Boot Context, prepared by iROM (BL0) has been already ignored by stage1.
Its FASM_ARM sourcecode:
http://code.google.com/p/hummingbir...unk/HummingBirdInterceptorBootloader/HIBL.ASM
This is where the code start real work, it does begin with standard ARM core jump vector table (just to keep stick to standard, these aren't used anyway).
1. It does use I9000 BL1_stage2 functions (init_system) which I linked to it, these are used to init DMC controllers, as to this point code is executing in and working with very tiny, 96KB iRAM space, after calling this function it turns all 512MB of RAM available.
2. Make sure DMC is configured properly (write some value to address 0x40~~ memory space, then read it and compare with previously written)
3. Reinit iRAM heap to the BL0 initial state (to convince it USB dload mode haven't been called yet), by storing and restoring UART pointer only (to keep debug output flowing properly)
4. Call iROM usb_downloader function.
5. Read the address where downloaded data has been placed.
6. Jump into this address.

This, properly used provides similiar debug output (similiar, because its outdated testlog)
Code: 
�������������������������������������������������� ����������������������
Uart negotiation Error

----------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
----------------------------------------
Calling IBL Stage2
DONE!
Testing BL3 area
DONE!
iRAM reinit
DONE!
Please prepare USB dltool with BL3

Starting download...
0x00000000
Desired BL3 EP: 0x40244000
Download complete, hold download mode key combination.

Starting BL3...

//OUTPUT BELOW IS COMING FROM SBL

Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.

It opens infinite capabilities. Instead of SBL to unbrick, Uboot can be loaded, or any armlinux kernel. It's all up to you - XDA Developers.
Click to expand...
Click to collapse

Tools
Windows32 command line app and drivers http://xdaforums.com/attachment.php?attachmentid=709292&d=1315091521 (doesn't work very well... just want you to know this)
Linux one-click Resurrector: http://xdaforums.com/attachment.php?attachmentid=712232&d=1315349672
 
Last edited:
  • Like
Reactions: vtp, yodaddy, ajr12388 and 5 others
younix258

younix258

Senior Member
Feb 18, 2011
952
80
Very sexy work... its nice to have this as a backup and itll be Very nice once people develop ffirmware to work with the unbrickable mod, like nexus s bootloaders or wp7 or iOs or whatever... thanks again

Sent from a cell tower to the XDA server to you.
 
AdamOutler

AdamOutler

Retired Senior Recognized Developer
Feb 18, 2011
5,224
9,827
Miami, Fl̨̞̲̟̦̀̈̃͛҃҅͟orida
younix258 said:
Very sexy work... its nice to have this as a backup and itll be Very nice once people develop ffirmware to work with the unbrickable mod, like nexus s bootloaders or wp7 or iOs or whatever... thanks again

Sent from a cell tower to the XDA server to you.
Click to expand...
Click to collapse

I'd like to see Ubuntu. Turn these devices into a lamp server or security/web cam orsomething when were done with them.
 
SkOrPn

SkOrPn

Senior Member
Jun 3, 2007
2,994
948
Albuquerque, NM
www.planetamd64.com
Hey guys Im having a problem with step #2. It says to download Unbrickable Resurector but this post is the HIBL post with no "Unbrickable resurector" download link. Is that just an error or do I just download the file listed on the previous post called "UltimateUnbrickResurector.zip"? Thanks for any clarification...

Also, when I launch the resurector on the previous post I get the following error smdk-usbdl: not found. Do I need to have Heimdall running prior to launching the resurector? Thanks again...

Code: 
 Please wait.... Uploading..
-------------------------------------------------------------
   Hummingbird Interceptor Boot Loader (HIBL) v1.0
   Copyright (C) Rebellos 2011
-------------------------------------------------------------

Building command list
Building command list
Requesting Permission to access device/tmp/skorpnHeimdallOneClick51336EBC/Script.sh: 3: /tmp/skorpnHeimdallOneClick51336EBC/UnBrickPack/smdk-usbdl: not found
 
SkOrPn

SkOrPn

Senior Member
Jun 3, 2007
2,994
948
Albuquerque, NM
www.planetamd64.com
Moved this post to the "Mod" thread.

The Resurrector is not working, either because the mod was done incorrectly, or my Ubuntu machine has been setup wrong. The Resurrector keeps giving me the smdk-usbdl: not found error, but the file exists. My best guess is that the Mod was done incorrectly, either that or my Linux box is being a pain... Also noticed adb not working as well. :(

EDIT: Im going to go out on a limb and say this error is telling me the "usb device" has not been found, which would mean my mod did not take.
 
Last edited:
D

dohandrew

Senior Member
Oct 31, 2010
99
1
edit never mind found the answer was just wondering if it were possible to learn the wielding part of the guide on the internet and such also what type of tools would i need please and thank you
 
Last edited:
D

dohandrew

Senior Member
Oct 31, 2010
99
1
i see where would u suggest going to ? im located in california i dont really know of a place that does welding on phones
 
SkOrPn

SkOrPn

Senior Member
Jun 3, 2007
2,994
948
Albuquerque, NM
www.planetamd64.com
Adam, did you say you can do this mod for $30 + s&h?

Also, Im wondering if you upgraded to Ubuntu 11.10 yet? I just decided to upgrade before even thinking about it possibly effecting the mode detect, heimdal one click or the resurrector. You think the upgrade can break these apps any?
 
AdamOutler

AdamOutler

Retired Senior Recognized Developer
Feb 18, 2011
5,224
9,827
Miami, Fl̨̞̲̟̦̀̈̃͛҃҅͟orida
SkOrPn said:
Adam, did you say you can do this mod for $30 + s&h?

Also, Im wondering if you upgraded to Ubuntu 11.10 yet? I just decided to upgrade before even thinking about it possibly effecting the mode detect, heimdal one click or the resurrector. You think the upgrade can break these apps any?
Click to expand...
Click to collapse

Yes I do. No it doesn't.
 
  • Like
Reactions: SkOrPn
Y

yodaddy

Member
Sep 2, 2010
24
1
Sacramento
I was able to remove the resistor and replace it with another resistor from an old samsung phone. I used a circuit writer pen from radio shack, it lays down a conductive polymer, which I used to adhere the new resistor onto the bottom spot on the board. "the resistors are so small I could not imagine being able to do this with a soldering iron. I would have probably shorted something out because the amount of solder that needs to be laid down might not even fit on an ants back (seriously!)"

Another note: when using resurector, my phone only went into download mode if I pressed on "only" the volume down button.-I hope this helps someone out there with a brick like the one I had.
 
You must log in or register to reply here.

Similar threads

atinm
  • Locked
[NIGHTLY][ROM] CyanogenMod 7 for Samsung Vibrant (vibrantmtd)
Replies
9K
Views
1M
D
dpaul007
neobuddy89
[ROM][03-MAR][4.0.3] ICS Passion v13.1 - RC1.1 - No Big Update Yet
Replies
11K
Views
2M
B
Block Builder
Master™
  • Locked
[ROM][FROYO-JK2/JK6]▽▲ AXURA Vibrant Edition ▼△ [Devs4Android][2.1][12/06/10]
Replies
5K
Views
640K
Captainkrtek
Captainkrtek
J
Root your Vibrant
Replies
516
Views
374K
thetojo
thetojo
F
  • Poll
The Official Vibrant Bible **ANNOUNCEMENT** 11/3
Replies
176
Views
301K
G2Noobin
G2Noobin

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 8
    AdamOutler
    AdamOutler
    6o1rbb.png

    Introduction:

    After months of research and development, both hardware and software... I'm happy to announce UnBrickable Mod is a matter of modifing your phone once, with a single small wire. From that point on, you can click a button to unbrick. This can even be applied to a phone which is already bricked.

    This is an example from the Captivate. The procedure is the same on the Vibrant.


    Instructions


    Unbricking:
    1. Apply UnBrickable Mod to your device:http://xdaforums.com/showthread.php?t=1273083
    2. Run UnBrickable Resurrector: Get it from THIS POST: http://xdaforums.com/showthread.php?p=17135277#post17135277 This will only work on linux currently. Install Linux or dual boot if you have windows.
    3. Run Heimdall One-Click http://xdaforums.com/showthread.php?t=1278683
    4. repeat steps 2 and 3 with bootloader flashing enabled (Heimdall One-Click has a safety mechanism which requires you to flash once before flashing bootloaders).




    conclusion
    You've unbricked the unbrickable captivate... This should not have been difficult. If it was, you should learn teh computer better... Really. And with that said, I'm happy to announce that you no longer have to flash with a fear of bricking.

    HIBL
    The HIBL is the key to resurrecting a S5PC110 based processor. I'm going to let Rebellos explain the inner workings of the Hummingbird Interceptor Bootloader. It's really quite amazing. While my work is more hardware and high level tasks like making things into one-clicks, Rebellos' work involves reverse software engineering, assembly language, and more...
    Rebellos said:
    Okay, so, what is Hummingbird Interceptor Boot Loader (HIBL)?

    Basically: It allows to load any amount of data (limited by size of RAM block, the biggest one single block available is 256MB) through USB connection with PC under any specified address into memory and then execute it.

    Technically: It does consist of 2 pieces fused together - BL1_stage1 and BL1_stage2.

    Each stage starts from 16bytes (4 ARM WORDs) of secure boot header. In stage1 these are mandatory, in stage2 they can be random (nulled them in my code), so EntryPoint of each stage does start at its 0x10 offset.

    BL1_stage1, loaded under 0xD0020000 address, is short code, digitally signed by Samsung. It has been released to break "Chain of Trust" and alter Secure Boot into Non-Secure Boot process. Literally stage1 just do some compare operations and then jumpout to BL1_stage2. (Yes, I also see no point of releasing hardware secured CPU version together with software which is bypassing it's security)

    BL1_stage2, must be placed at 0xD0022000 address (it's fused together with stage1 into HIBL, so it's at 0x2000 offset of HIBL.bin) it is unsigned because Secure Boot Context, prepared by iROM (BL0) has been already ignored by stage1.
    Its FASM_ARM sourcecode:
    http://code.google.com/p/hummingbir...unk/HummingBirdInterceptorBootloader/HIBL.ASM
    This is where the code start real work, it does begin with standard ARM core jump vector table (just to keep stick to standard, these aren't used anyway).
    1. It does use I9000 BL1_stage2 functions (init_system) which I linked to it, these are used to init DMC controllers, as to this point code is executing in and working with very tiny, 96KB iRAM space, after calling this function it turns all 512MB of RAM available.
    2. Make sure DMC is configured properly (write some value to address 0x40~~ memory space, then read it and compare with previously written)
    3. Reinit iRAM heap to the BL0 initial state (to convince it USB dload mode haven't been called yet), by storing and restoring UART pointer only (to keep debug output flowing properly)
    4. Call iROM usb_downloader function.
    5. Read the address where downloaded data has been placed.
    6. Jump into this address.

    This, properly used provides similiar debug output (similiar, because its outdated testlog)
    Code: 
    �������������������������������������������������� ����������������������
Uart negotiation Error

----------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
----------------------------------------
Calling IBL Stage2
DONE!
Testing BL3 area
DONE!
iRAM reinit
DONE!
Please prepare USB dltool with BL3

Starting download...
0x00000000
Desired BL3 EP: 0x40244000
Download complete, hold download mode key combination.

Starting BL3...

//OUTPUT BELOW IS COMING FROM SBL

Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.

    It opens infinite capabilities. Instead of SBL to unbrick, Uboot can be loaded, or any armlinux kernel. It's all up to you - XDA Developers.
    Click to expand...
    Click to collapse

    Tools
    Windows32 command line app and drivers http://xdaforums.com/attachment.php?attachmentid=709292&d=1315091521 (doesn't work very well... just want you to know this)
    Linux one-click Resurrector: http://xdaforums.com/attachment.php?attachmentid=712232&d=1315349672
    View
    1
    N
    nesson
    Wow. i mark it! thank you for your great work!:D
    View
    1
    AdamOutler
    AdamOutler
    I just resurrected a Vibrant today using the method above. This tested great. No problems to note at all.

    Here's a picture of my work http://xdaforums.com/showthread.php?p=17896376#post17896376
    This is slightly more difficult then a captivate because there is no room to work around the resistors.
    View
    1
    A
    Aneez1990
    thanks to you i finally got my vibrant unbricked thanks a lot for this .....................
    View
    1
    AdamOutler
    AdamOutler
    SkOrPn said:
    Adam, did you say you can do this mod for $30 + s&h?

    Also, Im wondering if you upgraded to Ubuntu 11.10 yet? I just decided to upgrade before even thinking about it possibly effecting the mode detect, heimdal one click or the resurrector. You think the upgrade can break these apps any?
    Click to expand...
    Click to collapse

    Yes I do. No it doesn't.
    View

New posts