Thread: samsung s9 MDM remove 100% work
View Single Post
Old 06-26-2019, 11:45   #25 (permalink)
BillA
No Life Poster
 
Join Date: Nov 2004
Location: USA
Posts: 1,207
Member: 92260
Status: Offline
Thanks Meter: 843
S10 FRP + MDM + User Lock
Quote:
Originally Posted by easy-team View Post
Thanx buddy , always try to provide the procedure
I have an S10 which has all 3 locks on at the same time
1. FRP
2. MDM (RAC)
3. User lock

So, starting with the S10 series the MDM security locks out both download and upload modes, including the following AT commands on the USB-Modem port:
AT+FUS?
AT+SUDDLMOD=0,0

After the above commands the phone turns off trying to go into download mode but MDM prevents it. But at least they provide enough delay right after bootup and before the MDM popping up to allow quickly going into Settings > Lock Screen > Screen Lock Type > None (of course must know your lock code)

There are a bunch of other AT commands which seem to work on the USB-Modem port, but none of them are too useful to unlock MDM:
AT+AIRPLANEVALUE?
AT+BATGETLEVEL?
AT+CIMI
AT+DEVCONINFO - Long info
AT+DLMODE - ??
AT+FACTORST=0,0 - Factory reset
AT+FUS? - DL mode
AT+GSN - IMEI
AT+IMEINUM
AT+SERIALNO
AT+SIZECHECK - Storage info
AT+SIZECHECK=1,0 - Storage info
AT+SUDDLMOD=0,0
AT+SVCIFPGM=1,1 - Short Info
AT+SWDLMODE - ??
AT+SWVER=1,0 - DL mode
AT+SWVERSION=1,0
AT+SYSSCOPE=1,0
AT+WPROTECT=1,0

The only mode that works is recovery (unfortunately not much can be done there), and the USB-Modem port which accepts AT commands, including encrypted challenge-respose lock commands which need to be calculated by a server. Here's the log of the FRP unlock via server, after which I was able to activate ADB but not OEM Unlock or download mode:

Open Usb Port - PASS
Detected Testing - PASS
Read phone info....
Model Name : SM-G973F
Customer Code : TTT
S/W version : G973FXXU1ASE7
Unique Number : CE11182BF3538932xxxx
Serial Number : R28M30xxxx
Imei Number : 35463410028xxxx
Check Unlock Status - TRIGGERED
Start Clear Process
Please waiting ...
DBMS Get RandomKey... OK
DBMS Calculation RSAKey... OK
Finished - Successfully
Check Unlock Status - UNLOCK


So, still can't turn on OEM Unlock (grayed out), and can't enter download mode to flash an eng-boot/combination in order to erase the security partitions (persdata, persist, persistent, aboot-sec, etc)
Samsung may have some special resistor values or a special jig which could kick the phone into download mode, but I haven't found anything working along those lines.
  Reply With Quote
The Following 6 Users Say Thank You to BillA For This Useful Post:
Show/Hide list of the thanked
 
Page generated in 0.08815 seconds with 7 queries