⚠️Galaxy A51 Root || Unlock Bootloader || Flash Official Firmware [Binary 3] May

Search This thread

bagbyte

Member
Aug 16, 2009
24
6
So, @map220v, update, I managed to alter that kernel setting, by unpacking super.img, editing init.rc, repacking and flashing (confirmed and it sticked).
After that, I could direct-install the latest canary Magisk successfully, and boot, but although I keep root, there's no way to make any module work.

Actually, after I attempt to install them via the Manager app, they don't appear on the installed module list... and the logs don't show any useful info. :(:confused:

I'm trying to flash only AP, but every time, after he finish sending super.img, it stacks at userdata.img and red message appear on the screen saying "Only official released binaries are allowed to be flashed(SUPER)", any idea how to avoid this issue? Now I need to restart and I get the blue screen saying to use Smart Switch PC to restore, but actually it's enough if I flash the BT.

I'm stacked!
PS: my phone is not rooted
 
Last edited:

HEROMEROHD

Member
Dec 26, 2017
42
5
I'm trying to flash only AP, but every time, after he finish sending super.img, it stacks at userdata.img and red message appear on the screen saying "Only official released binaries are allowed to be flashed(SUPER)", any idea how to avoid this issue? Now I need to restart and I get the blue screen saying to use Smart Switch PC to restore, but actually it's enough if I flash the BT.

I'm stacked!
PS: my phone is not rooted

Flash stock, connect to the internet and try to update the firmware through the settings. You should be able to flash unofficial binarys after you did this.Your KG State was probably prenormal blocking every attempt to flash something besides official firmware. It should be checking after you did all of this, or you just forgot to unlock the bootloader, then look it up in this thread.
 

bagbyte

Member
Aug 16, 2009
24
6
Flash stock, connect to the internet, and try to update the firmware through the settings. You should be able to flash unofficial binarys after you did this.Your KG State was probably prenormal blocking every attempt to flash something besides official firmware. It should be checking after you did all of this, or you just forgot to unlock the bootloader, then look it up in this thread.

Finally, I've made it, my system.img now contains 2 properties in /system/build.prop that suppose to unlock multiple users accounts feature, but sadly, when I check getprop, those 2 variables are not set....am I missing something? At least my POC worked, I can change the file without root and without tripping Knox
 

bagbyte

Member
Aug 16, 2009
24
6
i have a dream i want root and knox 0 its funny

I don't want to root, maybe you missed that part, but actually I just want to change system.img in order to modify some system property without tripping Knox (which I already succeeded) to enable multiple users account, but even tho those property are set in the /system/build.prop it seems when the phone boot, those properties are not set
 
Last edited:

arfemre

Member
May 5, 2020
5
0
I don't want to root, maybe you missed that part, but actually I just want to change system.img in order to modify some system property without tripping Knox (which I already succeeded) to enable multiple users account, but even tho those property are set in the /system/build.prop it seems when the phone boot, those properties are not set

oh i see bro sorry
 

King_lilrowrow

Senior Member
Mar 16, 2016
773
3,287
London
It's can't mount system, vendor or product, but it can Wipe partitions like data and install boot and recovery images.

You got the source for this? Drop us a link and I'll either push the required patches if it's your repo or fork it and build it over the next few days, seems a simple few patches (if the TWRP Device tree is somewhat built)
 

truhlik

Member
Aug 5, 2008
19
2
Finally, I've made it, my system.img now contains 2 properties in /system/build.prop that suppose to unlock multiple users accounts feature, but sadly, when I check getprop, those 2 variables are not set....am I missing something? At least my POC worked, I can change the file without root and without tripping Knox

Hi,
would it be possible using your method to edit CSC files without tripping knox? I also don't need root, but just edit some features in CSC (carrier's device limitation).
Thanks
 

map220v

Member
Jul 26, 2016
49
36
You got the source for this? Drop us a link and I'll either push the required patches if it's your repo or fork it and build it over the next few days, seems a simple few patches (if the TWRP Device tree is somewhat built)

I Used TWRP-9.0 it's don't have super.img (Dynamic Partition) Support.
TWRP-10.0 still WIP and i can't build it (I Getting recovery.img without TWRP).

EDIT: I fixed TWRP-10.0 compilation. Now im going to try mounting system logical partition.
 
Last edited:

map220v

Member
Jul 26, 2016
49
36
@map220v did you manage to have Magisk working with modules? I've tried million things nad versions, but while root works, no luck with modules

I Don't know why Magisk causing kernel panic only on this phone.
Setting panic_on_oops to 0 only disables reboot when magisk daemon causes it. But it's not fixes problem.
 

bagbyte

Member
Aug 16, 2009
24
6
Hi,
would it be possible using your method to edit CSC files without tripping knox? I also don't need root, but just edit some features in CSC (carrier's device limitation).
Thanks

Actually, right now this is my experience changing system.img file using Samsung firmware:
  • For the first time since I have this phone, I've flashed the new firmware without any changes (BT + AP + CP + CSC) just to check how was it, and to check the Knox status
  • It worked smoothly, the status was 0 as always
  • I've restarted the phone, completed the initial configuration, enable USB debugging (checking OEM was still unlocked) and tried with the modified version
  • This time I've used again all the files but my AP file had a custom name (upload.tar), but every time Odin refused to flash it (it was just stacked and didn't move)
  • One time it was stacked in SettingConnection (something like that) and the only thing I could do was to force restart, upon restarting I've got a blue screen saying to use Samsung Smart PC to re-initiate the phone status (first mistake)
  • But actually, following some info on a forum, I just flashed the BT and force restart, and the phone started normally again
  • My second mistake (I was still not very practical with those things), instead of restart and initiate the phone with the first configuration, I kept flashing, so apparently in this state (without proper initialization) the bootloader is locked, so I start getting red messages that the software was not original
  • At the end, after several tries, I flash again the original software, restart and initialize the phone, so the bootloader was again unlocked
  • Then I flash all the files but this time I've renamed my file from update.tar with the original AP file name (excluding the md5) and everything was fine and Knox still 0
  • At this point, I don't know why, but when I was trying to execute getprop with the one I've set in the system/default.prop, they were still not set
  • I've tried different approaches (changing /default.prop) or even adding a setprop int he init.rc, but still I had no luck
  • Today I've noticed Knox status is 1 but the hex number us 0x0400, I've read a bit about it, and it seems this depends on the region and if the phone belongs to an operator or not, basically it means that Knox realized I was doing something wrong (probably trying to flash while the bootloader was locked?), so it secures the "working profile" (to save the private data from some malicious person trying to hack the phone), but the phone itself is still in warranty, it really depends from the country.

So, long story short, even tho I've been able to flash custom prop files, somehow their changes didn't take effect, I'm speculating, but I guess it depends on the "Android installation" blue screen that appears during the first reboot after flashing, maybe it overrides the data with some other data taken from somewhere else? I have no idea :(

Just an advise, in case you want to try, my suggestion is to:
  • Remove md5 to all the files
  • Rename your tar with the original file name you want to substitute (Odin does some very basic check using the filenames, and I actually also saw that every tar file has 3 lines the end with the release(?) number, the file size, and the md5, in case you want to be even more precise you should consider adding those lines at the end, cause honestly the files will have the same size, so since the md5 you can provide, I'm not sure in which other way Odin can understand it is not the official firmware, as also displayed in Download mode)
  • Flash all the files together

I hope my experience can help somebody else in case he wants to play with those files. If somebody knows why the changes made didn't have effect when rebooting, I would be really interested to know why.
 
Last edited:
  • Like
Reactions: truhlik

King_lilrowrow

Senior Member
Mar 16, 2016
773
3,287
London
TWRP Update
https://drive.google.com/file/d/1W1wPUEGjoYW5vuJlxkRKdiE7IECBaqk_/view?usp=sharing
I Fixed Brightness and Updated TWRP from Android 9 branch to Android 10 branch
System , Vendor , Product Mount still not working.
Also this TWRP uses A51 Device Tree instead of A50 Device Tree

Device Tree Link: https://github.com/map220v/android_device_samsung_a51nsxx


I've took a brief look over your recovery tree so far, submitted a few patches: https://github.com/map220v/android_device_samsung_a51nsxx/pull/1
 
  • Like
Reactions: YOisuPU

TheEmpathicEar

Senior Member
Jun 10, 2014
69
1
Actually, right now this is my experience changing system.img file using Samsung firmware:
  • For the first time since I have this phone, I've flashed the new firmware without any changes (BT + AP + CP + CSC) just to check how was it, and to check the Knox status
  • It worked smoothly, the status was 0 as always
  • I've restarted the phone, completed the initial configuration, enable USB debugging (checking OEM was still unlocked) and tried with the modified version
  • This time I've used again all the files but my AP file had a custom name (upload.tar), but every time Odin refused to flash it (it was just stacked and didn't move)
  • One time it was stacked in SettingConnection (something like that) and the only thing I could do was to force restart, upon restarting I've got a blue screen saying to use Samsung Smart PC to re-initiate the phone status (first mistake)
  • But actually, following some info on a forum, I just flashed the BT and force restart, and the phone started normally again
  • My second mistake (I was still not very practical with those things), instead of restart and initiate the phone with the first configuration, I kept flashing, so apparently in this state (without proper initialization) the bootloader is locked, so I start getting red messages that the software was not original
  • At the end, after several tries, I flash again the original software, restart and initialize the phone, so the bootloader was again unlocked
  • Then I flash all the files but this time I've renamed my file from update.tar with the original AP file name (excluding the md5) and everything was fine and Knox still 0
  • At this point, I don't know why, but when I was trying to execute getprop with the one I've set in the system/default.prop, they were still not set
  • I've tried different approaches (changing /default.prop) or even adding a setprop int he init.rc, but still I had no luck
  • Today I've noticed Knox status is 1 but the hex number us 0x0400, I've read a bit about it, and it seems this depends on the region and if the phone belongs to an operator or not, basically it means that Knox realized I was doing something wrong (probably trying to flash while the bootloader was locked?), so it secures the "working profile" (to save the private data from some malicious person trying to hack the phone), but the phone itself is still in warranty, it really depends from the country.

So, long story short, even tho I've been able to flash custom prop files, somehow their changes didn't take effect, I'm speculating, but I guess it depends on the "Android installation" blue screen that appears during the first reboot after flashing, maybe it overrides the data with some other data taken from somewhere else? I have no idea :(

Just an advise, in case you want to try, my suggestion is to:
  • Remove md5 to all the files
  • Rename your tar with the original file name you want to substitute (Odin does some very basic check using the filenames, and I actually also saw that every tar file has 3 lines the end with the release(?) number, the file size, and the md5, in case you want to be even more precise you should consider adding those lines at the end, cause honestly the files will have the same size, so since the md5 you can provide, I'm not sure in which other way Odin can understand it is not the official firmware, as also displayed in Download mode)
  • Flash all the files together

I hope my experience can help somebody else in case he wants to play with those files. If somebody knows why the changes made didn't have effect when rebooting, I would be really interested to know why.

Has anyone posted a comprehensive tutorial on how to get to the point where you are now?
 

bagbyte

Member
Aug 16, 2009
24
6
If I root with Magisk now, I read I will not be able to install original firmware anymore without patching them first, will I be able to install non-root/non-patched firmware later? maybe when TWRP will be available? Or I will never ever be able to install Samsung firmware without Magisk/patch?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 11
    Fully Working Root Solution

    HOW TO ROOT A51 (WORKING EVEN WITH BINARY 3)

    First, I would like to thanks @map220v, without his efforts, none of this would be possible. I’m justing putting the pieces together to help others root this phone as he helped me.
    Second, this is an ADVANCED process, so I deduce most of you know how to do many things needed in here, so I’ll not explain, for example, how you get your bootloader unlocked.
    Tird, I recommend you do this ony if you REALLY can’t use your phone without root, otherwise, wait for TWRP release.

    PROS

    Root
    No bloatware
    More space available
    Battery drains slowly
    Frequent updates
    178044 points in Antutu v8

    CONS

    YOUR WARRANTY IS NOW VOID and blablabla
    Poor interface (it's an Android 10 PURE system)
    No Samsung’s facilitations/resources/beauty
    Screen transitions are flickering (no big deal)


    Pre-requisites:
    Unlocked bootloader
    A full backup (you’ll lose everything stored in your phone)
    Both Windows AND Linux (I used Windows installed and Kalix Live USB) OR Windows with Linux Bash System (https://itsfoss.com/install-bash-on-windows/) -tip given by @ToddNachste
    Patience (A LOT)
    About 30 GB free

    Files needed:
    Download with Frija or SamFirm THE SAME firmware you’re running now
    Download a GSI Android 10 A/B Gapps arm64v8 from (https://github.com/phhusson/treble_experimentations/wiki/Generic-System-Image-(GSI)-list) -I’m using AOSP 10 v215, but I believe it’s working with more GSI’s
    LZ4 Extractor (https://github.com/lz4/lz4/releases)
    Simg2img (https://forum.xda-developers.com/general/general/dev-simg2img-windows-t3156459)
    LPunpack Tool (https://drive.google.com/file/d/1mgEnQqFOajLnRBX2YYsLL11J2-osPKD_/view)
    Odin (https://dl2018.sammobile.com/Odin3-v3.14.1.zip)
    7zip
    Permissive kernel (https://drive.google.com/file/d/1Jq8JeEnzBPCDBjC_ewVxbWjhJ9q4G21G/view?usp=sharing) -thanks to map220v

    In Windows:
    1) Extract the AP_file.tar.md5 from your firmware.zip file using 7zip
    2) Extract the super.img.lz4 file from the AP_file.tar.md5 file using 7zip
    3) Put super.img.lz4 file in LZ4 folder and run in CMD the command
    lz4.exe -d super.img.lz4 superLZ4.img
    4) Put superLZ4.img file in Simg2img folder and run in CMD the command
    simg2img.exe -i superLZ4.img -o superSIMG.img
    In Linux OR Bash shell:
    1) Put superSIMG.img in otatools/bin folder and extract it in Linux terminal using the command
    ./lpunpack --slot=0 superSIMG.img <destination dir> (I recommend you create a folder for this)
    2) Put, in the folder where you extracted superSIMG.img, the GSI file you downloaded and rename it to system.img. Now you should have odm.img, system.img, vendor.img and product.img files in the same folder. You may also need to delete/remane the original system.img file before renaming the GSI file.
    3) Now you’re going to make a brand new super.img file containing all 4 files of the previous step. This is a critical and tricky step. Run Linux terminal and type:
    ./lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:4294967296 --group main:4293513600 --partition system:readonly:1577095168:main --image system=./system.img --partition vendor:readonly:342155264:main --image vendor=./vendor.img --partition odm:readonly:643456:main --image odm=./odm.img --sparse --output ./super.img

    Note that in this code, the numbers highlighted in bold are the sizes of the 3 .img files you extracted (odm, vendor and product) in step 2 plus system.img you downloaded/renamed, IN BYTES. Update the code with YOUR files's sizes!

    system:readonly:1577095168:main (size of unsparsed system.img in bytes)
    vendor:readonly:342155264:main (size of vendor.img in bytes)
    odm:readonly:643456:main (size of odm.img in bytes)
    as @phhusson stated (thanks!), no need sto use product.img, just supress it at all

    --group main:4293513600 (main partition size 1577095168+342155264+643456=2776752512)
    *The size of main is the sum of the 4 .img files*

    You may face two different problems here:
    1) Odm.img file requested a not avaliable space. Just sum and update main’s size.
    2) System.img is larger than expected. Just sum and update main’s size again.

    Your original super.img file is now created, like Samsung does. Congrats!

    Back in Windows:
    1) Create, using 7zip, anyname.tar file cointaining just the super.img you created. Simple.
    2) Open Odin, untick Auto Reboot, add anyname.tar file to AP, put your phone in Download Mode and flash it. Flash boot(NoForcedEnforce).tar the same way.
    3) Reboot your phone, do a Factory Reset in original recovery.

    In Android:
    1) Install terminal emulator and run the following commands:
    su
    setenforce 0
    getenforce (it should show Permissive)

    Job is done.
    9
    Latest recommended firmware for latest update faster: (Updated weekly).

    WARNING: You can't downgrade anymore once you flashed U3 update !

    TWRP is needed to patch the Android 10 Vbmeta_samsung.img


    You will need:

    -Odin v3.14.1
    https://dl2018.sammobile.com/Odin3-v3.14.1.zip

    -Galaxy A51 Latest USB Driver
    https://developer.samsung.com/galaxy/others/android-usb-driver-for-windows

    You want to download latest firmware directly from server? (fast download)
    Samfirm 0.4.1 or Frija 1.4.2
    https://samfirmtool.com/samfirm-v0-4-1
    https://github.com/wssyncmldm/frija/releases
    Frija not working ? install both vcredist_x00 for your device !


    (Check your windows settings to know which version to install).

    (Microsoft Visual C++ 2010 Redistributable Package) and (Microsoft Visual C++ 2008 Redistributable Package)

    -https://www.microsoft.com/en-US/download/details.aspx?id=29 (x86) 2008
    -https://www.microsoft.com/en-US/download/details.aspx?id=5555 (x86) 2010
    -https://www.microsoft.com/en-US/download/details.aspx?id=15336 (64bit) 2008
    -https://www.microsoft.com/en-US/download/details.aspx?id=14632 (64bit) 2010

    -Open Frija and type in your model (mine is SM-A515F) and your CSC : (mine is LUX).

    (All CSC's and models on Samfrew: https://samfrew.com/model/SM-A515F/).

    -Download and extract SM-A515XX_1_00000000000000_xxxxxxxxxx_fac.zip

    On your device:
    If you want to unlock bootloader:

    -Go to Settings then to About phone and find your build number.

    -Tap on your build number 6 times until you see “You’re now a developer”.

    -Go in Developer options > enable OEM unlocking.

    -Connect the device to your PC.

    -Power off your device with POWER and volume DOWN and directly hold volume UP and DOWN together!

    -Device will boot in DOWNLOAD MODE.

    -Long press volume UP to unlock the bootloader. This will wipe your data and automatically reboot your device!

    If you dont want to unlock bootloader:.

    -Download and extract Odin and open it as administrator.

    Still in DOWNLOAD MODE:

    -Click on BL and select BL_A515FXXXU1AXXX_CL16843479_QB27603640_REV00_user_low_ship_MULTI_CERT.tar.md5

    -Click on AP and select AP_A515FXXXU1AXXX_CL16843479_QB27603640_REV00_user_low_ship_MULTI_CERT_meta_OS9.tar.md5

    -Click on CP and select CP_A515FXXXU1AXXX_CP14483800_CL16843479_QB27603640_REV00_user_low_ship_MULTI_CERT.tar.md5

    (If you want to keep your data don't flash CSC).
    -Click on CSC and select CSC_OMC_OXM_A515FXOXM1AXXX_CL16843479_QB27603640_REV00_user_low_ship_MULTI_CERT.tar.md5

    -Click on USERDATA and select HOME_CSC_OMC_OXM_A515FXOXM1AXXX_CL16843479_QB27603640_REV00_user_low_ship_MULTI_CERT.tar.md5

    -Click on START and wait for installation, when done you can unplug your device.


    ROOT​
    Your KNOX status will be tripped if you follow this tutorial...​
    What's knox ? : https://www.google.com/search?q=samsung+knox+explained

    -Download the latest stock firmware for your Samsung Galaxy A51 with Samfirm/Frija app (faster) or Samfrew/Sammobile website (way slower).


    https://samfrew.com/model/SM-A515F/


    -Extract the SM-A515XX_1_EXAMPLE_0000000000_fac.zip file with 7zip or any other unzipper.

    -Copy the (AP_A515XXXXU1XXXX_CL00000000_QB00000000_REV00_user_low_ship_MULTI_CERT_meta_OS10.tar.md5) file and transfer it to your internal storage.

    -Download and install Magisk Manager APK https://github.com/topjohnwu/Magisk/releases/download/manager-v7.5.1/MagiskManager-v7.5.1.apk

    -Open Magisk Manager and go to Install > Install > Select and Patch a file.

    -Navigate through the storage and select the extracted AP file.
    The firmware will be patched and will be found in Internal Storage/Download/magisk_patched.tar.

    -Transfer the patched file to your PC.

    -Turn OFF your device and boot into DOWNLOAD MODE.

    -In Odin, click on AP and select the patched tar file, Uncheck “Auto Reboot” and click on Install.

    The tool will flash Magisk V20 on your Samsung Galaxy A51.

    To boot in recovery or boot the system with Magisk installed:

    1. Powering up normally → System without Magisk
    2. Power + Volume Up → Bootloader warning → Release all buttons → System with Magisk
    3. Power + Volume Up → Bootloader warning → Keep holding volume up → Actual recovery
    4
    Please post in English!

    Per XDA rule #4:
    4. Use the English language.
    We understand that with all the different nationalities, not everyone speaks English well, but please try. If you're really unable to post in English, use an online translator. You're free to include your original message in your own language, below the English translation. (This rule covers your posts, profile entries and signature). You could try :- https://translate.google.com/ or https://www.babelfish.com/ or use one of your choice.
    Please be respectful of all XDA rules, and other members as well.
    Thank you for your cooperation.
    4
    Could you tell how you used lpmake to repack the image? It's always creating an empty image in my case.:eek:

    lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:4294967296 --group main:4293513600 --partition product:readonly:1516761088:main --image product=./product.img --partition system:readonly:1577095168:main --image system=./system.img --partition vendor:readonly:342155264:main --image vendor=./vendor.img --partition odm:readonly:643456:main --image odm=./odm.img --sparse --output ./super.img

    product:readonly:1516761088:main (size of product.img in bytes)
    system:readonly:1577095168:main (size of unsparsed system.img in bytes)
    vendor:readonly:342155264:main (size of vendor.img in bytes)
    odm:readonly:643456:main (size of odm.img in bytes)

    --group main:4293513600 (main partition size 1516761088+1577095168+342155264+643456=4293513600)
    4
    Vbmeta file that I created that allows RW in every partition. I used the code provided on Ian MacDonald telegram channel
    View attachment vbmeta-A515F.tar
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone