• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[DISCONTINUED][Root][SM-G950U/U1][SM-G950W][Snapdragon][V6_Bootloader][EDL_Method]

Status
Not open for further replies.
Search This thread

prayag00

Member
Mar 20, 2019
43
10
Hello everyone, i am currently on BL7 firmware and just want to downgrade to BL5 firmware on SMG-950U1, will this process help? because somewhere in this procedure i read zeroing the bootloader (an opportunity to install BL5) and if it is possible please help me with the steps to do so and thanks in advance to whoever brings-in the required files for BL7.
 

TheMadScientist

Recognized Contributor
Hello everyone, i am currently on BL7 firmware and just want to downgrade to BL5 firmware on SMG-950U1, will this process help? because somewhere in this procedure i read zeroing the bootloader (an opportunity to install BL5) and if it is possible please help me with the steps to do so and thanks in advance to whoever brings-in the required files for BL7.

You cannot downgrade bootloader's. They are incremented. Just because you zero out the bl doesn't allow. The incrementation is stored elsewhere. And none of this works on bit 7 yet as we do not have the needed edl files for it
 

sleepysys

Member
Jan 20, 2020
33
22
Hello everyone, i am currently on BL7 firmware and just want to downgrade to BL5 firmware on SMG-950U1, will this process help? because somewhere in this procedure i read zeroing the bootloader (an opportunity to install BL5) and if it is possible please help me with the steps to do so and thanks in advance to whoever brings-in the required files for BL7.

No.
Although you have the ability to change firmware/software, you don't have the ability to physically alter your chips.

Samsung implemented e-fuse's a few years ago. Whenever you update to a higher bootloader version, the chip physically blows one of those fuses. This prevents you from installing a previous BL version. So unless you're really skilled at soldering a miniature connection that just blew, you're SOL.

Chances are that you'll be able to use the rooted android 7 (nougat), once a method for EDL BL7 comes out. So, do your best to find the EDL files for BL v7, and I'm sure some of the others will split the cost with you. JRKRUSE will create the files, once you get him the EDL files for bit 7.

---------- Post added at 04:15 PM ---------- Previous post was at 04:08 PM ----------
Your only hope at this time, is to buy a mobo off of ebay for ~$50. With broken screen phones often being cheaper than the mobo itself. That being said, many sellers will not tell you the BL version, as I assume most of them just drop ship or are just really lazy. Generally the broken screen ones have pretty old bit versions, as they haven't been used in forever. Worse comes to worse, if you get a broken screen one cheap enough, you can resell the mobo for a profit/break even. And since you can change the "model" of any snapdragon variant by flashing different firmware, it boosts your options and drops the price.
 

prayag00

Member
Mar 20, 2019
43
10
No.
Although you have the ability to change firmware/software, you don't have the ability to physically alter your chips.

Samsung implemented e-fuse's a few years ago. Whenever you update to a higher bootloader version, the chip physically blows one of those fuses. This prevents you from installing a previous BL version. So unless you're really skilled at soldering a miniature connection that just blew, you're SOL.

Chances are that you'll be able to use the rooted android 7 (nougat), once a method for EDL BL7 comes out. So, do your best to find the EDL files for BL v7, and I'm sure some of the others will split the cost with you. JRKRUSE will create the files, once you get him the EDL files for bit 7.

---------- Post added at 04:15 PM ---------- Previous post was at 04:08 PM ----------
Your only hope at this time, is to buy a mobo off of ebay for ~$50. With broken screen phones often being cheaper than the mobo itself. That being said, many sellers will not tell you the BL version, as I assume most of them just drop ship or are just really lazy. Generally the broken screen ones have pretty old bit versions, as they haven't been used in forever. Worse comes to worse, if you get a broken screen one cheap enough, you can resell the mobo for a profit/break even. And since you can change the "model" of any snapdragon variant by flashing different firmware, it boosts your options and drops the price.


Thanks for bringing upfront the efuse tech but i think i really like the response of phone when it was on bl5 firmware, it would be very appreciable if anyone guide me down to get that flawless os build. And now my aim does not involve changing BL but the system (AP).


Btw thanks again for suggestions and your efforts in typing such a lengthy quote ?
 

TheMadScientist

Recognized Contributor
Thanks for bringing upfront the efuse tech but i think i really like the response of phone when it was on bl5 firmware, it would be very appreciable if anyone guide me down to get that flawless os build. And now my aim does not involve changing BL but the system (AP).


Btw thanks again for suggestions and your efforts in typing such a lengthy quote

Pretty sure bit 5 was Oreo. Which again there is now way. The bit 6 and 7s are all pie bootloader's. So they won't boot a Oreo img
 

prayag00

Member
Mar 20, 2019
43
10
Pretty sure bit 5 was Oreo. Which again there is now way. The bit 6 and 7s are all pie bootloader's. So they won't boot a Oreo img

I guess Oreo to Pie transition took place within BL5 updates on SM G950U1 which means ( according to your quote ) i can load pie firmware (AP,CP) from bl5 firmware with current bl7 file, the only condition here is it should not be Oreo.

Did i get it right?
 

TheMadScientist

Recognized Contributor
I guess Oreo to Pie transition took place within BL5 updates on SM G950U1 which means ( according to your quote ) i can load pie firmware (AP,CP) from bl5 firmware with current bl7 file, the only condition here is it should not be Oreo.

Did i get it right?

the ap yes as long as thats when the transition took place
The bl cp and csc I believe are all incremented
 

prayag00

Member
Mar 20, 2019
43
10
In download mode on device side did it show any errors such as secure check fail

it shows " SW REV CHECK FAIL: [BOOT] FUSED 6 > BINARY 4 "

And here is the log from odin:

<OSM> Enter CS for MD5..
<OSM> Check MD5.. Do not unplug the cable..
<OSM> Please wait..
<OSM> Checking MD5 finished Sucessfully..
<OSM> Leave CS..
<OSM> Enter CS for MD5..
<OSM> Check MD5.. Do not unplug the cable..
<OSM> Please wait..
<OSM> Checking MD5 finished Sucessfully..
<OSM> Leave CS..
<OSM> Enter CS for MD5..
<OSM> Check MD5.. Do not unplug the cable..
<OSM> Please wait..
<OSM> Checking MD5 finished Sucessfully..
<OSM> Leave CS..
<OSM> Enter CS for MD5..
<OSM> Check MD5.. Do not unplug the cable..
<OSM> Please wait..
<OSM> Checking MD5 finished Sucessfully..
<OSM> Leave CS..
<ID:0/005> Added!!
<ID:0/005> Odin engine v(ID:3.1301)..
<ID:0/005> File analysis..
<ID:0/005> Total Binary size: 5815 M
<ID:0/005> SetupConnection..
<ID:0/005> Initialzation..
<ID:0/005> Set PIT file..
<ID:0/005> DO NOT TURN OFF TARGET!!
<ID:0/005> Get PIT for mapping..
<ID:0/005> Firmware update start..
<ID:0/005> NAND Write Start!!
<ID:0/005> SingleDownload.
<ID:0/005> abl.elf
<ID:0/005> bksecapp.mbn
<ID:0/005> xbl.elf
<ID:0/005> tz.mbn
<ID:0/005> hyp.mbn
<ID:0/005> devcfg.mbn
<ID:0/005> pmic.elf
<ID:0/005> rpm.mbn
<ID:0/005> cmnlib.mbn
<ID:0/005> cmnlib64.mbn
<ID:0/005> keymaster.mbn
<ID:0/005> apdp.mbn
<ID:0/005> msadp.mbn
<ID:0/005> sec.dat
<ID:0/005> NON-HLOS.bin
<ID:0/005> storsec.mbn
<ID:0/005> boot.img
<ID:0/005> FAIL! (Auth)
<ID:0/005>
<ID:0/005> Complete(Write) operation failed.
<OSM> All threads completed. (succeed 0 / failed 1)
 

TheMadScientist

Recognized Contributor
it shows " SW REV CHECK FAIL: [BOOT] FUSED 6 > BINARY 4 "

And here is the log from odin:

<OSM> Enter CS for MD5..
<OSM> Check MD5.. Do not unplug the cable..
<OSM> Please wait..
<OSM> Checking MD5 finished Sucessfully..
<OSM> Leave CS..
<OSM> Enter CS for MD5..
<OSM> Check MD5.. Do not unplug the cable..
<OSM> Please wait..
<OSM> Checking MD5 finished Sucessfully..
<OSM> Leave CS..
<OSM> Enter CS for MD5..
<OSM> Check MD5.. Do not unplug the cable..
<OSM> Please wait..
<OSM> Checking MD5 finished Sucessfully..
<OSM> Leave CS..
<OSM> Enter CS for MD5..
<OSM> Check MD5.. Do not unplug the cable..
<OSM> Please wait..
<OSM> Checking MD5 finished Sucessfully..
<OSM> Leave CS..
<ID:0/005> Added!!
<ID:0/005> Odin engine v(ID:3.1301)..
<ID:0/005> File analysis..
<ID:0/005> Total Binary size: 5815 M
<ID:0/005> SetupConnection..
<ID:0/005> Initialzation..
<ID:0/005> Set PIT file..
<ID:0/005> DO NOT TURN OFF TARGET!!
<ID:0/005> Get PIT for mapping..
<ID:0/005> Firmware update start..
<ID:0/005> NAND Write Start!!
<ID:0/005> SingleDownload.
<ID:0/005> abl.elf
<ID:0/005> bksecapp.mbn
<ID:0/005> xbl.elf
<ID:0/005> tz.mbn
<ID:0/005> hyp.mbn
<ID:0/005> devcfg.mbn
<ID:0/005> pmic.elf
<ID:0/005> rpm.mbn
<ID:0/005> cmnlib.mbn
<ID:0/005> cmnlib64.mbn
<ID:0/005> keymaster.mbn
<ID:0/005> apdp.mbn
<ID:0/005> msadp.mbn
<ID:0/005> sec.dat
<ID:0/005> NON-HLOS.bin
<ID:0/005> storsec.mbn
<ID:0/005> boot.img
<ID:0/005> FAIL! (Auth)
<ID:0/005>
<ID:0/005> Complete(Write) operation failed.
<OSM> All threads completed. (succeed 0 / failed 1)

Your trying to flash a bit 4 bootloader it looks like. What ever you got is bit 4.
 
  • Like
Reactions: prayag00

TheMadScientist

Recognized Contributor
In BL slot i am selecting BL file from 7DSL5
AP from 5DSD5
CP and CSC from same 7DSL5

I dont see here any BL 4 file.....

SW REV*CHECK*FAIL: [BOOT] FUSED 6 > BINARY 4 " fused means your on bit 6 and the binary 4 means something's a 4. I don't know. According to the error that's what it says.
It dont make sense. Cause if your flashing a pie it would be bit 5 binary error
You sure your not trying to flash an oreo img

Unless your trying like samfail method and I'm pretty sure that's patched so it may not work without pushing from edl
 
Last edited:
  • Like
Reactions: prayag00

prayag00

Member
Mar 20, 2019
43
10
SW REV*CHECK*FAIL: [BOOT] FUSED 6 > BINARY 4 " fused means your on bit 6 and the binary 4 means something's a 4. I don't know. According to the error that's what it says.
It dont make sense. Cause if your flashing a pie it would be bit 5 binary error
You sure your not trying to flash an oreo img

Unless your trying like samfail method and I'm pretty sure that's patched so it may not work without pushing from edl

First of all my phone is running on 7DSL5 firmware and i think the number 7 stands for bootloader version right?
And i have checked on the Sammobile site that 5DSD5 contains the very first android pie system for SMG950U1 and using the patched odin i think i am on the right track, but still i am not able to get the mistake that i am making...
So I request you to suggest the files and jot down the steps to achieve the downgrade, or else i would have to give up...
 

P403N1X

Member
Sep 11, 2016
11
1
US Phones

Hey, first of all, thanks for this root method. I've been waiting for one for so long. Second, does this work on all SM-G950U phones? Even ones on the T-Mobile carrier in the United States? I just want to check all the boxes because I've been under the impression that S8s made for US carriers can't be rooted. Sorry if I sound less than intelligent on this subject. I just really don't want to mess up a device that's this expensive.

Edit: Just realized I'm on BLv7 so even if I wanted to root there's no way to at this moment unless I'm mistaken.
 
Last edited:
Hey, first of all, thanks for this root method. I've been waiting for one for so long. Second, does this work on all SM-G950U phones? Even ones on the T-Mobile carrier in the United States? I just want to check all the boxes because I've been under the impression that S8s made for US carriers can't be rooted. Sorry if I sound less than intelligent on this subject. I just really don't want to mess up a device that's this expensive.

Edit: Just realized I'm on BLv7 so even if I wanted to root there's no way to at this moment unless I'm mistaken.
You are correct. Hopefully we get the files need one day, but unfortunately for now you're stuck with stock.
 

sleepysys

Member
Jan 20, 2020
33
22
Hey, first of all, thanks for this root method. I've been waiting for one for so long. Second, does this work on all SM-G950U phones? Even ones on the T-Mobile carrier in the United States? I just want to check all the boxes because I've been under the impression that S8s made for US carriers can't be rooted. Sorry if I sound less than intelligent on this subject. I just really don't want to mess up a device that's this expensive.

Edit: Just realized I'm on BLv7 so even if I wanted to root there's no way to at this moment unless I'm mistaken.
Yep, any snapdragon variant. That includes USA variants, as well as other countries including Canada. The hardware is physically the same, with the only difference between these snapdragon models, being the firmware placed on them. Just like how with the S7 edge, you could change the SM-G935V to a SM-G935U, etc.

As for root, with this method it's possible to have nougat root (android 7). For Oreo/Pie, it's more like a semi-root. Meaning that you won't be about to use super user or any root features from within the OS. However, when you load into SafeStrap, you'll be able to add/delete/modify any system file you choose. Such as build.prop, the hiddenmenu file to enable dialer codes on verizon, etc. You'll be able to install mod zips, safestrap roms (system.img), restore backups of your entire phone or parts if you choose, as well as make the backups There's some other things you can do, which I mentioned in previous posts, as have others. I just can't think of the rest of the top of my head.
 
  • Like
Reactions: TheMadScientist
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 21
    [Root][SM-G950U/U1][SM-G950W][Snapdragon][V5_Bootloader][EDL_Method][Safestrap]

    Rooted Nougat Rom​
    This is last nougat rom made for S8 it is prerooted with flashfire and safestrap preinstalled. It has CSC stuff for all carriers added. Its debloated slightly with knox removed. Some stuff may not work but im not sure as I cannot test but this stuff may include fingerprint and or face recognition. If stuff doesnt work it probably related to using pie modems and non-hlos on a nougat rom which you have no choice.​


    Downloads
    Rooted_G95*USQS3BRB1.rar
    BL_G950_NOUGAT_V7.tar.7z
    Includes Fingerprint and Face Unlock fix for above nougat rom. Just flash in BL slot in odin after everything else
    Safestrap-4.10-B03-DREAMQLTE-PIE.zip Will boot straight to safestrap only for pie roms
    Safestrap-4.10-B03-DREAMQLTE-NOUGAT.zip Will Give you the safestrap splash screen on boot

    Directions
    Safestrap Method
    1. Extract system.img from the Rooted_G95*USQS3BRB1.rar and copy to phone reboot to safestarp and flash system image reboot to download and flash BL_G950_NOUGAT_V7.tar.md5 in odin
    7
    @jrkruse
    I followed you with s5. My hero
    However, I am a little slow, could you or anyone explain what does this do exactly?



    Its just what the description says. Once the bootloaders were updated on S8 it lost the ability to flash modified system images in odin. There for loosing ability to gain root or use safestrap recovery. This method will get that ability back


    Sent using some kind of device I modified
    7
    Nice! You always seem to come up with some way to make things work.
    Congrats on the great work!

    Sent from my Pixel 2 XL using Tapatalk



    If I don’t find a way I ask you and then you usually do. I have alot of great people help me out along the way


    Sent using some kind of device I modified
    6
    [Root][SM-G950U/U1][Snapdragon][V5_Bootloader][EDL_Method][Safestrap]

    Now I got through into SafeStrap recovery. I would want to flash nougat image since I want to root it, but which nougat image should I flash? I have G950U.



    In therory the AP from partcyborgs room and the Rev 5 combo bootloader I believe.



    Thats right you could extract the system.img.ext4 from partcyborg rom rename it to system.img copy to phone and flash as image in safestrap. You are on combo bootloader already so the rom should boot. You might have to wipe data


    Sent using some kind of device I modified