Actually, right now this is my experience changing system.img file using Samsung firmware:
- For the first time since I have this phone, I've flashed the new firmware without any changes (BT + AP + CP + CSC) just to check how was it, and to check the Knox status
- It worked smoothly, the status was 0 as always
- I've restarted the phone, completed the initial configuration, enable USB debugging (checking OEM was still unlocked) and tried with the modified version
- This time I've used again all the files but my AP file had a custom name (upload.tar), but every time Odin refused to flash it (it was just stacked and didn't move)
- One time it was stacked in SettingConnection (something like that) and the only thing I could do was to force restart, upon restarting I've got a blue screen saying to use Samsung Smart PC to re-initiate the phone status (first mistake)
- But actually, following some info on a forum, I just flashed the BT and force restart, and the phone started normally again
- My second mistake (I was still not very practical with those things), instead of restart and initiate the phone with the first configuration, I kept flashing, so apparently in this state (without proper initialization) the bootloader is locked, so I start getting red messages that the software was not original
- At the end, after several tries, I flash again the original software, restart and initialize the phone, so the bootloader was again unlocked
- Then I flash all the files but this time I've renamed my file from update.tar with the original AP file name (excluding the md5) and everything was fine and Knox still 0
- At this point, I don't know why, but when I was trying to execute getprop with the one I've set in the system/default.prop, they were still not set
- I've tried different approaches (changing /default.prop) or even adding a setprop int he init.rc, but still I had no luck
- Today I've noticed Knox status is 1 but the hex number us 0x0400, I've read a bit about it, and it seems this depends on the region and if the phone belongs to an operator or not, basically it means that Knox realized I was doing something wrong (probably trying to flash while the bootloader was locked?), so it secures the "working profile" (to save the private data from some malicious person trying to hack the phone), but the phone itself is still in warranty, it really depends from the country.
So, long story short, even tho I've been able to flash custom prop files, somehow their changes didn't take effect, I'm speculating, but I guess it depends on the "Android installation" blue screen that appears during the first reboot after flashing, maybe it overrides the data with some other data taken from somewhere else? I have no idea
Just an advise, in case you want to try, my suggestion is to:
- Remove md5 to all the files
- Rename your tar with the original file name you want to substitute (Odin does some very basic check using the filenames, and I actually also saw that every tar file has 3 lines the end with the release(?) number, the file size, and the md5, in case you want to be even more precise you should consider adding those lines at the end, cause honestly the files will have the same size, so since the md5 you can provide, I'm not sure in which other way Odin can understand it is not the official firmware, as also displayed in Download mode)
- Flash all the files together
I hope my experience can help somebody else in case he wants to play with those files. If somebody knows why the changes made didn't have effect when rebooting, I would be really interested to know why.
