Would it be plausible to use JTAG to rewrite an unlocked firmware?

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
There are literally 2 of you reinventing the wheel here.

"What is this Safestrap thing? "

You think you're in over you're heads?
Except getting a custom kernel or full aosp on the verizon/at&t s5 hasn't been done once yet... :p

And TBH It would be over my head if I were right off the bat asking how to "write with machine code", but that's not what I'm trying to do. I had an idea that's actually pretty simple that I think I understand what is involved for that would solve...let's just say a problem that gathered somewhere in the realm of 20,000 USD. Also, I'll take "reinventing the wheel" here as a compliment, it means the way I'm doing it hasn't been done before and isn't just using the "wheel" that already exists...a somewhat temperamental method that doesn't give full choice of custom roms and makes it so you're screwed if you run into a bug in the OS that leads to a bootloop or FC of critical apps
 
Last edited:

tr4nqui1i7y

Senior Member
Mar 2, 2011
679
578
0
but that has already been done I think, root on a system with any bootloader so long as a root exploit exists for the OS

That's safestrap. It doesn't allow custom kernels or a full custom recovery though, that's why I'm trying to modify the bootloader

whoa whoa whoa whoah.

Ok, so I think I wasn't getting what you were saying until I saw your post on /r/galaxys5

Are you thinking of bricking the S5 you have so that way you can use the older boot img that would be located on your sdcard instead of the one that is locked down on the device??
 

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
whoa whoa whoa whoah.

Ok, so I think I wasn't getting what you were saying until I saw your post on /r/galaxys5

Are you thinking of bricking the S5 you have so that way you can use the older boot img that would be located on your sdcard instead of the one that is locked down on the device??
Pretty much :cool::silly::eek::p

But not an older boot image necessarily, just a new one that I've modified a bit
 

tr4nqui1i7y

Senior Member
Mar 2, 2011
679
578
0
Pretty much :cool::silly::eek::p

But not an older boot image necessarily, just a new one that I've modified a bit
That would be very interesting. Do you know if anyone has used that method on the S5? As far as booting from the sdcard. Whether it was to fix corruption, or whatever intention.

If anyone has successfully booted from sd without root, then the next step would be seeing if we can use that as a workaround to boot verification like you said. Which would be easily correctable if it doesn't succeed.

---------- Post added at 07:22 PM ---------- Previous post was at 07:13 PM ----------

There are literally 2 of you reinventing the wheel here.

"What is this Safestrap thing? "

You think you're in over you're heads?
I just got the S5 and am starting research as I type. Excuse me for thinking out loud. It is how I get things done. I am aware of what safestrap is. I worked with the Droid X Bootstrap to port MIUI during closed source development. Framework and I were the only two working on the project, and we handled it in a matter of days. I think we can manage a little init business.

Pretty much :cool::silly::eek::p

But not an older boot image necessarily, just a new one that I've modified a bit
Yea, I wouldn't see the point in "recovering" to another version of a locked system lolol

I forgot that you posted about the success of another s5 user utilizing the secondary boot method. I'm going to see what verification methods it takes into place. I'm thinking it shouldn't need to be the same version as the one in place on the system, hopefully. (Most likely not since the hash wouldn't match regardless) Hmmmm interesting stuffs.

---------- Post added at 07:25 PM ---------- Previous post was at 07:22 PM ----------

Pretty much :cool::silly::eek::p

But not an older boot image necessarily, just a new one that I've modified a bit
It just might be that each user will have to create their own recovery sd based on what you linked to me. Since everyone has their own key. After creating your sd, you would then soft brick, recover to the modified sd recovery and go from there... Correct?

Edit: I'm thinking the recovery sd might have to be made before taking the update to OE1+ unless we can merge the current sd recovery with the necessary bits from the kit kat tar. Let's start digging though. Just something to look out for.
 
Last edited:
  • Like
Reactions: dreamwave

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
That would be very interesting. Do you know if anyone has used that method on the S5? As far as booting from the sdcard. Whether it was to fix corruption, or whatever intention.

If anyone has successfully booted from sd without root, then the next step would be seeing if we can use that as a workaround to boot verification like you said. Which would be easily correctable if it doesn't succeed.
The folks over http://forum.xda-developers.com/verizon-galaxy-s5/help/g900v-hard-brick-t2914847 seem to have gotten it to boot from an sd, so it's a start :fingers-crossed:
 
  • Like
Reactions: tr4nqui1i7y

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
That would be very interesting. Do you know if anyone has used that method on the S5? As far as booting from the sdcard. Whether it was to fix corruption, or whatever intention.

If anyone has successfully booted from sd without root, then the next step would be seeing if we can use that as a workaround to boot verification like you said. Which would be easily correctable if it doesn't succeed.

---------- Post added at 07:22 PM ---------- Previous post was at 07:13 PM ----------



I just got the S5 and am starting research as I type. Excuse me for thinking out loud. It is how I get things done. I am aware of what safestrap is. I worked with the Droid X Bootstrap to port MIUI during closed source development. Framework and I were the only two working on the project, and we handled it in a matter of days. I think we can manage a little init business.



Yea, I wouldn't see the point in "recovering" to another version of a locked system lolol

I forgot that you posted about the success of another s5 user utilizing the secondary boot method. I'm going to see what verification methods it takes into place. I'm thinking it shouldn't need to be the same version as the one in place on the system, hopefully. (Most likely not since the hash wouldn't match regardless) Hmmmm interesting stuffs.

---------- Post added at 07:25 PM ---------- Previous post was at 07:22 PM ----------



It just might be that each user will have to create their own recovery sd based on what you linked to me. Since everyone has their own key. After creating your sd, you would then soft brick, recover to the modified sd recovery and go from there... Correct?
actually needs to be what most would consider a "hard brick", basically no useful info in any bootable partition :silly:
 

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
and the recovery image can be created just by using DD to copy the first couple hundred megs off eMMC, then overwriting the SBL with a modified file appropriate for the firmware version you already had (it needs to be the same version, I've played around with it on the s3 and it's pretty specific)
 

tr4nqui1i7y

Senior Member
Mar 2, 2011
679
578
0
actually needs to be what most would consider a "hard brick", basically no useful info in any bootable partition :silly:
Yea yea yea. Soft/Hard you know what I mean lol. Are you actively pursuing this as well, or just throwing ideas into the atmosphere to inspire people?
 

tr4nqui1i7y

Senior Member
Mar 2, 2011
679
578
0
Actively pursuing as much as I can from a very booked Junior Year at high school :p
As long as you're putting in field time. I'll be creating a recovery sd img today. Then I'll see what modifications it will allow. Let me know if you run into anything. Whether it is +-. Please and thank you!
 
  • Like
Reactions: dreamwave

dreamwave

Senior Member
Jun 18, 2013
568
156
0
Sunapee, New Hampshire
As long as you're putting in field time. I'll be creating a recovery sd img today. Then I'll see what modifications it will allow. Let me know if you run into anything. Whether it is +-. Please and thank you!
I absolutely will, thanks for helping :D
What you're looking for is somewhere within it a signature/hash check. Modify that to basically anything the same length and try booting from the card. If it works then I think we'll have guaranteed it will work
 

tr4nqui1i7y

Senior Member
Mar 2, 2011
679
578
0
I absolutely will, thanks for helping :D
What you're looking for is somewhere within it a signature/hash check. Modify that to basically anything the same length and try booting from the card. If it works then I think we'll have guaranteed it will work
No problem. I either want to find root, or abandon Samsung. Hopefully the first option since I haven't done anything for the community in several years.
 
  • Like
Reactions: dreamwave
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone