General Firmware and Combination Firmware and FOTA Delta and CSC change and...

Search This thread

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
Soldered wires to my dead SM-R870...

Seems really deaddeaddead...

I will wait few minutes more... maybe some Charging via USB cable...

If nothing... Then I can use the Hardware Keys for my second halfdeadButAlive SM-R870...

Only tiny info of Progress...

Will upload some Photo(s)...

Best Regards
 

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
CSC Change...

Maybe this is not an joke... maybe this is working for CSC INU aka India:

I know this Code is blocked for DBT CSC... but working for BTU and XAA:
Code:
*#0808#


Will do stupid test... seems I can choose between 20 CSC...

Code:
    *#0808#        *#272*719434266344#

DBT    NO        NO
BTU    YES        NO
SEE    YES        NO            Bosnia Herzegowina
SEE                        Kosovo
LUX    YES        NO            Luxemburg
ROM    YES        NO            Romania
 
Last edited:

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
Here are few Photos from my Soldering and Repair Adventure...



This is so f§$ing tiny...

Best Regards
 

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
Tiny progress...

I hope in 1 or 2 days I can do stupid tests with my alive SM-R870 and Magisk 25.1

Best Regards
 

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
About Fastboot...

If I do:
Code:
reboot bootloader

I see Android in Windows Device Manager so it seems Driver is missing...

Will try this:

Edit 1.

Hmmm... need some time or maybe I have to modify self...

Code:
USB\VID_18D1&PID_D00D&REV_0100

USB\VID_18D1&PID_D00D


Other more important problem...

USB wires not charge the d%&n watch... need to find solution
 
Last edited:

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
Maybe wires bad soldered...

I was not able to charge via USB cable...

Not with FAC Kernel nor FAC Recovery... I mean Factory KernelS from Combination Firmware...


Best Regards
 

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
Root done on my SM-R870 EVA8. :alien:

More Details in this Thread:


Because my SM-R870 soldered wires for USB... I have to focus on few problemS

A

Find better solution for USB Charging to prevent Hardware damage...


B

Nuke f%&ing forced Update function ... to prevent Firmware Update...

C

No time yet for test Read Write access... maybe later...

Best Regards
 

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
CSC change related...

Really good idea but really wrong...

Code:
D:\Android\ADB>adb shell
freshbl:/ $ su
freshbl:/ # whoami
root
freshbl:/ # am start -n com.samsung.android.cidmanager/com.samsung.android.cidmanager.preconfig.PreconfigActivity
Starting: Intent { cmp=com.samsung.android.cidmanager/.preconfig.PreconfigActivity }
freshbl:/ #
 

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
It seems I can not give Apps/APKs Root Permission...

For now only via ADB WiFi...

Hmmm.

But pairing with Phone no problem yet... setup done.

To prevent Software Update I hope this work...
Code:
freshbl:/ # pm uninstall -k --user 0 com.wssyncmldm
Success
 
  • Like
Reactions: amoledwatchfaces

amoledwatchfaces

New member
Dec 23, 2020
2
5
Slovakia
amoledwatchfaces.com
It seems I can not give Apps/APKs Root Permission...

For now only via ADB WiFi...

Hmmm.

But pairing with Phone no problem yet... setup done.

To prevent Software Update I hope this work...
Code:
freshbl:/ # pm uninstall -k --user 0 com.wssyncmldm
Success
Great news !
Will it be possible to root only using Wifi or will it be necessary to disassemble the watch?
 
  • Like
Reactions: adfree

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
Oh...

GW5
Combination Firmwares leaked:
Code:
COMBINATION_FAC_FBR0_R915UFAU1AVG1_FACFAC_CL24632704_QB53574983_REV00_user_mid_noship_MULTI_CERT.tar.md5
COMBINATION_FAC_FBR0_R925UFAU1AVG1_FACFAC_CL24632704_QB53574985_REV00_user_mid_noship_MULTI_CERT.tar.md5

Only as info...

Best Regards
 

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
Seems I can dump the 16 GB eMMC direct to my PC with netcat...

Rooted SM-R870...

On my PC I start netcat...
Code:
nc64 -vv -L -p 1234 > smR870dump_v1.bin



Then on my rooted SM-R870
Code:
dd if=/dev/block/mmcblk0 | netcat 111.222.333.44 1234


Need to wait for result...

Best Regards
 

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
My corrected USB Pinout...


Tested with my SM-R870.


Best Regards
 

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
Oh... during playing around...

I realized maybe 1 tiny mistake...

Code:
freshbl:/ $ cd /data/fota
/system/bin/sh: cd: /data/fota: Permission denied
2|freshbl:/ $ cd /cache/fota
/system/bin/sh: cd: /cache/fota: Permission denied
2|freshbl:/ $ su
Permission denied
13|freshbl:/ $ su
freshbl:/ # cd /data/fota
freshbl:/data/fota # ls -a1l
total 367471
drwxrwx---  2 system system      3452 2022-07-16 18:21 .
drwxrwx--x 54 system system      4096 2022-07-16 18:18 ..
-rw-------  1 system system 375905930 2022-07-16 18:24 update.zip
freshbl:/data/fota # cd /cache/fota
freshbl:/cache/fota # ls -a1l
total 12
drwxrwx--- 2 system system 4096 2022-07-15 22:07 .
drwxrwx--- 7 system cache  4096 2022-07-16 18:21 ..
 

Attachments

  • Screenshot_20220716_184453_wssyncmldm.png
    Screenshot_20220716_184453_wssyncmldm.png
    29.3 KB · Views: 18

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
Aha... interesting...

Maybe 1 day I will try CSC change in this way...

Code:
D:\Android\ADB>adb shell
freshbl:/ $ su
freshbl:/ # cd efs
freshbl:/efs # cd imei
freshbl:/efs/imei # ls -a1l
total 28
drwxrwxr-x  2 root   radio  4096 2021-11-07 17:15 .
drwxrwx--x 14 system radio  4096 2021-11-07 17:03 ..
-rwxrwxr-x  1 radio  system    3 2022-07-15 22:08 mps_code.dat
-rwxrwxr-x  1 radio  root      3 2022-07-15 22:08 omcnw_code.dat
-rwxrwxr-x  1 system radio    14 2021-11-07 17:03 prodcode.dat
freshbl:/efs/imei # cat mps_code.dat
BTUfreshbl:/efs/imei # cat omcnw_code.dat
BTUfreshbl:/efs/imei # cat prodcode.dat
SM-R870NZKAEUXfreshbl:/efs/imei #


EUX ... seems this is maybe the "group"... why we can select few CSC like BTU DBT ...
 

adfree

Senior Member
Jun 14, 2008
9,853
5,834
Samsung Galaxy Watch 4
Code:
D:\Android\ADB>adb shell
freshbl:/ $ su
Permission denied
13|freshbl:/ $ su
freshbl:/ # cd /data/fota
freshbl:/data/fota # ls
update.zip
freshbl:/data/fota # cd /cache/fota
freshbl:/cache/fota # ls
freshbl:/cache/fota # cd /data/fota
freshbl:/data/fota # ls
update.zip
freshbl:/data/fota # rm update.zip
freshbl:/data/fota # ls
freshbl:/data/fota # pm uninstall -k --user 0 com.wssyncmldm
Success

My mistake I ever thought FOTA Delta is in /cache/fota...

But seems wrong.

Both, Standalone method from Watch... and method via Phone and Wear app copies to:
Code:
/data/fota/update.zip

Short tried to deinstall the "FOTA Manager"...

Maybe """soon""" I have other solution to prevent my old EVA8 to update...

Best Regards
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Okidoki...

    Seems I have to go the dd way...

    After so much trouble with netcat direct to PC... I am going the good old way...

    Okay still tooo hot bigger 3000 MB...
    Code:
    freshbl:/sdcard # dd if=/dev/block/mmcblk0p30 of=/sdcard/dumpSUPER.bin
    10485760+0 records in
    10485760+0 records out
    5368709120 bytes (5.0 G) copied, 222.376750 s, 23 M/s
    freshbl:/sdcard # exit
    freshbl:/ $ exit
    
    D:\Android\ADB>adb pull /sdcard/dumpSUPER.bin
    [ 37%] /sdcard/dumpSUPER.bin

    But for prism.img perfect way...

    Code:
    D:\Android\ADB>adb shell
    freshbl:/ $ su
    freshbl:/ # dd if=/dev/block/mmcblk0p31 of=/sdcard/dumpPRISM.bin
    1228800+0 records in
    1228800+0 records out
    629145600 bytes (600 M) copied, 34.618687 s, 17 M/s
    freshbl:/ # exit
    freshbl:/ $ exit
    
    D:\Android\ADB>adb pull /sdcard/dumpPRISM.bin
    /sdcard/dumpPRISM.bin: 1 file pulled. 2.5 MB/s (629145600 bytes in 237.542s)

    Btw. only this dumped p31 dump was able to be patched...
    imjtool have some additional Bytes... and fail...

    But IMHO I have now prism.img from FVD4...
    Soon I will write p31 via dd and look if my SM-R870 EVA8 will explode or accept this FVD4 file(s)...

    Best Regards

    Edit 1.

    Oh... tiny correction... seems generated AVB valid file... so will try to flash via Odin...

    Edit 2.

    Ohoh.. wrong idea...
    Odin hangs and not finish after many minutes...
    Seems not possible to reach recovery... automatic into "Kies Mode"...

    I was able to flash Original EVA8 prism... so SM-R870 still alive for more stupid ideas...

    Edit 3.
    Added Pic from up_param... this is how it looks + some cryptic Battery info
    1
    I am tiny step closer to FVD4...

    Code:
    D:\Android\ADB>adb push prismX.img /sdcard
    prismX.img: 1 file pushed. 1.1 MB/s (629145600 bytes in 533.692s)
    
    D:\Android\ADB>adb shell
    freshbl:/ $ su
    freshbl:/ # cd /sdcard
    freshbl:/sdcard # dd if=/sdcard/prismX.img of=/dev/block/mmcblk0p31
    1228800+0 records in
    1228800+0 records out
    629145600 bytes (600 M) copied, 68.742835 s, 8.7 M/s
    freshbl:/sdcard # reboot

    Rebooted proper and showed FVD4 under CSC... after:
    Code:
    *#1234#

    In Standalone Mode...

    Now trying to Factory Reset and look if pairing with Phone possible or...

    Best Regards

    Edit 1.

    Nice.

    This seems to work.
    Positive Sideeffect. No f%$ing FOTA update...

    I am only scared... because prism.img was unmodified "Original"...

    And for super.img I have many things to prepare... and maybe Security bypass mandatory...
    Autch...
    1
    Since Tizen...

    I have never any Watch nor Phone with eSIM.

    So I have 0 own knowledge about eSIM.

    All I "know" is eSIM is more joke... as easy to handle.

    I love my old SIM cards. I can hold them with my big fat fingers.
    I can cut them if they are tooo big after 20 years...

    eSIM sounds more pia... with all this Security Region Lock crap...

    Sorry, my private opinion.


    Best Regards
    1
    A

    I was able to fix my FOTA Update problem on my SM-R870 and my SM-R860...

    SM-R860 stupid me set something and disabled access to Recovery... only black screen...

    Long time ago I did something stupid...

    Only realized how deadly... as I was not able to finish Update to GVH2...

    Solution for my SM-R860:
    Bootloader unlock... this Reset param etc and Recovery is avalaible again...
    Then lock Bootloader again...
    Knox NOT dripped because nothing flashed...

    B

    My Update Problem with SM-R870 was deeper because rooted...

    Solution for me:

    Bootloader Lock
    Then downgrade via Odin to DUK1... via USB cable...

    Then FOTA worked...

    DUK1 ---> FVD4 ---> GVH2

    And my Root with help of Magisk 24.3 also work.


    C

    I have nothing tested under DUK1... not sure if same result. If flashed EVA8 files to my SM-R870... EVA8.

    But as FOTA work... correctly...


    This means sboot.bin downgrade really work.
    From EVA8 to DUK1


    Only as info.

    Best Regards
    1
    This video explains how to gain access to "non-supported" eSIM of independent carriers the world over
    Thank you. Would you mind to share or refer the link of the video please?
  • 5
    Looks like it could be harder since Tizen...

    A
    Stock Firmware for netOdin/Odin not available yet...

    B
    Combination Firmware not available yet

    C
    FOTA Delta File for study I have:
    Code:
    current_version=R860XXU1AUGE/R860OXM1AUGE/
    updated_version=R860XXU1BUH9/R860OXM1BUH9/

    D

    In this FOTA Delta file from SM-R860 I can see overview... from CSC... Region Code OXM:
    Code:
    csc_information=OXM
    
    ACR
    AFR
    ARO
    ASA
    ATO
    AUT
    BGL
    BNG
    BRI
    BTU
    BVO
    CAC
    CAM
    CHO
    CIS
    COO
    DBT
    DKR
    ECT
    EGY
    EUR
    EUX
    ILO
    INU
    ITV
    KOO
    KSA
    LTA
    LUX
    MEA
    MID
    MRU
    MWD
    MXO
    MYM
    NEE
    NPL
    PAK
    PEO
    PHE
    PHN
    ROM
    SEB
    SEE
    SEK
    SER
    SIO
    SKZ
    SLK
    SWA
    TGY
    THO
    TPA
    TPH
    TTT
    TUN
    TUR
    UPO
    UYO
    XAA
    XAC
    XEF
    XEH
    XEO
    XEZ
    XFA
    XJP
    XME
    XNZ
    XSA
    XSE
    XSG
    XSK
    XSP
    XTC
    XXV
    ZTO

    More things... comes... later...

    Best Regards
    5
    No idea when Full firmwares for study leak...

    Meanwhile to understand maybe more about funny Region... helpfull this Android App to check Firmware:

    It is possible to decrypt from Test Server...

    Then maybe more clear...


    OXM seems also for DBT ZTO and so on...

    A
    In theory linked FOTA Delta should work for AUGE DBT or SER or ZTO...

    Question is only how to update manually...

    B
    Roll out official could be in waves... but could be also more funny like we allready knows...

    We will see the future of GW4 support.

    Best Regards
    5
    Tiny progress...

    GFX Card is Nvidia GTX 460...

    I thought this is Samsung joke with G account...

    Anyway. I have Root access to this Image...

    So will do some stupid tests...

    Best Regards
    5
    Tiny progress...

    Searched in system.img... 3 GB File for text string:
    Code:
    sdk_gwear_x86

    27 hits... then I changed few of them and renamed...
    Now I see:
    Code:
    sdk_gwear_x05

    05 is inside:
    Code:
    # begin common build properties
    # autogenerated by build/make/tools/buildinfo_common.sh
    ro.product.build.date=Thu Dec 16 16:58:02 UTC 2021
    ro.product.build.date.utc=1639673882
    ro.product.build.fingerprint=google/sdk_gwear_x86/generic_x86_arm:11/RWD4.211013.004/8008904:userdebug/dev-keys
    ro.product.build.id=RWD4.211013.004
    ro.product.build.tags=dev-keys
    ro.product.build.type=userdebug
    ro.product.build.version.incremental=8008904
    ro.product.build.version.release=11
    ro.product.build.version.release_or_codename=11
    ro.product.build.version.sdk=30
    ro.product.product.brand=google
    ro.product.product.device=generic_x86_arm
    ro.product.product.manufacturer=unknown
    ro.product.product.model=sdk_gwear_x05
    ro.product.product.name=sdk_gwear_x06
    # end common build properties
    #
    # ADDITIONAL PRODUCT PROPERTIES
    #
    ro.build.characteristics=emulator,nosdcard,watch
    persist.traced.enable=1
    ro.com.google.ime.system_lm_dir=/product/usr/share/ime/google/wear_lms
    dalvik.vm.systemservercompilerfilter=speed-profile
    ro.product.vndk.version=30


    Okidoki:
    Code:
    ro.product.product.model=sdk_gwear_x05


    Need few attempts...

    But good I can edit system.img without crash... so no Hash check or something in this Direction...

    Edit 1.

    Step 1 done in funny riddle... puzzle...

    Need more time to correct the other props...

    Goal is to enter exact Playstore for GW4... and/or Samsung Apps...

    In Emulator on PC...
    5
    "We" have still tiny problems...

    My problemS

    A
    I have NO device nor plan to buy in near future...

    B
    + no full Firmware for Odin/netOdin nor study...
    + no Combination Firmware...

    C
    No Service Manual leak...

    D
    Community to find solution is sooooooo f. huge...
    This problem is not new... something like this I know since years...

    Feel free to find solution for us. :cowboy:


    Thanx in advance.


    No joke.

    Feel free to do something.

    Best Regards