[WIP] Note Series Developer Edition Conversion

npjohnson · Mar 27, 2016

All,

Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.

Beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This makes the process all teh simpler!

I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of), and many, many others.

How does this apply to you?

The Note 3 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.

How can I help this progress?

I need a few thing to make this work:

- A few testers with Production devices, and root (temp-root should work fine) -- I will contact these people individually, do not ask here to test.

- One person with a Developer Edition that has root (need an aboot dump, and them to run one command to dump their CID).

If any of you know of someone with a Developer Edition, please get them in contact with me. I can be reached on Hangouts, or on Telegram (@npjohnson).

PLEASE do not post your CID publicly.

thereallugo · Mar 27, 2016 at 11:03 PM

does this unlock our bootloader?

thunderblaster88 · Jul 7, 2012 294 48 0

What is the purpose of this test?

Sent from my SM-N900V using Tapatalk

npjohnson · Mar 28, 2016 at 2:15 AM

thunderblaster88 said:
What is the purpose of this test?

Sent from my SM-N900V using Tapatalk

Not a test. Read the title.

New exploits allow for CID change, which allows is to flash Developer Edition a boots if we use a corresponding CID.

npjohnson · Mar 28, 2016 at 2:15 AM

thereallugo said:
does this unlock our bootloader?

Yes, if we can get the dump and that devixes CID.

en11gma · Mar 28, 2016 at 1:50 PM

this is HUGE!
i have a rooted vzw note 3 on stock of1 and also have flashfire installed
someone has to have a Dev N3 that is rooted

sadeqabuhattem · Dec 12, 2015 10 4 0

npjohnson said:
All,

Due to the recent accidental leak of Samsung eMMC vendor commands allowing write to protected eMMC areas, we are now able to write CID values on production devices.

Beaups has written an awesome tool called 'SamsungCID' (found here: https://github.com/beaups/SamsungCID). This makes the process all teh simpler!

I have built this tool from his source, and used it on a multitude of devices that use a Samsung eMMC. It works without flaw on the Moto G (Second Generation), Galaxy S5 (VZW/ATT, though, ATT doesn't have a Developer Edition that I am aware of), and many, many others.

How does this apply to you?

The Note 3 uses a Samsung eMMC, and has a Developer Edition. This means that it is vulnerable to this exploit.

How can I help this progress?

I need a few thing to make this work:

- A few testers with Production devices, and root (temp-root should work fine) -- I will contact these people individually, do not ask here to test.

- One person with a Developer Edition that has root (need an aboot dump, and them to run one command to dump their CID).

If any of you know of someone with a Developer Edition, please get them in contact with me. I can be reached on Hangouts, or on Telegram (@npjohnson).

PLEASE do not post your CID publicly.

Hello !
You got the person who you are looking for
I have a developer edition vzw note 3 with sku smn900vvzke
I'm running on jasmine rom 6.1 and my bootloader is relocked l guess it is the latest bootloader based on the OF1 firmware .
I will do what ever to unlock the bootloader for note 3 Verizon users.
Just tell me how to do those dump files and I will
This is my telegram account @sadeqabuhattem

thunderblaster88 · Jul 7, 2012 294 48 0

sadeqabuhattem said:
Hello !
You got the person who you are looking for
I have a developer edition vzw note 3 with sku smn900vvzke
I'm running on jasmine rom 6.1 and my bootloader is relocked l guess it is the latest bootloader based on the OF1 firmware .
I will do what ever to unlock the bootloader for note 3 Verizon users.
Just tell me how to do those dump files and I will
This is my telegram account @sadeqabuhattem

I think he needs someone with the bootloader unlocked. Pretty much you tured you're phone into a retail edition with the flash you did to relock it, if I'm not mistaken

Sent from my SM-N900V using Tapatalk

sadeqabuhattem · Dec 12, 2015 10 4 0

thunderblaster88 said:
I think he needs someone with the bootloader unlocked. Pretty much you tured you're phone into a retail edition with the flash you did to relock it, if I'm not mistaken

Sent from my SM-N900V using Tapatalk

Yes you are right .it relocked after flashing the OF1 firmware .but I'm not the one who flash it ,it was running on lollipop when I bought it .

thunderblaster88 · Jul 7, 2012 294 48 0

sadeqabuhattem said:
Yes you are right .it relocked after flashing the OF1 firmware .but I'm not the one who flash it ,it was running on lollipop when I bought it .

Well either way it's pretty much a retail phone and not a developer edition now.

scottgl9 · Mar 26, 2012 56 97 0

I have a production N900V, and I'm willing to help with whatever I'm able to do. I definitely want to convert my N900V to the developer edition

en11gma · Mar 29, 2016 at 8:46 PM

scottgl9 said:
I have a production N900V, and I'm willing to help with whatever I'm able to do. I definitely want to convert my N900V to the developer edition

could you tell us about your phone?
what firmware are you on and are you rooted and latest supersu installed?
what about flashfire root and busybox?

---------- Post added at 02:46 PM ---------- Previous post was at 02:45 PM ----------

nm just tead above.

GeTex · Mar 29, 2016 at 11:09 PM

His CID is still valid though? Regardless if he flashed locked, he can flash back as his CID should be the same so he can flash a dev bootloader? then give the aboot dump and CID???

npjohnson · Mar 30, 2016 at 3:19 AM

GeTex said:
His CID is still valid though? Regardless if he flashed locked, he can flash back as his CID should be the same so he can flash a dev bootloader? then give the aboot dump and CID???

No, each Developer Edition device has a specific Aboot that contains a specially crafted hash of that devices CID.

So, no, if he deleted his Aboot backup and is running a production one, he would need to contact Samsung to get an aboot (of his current increment, i.e. OF1/NK1/NC5/etc.) made. And the chances of getting a response form them is low. I've only heard that contacting them works once.

davekaz · Mar 31, 2016 at 3:34 AM

At npjohnson

I have retail also 5 rooted with busybox and flashfire. .currently on jasmine rom here to help. .

en11gma · Mar 31, 2016 at 1:53 PM

invisiblek and me have been messing with my retail note 3 on of1 (rooted with supersu and removed kingroot)
anyhow we been changing my cid to a dev edition and back to retail
anyhow i had been flashing nk1 and nj6 too but last night i did a wipe and odin stock of1 and during setup wizard i got multi-language setup wizard
this is when i am not rooted and with my retail cid set
we arent supposed to get multi-language setup unless we have the dev edition right or unless rooted?

i think (if the above is correct) that when changing the cid to the dev edition that it does stick even when changing back to the retail cid.
unless its normal to get the multi-language setup with this rom
N900VVRUEOF1_N900VVZWEOF1_N900VVRUEOF1_HOME.tar.md5

jal3223 · Mar 31, 2016 at 3:39 PM

sadeqabuhattem said:
Yes you are right .it relocked after flashing the OF1 firmware .but I'm not the one who flash it ,it was running on lollipop when I bought it .

You should contact Samsung. I have heard of them unlocking the bootloader again for those that accidentally locked them on more than one occasion. As long as it is still identifiable as a developer's edition you shouldn't have a problem. All three incidences that I heard were free as well. Then, you could contribute for sure!

scottgl9 · Mar 31, 2016

NOTE: This is probably a good place to start for finding someone with a Developer Edition Note 3: http://forum.xda-developers.com/showthread.php?t=2525208

I'm running JasmineROM_V6.1-LRX21V.N900VVRUEOF (Installed from rooted stock using Flashfire)
Hardware version: N900V.07
busybox - installed
Flashfire - installed
Latest SuperSU - installed
Also have XPosed framework installed

en11gma said:
could you tell us about your phone?
what firmware are you on and are you rooted and latest supersu installed?
what about flashfire root and busybox?

---------- Post added at 02:46 PM ---------- Previous post was at 02:45 PM ----------

nm just tead above.

bishop0114 · Apr 1, 2016 at 3:50 PM

Any progress on this? I am ready to replace my phone with something else (Nexus?) but if we can get the bootloader unlocked, no reason to switch. If I can be of any help, let me know. I am on 4.4.4 rooted and flashfire.

en11gma · Apr 1, 2016 at 4:13 PM

bishop0114 said:
Any progress on this? I am ready to replace my phone with something else (Nexus?) but if we can get the bootloader unlocked, no reason to switch. If I can be of any help, let me know. I am on 4.4.4 rooted and flashfire.

are you on nk1 or nj6?
can you tell me how to obtain or keep root when downgrading to 4.4.4 from 5.0 OF1?
i am rooted now on OF1
thanks

[WIP] Note Series Developer Edition Conversion

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Member

Senior Member

Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member