I think so too and I think I can turn my device into dev
changing the value of a byte in param
Last edited:
(dev+hack) note 3 bootloader unlock
- Thread starter hobbit19
- Start date
- Status
changing the value of a byte in param
Oh I know, but I have a couple of ideas I want to start with a 100% stock MJ3 files from the dev edition, my friend has a retail version he's willing to let me use, unfortunately I don't have all the MJ3 stock backups from mine to try. If you have them then, could you upload any twrp files, most notably the stock (/data), /system and /modem from your backup? I think I have a .tar (Odin) version of the MJ3 kernel (/boot), but if you also have the /boot backup, that'd make it even easier for me. I want to check a few things out.
Thank you
dont think soo. just compared my dev aboot and hashs dev aboot and the signature/something is different. it looks like somehow each dev aboot is signed or something to coinside with the device id. so basically in theory if i flashed hashs dev aboot on my device i would be locked even though its a dev aboot because of how its done..
so long story short.. if you have a dev edition note3 DO NOT FLASH MY DEV BOOTCHAIN! it will lock you most likely or brick you. everyone who has a dev edition has to pull thier own bootchain and depad it to have a actual working backup mine is only for my exact device and hashs is only for his exact device etc.
and in broader terms the only way we are gonna transform a retail to dev is to find out how the aboot is patched with the device specifics. or find an exploit in the verification of that..
Last edited:
Glad to see you guys tearing this locked bootloader a new hole
:thumbup::thumbup:
Great job guys
??Note III??
:thumbup::thumbup:Great job guys
??Note III??
since I normally flash testbit and dev bootloaders
I think I have a chance full crack bootloader
not gonna happen unless u can get your device specifics into the dev bootloader thats why you and another user have both succesfully flashed my dev bootchain with no unlock. all the testbit does is allow you to flash the dev bootchain on a retail with mi9,
this also explains why samsung doesnt provide ota updates for dev edition devices because there is no way to unlock the dev bootloader without device specifics and if they gave that info out they would basically give us the KEY to our puzzle.. with converting retails to dev editions.
basically samsung needs to rethink how they make thier dev editions and do it with a more permanent approach like an efuse aka how motorolla does it
Last edited:
I think it is necessary to compare files
***all anyone can ask for my version Reital (mi9)+testbit
and files dev phones
then we will understand the differences and be able to make a patch
Can you please explain this in more detail
Can you please tell us the steps on how to do this?
Is it the "dd if=mmcblk..../block.... of=path/aboot.img" command?
What does depad mean, and how exactly do you do it? Please let us know how to make a backup of our dev edition aboot if it's this difficult and each phone has a unique aboot partition. Could you please make a post on how to do this and place it somewhere on the vzw Note 3 forum so everyone can find it? Could you please link to it here?
Thank you in advance
^
Can you please tell us the steps on how to do this?
Is it the "dd if=mmcblk..../block.... of=path/aboot.img" command?
What does depad mean, and how exactly do you do it? Please let us know how to make a backup of our dev edition aboot if it's this difficult and each phone has a unique aboot partition. Could you please make a post on how to do this and place it somewhere on the vzw Note 3 forum so everyone can find it? Could you please link to it here?
Thank you in advance
Last edited:
For now you can pull it and save a back up of it by opening terminal and typing
Code:
su
dd if=dev/block/platform/msm_sdcc.1/by-name/aboot of=/mnt/extSdCard/aboot.mbnThe file (aboot.mbn) that came out is exactly 2.00 mb (2,097,152 bytes) in size. Does that sound right?
Thank you
Updated. Good luck guys. Thanks
Sent from my SM-N900V using Xparent BlueTapatalk 2
Sent from my SM-N900V using Xparent BlueTapatalk 2
Last edited:
seems to me if you do not work out.
* it does not mean that others will not succeed
Don't ruin this thread... This guy has Hash codes attention. .. And if hash code has not told this guy to move along then there must be something very interesting about what he had going on... Not taking anything away from you.. Your ability. .. Or credibility as a Developer... cause In by no means am I in any way a developer. . But If this thread goes there. .. It will get way off topic really fast.. No disrespect. ..
Just updated my post. Sorry guys.
Sent from my SM-N900V using Xparent BlueTapatalk 2
Sent from my SM-N900V using Xparent BlueTapatalk 2
I try to open custom recovery and got yellow triangle, on top red inscription "Secure fail / Recovery", under triangle inscription "System firmware isn't authorized, turn off phone and contact with verzion" , also safetrop still here and when I try to turn on phone I got verizon picture, after this phone make short vibration and turned on. Now I think there is working MJE_insecure_Kernel.zip kernel,
and have to try flash your cyanogen build.
and have to try flash your cyanogen build.
Last edited:
cm11 flash ..
but when trying to run gives a black screen. (((
even when I try to boot into recovery mode phone issues
set warranty bit recovery
but when trying to run gives a black screen. (((
even when I try to boot into recovery mode phone issues
set warranty bit recovery
Last edited:
If anyone has questions on what's going on, feel free to ask me. I've been playing around with some ideas with hobbit for a while. Do not try to flash any of the leaked engineering builds including the bootloader from designgears unless you are on MI9, otherwise you will get an auth error for aboot since it's a downgrade. I was able to flash the engineering NON-HLOS.bin to the modem though. The unsigned full build tar has an aboot file that is about 300kb less than all the new ones I compared it too, including the multi-cert full build tar. If we were able to get SDCARD mode working, we could restore MI9 sboot.bin, and flash MI9, then flash test build, and Loki it. I am at work until 4pm central time US but I will try and patch the old aboot this afternoon. I have yet to trip my Knox flag from flashing lots of random stuff. If you do get stuck from flashing any of this stuff after failing from bad signature, flashing your pit alone will fix the problem. I'm going to take a look at that old aboot in hex later too. There has to be some form of failed security logic in this device, I have a feeling.
Also if any of you kernel hackers can use MI9 and were able to modify a kernel module using an old exploit that jeboo is working on, I've got an idea how to spoof the attestation servers Samsung pushes to the devices to verify signatures. It's stored locally in TrustZone also, so if we could get into TrustZone that would be huge. We could even find out if a simple SMC call will fix all our problems (doubtful though.)
Also if any of you kernel hackers can use MI9 and were able to modify a kernel module using an old exploit that jeboo is working on, I've got an idea how to spoof the attestation servers Samsung pushes to the devices to verify signatures. It's stored locally in TrustZone also, so if we could get into TrustZone that would be huge. We could even find out if a simple SMC call will fix all our problems (doubtful though.)
Last edited:
mi9 unless has a Loki hole?
I think if we can run a modified kernel we will be able to change TrustZone
I think if we can run a modified kernel we will be able to change TrustZone
Last edited:
Regarding SD card mode, just some info that I expect to be overlooked, but a user on ATT note 3 reported flashing a stock rom from his external SD card in stock recovery, by choosing 'load from external resource'.
You guys are doing excellent work. Keep it up. Peace.
- Status
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone