Which SBF code group prevents downgrade - Defy Android Development

Question is which code group(s) is it that prevent downgrading once flashed?
32,53,64,65 Unchanged from older ROMs so can't be these.
35,42,45,61 Have tested these myself and they don't prevent downgrade.
Leaves us with:
33 - CDROM
34 - LBL Linux Boot Loader
39 - SYSTEM
47 - RECOVERY
These look like standard android partitions - right?
So the finger points firmly at:
31 - CDT
Which from a process of elimination and the fact it determines which code groups need to be checked for signatures would suggest this is the offending codegroup.
As the code group addresses have not changed between ROMs I should be able to flash the complete 2.34 SBF and then flash all the other code groups except CDT from a new 3.4.2 SBF? although I haven't been brave enough to try it

Hi,
AFAIK they Blow eFuses each time you upgrade the Bootloader .
Regards

ANSWER
I've thoroughly researched this! I'm 100% sure now!
Here's the resolution:
EACH [signed] partition is versioned and expected version for it is written in cdt (which is CG31.smg), which is versioned itself too.
HOWEVER, sbfs we got have version bumped for only cdt (CG31) and system (CG39). They have those versions: 2 - 2.21/2.34/Chinese; 3 - 2.51; 4 - 3.4.2.
THUS, nandroid system restore + flashing sbf with boot/tree/everything else (except cdt and system) is possible.
NO, you can't change version in file. It will break its digital signature and phone will want re-flash.
THAT'S IT. sbfs aren't magic anymore. And we should know if there ever comes version with boot version bumped we're screwed and won't be able to downgrade no matter what we do.
I've attached a tool aganist which you can run smg file to know its version.

Wow. That's exactly the information I was after! Thanks very much for that..
I have now flashed the complete 3.4.2 Orange SBF minus CDT and System and successfully downgraded back to 2.34
Here is some interesting reading about the mystical efuse
http://blog.opticaldelusion.org/2010/08/clearly-you-have-no-idea-what-efuse-is.html#more

Excelent! Very intereting read (both this thread and the blog post about eFuses).

Now will technical wise soul try this method for downgrading?
We have a thread with working safe-upgrade solution yet for those who upgraded there's no thread.

So that way would anyone of you take out the CDT from other locked sbf and post modified sbfs here so that no one ever is locked in future?. Plzzzz
Sent from my MB525 using XDA App

Good investigation from all involved

if this works, soon as posible we need a good tutorial.

The idea is very simple.
- Root and install recovery
- Find nandroid backup of target firmware and restore it from recovery. (Under Linux i believe you can make system.img out of CG39 using mount -o loop / mkyaffs2image)
- Use Motorola Android Firmware (De)packer to extract files from target firmware sbf
- Delete CG31.smg and CG39.smg from extracted firmware folder
- Compile sbf file (with same tool) from extracted firmware folder
- Flash compiled sbf (it'll be in rebuilt folder) with RSDLite
- Wipe with recovery
- That's it

Simplestas said:
The idea is very simple.
- Root and install recovery
- Find nandroid backup of target firmware and restore it from recovery. (Under Linux i believe you can make system.img out of CG39 using mount -o loop / mkyaffs2image)
- Use Motorola Android Firmware (De)packer to extract files from target firmware sbf
- Delete CG31.smg and CG39.smg from extracted firmware folder
- Compile sbf file (with same tool) from extracted firmware folder
- Flash compiled sbf (it'll be in rebuilt folder) with RSDLite
- Wipe with recovery
- That's it
Click to expand...
Click to collapse
Thanks for the guide. Where do you get Motorola Android Firmware (De)packer?

Search for SBF De/Repacker you should be able to find some tools for it. usually used for milestone.

breezasib said:
Wow. That's exactly the information I was after! Thanks very much for that..
I have now flashed the complete 3.4.2 Orange SBF minus CDT and System and successfully downgraded back to 2.34
Here is some interesting reading about the mystical efuse
http://blog.opticaldelusion.org/2010/08/clearly-you-have-no-idea-what-efuse-is.html#more
Click to expand...
Click to collapse
That's very interesting indeed! Does that mean you managed to upgrade AND downgrade the bootloader, because the CG you deleted were only the system partition and the CDT table?
Also do you think this idea exists within all firmwares, that only the CDT and System partitions cause a permanent change to stop downgradebility? I wonder what that permanent change is and where is resides. If we can figure it out then it will help all those that have flashed a non-downgradeable sbf...

That could be interesting mixed/prepackaged with a Pays roms ? which could allow all coming from a group 2 to keep downgradability for support purpose or else.
Good inside.
K

kashavsehra said:
That's very interesting indeed! Does that mean you managed to upgrade AND downgrade the bootloader, because the CG you deleted were only the system partition and the CDT table?
Also do you think this idea exists within all firmwares, that only the CDT and System partitions cause a permanent change to stop downgradebility? I wonder what that permanent change is and where is resides. If we can figure it out then it will help all those that have flashed a non-downgradeable sbf...
Click to expand...
Click to collapse
I have never flashed a full SBF with version 2 code groups and so I can upgrade/downgrade fine until moto release an SBF where either the CDT contains code groups with different addresses or the boot CG goes to version 2 or above.
If I wanted to flash PAYs ROM I would restore his nandroid or zip via recovery and then flash the UK froyo ROM minus the CDT and SYSTEM CGs with RSD lite.
This will in no way help anyone that has already flashed a full SBF with v2 code groups.

Is it only CDT (CG31) that stops downgradebility or CG39 also? Have you guys already tested a Fixed SBF only without CG31 and keeping CG39?
Bye

Tested long time ago, won't work.

Simplestas said:
Tested long time ago, won't work.
Click to expand...
Click to collapse
Thank you for the answer!
About downgrading, do you know if it is possible to downgrade to a rom with lower smg version using nandroid+fixed sbf, once you have already flashed a full sbf with higher smg version?

so, just to be clear, if i already flashed a full sbf (with cg31 and cg39), then there's no way i can downgrade to an earlier version, right?

zakoo2 said:
so, just to be clear, if i already flashed a full sbf (with cg31 and cg39), then there's no way i can downgrade to an earlier version, right?
Click to expand...
Click to collapse
Exactly.. But if your region has Froyo official rolled out then you won't need the downgrade to Eclair 2.1 anymore, you're covered by this official in case you need the warranty.
You just need to be careful on sbf higher than 2.2 to maintain your downgrade ability.

Related

[Help] XT925 failed to flash partition

Hi!
I have some problem for reflash my XT925.
He's unlocked on the bootloader and was rooted. I installed the last official KK ROM (from xda thread about update on KK). But my clock was stuck on the 1st January of 1970 and no way to modify that.
So I wiped the phone with TWRP and after I try to reflash my moto.
And it doesn't work! If i use the file for updating from 4.1.2 to KK, I have ann error with :
Code:
tz file size
And if I use the Retail FR 4.1.2 9.8.2Q-8-XT925_VQU-22
Code:
downgraded security version
update gpt_main version failed
preflash validation failed for GPT
If I delete these two files the flash works but the phone doesn't boot :'(
So I think my partition was corrupted and this is why I can't boot.
So how I can repair that. Some people tried to flash the GPT file from partition_signed file but I don't know where is mine ^^
Regards
No need to repartition system.
Flash the Retail FR 4.1.2 9.8.2Q-8-XT925_VQU-22 with RSDlite, then look for the OTA update.
If OTA update not available for your ROM, download the Edit.Blur_Version.98.21.22003.XT925.CEE-Retail.en.EU.zip which has the updater script included and flash it through your recovery.
Protman_40 said:
No need to repartition system.
Flash the Retail FR 4.1.2 9.8.2Q-8-XT925_VQU-22 with RSDlite, then look for the OTA update.
If OTA update not available for your ROM, download the Edit.Blur_Version.98.21.22003.XT925.CEE-Retail.en.EU.zip which has the updater script included and flash it through your recovery.
Click to expand...
Click to collapse
But it did'nt work when I try to reflash the partition (only the partition) it does'nt pass This is why I have this error
downgraded security version
update gpt_main version failed
preflash validation failed for GPT
Click to expand...
Click to collapse
I need to reflash the partition but I was in KK. SO it doesn't want to flash a previous version I think. I need a KK official ROM to re-partition.
how did you install kk over what you had?
At first :
1/ Flash 4.1.2 Upgradable from here http://forum.xda-developers.com/dro...tutorial-make-motorola-razr-hd-xt925-t2916465
2/Upgrade via OTA to KK
3/Bug appeared with the clock and the date (unable to change the date or the clock (i'm not alone https://forums.motorola.com/posts/2b9452ac6b?page=1) )
4/Decided to wipe all for a clean flash
5/Trying to flash with the Retail FR 4.1.2 9.8.2Q-8-XT925_VQU-22
5/Flash Failed if I keep partition_signed (security downgrade)or tz file(wrong file size)
6/Flash Pass if I delete this lines in the xml but the phone won't start (bootloop)
Is it clear ?
much better Btrax, i can see clearly now
i just had that clock isht stuck in 1970 yesterday man, i did troubleshoot it for an hour or so, but I couldn't get it to adjust itself. In addition, i was doing more stuff even opening the xt 925 physically .
So after all the things i tried, i disconnected the battery to make sure i dont short circuit anything, then tightened up cables .
Rebooted the thing, and it fired right up.
I don't know how comfortable you are with getting into the xt 925, however with guidance, you don't even need to disconnect the screen cables or nothing.
You have two screws in the bottom, then you can just pry it open , and sideloading some plastic tool to disconnect battery and back.
I wish i had a softer solution but , it is what it is man. I ll be glad to help if you go that route.
ps. put link to this post in the link you shared
Since you are in France, there is a new recent OTA KK official update : 180.46.117.XT925.CEE-Retail.en.EU.
If I were you I would go back to Step 1 and 2 and then try to grab this new update.
Seems like it corrects Free Carrier EAP SIM and other Google security issues. Hope it will correct your problem too?
Protman_40 said:
Since you are in France, there is a new recent OTA KK official update : 180.46.117.XT925.CEE-Retail.en.EU.
If I were you I would go back to Step 1 and 2 and then try to grab this new update.
Seems like it corrects Free Carrier EAP SIM and other Google security issues. Hope it will correct your problem too?
Click to expand...
Click to collapse
In this update there is just je gpt file and no Tz file. so I need both I think because I flashe the GPT.bin file and after flash the Retail France ROM, but it didn't Work :/
So where i can find the tz file and gpt from canada?
My bootloader is unlocked so i can flash any official ROM

T-Mobile LGV20 H91810j KDZ

have at it folks... grabbed from LG Bridge and updated from it as well... https://drive.google.com/open?id=0B6Wj13Rw1kw-QTViRFJRaVRHQnM
Was just about to post this haha so here is a mirror if anyone needs it.
https://mega.nz/#!9cRnCCzQ!3Z8bDQnwr6_3wa3kUjMfU005mjdHh8Jq0EgtgYQMflo (includes the dll file as well.)
Can I upgrade from rooted 10d with this? Or do I have to update to 10i first, then 10j? Also what settings to choose in LG bridge?
lightninbug said:
Can I upgrade from rooted 10d with this? Or do I have to update to 10i first, then 10j? Also what settings to choose in LG bridge?
Click to expand...
Click to collapse
If your using the image posted you can use LGUP, if your using LG Bridge it will download the image for you.
You need to be on a stock ROM I believe, I flashed the stock odexed rom. You can try it on a custom ROM though and see what happens.
If you want to use LGUP then you can download the above images.
shadowxaero said:
If your using the image posted you can use LGUP, if your using LG Bridge it will download the image for you.
You need to be on a stock ROM I believe, I flashed the stock odexed rom. You can try it on a custom ROM though and see what happens.
If you want to use LGUP then you can download the above images.
Click to expand...
Click to collapse
What about stock recovery? Is that needed? If so how do I flash that?
lightninbug said:
What about stock recovery? Is that needed? If so how do I flash that?
Click to expand...
Click to collapse
It just overwrote trwp when I updated.
my upgrade steps were as follows:
backup anything you might need from the internal memory - /sdcard
backup anything you might need with TiBackup (just in case)
boot into TWRP and make a backup of /data
update to 10j via LG Bridge or LGUP (you will be returned to stock after this)
boot up and follow @jcadduono's post on rooting H91810d with recowvery
his detailed guide will leave you in TWRP with a freshly formatted and unencrypted /data
restore backup of /data in TWRP
done. profit.
NOTE: crucial you backup your /data in TWRP prior to updating because after updating your /data partition will be encrypted and you will no longer have root. once your /data partition is encrypted TWRP won't be able to see it. I believe you can still root with an encrypted /data where you'll then be able to use TiBackup to backup your data, but this method would be a slow restore versus restoring via TWRP.
Here's another mirror for those interested. All three files are in a ZIP since Android File Host doesn't play well with uploading KDZ files.
https://www.androidfilehost.com/?fid=385035244224414000
Can anyone extract the ing files and make them flashable so we can update through twrp? My hard drive went out last week so I can't update and keep root without doing it through twrp.
Swizzle82 said:
Can anyone extract the ing files and make them flashable so we can update through twrp? My hard drive went out last week so I can't update and keep root without doing it through twrp.
Click to expand...
Click to collapse
any idea how to make img files flashable?
dimm0k said:
any idea how to make img files flashable?
Click to expand...
Click to collapse
You just need to build the file tree and make a script to tell them where to go, I believe.
Or we could at the least flash a 10j based rom and then install the system img over it. Just need the extracted imgs from the kdz that way.
Um so after updating no more TWRP and still can root bit confused here?
shadow322 said:
Um so after updating no more TWRP and still can root bit confused here?
Click to expand...
Click to collapse
updating and rebooting will revert you back to stock... you'll need to redo the steps for recowvery to install TWRP and root again... you'll also need to backup your device as you'll need to wipe /data to unencrypt
dimm0k said:
updating and rebooting will revert you back to stock... you'll need to redo the steps for recowvery to install TWRP and root again... you'll also need to backup your device as you'll need to wipe /data to unencrypt
Click to expand...
Click to collapse
Can I just take the OTA to 10j and wont cause any bootloops? then just re-root?
Is this 10j rootable as 10i? Someone did it?
Has anyone got H91810j rooted? Yes? Link me to a source with walkthrough.
SW: H91810j
build: NRD90M
Kernel; 3.18.31
amdroid securitu patch 12.1.16
security software version MDF v.20 rls 4
Yes its possible to root the 10J patch. You need to do the commands manually.
I've ran the commands manually and I get confused about the .xml copy being put into local_manifests. I made the directory in my C: drive but Its a windows not linux computer I have access to. Does that matter?
So I get to the manual inputting part, right... And prompt says can not find file
at the first manual input of dirty cows command prompt
--------------------------------------
Has anyone got H91810j rooted? Yes? Link me to a source with walkthrough.
SW: H91810j
build: NRD90M
Kernel; 3.18.31
amdroid securitu patch 12.1.16
security software version MDF v.20 rls 4
Bootloader unlocked
unrooted
Sent from my LG-H918 using XDA Labs
Just wanted to thank you, because you're a lifesaver. I bricked my phone (unfixable TWRP loop), and I tried downloading the KDZ several times from LG-firmwares, but it was extremely slow and always ended up failing. Then I found your Drive link, and approximately 9 hours after bricking the damn thing, I was finally able to fix it. Learned my lesson, too. I'll never again mess around with a new phone BEFORE acquiring any and all recovery tools, especially from a new manufacturer (I'm used to HTC).
NickWhit1992 said:
Just wanted to thank you, because you're a lifesaver. I bricked my phone (unfixable TWRP loop), and I tried downloading the KDZ several times from LG-firmwares, but it was extremely slow and always ended up failing. Then I found your Drive link, and approximately 9 hours after bricking the damn thing, I was finally able to fix it. Learned my lesson, too. I'll never again mess around with a new phone BEFORE acquiring any and all recovery tools, especially from a new manufacturer (I'm used to HTC).
Click to expand...
Click to collapse
Hi guys, in need of your help. I was originally on H91810D rooted and decided to try and install the OTA update not knowing that I would get stuck in a TWRP loop. I've downloaded H91810j KDZ file along with both LGUP and LG Bridge to try and flash the KDZ onto my phone, but neither UP or Bridge detects my phone connected to the PC, but Windows 10 detects that my phone is connected. I'm stuck sitting in TWRP and no matter what I try, it won't work. Any suggestions on what I can do to get through this? Any help is appreciated. Thank you!

[REQUEST] TWRP or Stock boot.img

I want to install the Magisk but not achieved yet because of TWRP is not available and the stock boot.img not found.
Now OTA is coming(1.02.709.7), so I tried to obtain boot.img from the OTA image by the following steps but didn't succeeded.
Download the OTA image by checking the system update on the device.
The image will be stored on /sdcard/Download/OTA_1.01.709.1-1.02.709.7.zip
Copy the OTA image to PC and extract the file "payload.bin".
Use the payload dumper(Thanks to vm03), dump the boot partition from payload.bin but failed with the following error.
Processing boot partition.Unsupported type = 9
* Type of 9 is IMGDIFF according to what I found (no further info).
* I modified "payload_dumper.py" to dump only the boot partition.
Could someone please share the stock boot.img or TWRP for this device?
or tell me another way to achieve this.
Thanks.
I'm looking for it, too. :crying:
Did you get the 1.03.709.1 version boot.img file?
I don't think OTAs contain the whole boot.img, only the binary diff of the new version.
so far nobody has found a boot.img ? the device is around for some months now...
Is there still nothing? Not even a boot.img?
I will post my stock boot.img, recovery.img, and SW version # once I get to my computer.
Should be able to extract it with ADB/commands.
I'm not able to get anything using ADB/fastboot and no root method is working for me. I wish I had an OTA file to work with so I could patch the boot.img and try that but OTAs have already been done on this phone.
The only thing I've managed to do is unlock the bootloader.
Here is a copy of the OTA zip I'm running on
https://drive.google.com/file/d/122ky9if8FqTKz0tvqVi_8-FkA-GjHX9A/view?usp=drivesdk
And here is the payload.bin from that OTA
payload.bin
drive.google.com
So far I haven't managed to get the boot.img and I have a long day tomorrow. Maybe you guys can come up with something?
Well I downloaded the automated script version of payload dumper located here:
How to extract payload.bin from OTA update or firmware
In a few rare cases, you may need to extract the payload.bin that is part of firmware and OTA update files from some OEMs to get the stock boot and system images. This helps when you are looking un…
nerdschalk.com
And that payload.bin seems to only contain abl.img. Nothing else which is unfortunate.
like i've written before, the OTA simply does not contain the whole boot.img - only the binary difference from the previous build.
with only the difference it is not possible to reconstruct a whole boot.img
the only options i see is wait for a RUU or the kernel source to be published
Another OTA came through 227MB, extracted and only thing in there is abl.img again.
is this will work
HTCdev - HTC Kernel Source Code and Binaries
www.htcdev.com
can we find boot.img
Did you get the 1.00.468.1 version boot.img file?
I'll try to port twrp this week.
Just wait for the good news
4096abcd said:
I'll try to port twrp this week.
Just wait for the good news
Click to expand...
Click to collapse
please make one also for htc u20 5g if possibile
lostic-b said:
please make one also for htc u20 5g if possibile
Click to expand...
Click to collapse
Still there's no way to unlock the bootloader of U20

Downgrading Bootloader in Samsung

Does anyone know how to downgrade bootloader in Samsung (M51)? I'm trying to rollback to OneUI 2.5 from 3.1 but it keeps giving me sw error
Wondering what sense it would make to downgrade phone's bootloader:
A bootloader helps to load the operating system or runtime environment to add programs to memory and provide access for components. It is needed to run the startup process, initialize the hardware, and pass control to the kernel, which initializes the operating system.
AlanDias17 said:
Does anyone know how to downgrade bootloader in Samsung (M51)? I'm trying to rollback to OneUI 2.5 from 3.1 but it keeps giving me sw error
Click to expand...
Click to collapse
No, you can't downgrade bootloader on Samsung unless the downgraded bootloader has a binary version equal to the binary version of your currently installed bootloader. For example, if the binary version of your currently installed bootloader is binary 4, you can flash the downgraded bootloader if it is also binary 4 but you cannot flash a bootloader that is binary 3, 2 or 1.
xXx yYy said:
Wondering what sense it would make to downgrade phone's bootloader:
A bootloader helps to load the operating system or runtime environment to add programs to memory and provide access for components. It is needed to run the startup process, initialize the hardware, and pass control to the kernel, which initializes the operating system.
Click to expand...
Click to collapse
Downgrading bootloader in order to flash custom recovery or root the device is a common practice if the currently installed bootloader can't be unlocked or does not allow flashing TWRP or rooting.
xXx yYy said:
Wondering what sense it would make to downgrade phone's bootloader:
A bootloader helps to load the operating system or runtime environment to add programs to memory and provide access for components. It is needed to run the startup process, initialize the hardware, and pass control to the kernel, which initializes the operating system.
Click to expand...
Click to collapse
Rationally speaking I'd rather stay on stable version of Android 10 OneUI 2.5 than on Android 11 OneUI 3.1. For me, it's buggy and camera quality got worsen. Updated bootloader isn't the issue but it's the reason I can't downgrade my OS.
Droidriven said:
No, you can't downgrade bootloader on Samsung unless the downgraded bootloader has a binary version equal to the binary version of your currently installed bootloader.
Click to expand...
Click to collapse
So now it's impossible in my situation since bootloader versions don't match since September security patch. Now that sucks.
AlanDias17 said:
So now it's impossible in my situation since bootloader versions don't match since September security patch. Now that sucks.
Click to expand...
Click to collapse
That is usually the case for Samsung owners. In the past, downgrading was possible but not on today's device's. It is rare and few and far between that a Samsung can be downgraded these days. Virtually impossible across the board. This is something to consider when buying Samsung devices and when a stock update is possible.
Me personally, I never update a device with stock updates unless things start having issues or stop working due to not updating to keep up with changing technology. I don't update unless absolutely necessary, I put the update off as long as possible.
My current device has been notifying me for months that an update is available but I have it paused so that it doesn't download. Maybe I'll update at some point in the future, maybe not.
AlanDias17 said:
So now it's impossible in my situation since bootloader versions don't match since September security patch. Now that sucks.
Click to expand...
Click to collapse
There is one potential workaround to downgrade, you can try extracting the system.img from the downgraded firmware then convert it to an Odin flashable .tar using 7zip to compress the file .tar format, select the highest level of compression. After extracting the system.img but before converting to .tar, try extracting the system.img itself then find where the kernel is packaged in the system.img then try finding what the binary version of the kernel is, if the kernel's binary version is lower than the binary version of the currently installed kernel, you will not be able to flash the extracted system.img with the kernel packaged inside it, you will have to try removing it then convert to .tar as I described. Once you verified binary versions, convert the file to .tar then flash the system.img.tar.md5 via Odin, place the system.img.tar.md5 in the AP slot.
Basically, it works like this, if you boot into download mode and look at the revision values, you should see something like this:
swREV B: x K: x S: x
B is for bootloader binary version, K is for kernel binary version and S is for system binary version. If B is lower than your currently installed B version, you can't flash it, if K is lower than your currently installed K version, you can't flash it, if S is lower than your currently installed S version, you can't flash it. See if you can find out what the binary version of your currently installed bootloader, kernel and system are, then compare them to the binary version of the downgraded firmwares bootloader, kernel and system. B, K and S can be independent different values, for example, a firmware could have a B value of 4, a K value of 6 and a S value of 5, they do not always all 3 have the same value in a single firmware. Some updates may come with an updated B binary and an updated K binary but not an S binary, or any combination. In my example above, if a device has values of B: 4 K:6 S:5 and that device receives an update that has B:5 and S7 but no updated K value, after flashing, the device would have B:5 K:6 and S:7.
If any of the parts of the downgraded firmware have a binary version that is equal to its corresponding currently installed component, it can be flashed, but if any of them are lower than their corresponding currently installed components, they can't be flashed.
Sorry to be so long winded, just trying to explain how binary version works and can possibly be manipulated to downgrade each individual element, if the binary versions correspond correctl.
Droidriven said:
There is one potential workaround to downgrade, you can try extracting the system.img from the downgraded firmware then convert it to an Odin flashable .tar using 7zip to compress the file .tar format, select the highest level of compression. After extracting the system.img but before converting to .tar, try extracting the system.img itself then find where the kernel is packaged in the system.img then try finding what the binary version of the kernel is, if the kernel's binary version is lower than the binary version of the currently installed kernel, you will not be able to flash the extracted system.img with the kernel packaged inside it, you will have to try removing it then convert to .tar as I described. Once you verified binary versions, convert the file to .tar then flash the system.img.tar.md5 via Odin, place the system.img.tar.md5 in the AP slot.
Basically, it works like this, if you boot into download mode and look at the revision values, you should see something like this:
swREV B: x K: x S: x
B is for bootloader binary version, K is for kernel binary version and S is for system binary version. If B is lower than your currently installed B version, you can't flash it, if K is lower than your currently installed K version, you can't flash it, if S is lower than your currently installed S version, you can't flash it. See if you can find out what the binary version of your currently installed bootloader, kernel and system are, then compare them to the binary version of the downgraded firmwares bootloader, kernel and system. B, K and S can be independent different values, for example, a firmware could have a B value of 4, a K value of 6 and a S value of 5, they do not always all 3 have the same value in a single firmware. Some updates may come with an updated B binary and an updated K binary but not an S binary, or any combination. In my example above, if a device has values of B: 4 K:6 S:5 and that device receives an update that has B:5 and S7 but no updated K value, after flashing, the device would have B:5 K:6 and S:7.
If any of the parts of the downgraded firmware have a binary version that is equal to its corresponding currently installed component, it can be flashed, but if any of them are lower than their corresponding currently installed components, they can't be flashed.
Sorry to be so long winded, just trying to explain how binary version works and can possibly be manipulated to downgrade each individual element, if the binary versions correspond correctl.
Click to expand...
Click to collapse
can you try If it is possible to downgrade like this, I would like to downgrade the s10e and s7 versions. It would be great if you could make a guide for it.
kullanici32 said:
can you try If it is possible to downgrade like this, I would like to downgrade the s10e and s7 versions. It would be great if you could make a guide for it.
Click to expand...
Click to collapse
I don't think you get the bigger picture.
I was not saying "you absolutely CAN downgrade if you do it like this".
I was saying "IF it is even possible, you can TRY doing it like this".
I don't know if it would work or not on your specific model number, there are too many variables involved in whether it will be successful or not.
I don't own this specific model number so I cant test anything to see if it will work, not to mention that I'm not doing all that research or putting that kind of time, work and energy into making anything for a device that I don't own or use.
I've just given the idea and "possibility" of downgrading based on how some other Samsung devices have been able to successfully downgrade the OS(system) by extracting the system.img from the downgraded firmware and flashing the system.img by itself without flashing the rest of the firmware. This is not the same as downgrading the whole firmware, you're only replacing the upgraded system with the previous version of system but only "IF" the binary versions for system and kernel do not conflict.
If you want to know how to do this or if it will even work on your specific model number, you will have to do your own research, your own thinking and your own hard work to figure it out based on how other Samsung owners have done it.
There are threads here that describe doing this on various other Samsung models. They don't all go about it exactly the same, there are differences in the details and methods based on various device specific software requirements and restrictions. You might or might not be successful, you could even brick your device if you get something wrong. Find other threads that describe how others did it and then try the methods that they used but use your firmware files to make the changes that they made.
Droidriven said:
I don't think you get the bigger picture.
I was not saying "you absolutely CAN downgrade if you do it like this".
I was saying "IF it is even possible, you can TRY doing it like this".
I don't know if it would work or not on your specific model number, there are too many variables involved in whether it will be successful or not.
I don't own this specific model number so I cant test anything to see if it will work, not to mention that I'm not doing all that research or putting that kind of time, work and energy into making anything for a device that I don't own or use.
I've just given the idea and "possibility" of downgrading based on how some other Samsung devices have been able to successfully downgrade the OS(system) by extracting the system.img from the downgraded firmware and flashing the system.img by itself without flashing the rest of the firmware. This is not the same as downgrading the whole firmware, you're only replacing the upgraded system with the previous version of system but only "IF" the binary versions for system and kernel do not conflict.
If you want to know how to do this or if it will even work on your specific model number, you will have to do your own research, your own thinking and your own hard work to figure it out based on how other Samsung owners have done it.
There are threads here that describe doing this on various other Samsung models. They don't all go about it exactly the same, there are differences in the details and methods based on various device specific software requirements and restrictions. You might or might not be successful, you could even brick your device if you get something wrong. Find other threads that describe how others did it and then try the methods that they used but use your firmware files to make the changes that they made.
Click to expand...
Click to collapse
Can you put or give us a link to such a thread or post, we will follow the steps for our own device firmware.
What would be a way to use a TWRP backup with a v3 on a device that has say a v5 boot
Packtlike said:
What would be a way to use a TWRP backup with a v3 on a device that has say a v5 boot
Click to expand...
Click to collapse
If using TWRP, you should, "in theory", be able to flash whatever you want, including an older backup.
Droidriven said:
After extracting the system.img but before converting to .tar, try extracting the system.img itself then find where the kernel is packaged in the system.img
Click to expand...
Click to collapse
Could you please explain how do I go about "extracting the system.img iself"?
Droidriven said:
No, you can't downgrade bootloader on Samsung unless the downgraded bootloader has a binary version equal to the binary version of your currently installed bootloader. For example, if the binary version of your currently installed bootloader is binary 4, you can flash the downgraded bootloader if it is also binary 4 but you cannot flash a bootloader that is binary 3, 2 or 1.
Click to expand...
Click to collapse
What does "unless" mean in the first sentence above? I mean, if the only possibility for replacing an installed bootloader is using another bootloader with equal or higher binary version, then we are not downgrading anything, or are we? I am a bit confused.
zogoibi said:
Could you please explain how do I go about "extracting the system.img iself"?
Click to expand...
Click to collapse
Extract the contents from the firmware file to get to the various .img/bin files in the firmware, find the system.img file, extract it's contents to get to the various files/folders in the system img. Then you find whatever parts of the system.img that you want/need then do whatever it is that you need to do with them.
zogoibi said:
What does "unless" mean in the first sentence above? I mean, if the only possibility for replacing an installed bootloader is using another bootloader with equal or higher binary version, then we are not downgrading anything, or are we? I am a bit confused.
Click to expand...
Click to collapse
It means that it is possible to have a firmware that has a lower "bootloader" version than the firmware currently installed on a device but an equal "binary"version as the firmware currently installed. For example, if a device has firmware installed on it that has bootloader "y" with binary 4, they could flash a firmware that has bootloader "x"(x being lower than y) and the same binary 4, equivalent binary but lower actual bootloader version, which downgrades the bootloader version but not the binary version. If it had bootloader "x" but had binary 3 or lower, then, yes, what you say would apply.
Droidriven said:
Extract the contents from the firmware file to get to the various .img/bin files in the firmware, find the system.img file, extract it's contents to get to the various files/folders in the system img. Then you find whatever parts of the system.img that you want/need then do whatever it is that you need to do with them.
Click to expand...
Click to collapse
Thank you. I already got that I have to gut apart system.img. But my question was: how do I do that? Anyway, I already found the answer: using simg2img command to transform system.img to raw format, then loopmounting it. But now, how do I find the kernel file as per your comment above: "find where the kernel is packaged in the system.img" ? There are one thousand files inside, and none of them seem to qualify as the kernel. Besides, on a developer forum I've read that the kernel is not inside system.img, but inside boot.img. And how to gut apart boot.img?
After a good deal of search, it seems I got the answer to that question too: getting a copy of android_booting_tools, which has the command unpackbootimg (since abootimg couldn't do the job and exited with error "not a valid Android Boot image") Once unpacked boot.img, voilá, the kernel is there (and definitely not inside system.img): the file named boot.img-zimage.
BUT!! Now, what do I want the kernel file for, if what I need is to downgrade the bootloader? Your instructions are a bit unclear in that point.
Droidriven said:
It means that it is possible to have a firmware that has a lower "bootloader" version than the firmware currently installed on a device but an equal "binary"version as the firmware currently installed. For example, if a device has firmware installed on it that has bootloader "y" with binary 4, they could flash a firmware that has bootloader "x"(x being lower than y) and the same binary 4, equivalent binary but lower actual bootloader version, which downgrades the bootloader version but not the binary version. If it had bootloader "x" but had binary 3 or lower, then, yes, what you say would apply.
Click to expand...
Click to collapse
OK. I think I understood this part. Thanks.
zogoibi said:
Thank you. I understood what you meant: gut apart system.img. But my question was: how do I do that? Anyway, I already found the answer: using simg2img command to transform system.img to raw format, then loopmounting it. But now, how do I find the kernel as per your comment above: "find where the kernel is packaged in the system.img" ? There are one thousand files inside, and none of them seem to qualify as the kernel. Besides, as I've searched out there, in a developer forum I've read that the kernel is not in system.img, but in boot.img. And how to gut apart boot.img?
It seems I got the answer to that question either: downloading android_booting_tools, which has the command unpackbootimg (since abootimg couldn't do the job and exited with error "not a valid Android Boot image") Once unpacked boot.img, voilá, the kernel is there (and definitely not in system.img): the file named boot.img-zimage.
BUT!! Now, what the heck do I do with the kernel file, if what I need is to downgrade the bootloader? Your instructions are a bit unclear in that point.
OK. I think I understood this part. Thanks.
Click to expand...
Click to collapse
I use 7zip.
You asked how to extract the system.img, not the kernel.
The boot.img is not the bootloader. If you're trying to downgrade the bootloader then you should be trying to use the bootloader, but you may or may not need other parts of the downgraded firmware also in order for the bootloader to not cause the device to hard rock or block the flash. What you would or wouldn't need, I don't know, it usually requires tinkering to find the right recipe. Trial and error, experimenting with mixing different parts of each firmware to see what will or won't work together.
Also, it may require unlocking the bootloader and/or using a modified version of Odin to flash a modified firmware or modified .img files.
That is all "IF" it is even possible or safe to attempt Your milage may vary.
Droidriven said:
You asked how to extract the system.img, not the kernel.
Click to expand...
Click to collapse
I begun by quoting a post where you supposedly explained a 'potential' workaround for downgrading the bootloader (I qhote: "there is one potential workaround to downgrade"). As per your instructions, one should first extract 'system.img itself' in order to get hold of the kernel. And that's why I asked how to do it. Obviously the end point was to find the kernel, as per your instructions. But it turned out the kernel is not in system.img. I wonder what Is, then, the point in that part of your instructions.
Droidriven said:
The boot.img is not the bootloader.
Click to expand...
Click to collapse
Obviously not. I haven't said that. I just said that I found out that kernel is inside boot.img, not inside system.img.
Droidriven said:
If you're trying to downgrade the bootloader then you should be trying to use the bootloader
Click to expand...
Click to collapse
Well, I can also say: "if you're trying to help people downgrading the bootloader (which is the title of this thread), then you should be trying to help people downgrading the bootloader."
Droidriven said:
There is one potential workaround to downgrade, you can try extracting the system.img from the downgraded firmware then convert it to an Odin flashable .tar using 7zip to compress the file .tar format, select the highest level of compression. After extracting the system.img but before converting to .tar, try extracting the system.img itself then find where the kernel is packaged in the system.img then try finding what the binary version of the kernel is, if the kernel's binary version is lower than the binary version of the currently installed kernel, you will not be able to flash the extracted system.img with the kernel packaged inside it, you will have to try removing it then convert to .tar as I described. Once you verified binary versions, convert the file to .tar then flash the system.img.tar.md5 via Odin, place the system.img.tar.md5 in the AP slot.
Basically, it works like this, if you boot into download mode and look at the revision values, you should see something like this:
swREV B: x K: x S: x
B is for bootloader binary version, K is for kernel binary version and S is for system binary version. If B is lower than your currently installed B version, you can't flash it, if K is lower than your currently installed K version, you can't flash it, if S is lower than your currently installed S version, you can't flash it. See if you can find out what the binary version of your currently installed bootloader, kernel and system are, then compare them to the binary version of the downgraded firmwares bootloader, kernel and system. B, K and S can be independent different values, for example, a firmware could have a B value of 4, a K value of 6 and a S value of 5, they do not always all 3 have the same value in a single firmware. Some updates may come with an updated B binary and an updated K binary but not an S binary, or any combination. In my example above, if a device has values of B: 4 K:6 S:5 and that device receives an update that has B:5 and S7 but no updated K value, after flashing, the device would have B:5 K:6 and S:7.
If any of the parts of the downgraded firmware have a binary version that is equal to its corresponding currently installed component, it can be flashed, but if any of them are lower than their corresponding currently installed components, they can't be flashed.
Sorry to be so long winded, just trying to explain how binary version works and can possibly be manipulated to downgrade each individual element, if the binary versions correspond correctl.
Click to expand...
Click to collapse
Hi, I know this thread is quite old. But i have a Rooted Galaxy M23 (SM-M236B) and in odin it says B:2 K:2 S:2. I was waiting for an software update and sawed that there was one update in that it says that is bit is 3, Questions: 1. If I install the bit 3 software i would not be able to install again a 2 bit software? 2. My bootloader is unlocked, does applying the update locks the bootloader? And 3. How do I know if the update makes my bootloader locked permanently?
Mr. Electrinix said:
Hi, I know this thread is quite old. But i have a Rooted Galaxy M23 (SM-M236B) and in odin it says B:2 K:2 S:2. I was waiting for an software update and sawed that there was one update in that it says that is bit is 3, Questions: 1. If I install the bit 3 software i would not be able to install again a 2 bit software? 2. My bootloader is unlocked, does applying the update locks the bootloader? And 3. How do I know if the update makes my bootloader locked permanently?
Click to expand...
Click to collapse
1) yes, if you flash the binary 3 update, you will not be able to downgrade to a 2 binary, UNLESS the bootloader is unlocked and you use "patched Odin" or Cosmy's Odin to flash the downgraded firmware.
2) I don't know if flashing the update will lock the bootloader or not, you would have to research that yourself to see what results other users of your exact same model got after flashing the exact same update build number that your update has.
3) You would have to find other users that have the exact same model number device that you have and find a user that has flashed the exact update that you are asking about.
***Note***
If the update that you are asking about is a atock OTA update via the system update option in system settings, you will have to unroot the device then boot into recovery and wipe the cache partition (but not factory reset) then reboot the device, then do the update via settings. Stock OTA updates cannot safely be applied on devices that have been rooted, modified system partition or have custom recovery installed. You have to have clean, unrooted, unmodified stock firmware with stock recovery.
If you are manually flashing the update via Odin, you do not need to unroot before flashing the update, flashing via Odin "should" take care of that for you, depending on whether the update is a full update with a new system partition or a partial, incremental update.
Droidriven said:
1) yes, if you flash the binary 3 update, you will not be able to downgrade to a 2 binary, UNLESS the bootloader is unlocked and you use "patched Odin" or Cosmy's Odin to flash the downgraded firmware.
Click to expand...
Click to collapse
You can NEVER downgrade the bootloader/binary/bit level, even if you've bootloader unlocked it. OEM Unlock does NOT magically enable you to downgrade the binary

Question Nord 2T 5G Full Factory ROM/Firmware with Scatter file for Unbricking

After successfully rooting my Nord 2T by backing up and then patching the stock boot.img I proceeded to patch the inactive slot within Magisk (it was unecessary of me..) and after rebooting entered a loop. Anyone know where I can get the factory ROM? I was on the May patch. Thanks in advance!
I am also looking for the factory OTA image.
How did you get the boot.img exactly?
jolaviska said:
I am also looking for the factory OTA image.
How did you get the boot.img exactly?
Click to expand...
Click to collapse
Good ol SP Flash but I think the backed up images are corrupted hence the need of factory firmware to use it to restore my device.
Apologies I did not realise you still needed the firmware. I have mirrored it here if you still need it May Patch Full ROM
garylawwd said:
Apologies I did not realise you still needed the firmware. I have mirrored it here if you still need it May Patch Full ROM
Click to expand...
Click to collapse
So extracting boot. img from your file won't be enough to do Root right?
Riski3Run said:
So extracting boot. img from your file won't be enough to do Root right?
Click to expand...
Click to collapse
You can't extract from the firmware. You must use spflash tool to pull the boot.img from the device (mediatek devices are a bit different to Snapdragon devices)
I'm going to do it today but I had to bring my daughter to the hospital after a fall she had which required stitches.
Once I have it extracted I might write a guide on how to do it with links to all firmware needed and have a thread where we will have both the stock and magisk patched boot.img's available.
Been like 6 weeks and no root on my device, this is the longest I have went without rooting in almost 7 years
garylawwd said:
You can't extract from the firmware. You must use spflash tool to pull the boot.img from the device (mediatek devices are a bit different to Snapdragon devices)
I'm going to do it today but I had to bring my daughter to the hospital after a fall she had which required stitches.
Once I have it extracted I might write a guide on how to do it with links to all firmware needed and have a thread where we will have both the stock and magisk patched boot.img's available.
Been like 6 weeks and no root on my device, this is the longest I have went without rooting in almost 7 years
Click to expand...
Click to collapse
Thanks. I rooted mine within a day but went too far with patching the inactive slot via Magisk and now phone is soft bricked. If you are still interested in extracting the boot image for patching then use this tool. I tried to use it to flash the payload.bin but phone still not booting. I even flashed all the extracted images manually in fastbootd. I guess the OTA file doesn't contain all the files needed to restore the device back to its factory state.
Anyone with the full firmware containing the SP Flash Scatter file please share it. You'll be saving everyone else. I bought my phone on a trip and there are no OnePlus repair centers over here so won't be using my phone until I can restore it myself
garylawwd said:
Apologies I did not realise you still needed the firmware. I have mirrored it here if you still need it May Patch Full ROM
Click to expand...
Click to collapse
Hello
Can't you upload this zip file somewhere else?
Each time download is not finished.
Riski3Run said:
Hello
Can't you upload this zip file somewhere else?
Each time download is not finished.
Click to expand...
Click to collapse
Saw you were able to fully extract the payload.bin so could you mirror the files as well..
Issue is now resolved Thanks @Riski3Run and @garylawwd
Alternatively extracting and flashing the payload.bin ALSO works. No need to extract the images just use this beautiful tool
garylawwd said:
Apologies I did not realise you still needed the firmware. I have mirrored it here if you still need it May Patch Full ROM
Click to expand...
Click to collapse
Hi Garylawwd, when I click on the link it displays an empty folder. Can you perhaps reupload the firmware? My device is bricked and I'm unable to find the stock rom and scatter file for CPH2399 :/
woodiewood3 said:
Hi Garylawwd, when I click on the link it displays an empty folder. Can you perhaps reupload the firmware? My device is bricked and I'm unable to find the stock rom and scatter file for CPH2399 :/
Click to expand...
Click to collapse
Were you on the latest June security patch?
garylawwd said:
Were you on the latest June security patch?
Click to expand...
Click to collapse
Yes I was on the June patch, but I completely messed up my Phone.. can't boot into recovery or fastboot, screen stays black.
When I plug in the phone my computer recognizes it as Mediatek usb port.
When I try to use mtk_gui it is able to connect but it freezes after DA extension and thus I'm unable to read or write anything from or to the device via mtk_gui.
I hope that I can flash the stock firmware via SP flash tool, otherwise I will probably need to send it to OP repairs centre.
But to flash via SP flash tool I do need the firmware + scatter file. ATM I'm unable to find them.
I am unable to create the scatter file via MTKDroid it says --- Unknown ROM structure, backup NOT possible!

Categories

Resources