[GUIDE][I337UCUAMF3][STOCK][NEUTERED] MF3 OTA Update - Keep Recovery and Root! [7-12]

[GUIDE][I337UCUAMF3][STOCK][NEUTERED] MF3 OTA Update - Keep Recovery and Root! [7-12]

---

NOTICE: These instructions are pretty much obsolete. If you'd like to run a pure stock MF3 rom based on this exact method of neutering the MF3 OTA update, then read this thread. This thread shall remain for informational purposes only.


A quick THANKS to djbliss (motochopper root exploit), TeamWin (TWRP recovery), Chainfire (SuperSU), and all of the Guinea pigs that tested some of this stuff out for me in this thread.

What is this?
This is not technically a ROM, but by the time you are done, you will be running the stock, (albeit rooted) I337UCUAMF3 ROM provided by AT&T. Unlike the original MF3 OTA patch, if you perform the steps outlined in this thread, you will not lose your custom recovery, and your bootloader (including aboot) will remain untouched.

Here's what the neutered version does:

• It will flash a new boot.img, which primarily includes the MF3 Kernel.
• It will flash the RPM partition, which as far as I can tell is strictly for power management. I kept it in the package because it seems harmless.
• It will update many files in your /system partition, bringing you up to the latest MF3 build (the whole point).
• It will flash the new MF3 modem/Baseband, along with its counterpart, the NON-HLOS partition as well. The NON-HLOS partition will cause some problems with your sound (keep reading), but I've added a patch here that will solve this problem while creating another (WiFi breaks). I've kept this included in the original neutered patch, just in case someone is able to find a very easy fix for the sound and/or WiFi.

Can I go back?
From my experience, if you do not update the bootloaders, it is fully possible to return to the I337UCUAMDB or I337UCUAMDL stock versions. I used Odin, personally, but you could simply restore nandroid backups or flash a new rom. Your modem/Baseband will stay at I337UCUAMF3, along with your RPM partition - unless you use Odin or otherwise flash older versions manually. Personally, I found ZERO side-effects of performing these steps and then restoring my MDL-based nandroid backup.


Bugs?
At this time, you will have to choose between either having sound, or having WiFi. Can't have both. This is completely related to the NON-HLOS modem that's included and expected in the MF3 build. As mentioned above, the new NON-HLOS modem will kill your sound capabilities without having the new bootloaders, etc. I have no idea why, so I've provided a "fix" for this - a flashable .zip that will restore your NON-HLOS modem back to the MDL version. If you revert to this MDL NON-HLOS modem, you will lose WiFi capabilities. If someone finds a more proper fix for this, please let everyone know. Otherwise, you're welcome to keep switching back and forth as you please. See the section in this post about flashing just the modems.


Anything else?
In addition to all this, I've provided a modified, deodexed SecSettings.apk that will not scan for SysScope and will not mark your system as "Custom". This add-on package also removes SysScope entirely from the OS. This add-on optional, and you can choose not to flash this part if you wish. This package is based on my previous mod, located here (some minor changes in Status.smali to match the new MF3 build, but otherwise the same steps were performed to create this new SecSettings.apk). Basically, if you perform all of the steps outlined in this method, you will find yourself with an "official" status, and will have the original "Galaxy S4" boot logo (not the custom/padlock logo), regardless of the root or custom recovery.


Warnings and Caveats:

I have not extensively tested the I337UCUAMF3 operating system, and I WILL NOT be providing tech support for this operating system. Take it AS-IS, and ask your questions about the OS in the Q&A forum. This thread will be only for the process of getting you to I337UCUAMF3.

NOTICE: This is only intended for the I337 - a.k.a. the AT&T Galaxy S4. I have only tried this on my 16Gb, original device. You may try it on other devices, but there is of course a very high risk of bricking your non-i337 device. You've been warned.

WARNING: I am not responsible if you brick your device. Follow the instructions very, very closely, and you will be fine.

ANOTHER WARNING: There are mixed reports about certain things being broken with the MF3 update, such as the "free unlock with hidden menu" and tethering, etc. If these are important to you, you might want to make a full backup of your EFS just in case. Most custom recoveries (including the provided TWRP recovery) can help you do this. The EFS partition does not appear to be touched during the update, but just in case the new kernel or new modem does something to it on-the-fly, it would be a good idea to have a backup.


Okay, great. So what do we do?
Click the "Click to show content" button below to begin.

 

1. Download all these prerequisites. Get the downloads started now, and just read-ahead so you are familiar with the next steps.
   • openrecovery-twrp-2.6.0.0-jflteatt.img
     Original is found on TWRP's website.
     NOTE: You can download your own recovery.img if you'd like. Continue reading instructions for more details.
   • MDL-noSecure.zip
   • MF3-Neutered.zip
   • UPDATE-SuperSU-v1.41.zip
     Original is found on Chainfire's website.
   • remove-SysScope.zip
   • modem-fix.zip
   • motochopper-mod.zip
2. Put each and every one of these downloads onto the root of your internal SDCard (/sdcard/).
3. Make a full Nandroid backup of your device - include system, data, and everything.
4. Make a backup of everything that is on your internal SDCard - it's possible to accidently wipe it.
5. Wipe data. Be careful not to wipe your SDCard!
6. Odin to stock, unrooted MDB package. Instructions here.
7. Allow the device to reboot fully into the clean, stock MDB. This will clear your "Custom" status, by the way.
8. When returning to MDB, some apps will likely force-close when they start. This is due to data problems with these apps. You could wipe data again to remove these, but there is risk of wiping your SDcard if you do it wrong. Otherwise, just clock OK and get through them all before continuing.
9. Run Motocopper - Use custom version that I've provided, OR you can download the original version here http://forum.xda-developers.com/show....php?t=2252248
   NOTE: If you use the original version, be sure not to allow it to restart your device! At the end when it prompts you to "Press Enter to reboot..." - DO NOT REBOOT.
10. Install a custom recovery using your ADB shell. Do NOT mistype the partition number at the end, or you can easily hard-brick your device.
    
    Code:

    # dd if=/sdcard/openrecovery-twrp-2.6.0.0-jflteatt.img of=/dev/block/mmcblk0p21
    # reboot recovery

    Note: You should be able to use your own recovery. You will need to install it using the method above, however. Programs like GooManager will not work at this stage.
11. Allow the device to reboot directly into recovery. Do not leave recovery until instructed to do so.
12. Flash MDL-noSecure.zip
    NOTE: This is the original AT&T I337UCUAMDL update, but with the "ro.secure" check removed, and the recovery removed. Otherwise it is the same thing.
13. Flash MF3-Neutered.zip
14. Flash UPDATE-SuperSU-v1.41.zip
15. Flash remove-SysScope.zip
    NOTE: This package will also clear your dalvik cache, just in case.
16. Flash modem-fix.zip
    NOTE/BUG: If you skip this, you will lose all audio. If you flash this modem-fix, you will lose WiFi. Currently working on investigating this!
17. Wipe Data/Cache.
18. Reboot the device into system.
19. Enjoy I337UCUAMF3.
20. Click the "Thanks" button if this has helped you.

But I only want to flash the new modem (Baseband). Do I have to do all that crazy stuff?
Certainly not! You can flash just the modem itself, very easily. You need to be rooted, or have a custom recovery first.
The Manual Method - requires root (advanced users, but technically easier and quicker!):

 

1. Download the .zip I created of all the modems I've ever had here.
2. Make a nandroid backup for safekeeping. Note that a nandroid backup will not typically backup your current modem - this is just a precaution in case you mess things up and have to use Odin to restore your modems or something. Better safe than sorry!
3. Unzip contents to your sdcard.
4. Fire up your ADB shell.
5. Type the following very carefully. DO NOT GET THE PARTITION NUMBER WRONG or you could easily brick your device. Badly.
   
   Code:

   su
   dd if=/sdcard/modem-MF3.bin of=/dev/block/mmcblk0p2
   reboot

6. Start testing it out!

NOTE: The included NON-HLOS.bin is intended for mmcblk0p1. If you are on an MDL-based ROM and/or Kernel, don't flash this file yet, unless you're being experimental. Here's why:

Quote:

Originally Posted by If you have an MDL-based ROM/Kernel... If you have an MDB NON-HLOS.bin and an MF3 modem.bin, Wi-Fi will break. If you have an MF3 NON-HLOS.bin and an MF3 modem.bin, sound will break. If you have an MDL NON-HLOS.bin and an MF3 modem.bin, .... Nothing seems broken. Sound and Wi-Fi are working.

The Automatic Method - requires custom recovery (recommended for flashaholics):
CPA Poke has offered a flashable version of the modem as an option here.


I just want the original, unaltered I337UCUAMDF patch. Where can I find it?
You can download it here. This was taken straight from \cache\fota\2400258.cfg. You can rename it as a .zip if you'd like to mess with it. Please note that this file may not be flashable on your device if you have customized your /system partition or have made other modifications to your device. This patch performs a series of integrity checks, and will not install if it fails any of them. If it fails, you should be safe, as the patch sequence aborts before making changes if it fails the checks.

BE FOREWARNED: Flashing this file directly will cause you to lose root, lose your custom recovery, and lose the ability to obtain root in the future (as far as we know). In other words, DO NOT install this unaltered, original update if you EVER want to have root again, flash custom ROMs, or have the ability to make/restore nandroid backups. You've been warned.


How can I make my own neutered version of the OTA patch?
Check out post #2 in this thread for all the details on how to customize your OTA patch file, including the warnings and potential ways you can hard brick your device.


What was changed in this patch?
If you were to flash the original patch without neutering it first, you'll be stuck with a stock MF3 build (or higher). As far as we can tell, this patch does blow some e-fuses in the device, incrementing a number such that it is impossible to return back to an older build (MDB or MDL). There is currently no known cure for this condition if this is the case, especially considering we have locked bootloaders on the I337 at this time.

For a complete list of all the files that this patch touches on your system, you can check out my previous post here.


Can I use this in my own ROM?
Certainly! In fact I encourage it. I'd like to see some cool ROMs be built using the MF3 base. It's got some nice improvements on the MDL base, so any stock-based ROMs should benefit. You have my full permission to use this complete process or any parts/pieces/packages/methods herein. I would like to see my name mentioned in your "thanks" list if you have one, but this is of course completely optional.


Where can I download a full system and kernel dump of the work you did? (ADDED 7-12-13)
You can download it right here. Apart from the SysScope mod mentioned above and injecting root, this is the full, stock image. This is NOT directly flashable, so don't even try. This will only be useful for ROM developers and advanced users. The modems and bootloaders have nothing to do with these packages, but these might be required for everything to work correctly (i.e. sound and WiFi).

This was created from my device after performing all the steps above, using these commands while the device was in recovery, from a root ADB shell:

Code:

dd if=/dev/block/mmcblk0p16 of=/sdcard/system-MF3.img
dd if=/dev/block/mmcblk0p20 of=/sdcard/boot-MF3.img

Do you have this available as a ROM I can flash? (ADDED 8-6-13)
Indeed! If you want to install this as a ROM, check out my newer thread here.

Anything I can do to help here?
If this information and tutorial helped you out, just simply hit the "THANKS" button. It's great to know the work was appreciated. Another way that you can help is to provide feedback in this thread about how it worked for you, and if there's any improvements that can be made. Lastly, if you're interested in helping financially to help recover the costs of the JTAG box I now need to recover my S4, you're certainly welcome to assist by using the donate link on the left. Keep in mind that I'm not technically a Dev here - I'm just another forum member that's providing information to other members. It's what this whole community is about.