GSM Shop
GSM-Forum  

Welcome to the GSM-Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features.
Only registered members may post questions, contact other members or search our database of over 8 million posts.

Registration is fast, simple and absolutely free so please - Click to REGISTER!

If you have any problems with the registration process or your account login, please contact contact us .

Go Back   GSM-Forum > Product Support Sections > Hard/Software Products (official support) > Z3X-Team Products

Reply
 
LinkBack Thread Tools Display Modes
Old 02-06-2018, 15:04   #16 (permalink)
Junior Member
 
Join Date: May 2010
Posts: 33
Member: 1295987
Status: Offline
Thanks Meter: 3

i got s3 gear frontier with samsung lock ,can you help me please
sm-r760
  Reply With Quote
Old 02-09-2018, 03:04   #17 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
Okidoki...

ODIN Protocol maybe easier...

Seems require TCP Server... Upload protocol was TCP Client...

First success... ODIN answer over WiFi with:
LOKE



Need some time to prepare files for sending few lines of HEX...

So I hope I will manage this year... dumping PIT from Gear over Wifi...

Best Regards
Attached Images
File Type: jpg TCP_app.jpg (80.9 KB, 119 views)
File Type: png HEX.png (106.8 KB, 101 views)
File Type: png TCPserverODIN.png (61.1 KB, 91 views)
  Reply With Quote
The Following 3 Users Say Thank You to adfree For This Useful Post:
Show/Hide list of the thanked
Old 02-11-2018, 00:24   #18 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
Mühseelig ernährt sich das Eichhörnchen...

Its not so easy to find fully usable and easy to handle TCP Server Tool to fire up 25 Commands in a row...

Tried few Android apps on my GT-I9300... but limitation is to use more then 1 Command with 1024 byte to send... in HEX...

Similar problems with free available PC Windows Tools...


On Screenshot is result visible... after sent Command 2

First Command is easy... in ASCII or HEX...
ODIN or 4F44494E

Second command seems to show ODIN Protocol Version... IMHO.

Screenshot is valid for my both Wearables:
SM-R732
and
SM-R760



Code:
6400000000000300
This shows my SM-Z130H also via USB...

And my old GT-I9300 shows lower "Protocol Version"... but Commands are same to dump PIT...
Code:
6400000000000200
Now I think maybe I have more luck with NetCat on Windows PC...
And creating stupid Batch file *.bat

Maybe something like this work:
https://stackoverflow.com/questions/...tcp-connection
Quote:
found the solution. Its nc 127.0.0.1 1200 < binary.bin In addition, if the response needs to be saved then
nc 127.0.0.1 1200 < binary.bin > response.bin

Need some time for tests...

Best Regards
Attached Images
File Type: png moreSuccessGearS2andS3.png (130.0 KB, 53 views)
  Reply With Quote
The Following 3 Users Say Thank You to adfree For This Useful Post:
Show/Hide list of the thanked
Old 02-11-2018, 03:30   #19 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
Untested!
Status:
Feuchter Traum

Under Construction...
Based on this Theory:
https://stackoverflow.com/questions/...tcp-connection

This is my idea how to dump PIT... partition.pit from Wearables over WiFi... instead USB cable.

I will check my theory on my SM-R732 first... if nothing explode...
Then my SM-R760...


Now I have to fight with NetCat on my old Vista Notebook.

Best Regards
Attached Files
File Type: zip v2untested.zip (3.4 KB, 33 views)
  Reply With Quote
The Following 3 Users Say Thank You to adfree For This Useful Post:
Show/Hide list of the thanked
Old 02-11-2018, 05:26   #20 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
Seems easier... with NetCat...

Command looks like this:
Code:
nc -l -p 13579 < ODINcommand_full.bin > response_full.bin
But I have to put all 25 files -->into 1 single file


Best Regards
  Reply With Quote
The Following 2 Users Say Thank You to adfree For This Useful Post:
Old 02-11-2018, 06:28   #21 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142


First success to dump PIT partition.pit from Wearables over WiFi...
Tested with my 2 devices:
SM-R732
SM-R760

I see some red text on Screen... but at the moment I can ignore...
Tested only with Combination Firmware...

Own risk!

NetCat I have taken from here:
https://eternallybored.org/misc/netcat/

Tested on my old Windows Vista Notebook... with this Version:
netcat-win32-1.12.zip


I will check now if I can use Phone + Android App... to send these 25 KB...
to receive 7 KB result...


Best Regards
Attached Files
File Type: zip v4untested.zip (482 Bytes, 35 views)
  Reply With Quote
The Following User Says Thank You to adfree For This Useful Post:
Old 02-13-2018, 02:54   #22 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
Stuck with Upload Commands...

As I have no newer device to connect via USB and to sniff what is send...

Download (Wireless) and
Upload (Wireless)

in rootfs.img
Code:
/usr/bin/wireless-download
Upload "Commands" RDX related seems:
Code:
wu_rdx_cmd_search_idx
wu_rdx_cmd_powerdown
wu_rdx_get_cmd_size
wu_rdx_cmd_preamble
wu_rdx_init
wu_rdx_cmd_search_addr
wu_rdx_cmd_data_transfer
wu_rdx_generate_log
wu_rdx_dump_info_init
wu_rdx_add_dump_entry
wu_rdx_handle_cmd
wu_rdx_do_upload_file
wu_rdx_send_cmd
wu_rdx_cmd_probe
wu_rdx_recv_ack

Download "Commands" netODIN related:
Code:
wd_odin_send_ack
wd_odin_handle_cmd
wd_odin_get_cmd_size
wd_odin_get_version
wd_odin_cmd_pit
wd_odin_cmd_xmit
My IDA qualities still 0

Attached are files from SM-R760... taken from different Firmware Versions...

Best Regards
Attached Files
File Type: zip wirelessBin_v1.zip (153.3 KB, 61 views)
  Reply With Quote
The Following 2 Users Say Thank You to adfree For This Useful Post:
Old 02-15-2018, 01:35   #23 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
Please I need Tester for dump/read PIT partition.pit via WiFi.

Thanx in advance.

I have tested with my SM-R732 and my SM-R760...
... with Combination Firmware only
On my old Notebook with 32 bit Windows Vista...


Need help to confirm it work... on normal Stock Firmware...
On Tizen 3 Firmware...

I have attached netcat + Batchfile + Command Binary in 1 package...
+ Video


Maybe somebody can test or have ideas how to improve netcat Batch...
So I don't need to press ctrl + c

Thanx in advance.

Best Regards
Attached Files
File Type: zip dumpPITwithNetCat_v1.zip (114.5 KB, 37 views)
File Type: rar netcatDumpv1.rar (87.1 KB, 27 views)
  Reply With Quote
The Following 2 Users Say Thank You to adfree For This Useful Post:
Old 02-15-2018, 02:11   #24 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
Code:
nc -l -w 5 -p 13579 < ODINcommand_full.bin > response_full.bin
-w 5 Parameter is for listen 5 seconds... so ctrl + c is obsolete...

Added corrected Version...

Best Regards
Attached Files
File Type: zip dumpPITwithNetCat_v2.zip (114.5 KB, 15 views)
File Type: rar netcatDumpv2.rar (70.8 KB, 9 views)
  Reply With Quote
The Following User Says Thank You to adfree For This Useful Post:
Old 03-09-2018, 13:13   #25 (permalink)
Junior Member
 
Join Date: Feb 2018
Location: Iran
Posts: 1
Member: 2806418
Status: Offline
Thanks Meter: 0
i write combination file on my gear s3.

Last edited by saeid js; 03-09-2018 at 13:23.
  Reply With Quote
Old 03-10-2018, 02:38   #26 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
Quote:
i write combination file on my gear s3.
If you need help.
Feel free to PM me.


@all
Meanwhile we have RL removed from few more devices.

For instance:
SM-R360 Gear Fit 2 = STEADY partition is on p15
SM-R730 series = STEADY partition is on p22

All possible if Combination Firmware is available...
And simple with WiFi only...
NO wires NO USB cable required

Only as info.

Still I need Korean Firmware or PIT file for:
Code:
SM-R765S
SM-R765K
SM-R765L
Nothing avalaible yet...
No Stock Firmware nor Combination FTMA nor FT30...

Best Regards
  Reply With Quote
The Following User Says Thank You to adfree For This Useful Post:
Old 03-10-2018, 03:35   #27 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142

I am too old as it seems... or too much Vodka.
SM-R730 series have STEADY on partition 26...

Attached new RL off collection...

But SM-R360 p15 like SM-R760/SM-R770 is correct.

In theory it is very easy to identify where STEADY is...
1 way is to check simple PIT file... partition.pit
So no device mandatory to search for STEADY or to confirm it is correct...

Best Regards
Attached Files
File Type: zip RLoff_v6.zip (1.8 KB, 171 views)

Last edited by adfree; 03-10-2018 at 03:44.
  Reply With Quote
The Following 5 Users Say Thank You to adfree For This Useful Post:
Show/Hide list of the thanked
Old 03-10-2018, 04:43   #28 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
SM-R600 Gear Sport not tested...
No idea if Samsung changed something in Security...

Code:
STEADY partition is p17...
If somebody willing to test...
PM me for help.

Best Regards
  Reply With Quote
The Following User Says Thank You to adfree For This Useful Post:
Old 03-14-2018, 09:24   #29 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
Code:
CSC_OKS_R775SOKS2CQL2_usr.tar.md5
CP_R775SKSU2CQJ4_CL401035_QB7878159_SIGNED.tar.md5
BL_R775SKSU2CQL2_usr.tar.md5
AP_R775SKSU2CQL2_usr.tar.md5
We are coming closer...

Will test if PIT is signed with same key like SM-R765S...

Best Regards
  Reply With Quote
The Following User Says Thank You to adfree For This Useful Post:
Old 03-19-2018, 23:21   #30 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 662
Member: 420658
Status: Offline
Thanks Meter: 142
Meanwhile we have 1 SM-R765 alive again.
With mix of sboot.bin + cm.bin from SM-R765S...
+ PIT from SM-R775
+ Firmware from SM-R775 (few files removed)...
We have now working CQL2 Firmware.

Best Regards
  Reply With Quote
The Following 2 Users Say Thank You to adfree For This Useful Post:
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


 



All times are GMT +1. The time now is 16:51.



Powered by Searchlight © 2018 Axivo Inc.
vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2018 DragonByte Technologies Ltd.
- GSM Hosting Ltd. - 1999-2017 -
Page generated in 0.45087 seconds with 8 queries

SEO by vBSEO