Would it be plausible to use JTAG to rewrite an unlocked firmware?

dreamwave

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
Aug 24, 2015 at 6:55 PM
ldeveraux said:
There are literally 2 of you reinventing the wheel here.

"What is this Safestrap thing? "

You think you're in over you're heads?
Click to expand...
Except getting a custom kernel or full aosp on the verizon/at&t s5 hasn't been done once yet... :p

And TBH It would be over my head if I were right off the bat asking how to "write with machine code", but that's not what I'm trying to do. I had an idea that's actually pretty simple that I think I understand what is involved for that would solve...let's just say a problem that gathered somewhere in the realm of 20,000 USD. Also, I'll take "reinventing the wheel" here as a compliment, it means the way I'm doing it hasn't been done before and isn't just using the "wheel" that already exists...a somewhat temperamental method that doesn't give full choice of custom roms and makes it so you're screwed if you run into a bug in the OS that leads to a bootloop or FC of critical apps
 
Last edited:
tr4nqui1i7y

tr4nqui1i7y

Senior Member
Mar 2, 2011
679
578
0
Aug 24, 2015 at 7:07 PM
dreamwave said:
but that has already been done I think, root on a system with any bootloader so long as a root exploit exists for the OS

That's safestrap. It doesn't allow custom kernels or a full custom recovery though, that's why I'm trying to modify the bootloader
Click to expand...

whoa whoa whoa whoah.

Ok, so I think I wasn't getting what you were saying until I saw your post on /r/galaxys5

Are you thinking of bricking the S5 you have so that way you can use the older boot img that would be located on your sdcard instead of the one that is locked down on the device??
 
dreamwave

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
Aug 24, 2015 at 7:09 PM
tr4nqui1i7y said:
whoa whoa whoa whoah.

Ok, so I think I wasn't getting what you were saying until I saw your post on /r/galaxys5

Are you thinking of bricking the S5 you have so that way you can use the older boot img that would be located on your sdcard instead of the one that is locked down on the device??
Click to expand...
Pretty much :cool::silly::eek::p

But not an older boot image necessarily, just a new one that I've modified a bit
 
tr4nqui1i7y

tr4nqui1i7y

Senior Member
Mar 2, 2011
679
578
0
Aug 24, 2015 at 7:25 PM
dreamwave said:
Pretty much :cool::silly::eek::p

But not an older boot image necessarily, just a new one that I've modified a bit
Click to expand...
That would be very interesting. Do you know if anyone has used that method on the S5? As far as booting from the sdcard. Whether it was to fix corruption, or whatever intention.

If anyone has successfully booted from sd without root, then the next step would be seeing if we can use that as a workaround to boot verification like you said. Which would be easily correctable if it doesn't succeed.

---------- Post added at 07:22 PM ---------- Previous post was at 07:13 PM ----------
ldeveraux said:
There are literally 2 of you reinventing the wheel here.

"What is this Safestrap thing? "

You think you're in over you're heads?
Click to expand...
I just got the S5 and am starting research as I type. Excuse me for thinking out loud. It is how I get things done. I am aware of what safestrap is. I worked with the Droid X Bootstrap to port MIUI during closed source development. Framework and I were the only two working on the project, and we handled it in a matter of days. I think we can manage a little init business.

dreamwave said:
Pretty much :cool::silly::eek::p

But not an older boot image necessarily, just a new one that I've modified a bit
Click to expand...
Yea, I wouldn't see the point in "recovering" to another version of a locked system lolol

I forgot that you posted about the success of another s5 user utilizing the secondary boot method. I'm going to see what verification methods it takes into place. I'm thinking it shouldn't need to be the same version as the one in place on the system, hopefully. (Most likely not since the hash wouldn't match regardless) Hmmmm interesting stuffs.

---------- Post added at 07:25 PM ---------- Previous post was at 07:22 PM ----------
dreamwave said:
Pretty much :cool::silly::eek::p

But not an older boot image necessarily, just a new one that I've modified a bit
Click to expand...
It just might be that each user will have to create their own recovery sd based on what you linked to me. Since everyone has their own key. After creating your sd, you would then soft brick, recover to the modified sd recovery and go from there... Correct?

Edit: I'm thinking the recovery sd might have to be made before taking the update to OE1+ unless we can merge the current sd recovery with the necessary bits from the kit kat tar. Let's start digging though. Just something to look out for.
 
Last edited:
  • Like
Reactions: dreamwave
dreamwave

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
Aug 24, 2015 at 7:28 PM
tr4nqui1i7y said:
That would be very interesting. Do you know if anyone has used that method on the S5? As far as booting from the sdcard. Whether it was to fix corruption, or whatever intention.

If anyone has successfully booted from sd without root, then the next step would be seeing if we can use that as a workaround to boot verification like you said. Which would be easily correctable if it doesn't succeed.
Click to expand...
The folks over http://forum.xda-developers.com/verizon-galaxy-s5/help/g900v-hard-brick-t2914847 seem to have gotten it to boot from an sd, so it's a start :fingers-crossed:
 
  • Like
Reactions: tr4nqui1i7y
dreamwave

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
Aug 24, 2015 at 7:30 PM
tr4nqui1i7y said:
That would be very interesting. Do you know if anyone has used that method on the S5? As far as booting from the sdcard. Whether it was to fix corruption, or whatever intention.

If anyone has successfully booted from sd without root, then the next step would be seeing if we can use that as a workaround to boot verification like you said. Which would be easily correctable if it doesn't succeed.

---------- Post added at 07:22 PM ---------- Previous post was at 07:13 PM ----------



I just got the S5 and am starting research as I type. Excuse me for thinking out loud. It is how I get things done. I am aware of what safestrap is. I worked with the Droid X Bootstrap to port MIUI during closed source development. Framework and I were the only two working on the project, and we handled it in a matter of days. I think we can manage a little init business.



Yea, I wouldn't see the point in "recovering" to another version of a locked system lolol

I forgot that you posted about the success of another s5 user utilizing the secondary boot method. I'm going to see what verification methods it takes into place. I'm thinking it shouldn't need to be the same version as the one in place on the system, hopefully. (Most likely not since the hash wouldn't match regardless) Hmmmm interesting stuffs.

---------- Post added at 07:25 PM ---------- Previous post was at 07:22 PM ----------



It just might be that each user will have to create their own recovery sd based on what you linked to me. Since everyone has their own key. After creating your sd, you would then soft brick, recover to the modified sd recovery and go from there... Correct?
Click to expand...
actually needs to be what most would consider a "hard brick", basically no useful info in any bootable partition :silly:
 
dreamwave

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
Aug 24, 2015 at 7:32 PM
and the recovery image can be created just by using DD to copy the first couple hundred megs off eMMC, then overwriting the SBL with a modified file appropriate for the firmware version you already had (it needs to be the same version, I've played around with it on the s3 and it's pretty specific)
 
tr4nqui1i7y

tr4nqui1i7y

Senior Member
Mar 2, 2011
679
578
0
Aug 24, 2015 at 7:33 PM
dreamwave said:
actually needs to be what most would consider a "hard brick", basically no useful info in any bootable partition :silly:
Click to expand...
Yea yea yea. Soft/Hard you know what I mean lol. Are you actively pursuing this as well, or just throwing ideas into the atmosphere to inspire people?
 
tr4nqui1i7y

tr4nqui1i7y

Senior Member
Mar 2, 2011
679
578
0
Aug 24, 2015 at 7:37 PM
dreamwave said:
Actively pursuing as much as I can from a very booked Junior Year at high school :p
Click to expand...
As long as you're putting in field time. I'll be creating a recovery sd img today. Then I'll see what modifications it will allow. Let me know if you run into anything. Whether it is +-. Please and thank you!
 
  • Like
Reactions: dreamwave
dreamwave

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
Aug 24, 2015 at 7:40 PM
tr4nqui1i7y said:
As long as you're putting in field time. I'll be creating a recovery sd img today. Then I'll see what modifications it will allow. Let me know if you run into anything. Whether it is +-. Please and thank you!
Click to expand...
I absolutely will, thanks for helping :D
What you're looking for is somewhere within it a signature/hash check. Modify that to basically anything the same length and try booting from the card. If it works then I think we'll have guaranteed it will work
 
tr4nqui1i7y

tr4nqui1i7y

Senior Member
Mar 2, 2011
679
578
0
Aug 24, 2015 at 7:48 PM
dreamwave said:
I absolutely will, thanks for helping :D
What you're looking for is somewhere within it a signature/hash check. Modify that to basically anything the same length and try booting from the card. If it works then I think we'll have guaranteed it will work
Click to expand...
No problem. I either want to find root, or abandon Samsung. Hopefully the first option since I haven't done anything for the community in several years.
 
  • Like
Reactions: dreamwave
You must log in or register to reply here.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone