Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Samsung supplies the latest firmware no matter which firmware is requested. #10

Open
dazemc opened this issue Apr 7, 2021 · 26 comments
Open

Samsung supplies the latest firmware no matter which firmware is requested. #10

dazemc opened this issue Apr 7, 2021 · 26 comments
Labels
bug Something isn't working help wanted Extra attention is needed

Comments

@dazemc
Copy link

dazemc commented Apr 7, 2021
edited
Loading

Windows 10 x64
I was attempting to download an older firmware version and it appeared the correct version was downloading. I flashed the files and the version didn't change. I had a mini heart attack because I thought I had inadvertently updated a revision on my bootloader, thus loosing my unlock token. Well come to find out, this tool downloaded the most recent firmware but then during decrypting it changed the filename to the version I downloaded. So the decrypted file is named *CUA2*.zip but when I unzip it, its the *DUBA*.tar

Attached is log
hs_err_pid9828.log
@dazemc
Copy link
Author

dazemc commented Apr 7, 2021
edited
Loading

I just realized that log is probably useless. Is there a logfile for samloader or a way I can enable it? Talking about the CLI backend

@zacharee
Copy link
Owner

zacharee commented Apr 7, 2021

There's no logging built in right now. I'll look into why the firmware is wrong, but I'm going to guess Samsung is serving it incorrectly. Is this the Note20 Ultra?

@dazemc
Copy link
Author

dazemc commented Apr 7, 2021 via email

@zacharee
Copy link
Owner

Which region are you using?

@dazemc
Copy link
Author

dazemc commented Apr 27, 2021 via email

@zacharee
Copy link
Owner

From what I can tell, Samsung is just serving the latest firmware no matter what is specified in the request. I think this is new.

@zacharee zacharee changed the title Great for downloading current firmware but be careful downloading from history on Windows Samsung supplies the latest firmware no matter which firmware is requested. May 7, 2021
@zacharee zacharee added bug Something isn't working help wanted Extra attention is needed labels May 7, 2021
@ysfchn ysfchn mentioned this issue May 11, 2021
Open
@zacharee zacharee mentioned this issue Jul 13, 2021
Closed
@TheAirBlow
Copy link

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

@zacharee
Copy link
Owner

zacharee commented Sep 4, 2021

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

@TheAirBlow
Copy link

TheAirBlow commented Sep 4, 2021 via email
edited
Loading

@SlackingVeteran
Copy link

SlackingVeteran commented Sep 5, 2021
edited
Loading

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

Hi, Frija dev here. Its always been this way. Samsung never serves older firmware unless you happen randomly to find a specific xml command which only Samsung devs have access to. I am pretty sure you know which xml command I am talking about (GET->CmdId->2, GET->LATEST_FW_VERSION->null), so far no one knows what other possible commands Samsung uses internally because every version of Kies or SmartSwitch (Windows/MacOS) uses that command from above. Maybe if someone gets hand on Fenrir (Internal tool from Samsung which does everything from Device management, Firmware download, Firmware install, FRP bypass, you name it) we might hit a jackpot. Fenrir app is locked behind auth and is tied to MAC address of PC and is only provided to Samsung authorized repair centers, so I doubt anyone will ever get to use it without someone authorized by Samsung wanting to help reverse engineer the App. Fenrir was made after Odin was leaked in the wild which required no authentication.

@SlackingVeteran
Copy link

SlackingVeteran commented Sep 5, 2021
edited
Loading

Just realized you dont even use GET command

@TheAirBlow
Copy link

TheAirBlow commented Sep 5, 2021
edited
Loading

SM-A207F / SER downloaded using Samloader
Used extracted CUFA and BTK1 firmware

aboot.mbn

theairblow@theairblow > cd Samsung/btk1-10/bl 
theairblow@theairblow > md5sum aboot.mbn     
04f83d857c5575d6b9dc772c97fb6deb  aboot.mbn
theairblow@theairblow > cd ../../cufa-11/bl
theairblow@theairblow > md5sum aboot.mbn   
be107d5bd8cd377ccb66d0a0f7c4582d  aboot.mbn

BL.tar

theairblow@theairblow > md5sum bl.tar
a9aeb037086083db5de105ea6b786d60  bl.tar
theairblow@theairblow > cd ../../btk1-10/tar
theairblow@theairblow > md5sum bl.tar         
f0daa503ef9dae3b091e7e54785902c1  bl.tar

Hashes are different

@TheAirBlow
Copy link

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

Hi, Frija dev here. Its always been this way. Samsung never serves older firmware unless you happen randomly to find a specific xml command which only Samsung devs have access to. I am pretty sure you know which xml command I am talking about (Get->CmdId>2>LATEST_FW_VERSION), so far no one knows what other possible commands Samsung uses internally because every version of Kies or SmartSwitch (Windows/MacOS) uses that command from above. Maybe if someone gets hand on Fenrir (Internal tool from Samsung which does everything from Device management, Firmware download, Firmware install, FRP bypass, you name it) we might hit a jackpot. Fenrir app is locked behind auth and is tied to MAC address of PC and is only provided to Samsung authorized repair centers, so I doubt anyone will ever get to use it without someone authorized by Samsung wanting to help reverse engineer the App. Fenrir was made after Odin was leaked in the wild which required no authentication.

Even getting it's files will be something: we can try to bypass any of the restrictions, reverse-engineer it's binaries. It will just be fun to play with.

@SlackingVeteran
Copy link

SlackingVeteran commented Sep 5, 2021
edited
Loading

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

Hi, Frija dev here. Its always been this way. Samsung never serves older firmware unless you happen randomly to find a specific xml command which only Samsung devs have access to. I am pretty sure you know which xml command I am talking about (Get->CmdId>2>LATEST_FW_VERSION), so far no one knows what other possible commands Samsung uses internally because every version of Kies or SmartSwitch (Windows/MacOS) uses that command from above. Maybe if someone gets hand on Fenrir (Internal tool from Samsung which does everything from Device management, Firmware download, Firmware install, FRP bypass, you name it) we might hit a jackpot. Fenrir app is locked behind auth and is tied to MAC address of PC and is only provided to Samsung authorized repair centers, so I doubt anyone will ever get to use it without someone authorized by Samsung wanting to help reverse engineer the App. Fenrir was made after Odin was leaked in the wild which required no authentication.

Even getting it's files will be something: we can try to bypass any of the restrictions, reverse-engineer it's binaries. It will just be fun to play with.

Thing is you can't reverse engineer Fenrir, it uses Themida (https://www.oreans.com/Themida.php) which disables reverse engineering its binaries and libraries, soon as you attach debugger or use reflection it crashes everything. They thought about the reverse engineer possibility which is why I think macOS version doesn't exist.

@SlackingVeteran
Copy link

Using wireshark while Fenrir is requesting firmware and downloading is only thing you can try so that you could see what kind of requests they make to get older firmware but again you can't use Fenrir outside assigned PC for Samsung authorized repair shops. I got to use it once back in 2018 for like 1 minute when Samsung sent someone to repair my TV at home. Repair man let me play around for lil bit but that was it couldn't do anything I really wanted to do.

@TheAirBlow
Copy link

TheAirBlow commented Sep 5, 2021
edited
Loading

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

Hi, Frija dev here. Its always been this way. Samsung never serves older firmware unless you happen randomly to find a specific xml command which only Samsung devs have access to. I am pretty sure you know which xml command I am talking about (Get->CmdId>2>LATEST_FW_VERSION), so far no one knows what other possible commands Samsung uses internally because every version of Kies or SmartSwitch (Windows/MacOS) uses that command from above. Maybe if someone gets hand on Fenrir (Internal tool from Samsung which does everything from Device management, Firmware download, Firmware install, FRP bypass, you name it) we might hit a jackpot. Fenrir app is locked behind auth and is tied to MAC address of PC and is only provided to Samsung authorized repair centers, so I doubt anyone will ever get to use it without someone authorized by Samsung wanting to help reverse engineer the App. Fenrir was made after Odin was leaked in the wild which required no authentication.

Even getting it's files will be something: we can try to bypass any of the restrictions, reverse-engineer it's binaries. It will just be fun to play with.

Thing is you can't reverse engineer Fenrir, it uses Themida (https://www.oreans.com/Themida.php) which disables reverse engineering its binaries and libraries, soon as you attach debugger or use reflection it crashes everything. They thought about the reverse engineer possibility which is why I think macOS version doesn't exist.

MAC address check not sounds so promising and could be bypassed.
Also, it should be not MAC address because it is networking stuff and can be easily changed, and it is per-network controller

@SlackingVeteran
Copy link

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

Hi, Frija dev here. Its always been this way. Samsung never serves older firmware unless you happen randomly to find a specific xml command which only Samsung devs have access to. I am pretty sure you know which xml command I am talking about (Get->CmdId>2>LATEST_FW_VERSION), so far no one knows what other possible commands Samsung uses internally because every version of Kies or SmartSwitch (Windows/MacOS) uses that command from above. Maybe if someone gets hand on Fenrir (Internal tool from Samsung which does everything from Device management, Firmware download, Firmware install, FRP bypass, you name it) we might hit a jackpot. Fenrir app is locked behind auth and is tied to MAC address of PC and is only provided to Samsung authorized repair centers, so I doubt anyone will ever get to use it without someone authorized by Samsung wanting to help reverse engineer the App. Fenrir was made after Odin was leaked in the wild which required no authentication.

Even getting it's files will be something: we can try to bypass any of the restrictions, reverse-engineer it's binaries. It will just be fun to play with.

Thing is you can't reverse engineer Fenrir, it uses Themida (https://www.oreans.com/Themida.php) which disables reverse engineering its binaries and libraries, soon as you attach debugger or use reflection it crashes everything. They thought about the reverse engineer possibility which is why I think macOS version doesn't exist.

MAC address check not sounds so promising and MAY be hacked. Crazy shit, I know.
Also, it should be not MAC address because it is networking stuff and can be easily changed, and it is per-network controller

image

@TheAirBlow
Copy link

image

We need to save all info we have about this software somewhere. And about samsung device protocols, it's servers protocols in general

@TheAirBlow
Copy link

TheAirBlow commented Sep 5, 2021
edited
Loading

It is just Scamsung, what would you expect?
For example, my phone (SM-A207F / Galaxy A20s) doesn't accept any custom binary, check this and this for more information.

@zacharee
Copy link
Owner

zacharee commented Sep 7, 2021

SM-A207F/SER

It looks like this device is an exception. Samsung's servers are providing older firmware for it. But using SM-N986U/TMB, for example, will serve the latest firmware no matter what.

@TheAirBlow
Copy link

TheAirBlow commented Sep 7, 2021 via email

@TheAirBlow
Copy link

TheAirBlow commented Nov 28, 2021
edited
Loading

SM-A207F/SER

It looks like this device is an exception. Samsung's servers are providing older firmware for it. But using SM-N986U/TMB, for example, will serve the latest firmware no matter what.

Actually, it server only the last two firmware versions available.
Output of Syndical Fetch mode:

Device: SM-A207F/SER
Connecting to FUS server...
┌─────────────────────────────────────────────────────────┬────────────────┬────────────┬────────┐
│ Version                                                 │ Android        │ Size       │ Latest │
├─────────────────────────────────────────────────────────┼────────────────┼────────────┼────────┤
│ A207FXXU2CUI2/A207FOXM2CUI2/A207FXXU2CUI2/A207FXXU2CUI2 │ R(Android 11)  │ 4556071616 │ True   │
│ A207FXXU2BTK1/A207FOXM2BTK1/A207FXXU2BTK1/A207FXXU2BTK1 │ Q(Android 10)  │ 3677711232 │ False  │
│ A207FXXU2BTD7/A207FOXM2BTD8/A207FXXU2BTD7/A207FXXU2BTD7 │ Q(Android 10)  │ 3677711232 │ False  │
│ A207FXXU1ASJ5/A207FOXM1ASJ5/A207FXXU1ASJ5/A207FXXU1ASJ5 │ Pie(Android 9) │ 3677711232 │ False  │
│ A207FXXU2BTH2/A207FOXM2BTH1/A207FXXU2BTH1/A207FXXU2BTH2 │ Q(Android 10)  │ 3677711232 │ False  │
│ A207FXXS2ASL3/A207FOXM2ASL3/A207FXXS2ASL3/A207FXXS2ASL3 │ Pie(Android 9) │ 3677711232 │ False  │
│ A207FXXU2BUD4/A207FOXM2BUD5/A207FXXU2BUC1/A207FXXU2BUD4 │ Q(Android 10)  │ 4556071616 │ False  │
│ A207FXXU2CUH5/A207FOXM2CUH5/A207FXXU2CUH5/A207FXXU2CUH5 │ R(Android 11)  │ 4556071616 │ False  │
│ A207FXXU2BTE1/A207FOXM2BTE2/A207FXXU2BTE1/A207FXXU2BTE1 │ Q(Android 10)  │ 3677711232 │ False  │
│ A207FXXU1ASI2/A207FOXM1ASHI/A207FXXU1ASHI/A207FXXU1ASI2 │ Pie(Android 9) │ 3677711232 │ False  │
│ A207FXXU2BUD2/A207FOXM2BUD2/A207FXXU2BUC1/A207FXXU2BUD2 │ Q(Android 10)  │ 3677711232 │ False  │
│ A207FXXU2ATB1/A207FOXM2ATB1/A207FXXU2ATB1/A207FXXU2ATB1 │ Pie(Android 9) │ 3677711232 │ False  │
│ A207FXXU2CUFA/A207FOXM2CUFB/A207FXXU2CUFA/A207FXXU2CUFA │ R(Android 11)  │ 4556071616 │ False  │
│ A207FXXU2BTI1/A207FOXM2BTI1/A207FXXU2BTH4/A207FXXU2BTI1 │ Q(Android 10)  │ 3677711232 │ False  │
└─────────────────────────────────────────────────────────┴────────────────┴────────────┴────────┘
                                                                                      
Fetching firmware information ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 00:00:10

@TheAirBlow
Copy link

TheAirBlow commented Nov 28, 2021
edited
Loading

@SlackingVeteran, I have a question for you.
Why do you still use Samsung's DLLs which makes Frija non-crossplatform?
It was already reverse-engineered and works fine.
Also, can you provide all information you currently know about Samsung FUS endpoints (and request bodies) and Fenrir?

@zacharee zacharee pinned this issue Dec 4, 2021
@TheAirBlow
Copy link

TheAirBlow commented May 31, 2022
edited
Loading

@SlackingVeteran
https://www.tamiraat.com/repository/other/1398/10/09/efmbx0ux.bs0.pdf
Why the fuck a how-to PDF is public? It has fenrir/odin guides.

Confidential and proprietary-the contents in this service guide subject to change without prior notice
Distribution, transmission, or infringement of any content or data from this document without Samsung’s written authorization is strictly prohibited.

@Okaretkina7
Copy link

No, it's a Galaxy S20+ (SM-G986U1)

On Wed, Apr 7, 2021, 3:33 PM Zachary Wander @.***> wrote: There's no logging built in right now. I'll look into why the firmware is wrong, but I'm going to guess Samsung is serving it incorrectly. Is this the Note20 Ultra? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#10 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABH5M2RMRXFGFMR2HM2BGBTTHTMVBANCNFSM42RUGMXA .

@TheAirBlow
Copy link

TheAirBlow commented Oct 30, 2022
edited
Loading

No, it's a Galaxy S20+ (SM-G986U1)

On Wed, Apr 7, 2021, 3:33 PM Zachary Wander @.***> wrote: There's no logging built in right now. I'll look into why the firmware is wrong, but I'm going to guess Samsung is serving it incorrectly. Is this the Note20 Ultra? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#10 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABH5M2RMRXFGFMR2HM2BGBTTHTMVBANCNFSM42RUGMXA .

Samsung probably did it intentionally to save on space and just to give a middle finger to people who want older firmware. Maybe they're just trying to force the user to update to latest?

@Unknown78 Unknown78 mentioned this issue Mar 31, 2023
Closed
Repository owner deleted a comment from BillAnt1 Nov 16, 2023
Repository owner deleted a comment from AbuJaafar88 Nov 16, 2023
@zacharee zacharee unpinned this issue Jan 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dazemc @SlackingVeteran @zacharee @TheAirBlow @Okaretkina7