[Official] Note 3 Verizon Bootloader Unlock

[beaups]

No..
It's your code, slightly modified... I would be happy to PM it to you.

Esentially all I did was add a 4th CID4 to the check and changed dev_cid[] and dev_sig [] to the appropriate Note 3 values.

Sent from my Note 3 via Tapatalk

You should post it (just include it it any zips you create or post).

--beaups

 

[donc113]

You should post it (just include it it any zips you create or post).

--beaups

Ok..
Not a problem....I will redo the zip tonight and replace the current zip

Sent from my Note 3 via Tapatalk

 

[en11gma]

i had my sm-n900v on stock official of1
i then rooted and bl unlock with the samsung_unlock_n3 a ways back
before that was released there was another script called "samsung_cid" that would let you view your current cid and also let you change the cid
i have my original cid in a txt file.
heres my problem
i had to revert to stock official OF1
i did not change my CID back to original (not sure if there is a way with the new apk) but here i am
using emmc brick debug tool shows i have the new CID for bl unlock but of course odin mode shows i do not have the developer edition
so im about rdy to root and do this all again but does the unlocker need me to put my original cid in first before i run the program to bl unlock again?
thanks

 

[en11gma]

couple questions.
i was stock OF1
i rooted with arabic tool.
i then did the unlock with "samsung_unlock_n3"
i did not have busybox installed.
odin shows im developer edition.

anyway to fix the damaged sd card error besides formatting?

 

[en11gma]

whats going on with sd card repair from within android?
how do we fix?
format/erase card does not work
aparted does not work
always says its checking for errors

i have used yemen unlock before and never got that padlock custom screen. (i even removed kingroot and installed supersu over it)
this time i used that arabic tool and i have custom padlock screen
i do not want to install xposed
i would like to know why or what is causing it to trigger?
note: i have had the custom padlock screen before and it went away by itself. this time it dont seem like it is gonna go away by itself

 

[bftb0]

so im about rdy to root and do this all again but does the unlocker need me to put my original cid in first before i run the program to bl unlock again?

No. In fact it wants to see that the CID has been updated to the DevEd value before it writes the signature blob to aboot.

As for the "custom" image that is dependent on attribution processes which run after the phone has booted (possibly also in the stock recoveries as well). It can disappear, but it won't happen immediately after a flashing to full stock - those attribution processed need to work for a while before that happens. (Think of it this way - there is no way that the bootloader scans all of /system /data et cetera during booting in order to decide whether anything has been changed - the phone would take forever to boot if that were the case).

If you flash a non-stock boot or recovery image on the phone - even with the developer mode enabled - you will trip the Knox Warranty fuse. (I'm not sure if it was absolutely determined that it really is an irreversible fuse, ryanbg might know if anyone does). I suppose it is possible that if the Knox warranty fuse is set, you'll always see "Custom", but I don't know if that is true or not.

If you are worried about the "Custom" display, then I suppose that means that you are worried about the warranty flag too. If that's the case, you probably shouldn't be doing any of this.

 

[wanb1i]

I made this for the S5. I modded it with your unlock binary. All it requires is you to answer yes in the samsung unlock binary
I dont have a note 3 so let me know.
Edit: You must have busybox installed
1. Install SamsungUnlockerN3.apk
2. Grant SU access
3. Click On Install SamBootloader Unlocker
4. Grant SU access
5. Type Yes Hit enter wait for device to power off
6. Should be unlocked

seems the apk download link isn't working, is there another one?

 

[bftb0]

anyway to fix the damaged sd card error besides formatting?

No.

The original post said that the card would be overwritten. That's not damage, it's what it was supposed to do.

beaups' code wrote 0x10000 blocks each of block length 0x1000 (total of 256 MB) to the beginning of the card. So the original bootblock and partition table (if any) is gone, and the first 256 MB of the card are overwritten with the first 256 MB of flash memory data from your phone.

The purpose of that operation was to have a "debrick image" on a SD card so that if something went horribly wrong, you could still recover from that disaster using ODIN. (The phone detects problems in booting and will boot off of the copies of all the bootloader partitions on the SD card, assuming that they pass all signature checking, just like in the ordinary boot) See here.

If there were some precious files on your SD Card and you were fortunate enough that the data was stored beyond the first 256 MB on the card, the data is still there; but you will need a forensics tool to recover them. (If that's what you mean by "fix").

If you have a spare 256 MB on your PC someplace it's a good idea to "raw dump" that off the card before you re-format so you will have a debrick image if case you ever need it.

If you just want to have a formatted card back, go ahead and format it. Probably not with Windows, as there will be a new UEFI/GPT on the card (with 25 partitions!), and Windows tends to get confused if it sees anything out of the ordinary. But you can try. Or just dd if=/dev/zero some zeros onto the card for a couple of MB before handing it to windows for formatting.

 

[donc113]

You should post it (just include it it any zips you create or post).

--beaups

Source code added to zip and posting updated with new zip



Sent from my Note 3 via Tapatalk

 

[1Xfan]

I have been out of the VZW Note 3 loop for a while; not much going on for many months. Then I saw this new posting the other day and wet my pants! Sweet & many thanks !!!
I am still on 4.4.2 Biggins ROM; never jumped to 5.+.
I am rooted, and with flashfire. Is it safe to assume this exploit will work on the 4.4.2/ NC4 bootloader? ... without having to flash to 5.0+ (?)

 

[bftb0]

Is it safe to assume this exploit will work on the 4.4.2/ NC4 bootloader? ... without having to flash to 5.0+ (?)

I did it on MJ7, and it worked there

And now I have a marshmallow ROM (cm13) and a true TWRP (4.3) recovery running on top of MJ7 firmware.

Never lost root - I either had it in the external recovery, or the ROM, or both.

Your Knox warranty flag will get tripped though as soon as you install a custom bootable image (recovery or boot partitions)

good luck.

 

[arucarda]

Wiped my sdcard...

Enjoy. Don't forget to thank @beaups too, he discovered the eMMC backdoor and exploited it!

Disclosure: I do not own a Note 3. The exploit happened to be applicable to the Note 3, and we compiled it for your devices rather than not release it at all. This seems like a reasonable and friendly thing to do for the community. I can't help you root or teach you how to use ADB. It's important you have the ability to do these things or research them a bit before blindly using this. I am very familiar with Samsung however, and time permitting, will do my best to help anyone having issues.

You should not run this if you don't understand it.

ROOT REQUIRED, we aren't responsible for anything you do with this.
You NEED a MicroSD, and it WILL be formatted during this process.

YOU MUST DISABLE REACTIVATION LOCK OR YOU WILL HAVE ISSUES!!!!!!!!!
You can download the eMMC brick bug check app on the Play Store to verify your CID starts with 15. If it does, you are good. If not, it will not work.

The code below is NOT a script, you must enter the commands manually.

adb push samsung_unlock_n3 /data/local/tmp/
adb shell
su
cd /data/local/tmp/
chmod 777 samsung_unlock_n3
chown root.root samsung_unlock_n3
./samsung_unlock_n3

Allow device to reboot. After full reboot, run

adb shell
su
cd /data/local/tmp/
./samsung_unlock_n3

again, power down and pull battery. May need to run it again if it doesn't work after the battery pull.

Paypal: [email protected] [COMPLETELY VOLUNTARY AND OPTIONAL]

Done this 3 times, 2 out of 3 wiped the sdcard, I recommend pulling it first. Running ob6

 

[bftb0]

Done this 3 times, 2 out of 3 wiped the sdcard, I recommend pulling it first. Running ob6

Bad advice.

You read this part, right?

You NEED a MicroSD, and it WILL be formatted during this process.

If you look at beaups' code you will see that

a) the program needs to run TWICE (just as the OP's post instructs)
b) on the first run, it only changes the CID
c) the SD card is overwritten on the 2nd invocation of the program or anytime it finds a CID which matches the DevEd CID.
d) the program will not perform the final and most crucial step of the process - writing a signature blob into the aboot partition - if it fails to find a SD card and write to it.

So if you ran the program three times, then yes, it would have overwritten the SDcard two times. And if you don't use a SDcard, the program will error out rather than completing the process.

That's what it is supposed to do. It is creating a safety mechanism known as a "debrick image" SD card (look it up) that can boot the phone into Odin Mode if a disaster happens.

So, no. Follow the instructions as given, and use a spare SD card. It's probably a good idea to save the SD card "as is" as a safety precaution.

 

[donc113]

From 4.4.2 (rooted) i ran my version of unlock... Worked fine... Loaded TWRP, (that does void warranty bit but mine is LONG out of warranty), flashed Jasmine 6.1 and the lean kernel. Zero problems (i followed the instructions and made a backup before flashing Jasmine and then wipped phone) and all is working well... I am still using NK1 modem and zero issues for phone or data.






Sent from my Note 3 via Tapatalk

 

[1Xfan]

That's too bad it voids nox
I'm sure there is a way to disable nox. Someone will find it.
Good to hear it worked for you, and I'm not the only one who didn't jump to marshmallow.

Sent from my SM-N900V using Xparent Skyblue Tapatalk 2

 

[bftb0]

That's too bad it voids nox

This is a sincere question, not snark: does anyone own a Note 3 which is still under warranty?

If the phone's warranty has already expired due to time since purchase... then isn't that little flag just a meaningless cosmetic detail?

I tend to purchase gear and use it until it's seriously obsolete (close to zero value), so I don't have a feel for whether an Odin flag affects used equipment value.

 

[donc113]

That's too bad it voids nox
I'm sure there is a way to disable nox. Someone will find it.
Good to hear it worked for you, and I'm not the only one who didn't jump to marshmallow.

Sent from my SM-N900V using Xparent Skyblue Tapatalk 2

There's two flags/fuses. Knox and warranty. Flashing TWRP instead of the standard recovery will "blow" the warranty fuse but NOT the Knox fuse.





Sent from my Note 3 via Tapatalk

 

[icedventimocha]

Thanks to all involved. Used the apk, had to do it twice but that was most likely due to the delay in the supersu promts.

Sent from my SCH-I605 using Tapatalk

 

[djshaff]

God I can't believe this actually happened! So coming from 4.4.2, I'm unlocked, did full whip and running Dirty Unicorns, and everything works beautifully, huge thanks to donc113 on post 217 to get this to work on 4.4.2!! Only problem, pull your extSD card before you run this! It nuked mine, and everything on it, it was mentioned once early on in this thread but I skimmed past and forgot while looking for my fix!

Also, I think I am on MJE modems, or at least one of the earlier ones that seemed to work better.

 

[icedventimocha]

So if we need to Odin back to stock do we use Normal or the Dev version tars?

Sent from my SCH-I605 using Tapatalk