Related
UPDATE
It is clear from many users now that the 2.3.4 / 4.5.91 OTA burns a fuse, specifically in ReservedOdm[1], which switched from:
Code:
old: 0000 0000 0000 0001 0000 0000 0000 00[B]0[/B]1
new: 0000 0000 0000 0001 0000 0000 0000 00[B]1[/B]1
So, if you see something in /sys/firmware/fuse/ReservedOdm like:
Code:
10000000000010001000[B][U]3[/U][/B]00004000
You *should not* SBF to anything except PUDDING or an SBF with PUDDING, or AT&T 4.5.91.
Any official motorola .sbf, EXCEPT 4.5.91, will leave you in hard-brick nvflash land...
(I will make a new post and call for more data for Chinese 0x1000 errors)
Here is an AT&T specific putative explination for their 0x1000 issues:
Our phones have a fuse, a set of one-time-programmable bits, called 'ReservedOdm' (reserved for the original design manufacturer, Motorola.) Using a fuse in this set, the unreleased 2.3.3 bootloader implemented 'fastboot oem unlock' which burns a bit in ReservedOdm[0] and sets these 32 bits (represented as 8 hex values) to 0x00004000. There are 8 ReservedOdm[] 32bit values, or 8x32 (256) fuses. Once one is burned (set to 1) it cannot be un-burned. Hence, a 'fuse'.
You can view the state of your ReservedOdm by looking at /sys/firmware/fuse/ReservedOdm, if you are root. Mine looks like this:
10000000000010001000100004000
(before unlock:
10000000000010001000100000000)
Broken down (Odm as short for ReservedOdm):
Code:
Odm[3] | Odm[2] | Odm[1] | Odm[0]
00010000 | 00000001 | 00010001 | 00004000
We don't really understand Odm[3], but it likely gets burned by flashing an .sbf or some other process, not everyone has a 1 there. You don't see Odm[7] through [4] because leading zeros are dropped from the printf output. Also, some people (pre-first-sbf?) seem to have 00000001 not 00010001 in Odm[1].
Why discuss unlocking? Because although downgrade bricking is not directly related to unlocking, in the end it is caused by another fuse, in ReservedOdm[1].
Talented dev nothize has disassembled bootloaders and determined that AT&T 1.8.3 and earlier, and most chinese bootloaders, expect that only the last bit of Odm[1] is 1. By burning the next-to-last bit, Moto broke ability to downgrade.
Basically, SVF:105:1:2 means, at lower word (16bits) of Odm[1], (called "105" dunno why) we expect the first '1' to be in position '1' but we found it at position '2', barf. Ie, for AT&T bricking case, we wanted Odm[1] should have been 0x????0001 (binary 0001 for last 4 bits) but we got 0x????0003 (last 4 bits, binary 0011) instead. By barf I mean drop to nvflash mode which only motorola service can use, since only they have our 'secure boot key' which nvflash requires. Thus, the hard brick when certain (older and/or chinese) bootloaders find this unexpected fuse burned.
Now although 4.5.91 OTA & sbf burn a fuse, you only brick if you run a bootloader that expects it not to be burned (ie, stock 1.8.3 or below.) Similarly, you can burn the Odm[0] fuse to get 0x00004000, but it won't do you any good unless your bootloader cares. So far there is one bootloader which cares, from 2.3.3, 4.5.47 (unreleased build) and lets you 'oem unlock', burning that Odm[0] fuse, and if it's burned, lets you fastboot, skips signature checks, etc.
If you run any other bootloader besides 'Pudding', it doesn't matter if your fuse is burned, you're 'effectively' locked (other BLs don't care to give you permissions.) But since fuse burning is irreversible, once you go back to the unlockable bootloader, it will notice you burned that fuse, and print 'Unlocked' in the corner. So although your fuse is burned, you don't get the benefits of it, unless you flash 'Pudding' (4.5.47) or an sbf with 'Pudding' in it.
Pudding/4.5.47-BL is also a special for another reason. Although it also does not like Odm[1] to be 0x00010003 (like 1.8.3/pre) and displays error 0x1000, it lets you escape. It gives you a really nice menu of options so you can flash something higher (only 4.5.91 right now) if you want to stay locked, or it lets you enter fastboot and 'oem unlock.' Then, in the future, even if it notices this 'bad' fuse is burned in Odm[1], because you have the Unlocked fuse burned in Odm[0] it gives you a pass, and boots anyway. So flashing Pudding or something+Pudding after 4.5.91 might give you a little heart attack, but in the end it should be harmless.
Preserved for posterity below (if you have a Chinese/Korean/Hong Kong Atrix please continue to post your ReservedOdm plus model, location, carrier, current build/sbf please, until I start a new thread.)
ATTENTION
The purpose of this thread is to assist currently 'hard' bricked users seeing 0x1000 on boot, and to understand why this happens. People who have un-bricked please skip to the end of the post. Talented dev nothize has disassembled some bootloaders and thinks perhaps this is a fuse check failure. Also, he has been able to glean some info from the chinese-language threads about this same error some weeks ago. It has been very hard to try to make sense of this issue after being away by combing through hundreds of posts. Let's keep this thread uncluttered.
HOW TO HELP
Everyone who has seen 0x1000:
Post a short description of how you got there, what you see (ie, do you boot loop?) For example, ATT users: Did you OTA from 1.8.3 to 4.5.40 or 4.5.91? Had you flashed 'Pudding' before OTA? Were you locked or unlocked? Did you see any messages about 'BP' during any RSD flash or OTA upgrades? If you recovered, exactly how (full Pudding+1.8.3 or just Pudding. If you were locked, did you have to unlock? etc.) INCLUDE SVF STRING (if any.) Be concise and specific.
If you managed to un-brick:
0. (Root your phone, see: here)
1. As root, cd to /sys/firmware/fuse
2. Run: "for i in * ; do echo $i `cat $i`; done"
3. Post output here, especially of "ReservedOdm" fuse
(Include: carrier, previous .sbfs & bootloaders used, if unlocked, current BL)
(The following is depreciated, probably not worth doing... 0x1000 on 1.8.3 bootloader [or older] is different to the Hong Kong/China 0x1000, and also different for users lucky enough to flash 2.3.3/Pudding after OTA)
If you are currently bricked:
[Note, this is not a fix, but we'd like to know if you can 'see' your device on your PC's USB. If you have, or can make, a factory cable this test will be more conclusive, especially if you see any sort of 'Nvflash' message]
0. (Be sure your battery is charged!!)
1. Unplug phone, remove battery, leave disconnected for at least 10s
2. Hold down the volume-up before and during battery insertion
3. Continue to hold down volume-up (never release it!) and connect to PC
(If you've held volume-up more that 30s after inserting battery, you can release)
4. Try to see your device in RSD
5. If Step #4 fails, try to see your device in linux 'lsusb' (like: "watch -n .1 lsusb" before connecting phone to PC)
6. Post your results in this thread!
(PM me if you use windows freeware lsusb or usbview. I don't run windows and can't test, but would gladly post instructions)
Good thread for our bricked friends. Nice one!
Ronaldo_9 said:
Good thread for our bricked friends. Nice one!
Click to expand...
Click to collapse
This is exactly the kind of spam I do not want on this thread. If this starts to happen I will close this thread.
Please respect the big red underlined request in the first post and do not post in this thread unless you have experienced 0x1000 yourself, and have something useful to contribute.
Thanks in advance for valuing our time.
Six step plan is a no go for me. I tried it quite a few times with two different batteries.
One battery is low-ish on charge and it reads the following under the traditional error:
Code:
Entering NVFlash recovery mode
Battery is too low to flash
The other battery is full. It reads the error for about three seconds and then quickly flashes the "NVFlash recovery mode" line before it turns blank. The screen just goes dark. Still, the device must be on, because it won't let me reboot without battery pull.
@kenneth that's exactly what happened with me.
I have already gotten a new atrix and dumped the busted one back to AT&T (on the pretense of a battery dying while doing an OTA update.) So unfortunately I cannot help figure this out.
But for my two cents, im still a firm believer that using a factory cable to connect the phone w/o a battery to a PC holds the solution we seek.
I attempted to make my own, but at 7am after going all day at work (im in the US Marine Corps Infantry ) I was falling asleep while soldering. Im going to work on it again this weekend though.
Sent from my MB860 using XDA App
I had the 0x1000 error yesterday morning by flashing pudding. I don't think was a hard brick due too the fact that I was able to recover.
Sent from my MB860 using XDA Premium App
Same issue as jakew02, how ever I still have my bricked atrix. I will get a fully charged battery and try to get some results but I have the same symptoms as Kenneth as well as in phone starts for about 3 seconds and immediatley needs a battery pull. I'm off work in a few hours and will post results then.
Sent from my MB860 using XDA App
Sthony said:
I had the 0x1000 error yesterday morning by flashing pudding. I don't think was a hard brick due too the fact that I was able to recover.
Sent from my MB860 using XDA Premium App
Click to expand...
Click to collapse
Please guys... the more descriptive the better.
Sthony, you OTAd to 4.5.91 from 1.8.3 by putting the .zip in /sdcard and fastboot menu into Recovery? Then, you flashed Pudding and soft-bricked. How did you recover? Were you unlocked before OTA? Or you only unlocked after flashing pudding?
Can those of you who recovered please cat /sys/firmware/fuse/ReservedOdm ? (as root)
We would like to determine what prevents you all from downgrading (and maybe, possibly, get the still-bricked out of nvflash mode, but this will probably require cable + SBK). So it will help knowing exactly what versions you went FROM and TO (with OTA inbetween) and the type of 0x1000 you got (bootloop with RSD option using battery during volume-up method, VS. nvflash, VS. fastboot menu) including the SVF (usually 105:1:2) message if possible.
kennethpenn said:
Six step plan is a no go for me. I tried it quite a few times with two different batteries.
One battery is low-ish on charge and it reads the following under the traditional error:
Code:
Entering NVFlash recovery mode
Battery is too low to flash
The other battery is full. It reads the error for about three seconds and then quickly flashes the "NVFlash recovery mode" line before it turns blank. The screen just goes dark. Still, the device must be on, because it won't let me reboot without battery pull.
Click to expand...
Click to collapse
Kenneth, same here.
the 6-step thing is a no go for me. It flashes the NV thing very quickly, then goes dark. At least I know what I did wrong, and quite stupidly so
- On 2.3.4 stock
- tried to push a de-odexed services.jar , deleting the services.odex (stupid in hindsight)
- pushed kenneth's boot.img and system.img (without reading that the system needs to be UNLOCKED)
- since the only thing left was RSD, tried to flash 1.2.6, which failed. BOOM. hard brick.
I only hope my stupidity helps people not make the same mistakes.
Will try to give it to a moto service center tomorrow, see if they can fix it.
*EDIT* doing the steps in the first posts without battery but plugged into wall outlet leaves the phone in "starting nvflash... battery too low to flash." If you push in the battery, and then pull out the cable, the screen stays on. Not sure if that helps anything, since I don't know how to do nvflash, and don't have the right tools to begin with.
Please fill out and use the following template when posting to this thread:
1. Before the 2.3.4 (4.5.91) OTA upgrade, did you flash a fresh install of 1.8.3 .sbf from RSD?
2. If the answer to #1 was no, what mods (if any) did you have installed at the time of your 2.3.4 (4.5.91) OTA flash (cwm, pudding, root, et cetera...), also what version of software were you on if not 1.8.3?
3. After flashing the 2.3.4 (4.5.91) OTA by putting the update.zip in the root of your /sdcard-ext/ and booting into the stock recovery, did you install any mods (cwm, pudding, root, et cetera...)?
NOTE: If you did not flash the 2.3.4 (4.5.91) OTA by putting the update.zip in the root of your /sdcard-ext/ and booting into a stock recovery, please detail what method you used to get to the 2.3.4 (4.5.91) OTA. This thread is only for users who flashed with this method.
4. Did you use RSD to flash anything else while on the 2.3.4 (4.5.91) OTA, such as pudding?
5. Did you use fastboot to flash anything else while on the 2.3.4 (4.5.91) OTA, such as cwm or preinstall root?
6. Did you then try to flash back to the stock 1.8.3 .sbf via RSD? If so, what version of RSD Lite did you use?
7. If the answer to #6 was no, what version of .sbf did you flash via RSD, also what version of RSD Lite did you use?
8. Did you encounter the 0x1000 error after trying to downgrade to a lower version .sbf?
9. Have you been able to recover from the 0x1000 error and resume normal functionality? If so, what software version are you currently on?
10. Please detail below exactly what had occurred during and after the downgrade to a lower version .sbf via from the 2.3.4 (4.5.91) OTA. If you were able to recover, please detail the steps that led up to your recovery. Also what type of 0x1000 you got (bootloop with RSD option using battery during volume-up method, VS. nvflash, VS. fastboot menu) including the SVF (usually 105:1:2) message if possible.
Also include everything required from the first post of this thread. This is very important.
If you can also provide filenames for the files you've flashed, that would be optimal.
=>
Well, I had this issue some days ago following the Pudding stickied topic.
I had 4.1.8.3 with old Tenfar's CWM so following the steps in that topic flashed 4.1.8.3 again with RSD Lite. It was a service SBF.
Then I booted in Android recovery mode and flashed the OTA. Everything went fine, I had 4.5.9.1 with all my data and apps.
Then I flashed Pudding.
Instantly after RSD rebooted my phone, I had this 0x1000 error. I didn't know what to do, I followed the guide step by step and I was confused. So I tought "Maybe I need to unlock my bootloader". So I booted the phone in fastboot mode and unlocked my bootloader through fastboot.
Then I did a fastboot reboot and voila, the phone booted again in 4.5.9.1.
I notice I have a "Unlocked" text in the Motorola boot screen.
Well, I hope this info helps someone.
Let me know how it went.
Failed to boot 0x1000
I have the same issue that you guys have...
I did the update to Gingerbread 2.3.4 and then I tried to roll back to froyo so I used RDSlite 5.3.1 and this .sbf: OLYFR_U4_1.2.6_SIGNED_OLPSATTSPE_P012_HWolympus_1g_1FF.sbf and the phone got hard bricked...
I left it with the battery inside yesterday and today the phone drain the battery completely... I took it off, charge it for 2 or 3 minutes and put it back, connect it to my pc and it displays:
SVF: 105: 1:2
Failed to boot 0x1000
Entering nvflash recovery mode
Battery is to low to flash
But if i take the battery from my other atrix, fully charged it just turn on, display the error and for a second "Entering in nvflash recovery mode" and then Black Screen.
Just going to point this out in a new post for everyone to see on unbricking transformer: http://forum.xda-developers.com/showthread.php?t=1123429
I am wondering if sth like this could work (with the right .cfg and .sbf). I am going to take a look at the nvflash package in any case.
bl0wf1sh said:
Just going to point this out in a new post for everyone to see on unbricking transformer: http://forum.xda-developers.com/showthread.php?t=1123429
I am wondering if sth like this could work (with the right .cfg and .sbf). I am going to take a look at the nvflash package in any case.
Click to expand...
Click to collapse
You would need your SBK which is why the NVFlash issue is a 'hard' brick in the first place.
First i would like to apologize if this post is not of much use to you guys as I have not hard bricked my device. However I have flashed the 4.5.91 OTA and I noticed something intersting.
1 I unlocked my bl the night pudding was released.
2 I flashed a fresh 1.83 sbf
4 OTAd form android recovery to 4.5.91
5 on the very first reboot after OTA I entered into RSD protocol and once I connected to RSD lite 5.3.1 I noticed RSD identified my device as SE-Olympus insted of the normal NF-Olympus.
6. I flashed zomgunlock-lite.sbf. After it completed SE-Olympus changed back to NF-Olympus.
I may be wrong but i dont ever recall RSD seeing my device as SE-Olympus.
Anyways I hope this may useful and good luck!
kennethpenn said:
Six step plan is a no go for me. I tried it quite a few times with two different batteries.
One battery is low-ish on charge and it reads the following under the traditional error:
Code:
Entering NVFlash recovery mode
Battery is too low to flash
The other battery is full. It reads the error for about three seconds and then quickly flashes the "NVFlash recovery mode" line before it turns blank. The screen just goes dark. Still, the device must be on, because it won't let me reboot without battery pull.
Click to expand...
Click to collapse
On my bricked Atrix, it just shows the error, and stays there until a battery pull (no other text shows up)
When you see the LOW battery warning, it's a false warning. On Olympus, NvFlash can only be accessed with external power from the factory cable (without ANY battery inserted). That's why your devices are "flashing" and powering themselves down. It's a "protection" implemented by Moto (as factory cable should be only built by Moto for repairing bricked devices).
Anyway, why are you hardbricking your devices flashing an old bootloader?
...At least, do you know why your device isn't relockable?
The new bootloader writes a bit into a fuse (in the ODM Reserved set) that isn't already blown. When it reads it back, if it's set to 1, it shows the "Unlocked" message and disables security checks.
Still, why can't I relock the device?
As you might know, when a fuse is blown, its programming power ramp is literally blown, so, you can't reprogram a fuse that has been burned.
And still, so, after so many hours of boring reading of your post, can you tell me why the **** my device is bricking with an old bootloader?
...The bootloader reads the entire ODM Reserved fuse set. When it reads it, it won't read fuse 1,2,3,4.... but the ENTIRE set.
If another fuse is blown, the old bootloader can't recognize why the damn there's an 1. It doesn't know what it is.... so boot fails, MotoBoot stops its execution and passes it to the Emergency NV3p Server (Emergency NvFlash Mode, from nVidia MicroBoot).
I think those infos should clear some doubts in your mind.
Cheers!
very nice of you I offered to possibly fix some bricks but with out knowing actual facts as to what is going on with their devices it would be hard . have you talked to any of them ? you know they dont talk to me , do they actually have access granted to NV3p server or nvflash or are they still locked out?
as per the first post, the OTA DOES CHANGE YOUR BP, THIS IS NOT A ?, as i was graceful enough to enter irc under another handle and post earlier in the week.
on a side note the irony of this entire situation is that i was booted from #moto-atrix after arguing the subject of blindly flashing back to older versions with a sbf, true at the time i was concerned with 1.84 - 1.29 , but now just a short time later ...
Regardless a fix maybe possible but need to know exactly what access you have once powering on device
*edit* for the sake of giving you what you asked here is my output , I am unlocked, rooted, I did use OTA I never bricked , I am now running my own stuff after flashing a CWM and building
Code:
DeviceKey FFFFFFFF
JtagDisable 0
KeyProgrammed 1
OdmProduction 1
ReservedOdm 10000000000010001000300004000
SecBootDeviceConfig 0
SecBootDeviceSelect 7
SecBootDeviceSelectRaw 0
SecureBootKey
SkipDevSelStraps 0
SpareBits
SwReserved 0
kfuse_raw ��j�s��Q��'��[email protected]�C���%57�ܠ�� ���.�����fm���vp��^�����D}�G���������K�*^V��w�+�����6:���YяmTq���;bH9�٩$M��nT&�7������4.�ŷ�X�{�J��������[�;N{��,(Ay���V��K=t�TD���!$�{%�f��y;v���~�\�C�:L-|��w���)�g�#�!mv���+W�T������(����|�3�LNP�HV�J��|q��b��Wf�a��/
�.���^df�6�6�e�n��U�Sj��j}�_g��i��c�i�h��0$ �bz)�ߋ�Cd|ge-G����oU���GF��w����YLn2E,�rU����5�V���3.�V��NjY�m�v*Bt������2�[email protected]�?��ؘ��#w��&6�+rdb�;TK_r���� �,�F_������vQ�NJ
��2��}(�8mg��ȯ#nv��������M$�Oǹ=E��I�v��E�9�tP"�[`��'�a#X�E��S+�4 ��u/�ö�4�B|y��1b�d��*��N��/"U���p����� F���%4>�X�0H�xx������
sku F
So here is my basic info now that I am home.
I was on stock att 1.83, flashed 2.3.4 via zip through sd card. Tried to install pudding, phone went into bootloop then flashed the red led. upon reboot showed error and message of "no os available cannot boot."
After panicking a bit, I loaded the 1.26 sbf, got to the moto boot screen and the phone shut off, no led, no message, nothing. I pulled the battery and restarted, then all I got was the 0x1000 message for 3 seconds, then the NVflash message and immediately a blank screen.
Now that I am home I have tried the steps provided and haven't been able to see the phone through rsd lite, and it still has the same symptoms. If you need any other info, or if i have forgot anything please let me know I will help where I can since I now have a paperweight and a brand new functioning atrix, thank god my mother-in-law was due for an upgrade.
They're still locked out. No SBK no party.
"No OS to boot" implies that you need to repartition/reflash without absolutely touching the MotoBoot. So, someone make a recovery SBF that won't flash the bootloader or you'll see plenty of bricked devices.
They can't recover with NvFlash.
Dear Administrator or moderators...
Once this thread went to a conflict with gekkehenkie11 and according to that I spent about a week time researching this "knox" thing without having normal sleep even it was the limit for me, when by the words of gekkehenkie11 he pointer at me boing uselessly wasting people's time and like I'm being a liar. I got finally mad and deleted(overwritten own original posts). I need a 3-4 days to come down and think if I continue development of this KNOX thing(pointing at me like a liar and noob is a very bad motivation to continue, but maybe I will continue just for other people who didn't point at me that way). So far, Admin and moderators it's up to you to decide either to restore original posts from backup(if you have ones) or delete this topic. Any your decision will be accepted without any protest from my side. (I personally didn't leave any backups for myself).
Thanks for understanding!
i dont want to come across as a boyscout or anything, but isnt this essentially committing fraud (possibly insurance fraud)?
it depends
deleted
phoenix91140 said:
Hi Guys. Hope here are some programmers.
I have a good news for all Galaxy Note 4 users and owners, who have ever rooted it and got "KNOX WARRANTY VOID: 1" message. So from now(if developers, who write cf-auto-root tool) will use my advice, you can forget about warranty void. I'm linux expert and C/C++ programming expert too. So, once Samsung told me, that because of root warranty is void and they don't wanna repair factory cauzed mainboard damage(short-circle on mainboard), I wondered, how to solve that problem. And I found the solution(will do it on my own for my device when it gets back from service center) to hack that warranty void thing. So, first of all you go there sammobile.com /firmwares/database/SM-N910C/ to get original firmware(in my case SM-N910C, but choose yours, or you'll kill your device). You'll get original firmware. And KNOX uses value to print if warranty is 0 or 1 (0x0 or 0x1). But actually it makes no sence, since in service centers they just place Odin boot to check if it's 0 or 1. More over, they not goig to place root on it, to figure out, if knox works fine or not.
WARNING!!! READ CAREFULLY!!!
Any kind of warranty or usability are voided! By using this hacking method you accept, that you USE IT ON YOUR OWN RISK!!! This info basically is meant for xda-developers crew to release a massive hack. Any broken, died etc phone - IS YOUR OWN FAULT! If you don't know what you're doing - DON'T USE IT, UNTILL YOU KNOW WHAT YOU'RE DOING!!!
NEW!!! Since new Android Lollipop released, it's unknown behavior on android 5 firmware. I strongly reccomend to get a default stock firmware(Kitkat 4.4.4), cauze this hack was made on Kitkat and not tested on Lollipop(Android 5),
So guide to disable KNOX WARRANTY void:
1) download original firmware
2) unzip file you get(it is about 1.6 GB).
3) Need to modify sboot.bin image. Suitable is disassembler, or hex editor like Octeta for linux.
4) Search "KNOX WARRANTY VOID" text in sboot.bin file. You'll find something like (test device) ??? KNOX WARRANTY VOID: %d. In my case start position is 2786.
5) Now need to make it print Zerro (0). They use ordinary printf() command. "%d" symbol means, that digital value(number) gonna be printed. Here we can place statical Zerro, or if you're good at assembler and hacking, can search what varriable is used and where it comes from. But regular 0 on Odin near field of "KNOW Warranty void" is enough. So we take "%d" down and placing "0 " (ZERO + SPACE, 2 chars must be used, otherwise you you'll break binary file geometry and it will crash on execution time causing segmentation fault. Probably, if you break geometry of bin file device will die) instead.
6) When sboot.bin hacking is done, you'll need to pack all contents back again(images we got from original firmware archive, including hacked "sboot.bin" file), then upload new firmware(original + hacked sboot.bin inside) and reboot device.
7) Place reset to factory firmware(turn off phone, hold volume up + home button + power button) on emergency recovery during boot(so that root will be lost).
8) Done. Run Odin, and see that Odin shows Warranty void 0. Now warranty restored and you can go to nearest repair center, and make them note, that warranty void is 0. If they update firmware and it's 1 again, it's not your problem anymore.
Hope XDA-DEVELOPERS crew will release new cf-auto-root with this hack, or make a firmware(factory default) with KNOX warranty void hacked.
To those, who are not a programmers, please ask xda-developers to apply that stuff to firmware on this site.
Now the question, can we cooperate with xda-developers to make that hack publicly available?
To those of you, who used that hack, please provide feedback(phone model, sboot.bin availability and the result of odin status(mean if that helped you to get 0 or not). If you have any problems, ask xda-developers crew, or me for assistance.
Enjoy.
PS. I attach photo so, that you can see where to search warranty void stuff. I believe it's the same story for all new Samsung mobile phones.
Enjoy once again.
Click to expand...
Click to collapse
if this actually works, it doesn't change the FUSE-based KNOX warranty flag. i.e., it makes the software/bootloader prints 0x0, but this will change once you flash official firmware.
it's a fake value, but it helps
deleted
phoenix91140 said:
Yes, it works and yes, on firmware reinstallation it will get back 1(I wrote about it in my first post). But, if you have the latest firmware installed with that hack, they only check knox warranty void status(they have no reason for installing again the same firmware). But there should be an official status(that's why you need official firmware). And if problem on device carries hardware deffect issue(short-circuits, damaged BGA etc) and you can show the deffect in action - then they repair device(they do not change chips etc, they replace entire mainboard). Sure, if have broken bootloader and your device is a "software brick" it will not help, and it's already your fault. But for hardware issues it will pass. More over, even KIES on software update crash can set 1 to knox warranty void, so, even if they flash firmware, they will see 0 at first place and then see, that their action made it 1. And believe me, they not gonna look KNOX WARRANTY VOID twice. If at the time they flash firmware it's 0 and you have broken hardware(factory deffect) they will replace it. Also Samsung service friend told me that all damaged mainboards are destroyed after replacement, cauze they will place the same IMEI and the same S/N to new mainboard and the reason for that is that on network carrier cann't be at the same time 2 devices with the same IMEI.
Samsung services don't have programmers there and they have no idea about such hack and how to identify that. But to be serious, it's up to you to choose to fake "know warranty void" and get ~90% chance for warranty works or to pay on your own for repair works. And if xda-developers will take a look at that file, there should be assembler instructions for getting that warranty void value, so can track where it comes from and try to reset it.
Click to expand...
Click to collapse
I know it's a fake trick that may help in your situation with warranty claim.
Unfortunately, this is confusing when compared with real KNOX reset for Exynos Note 3 (N900) by a leaked firmware. Moreover, it seems that you own N910C while your thread is posted on N910V section where the majority (retail editions) are on LOCKED bootloader & without ROOT access (so, they can't even flash any modified images).
deleted
phoenix91140 said:
OK. I'll write to moderator once again. I'm newbie here, and didn't find the correct section for this topic.
Click to expand...
Click to collapse
No problem! Thanks for sharing your trick
deleted
+1 amazingly nice solution. will it work if a knox container tries to access the value as well ?
sounds like it will since youre hard coding the knox value in the kernel.
yes, it will
deleted
You can check knox status even when Phone is powered on, here is a simple app that can do that https://play.google.com/store/apps/details?id=it.ale32thebest.galaxywarrantycheck (I'm the dev of the app, if can help i can tell you how i read the value) if can help, i have n910f and i tried the app on it and other internarional samsung Phone model (s3-s4-s5)
deleted
phoenix91140 said:
You're welcome. At the moment I simply don't know ARM assebler well, since I'm linux programmer and there basically x86 & x86_64 assembler instructions used. But if you want to hack counter itself, it's also a good place to start from, cauze this sboot.bin originally has access to that "0x1" value and disassembling the code we could find out where and how it comes from. This hack is just a temporary solution for the cases of factory deffects revealed and warranty voided cauze of rooting device.
Click to expand...
Click to collapse
does it mean if I know where the variable comes from, I can modify KNOX mechanism so that. I can.flash everything without tripping it. maybe I can modify the official firmware so that even my device doesn't know KNOX fuse exist?
PS: I have voided my warranty, can I still use Kies to update in this way?
deleted
Sent from my SM-N910C using XDA Free mobile app
Great work man,hats off
Sent from my SM-N910G using XDA Premium 4 mobile app
phoenix91140 said:
Yep. Point is, that even if imagine, that we cann't overwrite 0x1 flag to set it real 0x0, we still can if we find where knox(except bootloader, cauze I showed already how to make it show 0) print 0 and think its 0. Such way we make it lie like it's all ok. That is option number 1.
Second option is to disassemble sboot.bin and see on low programming level where it takes value and try to make it overwrite it to 0 back. But it's already much harder. For warranty terms its enought if bootloader lies like its all ok. You can also hack KNOX libs too. There are always much more then one option to hack the system
There is one more great solution, but I would need xda crew help for that. Look. We could hack bootloader(the one I did) and make it on firmware update ignore new sboot.bin or replace it with itself. So then it would be odin mode ALWAYS 0 even on firmware update. But to do it alone not easy. Even one more improovement. We could make sboot.bin to load new sboot.bin or delete it is some file contains some magic key.
Sent from my SM-N910C using XDA Free mobile app
Click to expand...
Click to collapse
I see! can I say in this way? sboot.bin does nothing but to void our warranty, if we just leave this bit*ch alone, don't touch her, we.are free to flash into whatever we want without tripping knox?
---------- Post added at 05:30 AM ---------- Previous post was at 05:19 AM ----------
phoenix91140 said:
Yep. Point is, that even if imagine, that we cann't overwrite 0x1 flag to set it real 0x0, we still can if we find where knox(except bootloader, cauze I showed already how to make it show 0) print 0 and think its 0. Such way we make it lie like it's all ok. That is option number 1.
Second option is to disassemble sboot.bin and see on low programming level where it takes value and try to make it overwrite it to 0 back. But it's already much harder. For warranty terms its enought if bootloader lies like its all ok. You can also hack KNOX libs too. There are always much more then one option to hack the system
There is one more great solution, but I would need xda crew help for that. Look. We could hack bootloader(the one I did) and make it on firmware update ignore new sboot.bin or replace it with itself. So then it would be odin mode ALWAYS 0 even on firmware update. But to do it alone not easy. Even one more improovement. We could make sboot.bin to load new sboot.bin or delete it is some file contains some magic key.
Sent from my SM-N910C using XDA Free mobile app
Click to expand...
Click to collapse
lol, looks like you just need two more posts to express your terrific idea to the developer. I strongly believe it will be a millstone in Samsung mobile, please, just make it happen! what you did will be great appreciated by note4. and S6 and later Samsung device community!
Oh boy, this is a hell of a risky hack. The file sboot.bin is the secondary bootloader. If you somehow screw up the change, such as... say adding a 00 instead of replacing it in the file - a very common screwup when hexediting, I might add - you will have a HARD BRICK on your hands that cannot be fixed or reverted without Samsung repair. The phone will appear to no longer power up as the sboot.bin file is executed before anything the user would notice.
So yeah.... just be really careful.
I know. And to be EXTREMELLY CAREFULL. AND ANY WARRANTY IS VOID. Use at your own risk
Sent from my SM-N910C using XDA Free mobile app
deleted
This all started when i accidentally deleted a text message that i needed, i did a search on google how to recover a text message. I downloaded some software that was recommended on a reputable site, i scanned the file with Kaspersky etc and it was fine.
The software was pretty straight forward to use, you basically needed to go into developer mode to enable debugging which was easy enough and the software did the rest, it said on the site that rooting wasn't needed.
Anyway, it didn't recover the text message. After i disconnected my Note 5 from the PC i had this Security notification warning coming up which says "Unauthorised actions have been detected, restart your device", i've done that several times and nothing happens. I've tried going into the phone updates but it won't even allow me to connect to the update servers as i get a message which says
"The operating system on your device has been modified in an unathorised way. Try downloading software updates using Smart Switch on your PC or visit a customer service centre".
I've tried doing updates via Smart Switch but i can't even check if i'm upto date or not, i tried a hard reset via the home button, volume up switch and the power button but that hasn't done anything. The phone seems to function normally but it has this constant security notification being displayed.
I've tried going into the download mode to check the knox counter but a big yellow triangle comes up first with an exclamation mark inside it with a white android man underneath and it says under that "No Command , it pauses for a while then the boot and reset option list eventually appears, it's got yellow writing above the list saying Android Recovery but nowhere does it say the knox counter.
Before the above this is a UAE Note5 that is standard and hasn't been rooted, it's a stock phone.
Any ideas as to what i can try or do next ?
Do you have a link to this software you used?
One was called FonePaw, that didn't work so the one that i tried after seem to give me all these issues, that one was called Dr.Fone Toolkit for Android, version 8.3.3.64
It wouldn't let me post a link saying something about me being a new member.
This is the strange thing, ive been into the download screen a few times via the home/volume up and power button. Where normally you get a nice neat list with the actions you can do, their was a lot of yellow text at the top left, the actual list was underneath all that yellow text, it didn't have the Knox line where it usually is. I then downloaded PhoneInfo *Samsung* and that gave me a lot of info, it said the Knox was 0x0
Download mode screen says:
Odin Mode
Download Speed: FAST
Product Name: SM-N920C
CA_ TYPE: CA_2
Current Binary: Samsung Official
System Status: Custom
FRP Lock: ON
Secure Download: ENABLED
Knox Warranty Void: 0 (0x0000)
RP SWREV: B:3 K:0 S:1
Thanks Darren, i've updated the info from the download screen above.
One quick question, i've never flashed a phone before, i've flashed graphics cards etc. Do you need to remove the SIM card ?
Thanks Darren, do you have a link to the latest genuine version of Odin, sorry to be a pain mate, it's just i aint done it before and want to make sure i have the right version lol
TheJoshuaTree said:
One quick question, i've never flashed a phone before, i've flashed graphics cards etc. Do you need to remove the SIM card ?
Click to expand...
Click to collapse
No, you do not need to remove the SIM Card.
Here is a link to Odin 3.12.3 in my OneDrive account...
https://1drv.ms/u/s!AojwsjavMvQdoFsfD1CA-MEZbvr6
Works perfectly and is a stock version of Odin with no modifications.
Sent from my Samsung SM-G955U using XDA Labs
Thanks for all the help.
I flashed the phone in Odin with a stock ROM, the same UAE one that was previously on the phone. Touch Wood everything seems to be working fine with no error messages.
All sorted.....
Hi everyone, I do not know where to post so I posted this here.
As you know when Knox is 0x0 you can use any app that Knox powered like Secure Folder, etc...
But on my J7 Prime, everytime I try to set up, the app said "Could not create Secure Folder. If the problem persists, contact Customers Support".
My phone is not rooted and Knox is still 0x0.
Can anyone help? As it is very important for me
Sorry
Hold the Power + Volume down + Home buttons. When the blue screen appears, click Volume up. You will find the Knox 0x0. If you have made any changes, Knox will be 0x1 and will be irreversible. Well, for your problem, it's best to do a hard reset.
Aepo said:
Hold the Power + Volume down + Home buttons. When the blue screen appears, click Volume up. You will find the Knox 0x0. If you have made any changes, Knox will be 0x1 and will be irreversible. Well, for your problem, it's best to do a hard reset.
Click to expand...
Click to collapse
I did it already but the phone shown "VARRANTY VOID: 0" mean Knox is 0x0. I also did a factory reset but still fails...
* Disclaimer: I've only tested this on a G998B/DS Exynos S21 Ultra 5G, knox tripped and rooted with Magisk *
* DO NOT TRY ON ANY VARIANT OTHER THAN G998B/DS Exynos S21 Ultra 5G, I will be no responsible if you do *
* If it works for you on other variants, please report it so I can add it to the post, thanks *
As we all know, Samsung phones render a large, ugly disclaimers on the initials bootscreens/bootlogo when booting the phone, after it has been bootloader-unlocked (e.g. to root it via Magisk, to install TWRP, etc.)
Flashing this tweaked up_param partition on Odin will restore back a nice, clean bootscreen that won't scare the hell out of you every time you turn it on
How to install
1. Open Odin 3.14
2. Select the attached clean_bootlogo.tar into the BL box (you can use any slot, really, but suggesting BL here as a best practice)
3. Start flashing
4. Enjoy!
If you like this, leave your or thanks!
Hello there, firstly, I would like to thank you for your hard work into coming up with this, and yes it works great on my S21 Ultra Exynos G99B/DS.
I would love to suggest a feature/addon: Remove the press power button to continue text. (If it is possible)
Also just to point out, this post would get so much more attention if it was under "How To Guides" instead of "Development".
Anyways thanks you so much for your hard work
DaGalaxySheep said:
Hello there, firstly, I would like to thank you for your hard work into coming up with this, and yes it works great on my S21 Ultra Exynos G99B/DS.
I would love to suggest a feature/addon: Remove the press power button to continue text. (If it is possible)
Also just to point out, this post would get so much more attention if it was under "How To Guides" instead of "Development".
Anyways thanks you so much for your hard work
Click to expand...
Click to collapse
I intentionally left the "press the power button..." text on the screen, because once the bootloader is unlocked, and the phone takes you thru these screens, it will wait those ~8 seconds on that screen, unless you press the pwr button. So leaving there, lets the end user know they can skip it and get the system booted up faster.
However, I'll upload another version without the label
Works a treat bud! Thanks!
Thank you so much
rodrigofd said:
I intentionally left the "press the power button..." text on the screen, because once the bootloader is unlocked, and the phone takes you thru these screens, it will wait those ~8 seconds on that screen, unless you press the pwr button. So leaving there, lets the end user know they can skip it and get the system booted up faster.
However, I'll upload another version without the label
Click to expand...
Click to collapse
Hi has the version without the label been posted?
AAAAAA help me By mistake i flash it to SM-G996B/DS
My phone cant boot now, PC cant detect it.
It is possible to charge it but its drain battery continuously
So can I somehow recover my hard bricked s21+?
rodrigofd said:
* Disclaimer: I've only tested this on a G998B/DS Exynos S21 Ultra 5G, knox tripped and rooted with Magisk *
* DO NOT TRY ON ANY VARIANT OTHER THAN G998B/DS Exynos S21 Ultra 5G, I will be no responsible if you do *
* If it works for you on other variants, please report it so I can add it to the post, thanks *
As we all know, Samsung phones render a large, ugly disclaimers on the initials bootscreens/bootlogo when booting the phone, after it has been bootloader-unlocked (e.g. to root it via Magisk, to install TWRP, etc.)
Flashing this tweaked up_param partition on Odin will restore back a nice, clean bootscreen that won't scare the hell out of you every time you turn it on
How to install
1. Open Odin 3.14
2. Select the attached clean_bootlogo.tar into the BL box (you can use any slot, really, but suggesting BL here as a best practice)
3. Start flashing
4. Enjoy!
If you like this, leave your or thanks!
Click to expand...
Click to collapse
Hey buddy thank you so much for creating this... It is really scary indeed every time we boot to see that fear mongering screen.
I also wanted to ask if you have created the version without the "press the power button screen". Although I am not sure if it possible to bypass that 8 second screen.
Thank you and I hope you are well!
Ziomus said:
AAAAAA help me By mistake i flash it to SM-G996B/DS
My phone cant boot now, PC cant detect it.
It is possible to charge it but its drain battery continuously
So can I somehow recover my hard bricked s21+?
Click to expand...
Click to collapse
Did you manage to overcome it and fix your phone?
Yep, i send it to warranty. It is back to me with new motherboard, also new backplate without imei number on it.
Haha phone was knox 0x0 with new mobo
Just for one Day XD
So this file break hardware in other models xddd
Whole repair took 9 days.
Ziomus said:
Yep, i send it to warranty. It is back to me with new motherboard, also new backplate without imei number on it.
Haha phone was knox 0x0 with new mobo
Just for one Day XD
So this file break hardware in other models xddd
Whole repair took 9 days.
Click to expand...
Click to collapse
Well i'm glad it all worked out bud
I do know how to fix these warning images...
Is it okay to do it like this:
Edit param.bin (or up_param.bin)
Compress the bin file to a .img file instead of .tar file and flash it in TWRP, not Odin
TESTED!, THIS PARAM FILE WORKS NICELY ON ALL GALAXY S20 SERIES TOO.
Is there a similar fix available for the regular S21 G991B
mrao said:
Is there a similar fix available for the regular S21 G991B
Click to expand...
Click to collapse
You should ask that in a thread there... The dev. of this mod here has disappeared from the face of XDA for a long time now, and no one else will answer here unfortunately.
Is it possible to customize the boot logo? (e.g. place own one instead "Samsung Galaxy")
Ziomus said:
Yep, i send it to warranty. It is back to me with new motherboard, also new backplate without imei number on it.
Haha phone was knox 0x0 with new mobo
Just for one Day XD
So this file break hardware in other models xddd
Whole repair took 9 days.
Click to expand...
Click to collapse
Here the same .. flashing seems be fine but directly after reboot black screen of death …. Buttons doesn’t react on any combination seems is death lol … also Samsung smart switch doesn’t see the phone anymore no change too reflash it back …
Samsung s21 send back for warranty 4 days old lol
MichelH1973 said:
Here the same .. flashing seems be fine but directly after reboot black screen of death …. Buttons doesn’t react on any combination seems is death lol … also Samsung smart switch doesn’t see the phone anymore no change too reflash it back …
Samsung s21 send back for warranty 4 days old lol
Click to expand...
Click to collapse
Strange, could you post all the steps of what you did to reach a brick?
It must be something wrong you did at some point and it went sideways, or you just missed something?
babyboy3265 said:
Strange, could you post all the steps of what you did to reach a brick?
It must be something wrong you did at some point and it went sideways, or you just missed something?
Click to expand...
Click to collapse
I downloaded this tar file , reboot my phone in download mode insert in BL slot the tar file start enable reboot boem phone was death … really nothing more
How hard would it be to port this to the G998U?
MichelH1973 said:
I downloaded this tar file , reboot my phone in download mode insert in BL slot the tar file start enable reboot boem phone was death … really nothing more
Click to expand...
Click to collapse
So you had you bootloader unlocked, you were rooted and etc?