Skip to content

justaCasualCoder/G900A-TWRP-ROM

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
KLTE_USA_ATT.pit
KLTE_USA_ATT.pit
 
 
LICENSE
LICENSE
 
 
QB1_ABOOT.mbn
QB1_ABOOT.mbn
 
 
README.md
README.md
 
 
boot_sdcard.img
boot_sdcard.img
 
 
boot_usb.img.gz
boot_usb.img.gz
 
 
heimdall
heimdall
 
 
main.sh
main.sh
 
 
twrp.img
twrp.img
 
 

Repository files navigation

Samsung Galaxy S5 AT&T Tethered Exploit

What does this do?

It allows booting TWRP/AOSP ROM by using SVE-2016-7930 (Which uses buffer overflows) to run unsigned recovery/boot images from a uSD card. Read the Full article for how it works in more detail.

⚠️This will prevent your phone from booting unless you have a computer! This is a TETHERED Exploit! ⚠️

Requirements

  • AT&T S5 on ABOOT (firmware) version G900AUCS4DQB1

  • Micro SD card ( ⚠️This will be erased⚠️ )

  • Heimdall with This patch applied (a x64 pre-patched binary is in this repo)

  • A computer running Linux

  • TWRP image (Download twrp-3.7.0_9-0-klte.img) named twrp.img in the repo dir (wget --referer https://dl.twrp.me/klte/twrp-3.7.0_9-0-klte.img.html https://dl.twrp.me/klte/twrp-3.7.0_9-0-klte.img -O twrp.img)

Getting started

Getting to the right firmware

If you want your phone to still boot without a PC:

The quick and dirty way (your phone won't boot anything but download mode)

  • Download QA1-QB1.zip

  • Unzip it and flash the aboot.mbn from it (Eg. unzip -d /tmp/ QA1-QB1.zip aboot.mbn && heimdall flash --ABOOT /tmp/aboot.mbn && rm /tmp/aboot.mbn)

Running it

Get a Linux system to continue (Eg. a Ubuntu Desktop Live CD)

  • Download this repo

  • Extract it

  • Open a terminal in the folder you extracted it into

  • Install ADB (sudo apt-get install android-sdk-platform-tools on Ubuntu)

  • Put your uSD card into your phone

  • Run the script (bash main.sh -p && bash main.sh -t and follow the instructions to partition your uSD card and boot into TWRP)

  • When you poweroff the phone, boot it back into your ROM by running bash main.sh -b and follow the instructions.

Script Usage

Usage: main.sh [-h] [-v] [-z ROM.zip] [-i boot.img]

Bash script to boot AOSP ROM/TWRP on G900A

Available options:

-h, --help      Print this help and exit
-v, --verbose   Print script debug info
-t, --twrp       Flash/Boot TWRP
-b, --boot      Do normal boot to LineageOS
-z, --zip       Boot into TWRP and flash zip/boot image
-i, --image     Flash custom boot image
-p, --partition Partition uSD card. Run this once to set up your uSD card

Example Usage:
main.sh -z lineage-21.0-20240202-UNOFFICIAL-klte.zip
main.sh -i boot.img

Installing a ROM

  • Download your ROM of choice for klte

  • Move it into folder where you extracted the repo

  • Run bash main.sh -z YOURROM.zip

    • This will reboot into TWRP, Sideload the ZIP, and then reboot to Download mode to flash the new boot image.

Flash Magisk

  • Install Magisk
  • Enable rooted ADB
  • Connect to adb (adb root)
  • Get the boot image (adb shell dd if=/dev/mmcblk1p16 of=/sdcard/boot.img)
  • Patch it with Magisk
  • Flash the new image (adb shell dd if=$(ls /sdcard/Download/*.img) of=/dev/mmcblk1p16)
  • Reboot

About

Samsung Galaxy S5 AT&T Tethered Exploit

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages