NK1, OB6, OF1 testers wanted for NC4 back-booting trials

[bftb0]

So, I cobbled together a (custom-recovery) flashable NC4 stock ROM.

I'm interested to find out whether it is possible to boot it successfully from later bootloader firmware - e.g. NK1, OB6, or OF1

(I'm still on NC4 bl and not planning on upgrading near term. It boots on NC4 bl but that's pretty obvious lol)

[size=+2]Q: Why would this be useful?

A: to provide a means for upgrading bootloader firmware without starting from scratch.[/size]

For instance, there are folks on OB6 firmware that would like to use a custom ROM that will only work on OF1 firmware. They can certainly start from scratch (backup and unload the entire device); an alternative would be to:

- Make a backup of an existing rooted ROM (that more than likely has a custom or modified boot image so is not bootable when the bootloader gets re-locked) using the currently-installed custom recovery (which will also be non-bootable under re-lock).

- Restore a (debloated) pure stock ROM w/ Samsung kernel. Root it with Towelroot (does not touch boot image)

- Flash replacement bootloader only in Odin. Locked bootloader = no custom recovery... but with a rooted stock ROM already in place with an unmodified stock kernel it can be immediately unlocked.

NC4 is easily rooted with Towelroot-v3 "on device". No need for PC drivers, online rooting tools with a separate PC, etc (e.g. as with Yemen rooting methods on OB6, OF1)

This approach in principle saves the need to backup everything up in the /sdcard - but you have to know in advance that the NC4 stock kernel and ROM can successfully be booted with later bootloaders.

So anyway, that's what I'm asking for help testing with - folks that are: (a) unlocked and (b) on NK1, OB6 or OF1 bootloader willing to try flashing a debloated NC4 Stock ROM using their existing custom recovery, and see if it boots, roots, and if root survives a single boot cycle.



Contact me via this thread or PM; I'll provide the flashable NC4 and the Towelroot .apk


.

 

[hotrod85z]

my n900v came with 5.0 Of1 but i rooted, unlocked BL. installed twrp and flashfired NC4 tar minus recovery
runs smooth.I hate lollipop.lol
only bug is wifi password resets everytime i reboot
im curious as to why i have trouble running certain nc2/nc4 roms..some want to bootloop/freeze
baja,biggins,and objective rom
kernel issue maybe? or BL version
btw. i am rooted via towelroot v3

 

[bftb0]

my n900v came with 5.0 Of1 but i rooted, unlocked BL. installed twrp and flashfired NC4 tar minus recovery
runs smooth.I hate lollipop.lol

Thank you for posting that, very useful/helpful information to know.

Does Flashfire understand the Samsung "sparse" image format of the system.img.ext4 file inside the Stock (Odin) .md5 tarfile blob? Or maybe somebody else packaged up a "flashable .zip" of NC4?

only bug is wifi password resets everytime i reboot

in /system/build.prop, set ro.securestorage.support=false and reboot. You might also want to set ro.config.tima=0 as well.

I suspect that mixing and matching Samsung kernels with bootloader versions breaks something in the TrustZone, and so secure containers and other sort-of-obscure security functions no longer work as the TZ smells something fishy. I am using a rooted PL1 rom on NC4 bl and it would spontaneously reboot (infrequently) until I made the above changes - it's been rock stable for about 4 days now. Why this works I can't really say - it's a "generation skipping" bootloader and stock rom combination - N* bootloader and P* ROM *

im curious as to why i have trouble running certain nc2/nc4 roms..some want to bootloop/freeze
baja,biggins,and objective rom
kernel issue maybe? or BL version
btw. i am rooted via towelroot v3

all of the above or none of the above LOL

There are definitely some mysteries here, and I don't claim to fully understand the interdependence of the TZ (== bootloader firmware), the TIMA and RTKP stuff in the kernel, and the cross-communication between kernel and TZ via the qseecom service daemon (which is in the ROM in /system/bin) much less how the APIs of all these interfaces might have changed between major releases.

You could check those two build.prop settings in those ROMs for starters though. I suspect that if the TZ smells something fishy (e.g. a kernel TIMA to TZ info mismatch), a variety of secure credential services in the TZ stop working. It is possible that "ro.securestorage.support" is a toggle that attempts to use TZ services when it is set to "true", and so anything in the ROM which builds on it breaks because the TZ is refusing to play on an otherwise "stock" ROM variant.

FWIW I got the AryaMod (S7Edge MM port) + phantom kernel running on NC4 bl + OF1 modem for a full 24 hours after I disabled the qseecom service daemon. It ran long enough that I had customized the whole thing as a daily driver with all my apps, verified that all sensors & radios worked, made test calls, etc. Rebooted it and the kernel started getting reset by a "Modem Reset". Even weirder was that despite the use of the OF1 "modem" firmware, the kernel was reporting a bunch of RIL "unknown ioctl's". Strikes me as odd that the whole thing could run that long with so many different things happening, and then the "modem" is unhappy - even though other folks are using the ROM with OF1 bl + OF1 radio/modem firmware. (As if the "modem" isn't really the source of the problem, even though that's what initiates the device reset).



.

 

[hotrod85z]

i initially tried flashing NC4 full tar via ODIN. but even bl unlocked. i got FAIL. flashfire worked!
very curious as to whether a custom n900v kernel would boot my 4.4.2 custom roms..its either that or the BL isnt compatible with non-touchwiz roms....
most of the kernel/modem/firmware links on here are 404 error dead links.. would be nice to see an up to date sticky. ill flash anything as long as i dont end up in JTAG mode with a brick.lol
ive played with verizon s5 atnt s2,galaxy capitivate,atrix 4g and many other phones
the s2 is still by far the fastest Smoothest phone on cm7..the newer the phones..the newer the OS..the bigger the resourse hogs"ram" im a minimalist...

even after flashing NC4 official full tar..im still showing OF1 baseband under settings

 

[bftb0]

@hotrod85z

FWIW I posted a bunch of recovery-flashable stock ROMs here.

There is also a link in that thread to a complete set of (Odin flashable) modems for NC4, NJ6, NK1, OB6, OF1, and PL1 if that is of interest to you.

Maybe I wasn't paying attention, but I could swear that on at least one occasion or two when I performed an Odin modem flash, it didn't "stick", despite no complaints on the handset screen or in Odin - the next boot showed the (prior) baseband version, not what I flashed. Its a bit of a mystery to me; but for now I've resolved to make sure that after the Odin session is complete, I wait 30 seconds or so, then remove the USB cable, and then pull the battery rather than try to restart the device by holding buttons down. It is possible that those events occurred when I soft-restarted the phone, but I'm not sure. For now I'm just trying to always flash and restart with exactly the same method to avoid different behaviors from creeping in.


PS I have no idea if those ROM flashables are compatible with Flashfire. They might be, but I've never tested it, and as they are not pre-rooted I'm not going to suggest it for fear that somebody with a rooted but locked (bootloader) phone will try using flashfire and then end up with a phone that needs a full Odin re-install. Appearances are that each version of the bootloader restricts the Samsung signing verification to only the matching kernel version - you can't even boot a Signed samsung kernel on a locked phone if it is a different version than the bootloader's version.

 

[Dlind]

Hello all I have a emmc exploit note 3 I'm using here and I wanted to flash different radios for the us carrier note 3's and I first tried to use flash fire to try to update the modem, but even that didn't stick, cause I don't readily have a pc available, I wasn't ballsy enough to flash a different carrier modem, since I checked the odin screen and saw that instead of a bootloader unlock, its in developer mode and I didn't want a brick, so overall my question is, do I need a unlocked bootloader to flash different modems and do I need odin tovdo it or will some sort of mobile odin or something do it? Thanks mates and happy flashing.

 

[bftb0]

Hello all I have a emmc exploit note 3 I'm using here and I wanted to flash different radios for the us carrier note 3's and I first tried to use flash fire to try to update the modem, but even that didn't stick, cause I don't readily have a pc available, I wasn't ballsy enough to flash a different carrier modem, since I checked the odin screen and saw that instead of a bootloader unlock, its in developer mode and I didn't want a brick, so overall my question is, do I need a unlocked bootloader to flash different modems and do I need odin tovdo it or will some sort of mobile odin or something do it? Thanks mates and happy flashing.

Well, your question is way off topic for this thread.

But since nobody is in here anyways, I guess I'll answer the parts that I am able to.

The modems that I posted over in that other thread were meant to be flashed in Odin using a PC. You can use either the AP slot or CP slot. Note that the very first post says - in big bold blue letters "Odin-flashable Modems".

Not flashfire. It never said anything about flashfire.

Is there such a thing as MobileOdin? If there is, I know nothing about it and certainly have never tested anything with it. So I don't know and am not going to speculate.

You said something confusing here:

I checked the odin screen and saw that instead of a bootloader unlock, its in developer mode

If it says "MODE: Developer" you have an unlocked bootloader. Which is exactly the same thing as a Developer Edition phone.

If you were to use a PC with Odin and you flashed a FULL Stock firmware flash, yes it would overwrite the unlocked bootloader and indeed re-lock the phone. If you were able to re-root that (stock) ROM, you could perform the unlocking procedure again to unlock it.

On the other hand, those Odin-flashable modem packages do not contain the bootloader firmware, so if you were to use Odin on a PC to flash just those modem images, your bootloader would not get re-locked - the unlocked bootloader is still there, untouched.

When the carriers issue an OTA update, many times (perhaps most of the time) they contain a modem update (NON-HLOS.bin and modem.bin). So it is obvious that they are able to be flashed **somehow** right on the phone, without using Odin from the PC or an "Odin app" at all.

BUT that happens using a combination of the STOCK recovery and the bootloader itself during the reboot following the actions taken by the STOCK recovery. (My guess is that the recovery simply "stages" it into place, and sets some flags so that the bootloader knows that it is supposed to evaluate the crypto signatures of the file blobs that the recovery put into place and it is actually the bootloader that does the flashing. That's really not a whole lot different than what happens when you transfer files from Odin to the phone - the "Odin/Download" mode is just one of the personalities of the bootloader. (Odin is actually a rather dumb program - it's the bootloader on the phone that gets to decide whether a flash happens. It does that by carefully examining the file blob that gets transferred, e.g. crypto signature checks)

My guess is that you would be able to flash STOCK modem packages from Odin (using a PC) independent of whether the bootloader is locked or unlocked. But as I said: "guess".

I don't have a second phone to test with, so I would have to flash completely back to stock and lock my bootloader to be able to test that hypothesis. That's a big jobs because of all the crap I have to backup and restore to my phone.


Frankly, if you don't have access to a PC, and you really need your device to keep working, I would advise you to stop screwing around with it, simply because you don't have good tools available to fix it if a disaster occurs.

PS. I've never once noticed anything different between various radio firmwares on ANY device I've ever owned.

 

[Dlind]

Well, your question is way off topic for this thread.

But since nobody is in here anyways, I guess I'll answer the parts that I am able to.

The modems that I posted over in that other thread were meant to be flashed in Odin using a PC. You can use either the AP slot or CP slot. Note that the very first post says - in big bold blue letters "Odin-flashable Modems".

Not flashfire. It never said anything about flashfire.

Is there such a thing as MobileOdin? If there is, I know nothing about it and certainly have never tested anything with it. So I don't know and am not going to speculate.

You said something confusing here:



If it says "MODE: Developer" you have an unlocked bootloader. Which is exactly the same thing as a Developer Edition phone.

If you were to use a PC with Odin and you flashed a FULL Stock firmware flash, yes it would overwrite the unlocked bootloader and indeed re-lock the phone. If you were able to re-root that (stock) ROM, you could perform the unlocking procedure again to unlock it.

On the other hand, those Odin-flashable modem packages do not contain the bootloader firmware, so if you were to use Odin on a PC to flash just those modem images, your bootloader would not get re-locked - the unlocked bootloader is still there, untouched.

When the carriers issue an OTA update, many times (perhaps most of the time) they contain a modem update (NON-HLOS.bin and modem.bin). So it is obvious that they are able to be flashed **somehow** right on the phone, without using Odin from the PC or an "Odin app" at all.

BUT that happens using a combination of the STOCK recovery and the bootloader itself during the reboot following the actions taken by the STOCK recovery. (My guess is that the recovery simply "stages" it into place, and sets some flags so that the bootloader knows that it is supposed to evaluate the crypto signatures of the file blobs that the recovery put into place and it is actually the bootloader that does the flashing. That's really not a whole lot different than what happens when you transfer files from Odin to the phone - the "Odin/Download" mode is just one of the personalities of the bootloader. (Odin is actually a rather dumb program - it's the bootloader on the phone that gets to decide whether a flash happens. It does that by carefully examining the file blob that gets transferred, e.g. crypto signature checks)

My guess is that you would be able to flash STOCK modem packages from Odin (using a PC) independent of whether the bootloader is locked or unlocked. But as I said: "guess".

I don't have a second phone to test with, so I would have to flash completely back to stock and lock my bootloader to be able to test that hypothesis. That's a big jobs because of all the crap I have to backup and restore to my phone.


Frankly, if you don't have access to a PC, and you really need your device to keep working, I would advise you to stop screwing around with it, simply because you don't have good tools available to fix it if a disaster occurs.

PS. I've never once noticed anything different between various radio firmwares on ANY device I've ever owned.

Thanks SOOOOOO MUCH for your input I kinda had a feeling that the idea was risky at first and I don't know a whole lot about odin and I wish Samsung could have created something much easier to use, but thanks for answering the wayyyyy off topic question, I'm gonna smash that thanks button, I'm also going to take the advise on not cross flashing different modems, its just to risky. You answered all my questions so thanks, Also I want to say thank you for your continued work on this phone is by normal terms "old" now but in reality its still an amazing phone with the right custom software, and happy flashing!