General Rooting, ODIN, Firmware, CSC Information And Myths Debunked / Noob's Guide To Samsung Devices

Search This thread
By:
Advanced…
JazonX

JazonX

Senior Member
Dec 16, 2009
2,333
921
Xiaomi Mi 11 Ultra
Craith said:
I worked at a retail store and the samsung reps left them for us when they added the newest device on the display so it kind of landed on my hands.
Click to expand...
Click to collapse

I agree, I too worked in a Samsung Store. They just leave them, or ask us to scrap them when the life cycle is completed as many are by then AMOLED burnt or battery dead. Sometimes, They bring extra and handover to us for promos and stuff.

The speed some people here on XDA jump to conclusion that it's stolen is crazy!
 
JazonX

JazonX

Senior Member
Dec 16, 2009
2,333
921
Xiaomi Mi 11 Ultra
Craith said:
As i wrote above i did have it work on U1 with patched certificates etc etc, but i messed up and upgraded to U5 so i'm kinda stuck with a brick. I tried everything i could find software side but nothing so i'm propably gonna swap the motherboard since it's in a pretty good condition as a device. Thank you for your answer!
Click to expand...
Click to collapse

Can I know how to patch the certificates ?
I think this is temporary and doesnt survive a factory reset. But let me know if you can.
 
You must log in or register to reply here.

Similar threads

kangi26
How To Guide OTA and Non-OTA Firmware for S22 Ultra SM-S908U and S22 Ultra SM-S908U1 Versions
Replies
3K
Views
224K
gernerttl
gernerttl
Williamtung
How To Guide Guide to root Galaxy S22 Ultra (B/E/N/0), unlock bootloader and flash official firmware (noob friendly)
Replies
509
Views
128K
gernerttl
gernerttl
Luxferrea
Question SD Native call recording & CSC (without rooting)
Replies
792
Views
106K
N
Nikishek
dr.ketan
  • Poll
Development [15.05.23] Full ROM System-RW for S908E/B I Magisk ROM Module for all S22 I Dr.Ketan ROM
Replies
2K
Views
178K
Pehpe
Pehpe
K
General (OPEN DEV) BruteRoot - A collection of Root Tactics (Possibly Force Bootloader unlock on NA Samsung S22?)
Replies
188
Views
27K
wr3cckl3ss1
wr3cckl3ss1

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 44
    Macusercom
    Macusercom
    Since a lot of people will have their Galaxy S22 Ultra soon and I myself am thinking about either getting an S21 Ultra or S22 Ultra, I wanted to summarise a lot of information I found out during researching as Samsung devices are quite different from OnePlus or Google devices in that they don't support fastboot but only ODIN.

    If you've enjoyed it or it has helped you, a thumbs or or thanks is always appreciated! Feel free to share and link to this thread for newbies to Samsung devices like I am ;)



    Which ODIN version to use?

    There are a lot of ODIN versions out there. Even reputable sources seem to copy & paste files without checking them first. The lastest version is v3.14.1. Any newer version as of now is a hoax as they simply renamed the version to v3.14.4 without any changes

    How to check if you have a trustworthy version?
    • First of all: it should be version v3.14.1.
    • In the ZIP file there is a file called "odin.ini". The second line should be"Title=odin“. If not, some website has changed that.
    • In the same .ini file there should NOT be a:
      [UIOption]
      LED=0
      (Someone apparently ticked that checkbox in ODIN, saved it and uploaded it. The default .ini file does not contain it unless you checked it yourself in ODIN.)
    • In the ZIP file there should NOT be a file called "cpprest141_2_10.dll“. This is a Microsoft file that is not malicious, but doesn't belong in there.
    Since most ODIN files are copy and paste, it should be easy to identify whether you have the right version or not. (Source)



    ODIN: AP, BL, CP, CSC​

    People love to spread information without questioning it. So I came across thing like "BL" stands for bloatware etc. No, it does not.

    • BL (Bootloader)
      This contains all bootloader relevant files (like the BIOS on your PC). This is quite essential as a broken bootloader can brick your device permanently.

    • AP (Application Processor or PDA)
      This contains Android and all relevant files you might know from other device manufacturers. As of now, most devices use a "payload.bin" inside the firmware ZIP. This is exactly that but you can simply unzip the .tar file without needing any tool like Payload Dumper. Though, unzipping it does not help you at all since you can't flash the .img file separately.

    • CP (Core Processor)
      CP contains modem files. On other devices it is included in the payload.bin as "modem.img". Here it is inside CP.tar

    • CSC (Consumer Software Customization)
      CSC contains the country and carrier specific stuff like which apps are pre-installed, which bands are available, 4G/5G, VoWiFi, VoLTE etc. Nowadays it is a multi-CSC but more on that later.

    • PIT (Partition Information Table)
      This contains the partitions if you ever need to re-partition your device. It can be used in the PIT section in ODIN but on newer devices it is contained within the CSC.tar file. So you probably never ever have to worry about it.
    (Source)


    What is the deal with CSC and Home_CSC?
    CSC and Home_CSC are pretty similar. They mostly contain similar files and are flashed by selecting them in the CSC slot. You never ever have or can flash both simultaneously!

    • CSC
      Flashes the CSC part including the PIT file, meaning it will wipe the device entirely and reformat the super partition containing everything from /boot, /system and /vendor

    • Home_CSC
      Flashes the CSC but without the PIT file, meaning it will simply update the firmware but NOT wipe your device. This is what to use for an update. Use the other CSC for a full wipe



    What about F. Reset Time, Auto Reboot and Userdata in ODIN?​

    You should not have to check any boxes if you just want to root. Some people claim to disable "auto reboot". That is a relict from the past and is copy & pasted. Disabling auto reboot will prevent the device from rebooting automatically after an ODIN flash. For stock firmwares and rooting it is not necessary. If you do not want to reboot automatically (because of a custom recovery etc.) you may disable it. But you don't need to do it for rooting.

    F. Reset Time is enabled automatically and resets the flashing counter. There is no reason to not do it afaik. So you don't need to deal with that.

    Userdata is not used on newer devices as it is included in the AP file and used if you use the CSC file to wipe your device. It should be left empty on newer devices.

    (Source)



    Multi-CSC and why changing the CSC is mostly deprecated​

    A lot of questions are asked everyday about the CSC. There are different CSCs for different countries and carriers. Here in Austria we have ATO (Open Austria) for unbranded devices, MAX for T-Mobile devices (now called Magenta here) and so on. Nowadays, there are multi CSC firmware like OXM. They contain many CSC codes within it.


    If you go into Settings > About phone > Software information > Service provider software revision you'll find different CSC codes: AAA/BBB/CCC/DDD

    AAA is the current CSC
    BBB is the best CSC for SIM card 1
    CCC is the best CSC for SIM card 2 (if dual SIM is possible)
    DDD is the factory CSC that cannot be changed

    e.g. DBT/MAX/MOB/ATO meaning DBT (Open Germany) is the current CSC, MAX (Magenta Austria) is the CSC for SIM card 1, MOB (A1 Austria) for SIM card 2 and the device has a factory CSC for Open Austria.
    (Source)

    • With Android 12 changing the CSC is afaik impossible.​
    • If the multi CSC contains both CSC codes (like if I want to switch from MAX to ATO), flashing the same multi CSC firmware in ODIN will do nothing as it is the same firmware.​
    • Very important: the multi CSC firmware is the same for every CSC included. If I were to download ATO and MAX firmwares, I will get the same OXM file with the same SHA256 hash (checked it myself). Flashing it would either update your phone (Home_CSC) or wipe it (CSC) and not change the CSC as it will find your current CSC in the multi CSC and leave it as-is.​
    • A device with XEF (France) will always be XEF even with a different SIM card. Despite showing "XEF" it will use the appropriate settings for the carrier as long as the multi-CSC (e. g. OXM) contains the necessary files.
    Some builds are released only for a certain amount of CSC codes or with a different minor revision (see down below under "Firmware" for an explanation). For example: MAX has minor revision 5, but ATO has 7 now. I could flash ATO revision 7 on my MAX device, but wouldn't receive any OTA updates until I have a firmware that exists for MAX (so either I have to flash minor revision 5 or wait until the next update). Multiple CSCs can be asynchronous despite having the same base firmware. MAX could have more minor updates (e. g. the carrier wanted something fixed) while others are fine at revision 1. That's why some CSC codes have more updates listed and some receive the update earlier.

    DBT for example could be the first to get the new March security patch and other CSCs will follow. Though other CSC codes might have a higher minor revision as there were changes being made afterwards. In some cases DBT will receive another update with these changes, in other cases DBT revision 3 is the latest while other CSC codes are at revision 9. The changelogs are almost always equal though so there is no information to the public on what has changed.

    Think of it like an upgrade path. Major steps are always synced, but minor ones can be CSC specific until a new update syncs them again.

    More information can be read here: Source



    Multi-CSC Release Cycle​

    Samsung Firmware Update.png


    Multi-CSC firmwares are a "master" firmware that contains multiple CSCs. For the S21 Ultra it is called "OXM in Europe. Inside that firmware can be different regions like DBT, AUT, HUI and so on. An update usually isn't released at the same time for everyone. In this example graph above you can see how the release usually goes:

    1. One or a few "open" CSCs for unlocked devices starts rolling out, usually DBT (Open Germany)
    2. Other open CSCs and carrier CSCs (e. g. ATL for Vodafone Spain) start rolling out)
    3. After that, sometimes specific carrier patches are released that increment the firmware version but is only available for a specific CSC code.
    4. At the end of the month, sometimes minor bug fixes are also released to one or multiple CSC codes.
    5. Next month we start that cycle again. All patches that have been released along the way are now integrated and released. (Example: HUI got an update at the end of the month, but that fix is not included in any other firmware. Next month that patch will be included along with the new security patch for every CSC).

    Think of it like a GitHub project. You publish a stable release for everyone, fix a bug for a specific device, release that bug fix as a minor release only for those affected, then on the next stable release upstream that fix to the release. Doesn't make sense to include a minor hotfix immediately for a 2019 MacBook Pro if the fix is only for the 2022 MacBook Air, right?

    In that regard: you can always flash any OXM firmware on a device using OXM. I could flash a DBT (Open Germany) firmware on an ATL (Vodafone Spain) device and it will work. I can even grab the security patch release at the beginning of the month before it is widely rolled out and flash it using ODIN.

    People saying how happy they are because they get their updates early or others who complain about waiting weeks for it. The latters ones could fix it by manually flashing the released firmware. But keep in mind: if you still can receive software updates on your device (e. g. not rooted) then you need to be on an update path that is supported.

    Say I update to the carrier fix release intended only for HUI on my DBT device. It'll work and I can update next month with ODIN as usual. BUT: Samsung's on-device software update won't show any update. Why? Because it checks DBT and if I'm on a minor release not intended for DBT, it won't give me an update path. It will search for an update from release A to release B but by flashing the carrier fix only for HUI, I'm between those. Something like A1. Since DBT doesn't have an update path from A1 to B, it won't show any updates until I'm back on B (and ready for B > C next month and so on).

    Tripping KNOX​

    If you unlock your bootloader, KNOW will be tripped. I'm simply gonna quote another post here as it explains the impact very well (and I hereby explicitly state that I'm not affiliated in the service the source advertises. I do not vouch for or endorse the use of UNSAMLOCK).
    - Knox will be tripped after a custom binary flash.
    - Samsung Pass, Samsung Pay will never work after root. Safetynet, Samsung Health and Secure folder could be fixed.
    (Source)
    Click to expand...
    Click to collapse

    So if you flash a signed Samsung firmware, it shouldn't trip KNOX. If you flash an unsigned firmware, it will trip it. But as a general rule of advice: signed firmware are flashable in ODIN with a locked bootloader. If you unlock the bootloader, you are at risk of tripping KNOX and you are responsible for that happening either way. No matter what I or someone else says on XDA or any other website. So never unlock the bootloader if you can't accept tripping KNOX.

    People say it is a physical fuse that is blown. I can't confirm if this is true but it could also simply be a part of security key stored within the device and deleted when unlocked. Since there is no way of backing it up, it will be lost for good (much like the /persist partition on devices that contains sensor data and is unique and never deleted or else your device becomes messed up permanently). There is no way of knowing but keep that in mind.


    Firmware​


    Firmware versions

    The firmware numbers actually have meaning. Something like "G998BXXU4BVB1/G998BOXM4BVB1/G998BXXU4BVB1" means build version/CSC version/baseband version.

    The first letters are the model version (G998B = S21 Ultra). The last letters (e. g. G998BXXU4BVB1) can be read as follows:

    U4 B V B 1
    ↓ ↓ ↓
    Boot loader version
    Android version
    Year
    Month
    Minor revision


    For this example that means:
    • U4: bootloader version 4 (you can't use any firmware with a lower version than what you have)
    • B: Android version 2 (for the S21 Ultra that shipped with Android 11, B is Android 12)
    • V: 2022 (W = 2023, X = 2024, etc.)
    • B: February (A = January,..., L = December)
    • 1: minor revision 1 (this is a hexadecimal that can be 1–F, with F being version 16)

    The firmware information including the colour coding comes from the CheckFirm app (Source). The provided information and the colour coding is awesome so I took that information and condensed it even further.


    How do I check for firmware updates?

    There are websites out there listing/hosting the firmware files that are easy to find. Other methods are:

    Rooting, OTA updates while being rooted and what not to do​

    There is a lot of misunderstanding regarding rooting and OTA updates afterwards. I'm not explaining how to root your device. There are a lot of XDA threads out there. But I'm going to explain some important information that is not explained well very often.

    When is your bootloader acutally unlocked?
    Simply toggling "OEM unlock", going into download mode and unlocking the bootloader will not actually unlock it. There is a reason why after enabling the bootloader unlock in download mode, you should go to the developer settings and "confirm" it.

    By opening up the developer settings and checking the "OEM unlock" toggle, the bootloader actually becomes unleashed and accepts non-signed images. Meaning an AP file modified by Magisk will now be accepted. If you do not do this, it will not.


    If you flash in ODIN, always flash AP, CP, BL and CSC!
    As explained by topjohnwu: if you just flash the modified AP file to root your device without selecting CP, BL or CSC, ODIN could shrink the /data partition. Always flash all of them (not like on other devices "fastboot boot boot.img" but everything!

    OTA updates are gone...sort of
    If you are rooted, you can't use Samsung's built in OTA updater anymore. That's why you should update your firmware before rooting. You can and may update it via ODIN though:
    • Patch the AP file in Magisk
    • Flash the modified AP, CP, BL and Home_CSC (HOME_CSC NOT and I repeat NOT the normal CSC)
    • Let it reboot and you're up-to-date
    (Source)

    Do not restore the stock boot image!
    topjohnwu also states to not flash the stock boot image (stock AP) as it could brick your device. There should be no reason to unroot (you can leave Magisk and simply not use it). If you flash the stock AP, your device won't boot (probably because it fails to verify the unmodified system). I could flash the modified AP (with CP, BL and Home_CSC) back and it worked fine but YMMV. And what if you've installed some module and you're bootlooping now?

    I'm in a bootloop!
    Since TWRP never supported decryption on Samsung devices (thanks @alecxs) and you probably don't want to stay unencrypted, you can't use TWRP. There are two ways of fixing a bootloop caused by a Magisk module:

    • Via ADB debugging:
      Use adb on your PC (lot of tutorials out there), and type in:
      adb shell
      magisk --remove-modules

      However: that requires you to have adb debugging enabled and to have your PC already confirmed as a computer that is allowed to connect via adb. If you have not done this, do this:

    • Boot into safe mode:
      Much like Cydia Substrate back on the iPhone, you may disable Magisk and its modules during boot:

      If you use the device's hardware keys to boot into safe mode by pressing certain keys during booting (look it up, it varies from device to device. It can be volume up/down etc.), Magisk will disable all modules and you can remove them safely without every having to need TWRP, enable ADB debugging beforehand or needing to start from scratch. Everything is explained in the source link down below.
    (Source)

    Does my device have a ramdisk or not?
    Most threads you find about this were at a time when some devices had it and other didn't. To stop you from searching hours about whether this is the case for the S21 or S22 series: they have a ramdisk and system-as-root. There is no need for hijacking the /recovery partition and always boot into recovery to boot into the system with root. You can just root your device with the patched AP file and you're good to go!


    Just please stop wiping /cache in recovery!​

    There is no use in wiping /cache in recovery. It is simply a cache partition for updates and is not used on a live system. There is no use in doing that and you're just wasting your time. But there is a cache that can be wiped and rebuilt: the dalvik-cache. (Source)




    Dalvik cache/ART​

    This is no Samsung specific but actually very good to know:

    Android converts system apps in the background since Android 10 I believe. Meaning that the system apps are only really optimised, if the Dalvik cache has been built. This doesn't apply to user apps from the Play Store as they are re-compiled during installation. When does Android do this?

    If your device is at 100%, plugged in and not in use. But if you're like me and not charging your device past 80%, it will not be built(!)

    To force it, the easiest solution is to use Galaxy App Booster which does exactly that: https://galaxystore.samsung.com/pre...session_id=W_2323c8f409a1da0534d7dcad55e671fb

    Or you can force it with root or via adb without root, you can use "adb shell" and then enter:
    Code: 
    cmd package bg-dexopt-job
    after an update and it will populate /data/dalvik-cache with arm and arm64 folders.

    After an update, you can (but don't have to) delete the folders "arm" and "arm64" inside /data/dalvik-cache (DON'T DELETE the "dalvik-cache" folder itself), reboot and then execute the command above in a terminal with root access. This is the only relevant caching that Android does. It has nothing to do with /cache.

    You may also check the folder: usually there are about 200+ files inside arm64. If you've only got a few dozens, the cache probably hasn't been built yet. Keep in mind that since Android 11 building the cache doesn't take a few minutes like Android 10 but sometimes half an hour or an hour as it uses few resources to not slow the device down during optimisation. That makes it quite user-transparent.



    Fix Netflix, Amazon Prime,... playback issues​

    On my OnePlus 7T Pro I had no issues using any of these services (if MagiskHide or now Zygisk is active). Though on my S21 Ultra it always failed to play whatever I did. Turns out that Widevine L1 is good as long as you're not rooted. It works with an unlocked bootloader but fails if you have installed Magisk no matter what you do.

    Turns out there is a Magisk module called liboemcrypto disabler by @ianmacd which essentially removes the file and forces Widevine L3 for as long as the module is active. With this module I could get every streaming app to work again including my cable company's own TV app. You won't have anything higher than SD quality but I have to admit that Netflix and Amazon Prime look okay. It definitely is better than nothing and I just found this by coincidence.

    So if you experience playback issues while being rooted, give this module a try ;)

    Note: Since the Magisk repo is obsolete, the only flashable ZIP I've found is from a fork found here: https://github.com/ScRuFFy7/liboemcryptodisabler. You can create the module yourself though, but for a flash-and-forget-ZIP this is the only ZIP I could find.



    General Information

    Last, but not least: Samsung devices aren't A/B devices. There is no mirrored partition or anything else. You just have your good old super partition and if it is messed up, you need to reflash it. No A/B stuff here.




    I may update this thread in the future :)
    View
    2
    dr.ketan
    dr.ketan
    Macusercom said:
    I have bought an S21 Ultra and it came with ATL (Vodafone Spain). I have tried every single method that I found on changing the CSC, but none of them work. For EU firmwares OXM is the combined firmware meaning that ATL and many other European CSC codes are included and automatically applied. For me at least everything works fine despite the device being ATL.

    Afaik there is no way of changing the CSC code once it's set on Android 12. So unfortunately, I don't think you can change it :(




    To be honest: I have not looked into this as I have no need for secure folders. It said so in the linked thread so I guess there is a modded version out there :)
    Click to expand...
    Click to collapse
    Best way to change CSC is
    1.Non rooted : Paid tools (plenty of discussion here on XDA)
    2.Rooted, Best thing to edit features ithout changing CSC and keep netork setting as it is

    nishantgupta107 said:
    Hi,
    I am new to modding of samsung devices, thought it will be similar to the rest. Since it was mentioned that secure folder can be fixed. Can you point to the thread or post where they have provided the solution.

    Thnx
    Click to expand...
    Click to collapse
    Look my ROM module in development section S22Ultra
    View
    1
    Badger50
    Badger50
    Macusercom said:
    Reserved 2
    Click to expand...
    Click to collapse

    get-off-my-lawn-old-lady.gif
    ;) :ROFLMAO:
    View
    1
    dr.ketan
    dr.ketan
    Macusercom said:
    Reserved 2
    Click to expand...
    Click to collapse
    Hi
    Good info for new samsung usres!
    Have you any report anyone have rooted Exynos as well SD with routine magisk patched methos? I have seen another thread how to root but I think no one yet confirmed (unless I have missed)
    View
    1
    Macusercom
    Macusercom
    Adam1906KSC said:
    Hello
    What is exactly csc code for uk unbranded galaxy S22 BTE or EUX?
    Click to expand...
    Click to collapse
    Depends on the device. Afaik on S22 devices the EU CSC code always is EUX. For S21 and lower it probably is BTE contained within the OXM multi-CSC firmware. The CSC stuff got a lot easier on the S22 series since it now uses one firmware/CSC instead of splitting the release into different regions
    View

New posts