Windows 10 x64
I was attempting to download an older firmware version and it appeared the correct version was downloading. I flashed the files and the version didn't change. I had a mini heart attack because I thought I had inadvertently updated a revision on my bootloader, thus loosing my unlock token. Well come to find out, this tool downloaded the most recent firmware but then during decrypting it changed the filename to the version I downloaded. So the decrypted file is named *CUA2*.zip but when I unzip it, its the *DUBA*.tar

Attached is log
hs_err_pid9828.log

I just realized that log is probably useless. Is there a logfile for samloader or a way I can enable it? Talking about the CLI backend

There's no logging built in right now. I'll look into why the firmware is wrong, but I'm going to guess Samsung is serving it incorrectly. Is this the Note20 Ultra?

Which region are you using?

From what I can tell, Samsung is just serving the latest firmware no matter what is specified in the request. I think this is new.

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

Hi, Frija dev here. Its always been this way. Samsung never serves older firmware unless you happen randomly to find a specific xml command which only Samsung devs have access to. I am pretty sure you know which xml command I am talking about (GET->CmdId->2, GET->LATEST_FW_VERSION->null), so far no one knows what other possible commands Samsung uses internally because every version of Kies or SmartSwitch (Windows/MacOS) uses that command from above. Maybe if someone gets hand on Fenrir (Internal tool from Samsung which does everything from Device management, Firmware download, Firmware install, FRP bypass, you name it) we might hit a jackpot. Fenrir app is locked behind auth and is tied to MAC address of PC and is only provided to Samsung authorized repair centers, so I doubt anyone will ever get to use it without someone authorized by Samsung wanting to help reverse engineer the App. Fenrir was made after Odin was leaked in the wild which required no authentication.

Just realized you dont even use GET command

SM-A207F / SER downloaded using Samloader
Used extracted CUFA and BTK1 firmware

aboot.mbn

theairblow@theairblow > cd Samsung/btk1-10/bl 
theairblow@theairblow > md5sum aboot.mbn     
04f83d857c5575d6b9dc772c97fb6deb  aboot.mbn
theairblow@theairblow > cd ../../cufa-11/bl
theairblow@theairblow > md5sum aboot.mbn   
be107d5bd8cd377ccb66d0a0f7c4582d  aboot.mbn

BL.tar

theairblow@theairblow > md5sum bl.tar
a9aeb037086083db5de105ea6b786d60  bl.tar
theairblow@theairblow > cd ../../btk1-10/tar
theairblow@theairblow > md5sum bl.tar         
f0daa503ef9dae3b091e7e54785902c1  bl.tar

Hashes are different

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

Hi, Frija dev here. Its always been this way. Samsung never serves older firmware unless you happen randomly to find a specific xml command which only Samsung devs have access to. I am pretty sure you know which xml command I am talking about (Get->CmdId>2>LATEST_FW_VERSION), so far no one knows what other possible commands Samsung uses internally because every version of Kies or SmartSwitch (Windows/MacOS) uses that command from above. Maybe if someone gets hand on Fenrir (Internal tool from Samsung which does everything from Device management, Firmware download, Firmware install, FRP bypass, you name it) we might hit a jackpot. Fenrir app is locked behind auth and is tied to MAC address of PC and is only provided to Samsung authorized repair centers, so I doubt anyone will ever get to use it without someone authorized by Samsung wanting to help reverse engineer the App. Fenrir was made after Odin was leaked in the wild which required no authentication.

Even getting it's files will be something: we can try to bypass any of the restrictions, reverse-engineer it's binaries. It will just be fun to play with.

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

Hi, Frija dev here. Its always been this way. Samsung never serves older firmware unless you happen randomly to find a specific xml command which only Samsung devs have access to. I am pretty sure you know which xml command I am talking about (Get->CmdId>2>LATEST_FW_VERSION), so far no one knows what other possible commands Samsung uses internally because every version of Kies or SmartSwitch (Windows/MacOS) uses that command from above. Maybe if someone gets hand on Fenrir (Internal tool from Samsung which does everything from Device management, Firmware download, Firmware install, FRP bypass, you name it) we might hit a jackpot. Fenrir app is locked behind auth and is tied to MAC address of PC and is only provided to Samsung authorized repair centers, so I doubt anyone will ever get to use it without someone authorized by Samsung wanting to help reverse engineer the App. Fenrir was made after Odin was leaked in the wild which required no authentication.

Even getting it's files will be something: we can try to bypass any of the restrictions, reverse-engineer it's binaries. It will just be fun to play with.

Thing is you can't reverse engineer Fenrir, it uses Themida (https://www.oreans.com/Themida.php) which disables reverse engineering its binaries and libraries, soon as you attach debugger or use reflection it crashes everything. They thought about the reverse engineer possibility which is why I think macOS version doesn't exist.

Using wireshark while Fenrir is requesting firmware and downloading is only thing you can try so that you could see what kind of requests they make to get older firmware but again you can't use Fenrir outside assigned PC for Samsung authorized repair shops. I got to use it once back in 2018 for like 1 minute when Samsung sent someone to repair my TV at home. Repair man let me play around for lil bit but that was it couldn't do anything I really wanted to do.

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

Hi, Frija dev here. Its always been this way. Samsung never serves older firmware unless you happen randomly to find a specific xml command which only Samsung devs have access to. I am pretty sure you know which xml command I am talking about (Get->CmdId>2>LATEST_FW_VERSION), so far no one knows what other possible commands Samsung uses internally because every version of Kies or SmartSwitch (Windows/MacOS) uses that command from above. Maybe if someone gets hand on Fenrir (Internal tool from Samsung which does everything from Device management, Firmware download, Firmware install, FRP bypass, you name it) we might hit a jackpot. Fenrir app is locked behind auth and is tied to MAC address of PC and is only provided to Samsung authorized repair centers, so I doubt anyone will ever get to use it without someone authorized by Samsung wanting to help reverse engineer the App. Fenrir was made after Odin was leaked in the wild which required no authentication.

Even getting it's files will be something: we can try to bypass any of the restrictions, reverse-engineer it's binaries. It will just be fun to play with.

Thing is you can't reverse engineer Fenrir, it uses Themida (https://www.oreans.com/Themida.php) which disables reverse engineering its binaries and libraries, soon as you attach debugger or use reflection it crashes everything. They thought about the reverse engineer possibility which is why I think macOS version doesn't exist.

MAC address check not sounds so promising and could be bypassed.
Also, it should be not MAC address because it is networking stuff and can be easily changed, and it is per-network controller

I use original samloader and when specifying a firmware it downloads the requested one.
You use some other way to get the files, because I am downloading two firmware versions and their file sizes are totally different.

The method I use is directly ported from Samloader. It was a server side change from Samsung to only serve the latest firmware, at least for most devices. Can you tell me which model and CSC you used? Samsung may have reverted the change.

Hi, Frija dev here. Its always been this way. Samsung never serves older firmware unless you happen randomly to find a specific xml command which only Samsung devs have access to. I am pretty sure you know which xml command I am talking about (Get->CmdId>2>LATEST_FW_VERSION), so far no one knows what other possible commands Samsung uses internally because every version of Kies or SmartSwitch (Windows/MacOS) uses that command from above. Maybe if someone gets hand on Fenrir (Internal tool from Samsung which does everything from Device management, Firmware download, Firmware install, FRP bypass, you name it) we might hit a jackpot. Fenrir app is locked behind auth and is tied to MAC address of PC and is only provided to Samsung authorized repair centers, so I doubt anyone will ever get to use it without someone authorized by Samsung wanting to help reverse engineer the App. Fenrir was made after Odin was leaked in the wild which required no authentication.

Even getting it's files will be something: we can try to bypass any of the restrictions, reverse-engineer it's binaries. It will just be fun to play with.

Thing is you can't reverse engineer Fenrir, it uses Themida (https://www.oreans.com/Themida.php) which disables reverse engineering its binaries and libraries, soon as you attach debugger or use reflection it crashes everything. They thought about the reverse engineer possibility which is why I think macOS version doesn't exist.

MAC address check not sounds so promising and MAY be hacked. Crazy shit, I know.
Also, it should be not MAC address because it is networking stuff and can be easily changed, and it is per-network controller

We need to save all info we have about this software somewhere. And about samsung device protocols, it's servers protocols in general

It is just Scamsung, what would you expect?
For example, my phone (SM-A207F / Galaxy A20s) doesn't accept any custom binary, check this and this for more information.

SM-A207F/SER

It looks like this device is an exception. Samsung's servers are providing older firmware for it. But using SM-N986U/TMB, for example, will serve the latest firmware no matter what.

SM-A207F/SER

It looks like this device is an exception. Samsung's servers are providing older firmware for it. But using SM-N986U/TMB, for example, will serve the latest firmware no matter what.

Actually, it server only the last two firmware versions available.
Output of Syndical Fetch mode:

Device: SM-A207F/SER
Connecting to FUS server...
┌─────────────────────────────────────────────────────────┬────────────────┬────────────┬────────┐
│ Version                                                 │ Android        │ Size       │ Latest │
├─────────────────────────────────────────────────────────┼────────────────┼────────────┼────────┤
│ A207FXXU2CUI2/A207FOXM2CUI2/A207FXXU2CUI2/A207FXXU2CUI2 │ R(Android 11)  │ 4556071616 │ True   │
│ A207FXXU2BTK1/A207FOXM2BTK1/A207FXXU2BTK1/A207FXXU2BTK1 │ Q(Android 10)  │ 3677711232 │ False  │
│ A207FXXU2BTD7/A207FOXM2BTD8/A207FXXU2BTD7/A207FXXU2BTD7 │ Q(Android 10)  │ 3677711232 │ False  │
│ A207FXXU1ASJ5/A207FOXM1ASJ5/A207FXXU1ASJ5/A207FXXU1ASJ5 │ Pie(Android 9) │ 3677711232 │ False  │
│ A207FXXU2BTH2/A207FOXM2BTH1/A207FXXU2BTH1/A207FXXU2BTH2 │ Q(Android 10)  │ 3677711232 │ False  │
│ A207FXXS2ASL3/A207FOXM2ASL3/A207FXXS2ASL3/A207FXXS2ASL3 │ Pie(Android 9) │ 3677711232 │ False  │
│ A207FXXU2BUD4/A207FOXM2BUD5/A207FXXU2BUC1/A207FXXU2BUD4 │ Q(Android 10)  │ 4556071616 │ False  │
│ A207FXXU2CUH5/A207FOXM2CUH5/A207FXXU2CUH5/A207FXXU2CUH5 │ R(Android 11)  │ 4556071616 │ False  │
│ A207FXXU2BTE1/A207FOXM2BTE2/A207FXXU2BTE1/A207FXXU2BTE1 │ Q(Android 10)  │ 3677711232 │ False  │
│ A207FXXU1ASI2/A207FOXM1ASHI/A207FXXU1ASHI/A207FXXU1ASI2 │ Pie(Android 9) │ 3677711232 │ False  │
│ A207FXXU2BUD2/A207FOXM2BUD2/A207FXXU2BUC1/A207FXXU2BUD2 │ Q(Android 10)  │ 3677711232 │ False  │
│ A207FXXU2ATB1/A207FOXM2ATB1/A207FXXU2ATB1/A207FXXU2ATB1 │ Pie(Android 9) │ 3677711232 │ False  │
│ A207FXXU2CUFA/A207FOXM2CUFB/A207FXXU2CUFA/A207FXXU2CUFA │ R(Android 11)  │ 4556071616 │ False  │
│ A207FXXU2BTI1/A207FOXM2BTI1/A207FXXU2BTH4/A207FXXU2BTI1 │ Q(Android 10)  │ 3677711232 │ False  │
└─────────────────────────────────────────────────────────┴────────────────┴────────────┴────────┘
                                                                                      
Fetching firmware information ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 00:00:10

@SlackingVeteran, I have a question for you.
Why do you still use Samsung's DLLs which makes Frija non-crossplatform?
It was already reverse-engineered and works fine.
Also, can you provide all information you currently know about Samsung FUS endpoints (and request bodies) and Fenrir?

@SlackingVeteran
https://www.tamiraat.com/repository/other/1398/10/09/efmbx0ux.bs0.pdf
Why the fuck a how-to PDF is public? It has fenrir/odin guides.

Confidential and proprietary-the contents in this service guide subject to change without prior notice
Distribution, transmission, or infringement of any content or data from this document without Samsung’s written authorization is strictly prohibited.

No, it's a Galaxy S20+ (SM-G986U1)
…
On Wed, Apr 7, 2021, 3:33 PM Zachary Wander @.***> wrote: There's no logging built in right now. I'll look into why the firmware is wrong, but I'm going to guess Samsung is serving it incorrectly. Is this the Note20 Ultra? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#10 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABH5M2RMRXFGFMR2HM2BGBTTHTMVBANCNFSM42RUGMXA .

No, it's a Galaxy S20+ (SM-G986U1)
…
On Wed, Apr 7, 2021, 3:33 PM Zachary Wander @.***> wrote: There's no logging built in right now. I'll look into why the firmware is wrong, but I'm going to guess Samsung is serving it incorrectly. Is this the Note20 Ultra? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#10 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABH5M2RMRXFGFMR2HM2BGBTTHTMVBANCNFSM42RUGMXA .

Samsung probably did it intentionally to save on space and just to give a middle finger to people who want older firmware. Maybe they're just trying to force the user to update to latest?

Using wireshark while Fenrir is requesting firmware and downloading is only thing you can try so that you could see what kind of requests they make to get older firmware but again you can't use Fenrir outside assigned PC for Samsung authorized repair shops. I got to use it once back in 2018 for like 1 minute when Samsung sent someone to repair my TV at home. Repair man let me play around for lil bit but that was it couldn't do anything I really wanted to do.
.
.
I just read today that Samsung has designated most YouBreakIFix stores as authorized repair shops. So, that may open the possibility of capturing the Fenrir packets between the phone, computer, and server IF we can find a "friendly tech" in one of those shops. ;)
.
https://www.ubreakifix.com/samsung-repair#:~:text=uBreakiFix%20is%20a%20Samsung%20Authorized,we%20can%20fix%20it%20all.