Resources for Samsung Galaxy TAB A 7.0 (2016) SM-T285

[osm0sis]

Alright, I got it all worked out; should be pretty robust now:
https://github.com/osm0sis/dhtbsign

:highfive:

I'll have support added for Android Image Kitchen v2.9. :good:

 

[AnierinB]

If anyone is willing to part with their T280 or donate one to me, I'll be willing to work on it. It is quite unfortunate that the T280 isn't offered in my country otherwise I would have taken care of this device by now.

If you still need a device I'm willing to part with mine as long as you can pay for the shipping label. Anything to help development for this device is worth it as I can get them from my work for 120 USD. Just PM me If you're still up to it and can pay for the label.

 

[Delgoth]

For those who are impatient and know how to patch their system.img with the SuperSu binaries:

Attached patched boot.img (has init.supersu.rc ready to run /system/xbin/daemonsu).

To build a boot.img for device you need a custom mkbootimg here:

https://github.com/jedld/degas-mkbootimg/commit/b63ae38e2ab7040cc7ddaef777652a56b2e48322

Unpacking/packing the ramdisk is pretty standard. The mkbootimg is used like this:

degas-mkbootimg -o boot.img --signature seandroid.img --base 0 --pagesize 2048 \
  --kernel boot.img-zImage --cmdline "console=ttyS1,115200n8" --ramdisk boot_kitchen/boot.img-ramdisk-new.gz --dt boot.img-dt

I've tested this so far only for my device. Feedback needed if boot.img flashes properly in other devices as well.

haven't tried if this technique works for recovery, but in theory it should. Now someone please get TWRP on this device

Installation:

Flash boot.img using heimdall/odin as is. If everything works well the device should accept it like nothing

Okay I haven't read the rest of the thread yet. I found this post first. But I will read after I make this post before I forget what I was going to say.

If I read your post correctly, "the standard mkbootimg" program cannot actually unpack and repack the boot.img correctly. Which is an extremely common occurrence on Samsung Devices, even though the vast majority of those Samsung Devices use AOSP type boot.img's.

I am also surprised there is actually data on the kernel command line.

Does Your patched boot image just modify the ramdisk by simply inserting the init.supersu.rc and making sure it gets called?

I ask these kind of basic questions because I've had my tablet for a month, and it's a bit different in some areas than the Galaxy Mobile Phones. This is the first device I've had in awhile that allowed me All Possibilities without worrying about telephony services. So I've been slowly getting my environment back in order. So I can take some new details into my older projects.

 

[jedld]

Okay I haven't read the rest of the thread yet. I found this post first. But I will read after I make this post before I forget what I was going to say.

If I read your post correctly, "the standard mkbootimg" program cannot actually unpack and repack the boot.img correctly. Which is an extremely common occurrence on Samsung Devices, even though the vast majority of those Samsung Devices use AOSP type boot.img's.

I am also surprised there is actually data on the kernel command line.

Does Your patched boot image just modify the ramdisk by simply inserting the init.supersu.rc and making sure it gets called?

I ask these kind of basic questions because I've had my tablet for a month, and it's a bit different in some areas than the Galaxy Mobile Phones. This is the first device I've had in awhile that allowed me All Possibilities without worrying about telephony services. So I've been slowly getting my environment back in order. So I can take some new details into my older projects.

This post is a little bit outdated now. But yeah the kernel command line doesn't really do anything, I've discovered that it is actually part of the dt image.

This is the first device I've had in awhile that allowed me All Possibilities without worrying about telephony services. So I've been slowly getting my environment back in order. So I can take some new details into my older projects.

For a 5.1 device at launch, LineageOS 14.1 runs on this device if you want a measure on how hackable it is, you can check out the lineageos customrom thread for the T285. I've also included links to the kernel and LOS manifest if you want to build it for your device. I've gotten oreo partially to work, unfortunately it is not on a level that is usable at the moment.

 

[Delgoth]

This post is a little bit outdated now. But yeah the kernel command line doesn't really do anything, I've discovered that it is actually part of the dt image.



For a 5.1 device at launch, LineageOS 14.1 runs on this device if you want a measure on how hackable it is, you can check out the lineageos customrom thread for the T285. I've also included links to the kernel and LOS manifest if you want to build it for your device. I've gotten oreo partially to work, unfortunately it is not on a level that is usable at the moment.

What I am most interested in, now that I've read the thread, is the process that went into finding out how to sign the images. What implications does this give way to for other samsung based devices?

 

[jedld]

At least for the T285, although there is a signature check, it allows the image to be flashed anyway.

 

[tekcomm]

Ya thats probably why I could hex edit into the 7.1.2 kernel androidboot.selinux=permissive then magisk it and then pop it with magisk-permissive-script_v1.2.zip . There is a russian tool that will sign it from the same guy who made the Rk image packer/unpacker tool I believe.
.

 

[Khanjoon123]

Bro I have tab a6rooted but I cannot install xposed

I have error from install xposed installer and recovery mode also
In installer error is error 1 occurrd
And recovery most is error fount 255 what's the problem please help me

 

[steadicam]

updates?

Any luck? Anyone make any progress?

Hmm - it matched my original boot.img (from Samsung's AQA4 factory firmware). When I branched, I had to recompile unpack/mkbootimg, otherwise it gave me bad results:

root@ubuntu:/gtaba/degas-mkbootimg/boot# ../tools/degas-unpackbootimg -i boot.img
Android magic found at: 512
BOARD_KERNEL_CMDLINE console=ttyS1,115200n8
BOARD_KERNEL_BASE 00000000
BOARD_RAMDISK_OFFSET 01000000
BOARD_SECOND_OFFSET 00f00000
BOARD_TAGS_OFFSET 00000000
BOARD_PAGE_SIZE 2048
BOARD_SECOND_SIZE 0
BOARD_DT_SIZE 380928
Before read
After read
Total Read: 14064384
root@ubuntu:/gtaba/degas-mkbootimg/boot# ../tools/degas-mkbootimg -o boot_new.img --signature ../tools/seandroid_t280.img --base 0 --pagesize 2048 --kernel boot.img-zImage --cmdline "console=ttyS1,115200n8" --ramdisk boot.img-ramdisk.gz --dt boot.img-dt
root@ubuntu:/gtaba/degas-mkbootimg/boot# ../tools/mkT280bootimg -i boot_new.img -o boot_t280.img
root@ubuntu:/gtaba/degas-mkbootimg/boot# diff boot.img boot_t280.img

 

[TopTongueBarry]

I have error from install xposed installer and recovery mode also
In installer error is error 1 occurrd
And recovery most is error fount 255 what's the problem please help me

https://forum.xda-developers.com/xposed/unofficial-xposed-samsung-lollipop-t3180960
https://androidfilehost.com/?fid=385035244224402234

 

[ashyx]

https://forum.xda-developers.com/xposed/unofficial-xposed-samsung-lollipop-t3180960
https://androidfilehost.com/?fid=385035244224402234

Just use Magisk it comes with Xposed that can be used on any device.

 

[gogomogo]

hello.

i have sm-t280 tablet and i need to change bootlogo. i tried all of ways but no result. can you help me please?

 

[gcrutchr]

hello.

i have sm-t280 tablet and i need to change bootlogo. i tried all of ways but no result. can you help me please?

See post #2 at this URL:
Change Boot Logo

 

[Mubanda]

Hello guys!
I'm kinda new here,,,
I have SM-T285, and I have installed leanageOs 14.1 developed by @jedld and it really worked well.
I was wondering if there is any hope of developing newer LineageOS either Oreo or Pie for this model.
Please, if anyone knows how to do it, please help!

 

[katodelumo]

Is there any difference between SM-T285 and SM-T285M?

 

[_mone]

Alright, I got it all worked out; should be pretty robust now:
https://github.com/osm0sis/dhtbsign

:highfive:

I'll have support added for Android Image Kitchen v2.9. :good:

Sorry for necromancing this old thread.

If you want to have a look at the "original" tool, you can find it here:
https://github.com/underscoremone/android_device_samsung_gtexswifi/tree/android-6.0/insertheader/source

 

[baltazar9]

hello guys!
i have SM-T285 Samsung tab which have MDM Locked No factroy reset allow, no firmware writing allow, no uodates installtion allowed anyone have removing solution plz tell me

 

[RFZ]

@ashyx - Reversed engineered the 280 header and came up with the following notes:

The header is 512 bytes long.
First 8 bytes consists of magic - 0x44 0x48 0x54 0x42 0x01 0x00 0x00 0x00 - DHTB
This is followed by a sha256sum of the payload. Note that the "payload" starts with the start of the ANDROID header until the first 20 bytes of the SEANDROIDENFORCE header
Followed by 4 bytes which I think is unused and then followed by a 32-bit unsigned integer consisting of the size of the payload.
After that it is mostly empty bytes as far as i can tell.

This is true for both boot and recovery headers.

Below is the sample header of the DHTB header of the T280:

< 00000000: 4448 5442 0100 0000 4b40 f348 e206 7672 [email protected]
< 00000010: 8fe4 72c2 06ed 0fdd 9df7 16d7 80d0 fc64 ..r............d
< 00000020: 17bd 6594 5881 07b2 0000 0000 0000 0000 ..e.X...........
< 00000030: 1498 d600 0000 0000 0000 0000 0000 0000 ................


We can see that payload is 14063636 long, original boot.img is 14064808 long, the seandroid header is 680 bytes long so we do the math
14064808 - 512 (Size of the DHTB header) - 680 (seandroid header) - 20 (we include the SEANDROIDENFORCE magic string)
=
14063636 = 0x00d69814 , then swivel to account for endianess 0x1498d600

afterwhich I computed the sha256sum of the 14063636 byte payload and got 4b40f348e20676728fe472c206ed0fdd9df716d780d0fc6417bd6594588107b2
which matched the checksum value.

Hope with this information, T280 users can get what they deserve so much

Hey, I came across this when researching the DHTB header.
I learned about it the hard way when I tried to install SuperSU (using zip in TWRP) on my SM-T280 that has LineageOS 14.1 installed. It didn't boot ( see https://forum.xda-developers.com/t/sm-t280-supersu-install-zip-creates-broken-kernel-image.4492241/ ).
I noticed the missing DHTB header in the boot partition after the install, so I simply put it back (backup from the LOS image) and this worked for the SuperSU 2.78 install, but not for the SuperSU 2.82 install (still stuck on boot screen).

After more testing I found that it ignores the signature and doesn't care much about the payload length either. However, some payload lengths cause it to get stuck at boot. That's why my fix did not work for SuperSU 2.82.
Using a signature AND payload length of just 0x00 just worked fine for me.
Is this some kind of edge case or did others notice that as well?