GSM Shop GSM Shop
GSM-Forum  

Welcome to the GSM-Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features.
Only registered members may post questions, contact other members or search our database of over 8 million posts.

Registration is fast, simple and absolutely free so please - Click to REGISTER!

If you have any problems with the registration process or your account login, please contact contact us .

Go Back   GSM-Forum > Product Support Sections > Hard/Software Products (official support) > Easy-Jtag / Easy-Jtag Plus

Easy-Jtag / Easy-Jtag Plus The official support section. You can ask here your question and get answer regarding using Easy-Jtag / Easy-Jtag Plus.

Reply
 
LinkBack Thread Tools Display Modes
Old 02-06-2014, 14:18   #1 (permalink)
Product Supporter
 
NoName®'s Avatar
 
Join Date: Mar 2005
Location: China
Posts: 3,309
Member: 129885
Status: Offline
Sonork: 100:1603514
Thanks Meter: 6,165
Regarding the KNOX on S4 ...


Hi , all. There are to much noice regarding KNOX warranty bit. On S4 Devices

Lets describe some theory. And facts.

Threr are 2 types of devices exist.

1. EXYNOS Devices with JTAG Disabled ( GT-I9300,GT-I9500,GT-N7100 etc.)
  • KNOX Warranty bit are stored inside of RPMB area in eMMC
  • Downgrade protection byte are stored in RPMB.
What this mean ? After replacing or WIPING eMMC and burning old bootloader on device with (KNOX Warranty: 0x01 ) You will get device with unknoxed boot and KNOX Warranty bit 0x0

Shost list of affected devices ( according PDADB.net )
Code:
1.Samsung Exynos 5 Octa 5420

Samsung SM-T900 Galaxy Tab
Samsung SM-P901 Galaxy Tab
Samsung SM-T520 Galaxy Tab
Samsung SM-T320 Galaxy Tab
Samsung SM-P601 Galaxy Tab
Samsung SM-P600 Galaxy Tab
Samsung SM-N900 Galaxy Note 3
Samsung SM-N9000Q Galaxy Note 3

2.Samsung Exynos 5 Octa 5410

Samsung GT-i9500 Galaxy S4
Samsung GT-i9502 Galaxy S 4 Duos
Samsung SHV-E300K/L/S

3.Samsung Exynos 4 Quad 4412

Samsung EK-GC200 Galaxy Camera 2
Samsung GT-i9300I Galaxy SIII Neo+
Samsung SHV-E500L Galaxy Win
Samsung SGH-T399 Galaxy Light
Samsung SGH-i467M Galaxy Note 8.0 LTE 
Samsung SGH-i467 Galaxy Note 8.0 LTE
Samsung GT-N5105 Galaxy Note 8.0
Samsung GT-N5120 Galaxy Note 8.0
Samsung GT-N5100 Galaxy Note 8.0
Samsung GT-N5110 Galaxy Note 8.0
Samsung SHW-M500W Galaxy Note 8.0
Samsung SCH-i925 Galaxy Note 10.1 LTE
Samsung SCH-i925U Galaxy Note 10.1 LTE
Samsung GT-B9388
Samsung SPH-P600 Galaxy Note 10.1 LTE
Samsung GT-i9300 Galaxy S III
Samsung SHV-E270K Galaxy Grand (Samsung Baffin)
Samsung SHV-E270S Galaxy Grand (Samsung Baffin)
Samsung GT-N7102 Galaxy Note II
Samsung SCH-i939D Galaxy S3 Duos (Samsung Midas)
Samsung SHV-E230L Galaxy Note 10.1 LTE 32GB
Samsung SGH-N035 Galaxy S III Alpha SC-03E (Samsung Gravity Quad)
Samsung SCH-N719 Galaxy Note 2 CDMA
Samsung SCH-W2013
Samsung SGH-N025 Galaxy Note II SC-02E (Samsung Sailor)
Samsung GT-N7105T Galaxy Note II LTE
Samsung SGH-T889V Galaxy Note 2
Samsung SHV-E230K Galaxy Note 10.1 LTE 32GB
Samsung SHV-E230S Galaxy Note 10.1 LTE 64GB
Samsung SHV-E230S Galaxy Note 10.1 LTE 16GB
2. Snapdragon Devices with JTAG Enabled ( GT-I9505 etc. )
  • KNOX Warranty bit are stored inside of QFUSE area in MCU
  • KNOXed and KNOX-free firmware bit also stored inside QFUSE area in MCU
  • Minor Downgrade protection byte are stored in RPMB.
  • Major Downgrade protection byte set in EFUSE ( new loaders disable old keys for boot signature validation)

Devices with EFUSE KNOX ( Unable to remove KNOX )

Code:
Samsung SGH-M919 Galaxy S4 (Samsung Altius)
Samsung GT-i9505 Galaxy S4 Black Edition
Samsung GT-i9195 Galaxy S4 Mini Black Edition
Samsung GT-i9195 Galaxy S4 Mini LTE 16GB
Samsung GT-i9295 Galaxy S4 Active
Samsung SM-T905 Galaxy TabPRO 12.2 LTE-A
Samsung SM-N7505 Galaxy Note 3 Neo LTE+
Samsung SM-N9005 Galaxy Note 3 Olympic
Samsung SM-N905 Galaxy Note 3 

etc... based on Snapdragon chipsets!

What this mean ? After replacing or WIPING eMMC and burning old bootloader on device with (KNOX Warranty: 0x01 ) you may downrgade device but KNOX Warranty bit will stay 0x01 for EVER.

Last edited by NoName®; 04-11-2014 at 15:13.
  Reply With Quote
The Following 7 Users Say Thank You to NoName® For This Useful Post:
Show/Hide list of the thanked
Old 02-07-2014, 09:37   #2 (permalink)
No Life Poster
 
dicle_gsm's Avatar
 
Join Date: Jul 2007
Location: tr
Posts: 2,219
Member: 539148
Status: Offline
Thanks Meter: 2,167
HI,

Some Phone like I9500/I9300/N7100 For Downgrade Without connect via Direct eMMC,

I9300 4.3 Downgrade File -- GT-I9300XXEMG4_KOR_MULTI_FACTORY

I9500 4.3 Downgrade File -- I9500XXUBMH1_I9500OJVBMH2_I9500XXUBMG9


BR,

Dicle_Gsm
  Reply With Quote
The Following User Says Thank You to dicle_gsm For This Useful Post:
Old 02-17-2014, 12:56   #3 (permalink)
No Life Poster
 
Join Date: Dec 2006
Posts: 713
Member: 420658
Status: Offline
Thanks Meter: 171
Stupid question...

"Live Demo Units" like I9300X are JTAG enabled?
Or same restriction like on Retail I9300A etc...



Also I9500 Live Demo Units floating around...
PCB not fully... missing parts...
GPS and Modem stuff missing...

Thanx in advance.

Best Regards
  Reply With Quote
Old 02-18-2014, 23:05   #4 (permalink)
Product Supporter
 
NoName®'s Avatar
 
Join Date: Mar 2005
Location: China
Posts: 3,309
Member: 129885
Status: Offline
Sonork: 100:1603514
Thanks Meter: 6,165
Most of Exynos 4 Quad 4412 Units have DISABLED JTAG, except DEV boards on this cpu.
Anyway you can burn image by eMMC tool and solder all missing parts and make board full functional ;-)
  Reply With Quote
The Following User Says Thank You to NoName® For This Useful Post:
Old 02-19-2014, 07:19   #5 (permalink)
No Life Poster
 
Join Date: May 2001
Location: Bulgaria
Posts: 4,640
Member: 4627
Status: Offline
Sonork: 57528:debeliamark
Thanks Meter: 960
Quote:
Originally Posted by adfree View Post
Stupid question...

"Live Demo Units" like I9300X are JTAG enabled?
Or same restriction like on Retail I9300A etc...



Also I9500 Live Demo Units floating around...
PCB not fully... missing parts...
GPS and Modem stuff missing...

Thanx in advance.

Best Regards
I was saw these days N7100 test unit - the eMMC is not underfilled and is easy to use it test unit. Bad things is that you alltime will see TEST Screen appeared.

P.S. i'm in fighting to readout partitions from one well working SGS4 i9505 ( 4.2.2 ) but Z3x jTAG just doesn't like 0x3FFC00000 like end address to readout full dump from #0 partition and crash with error. Riff give me errors and cannot handle well 1,8 V to use it just to read <-> write APBOOT partition. I wish use it to try to recover another SGS4 damaged by Upgrade <-> downgrade process ( by the owner words, so - now APBOOT cannot be writen !!! on any official SW version - even and latest- mean in Protected memory downgrade trigger is activated) . Phone work with Custom 4.3 or Custom deKNOX-ed 4.2.2 + Google Play kernel, but is veeeeery slow on conversation ( and no sound ) ... mean in you initiate dialing, then will see call time after 15-16 sec. and counter will jump in 5-8 sec steps, if you try to close call - then end of call will be shown in next 15 - 20 sec ... but INSIDE PCB look like new! And just to browse in phone apps is fast itself. This push me to look over bad handle of radiopart ( mean APBOOT like SW ) ... So if someone have brilian ideas - let me know.
  Reply With Quote
The Following 2 Users Say Thank You to debeliamark For This Useful Post:
Old 02-19-2014, 22:57   #6 (permalink)
Product Supporter
 
BABAK NURI's Avatar
 
Join Date: Mar 2005
Location: Tehran.IR
Age: 39
Posts: 7,218
Member: 131131
Status: Offline
Sonork: 100.1606847
Thanks Meter: 4,442
Quote:
Originally Posted by debeliamark View Post
I was saw these days N7100 test unit - the eMMC is not underfilled and is easy to use it test unit. Bad things is that you alltime will see TEST Screen appeared.

P.S. i'm in fighting to readout partitions from one well working SGS4 i9505 ( 4.2.2 ) but Z3x jTAG just doesn't like 0x3FFC00000 like end address to readout full dump from #0 partition and crash with error. Riff give me errors and cannot handle well 1,8 V to use it just to read <-> write APBOOT partition. I wish use it to try to recover another SGS4 damaged by Upgrade <-> downgrade process ( by the owner words, so - now APBOOT cannot be writen !!! on any official SW version - even and latest- mean in Protected memory downgrade trigger is activated) . Phone work with Custom 4.3 or Custom deKNOX-ed 4.2.2 + Google Play kernel, but is veeeeery slow on conversation ( and no sound ) ... mean in you initiate dialing, then will see call time after 15-16 sec. and counter will jump in 5-8 sec steps, if you try to close call - then end of call will be shown in next 15 - 20 sec ... but INSIDE PCB look like new! And just to browse in phone apps is fast itself. This push me to look over bad handle of radiopart ( mean APBOOT like SW ) ... So if someone have brilian ideas - let me know.
Hi
For repair dead I9505 Demo Unit or Slow Phone ,No Need Read Full Dump...
But you need another alive phone

So,Try This:
1-Root Alive phone and connect to pc and run CMD.exe
2-run this command:
Quote:
adb shel
su
dd if=/dev/block/mmcblk0 of=/sdcard/I9505x_Dump.bin bs=1024 count=262144
3-your dump created in sdcard...just copy to pc
4-Now,Connect Bricked phone to Box and Write 256mb readed by USB

5-Start DL-Mode for Alive Phone and Bricked Phone
6-Flash Latest "Philz Recovery" for both phone
7-Start Custom recovery in Alive phone
8-Goto Setting of "Backup" menu....unselect "MD5".....Select All Partition one by one for take backup.....Now Try Take backup in SDCARD
9-Put SDCARD in Bricked phone and try "Restore"
10-Enjoy
  Reply With Quote
The Following 7 Users Say Thank You to BABAK NURI For This Useful Post:
Show/Hide list of the thanked
Old 02-22-2014, 17:51   #7 (permalink)
No Life Poster
 
enzawigroup's Avatar
 
Join Date: Apr 2005
Location: lebanon
Age: 46
Posts: 1,462
Member: 141363
Status: Offline
Sonork: 100.1594362
Thanks Meter: 147
check here
http://forum.gsmhosting.com/vbb/f672...world-1776265/
  Reply With Quote
Old 03-04-2014, 06:52   #8 (permalink)
No Life Poster
 
Join Date: May 2001
Location: Bulgaria
Posts: 4,640
Member: 4627
Status: Offline
Sonork: 57528:debeliamark
Thanks Meter: 960
Quote:
Originally Posted by enzawigroup View Post
i9505 is different AP inside
  Reply With Quote
Old 05-04-2014, 09:36   #9 (permalink)
Junior Member
 
Join Date: Apr 2004
Age: 45
Posts: 8
Member: 60719
Status: Offline
Thanks Meter: 3
how to Downgrade cdma s3 r530u 4.3 to 4.1.2
  Reply With Quote
The Following User Says Thank You to wahhab For This Useful Post:
Old 08-12-2014, 19:23   #10 (permalink)
Junior Member
 
Join Date: Jan 2008
Posts: 1
Member: 679192
Status: Offline
Thanks Meter: 0
Hello. I have a samsung galaxy tab s 8.4 wifi only tablet. It has the Exynos 5 Octa 5420 chipset. Anyway that the method described here for resetting the knox counter works on this device? Thx
  Reply With Quote
Old 02-18-2015, 13:32   #11 (permalink)
No Life Poster
 
Join Date: Nov 2001
Location: Austria
Age: 40
Posts: 599
Member: 7688
Status: Offline
Sonork: klaus4
Thanks Meter: 2
I want to replace I9505 mcu but don´t know where it is located or the partnumer like UME600 = emmc?


Thanks

Klaus
  Reply With Quote
Old 02-18-2015, 15:18   #12 (permalink)
Freak Poster
 
Join Date: Oct 2001
Location: Earth
Posts: 248
Member: 6884
Status: Offline
Sonork: 100.1621477
Thanks Meter: 105
MCU is UCP600 - 0902-002997
  Reply With Quote
Old 02-21-2015, 07:24   #13 (permalink)
No Life Poster
 
Ligalig's Avatar
 
Join Date: Jul 2009
Location: Manila
Posts: 1,289
Member: 1079935
Status: Offline
Thanks Meter: 506
what about mine, i have i9295 knox is enable after update thru wifi. i cant flash to odin even other gadget always boot.fail is there any solution or tricks to bring back to othe old version? i mean flash? unit status is always odin mode cant flash
  Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


 



All times are GMT +1. The time now is 20:12.



Powered by Searchlight © 2020 Axivo Inc.
vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
- GSM Hosting Ltd. - 1999-2017 -
Page generated in 0.37745 seconds with 7 queries

SEO by vBSEO