chipmunkmc/osmium
1
1
Fork 0
Code Issues 2 Pull requests Projects Releases 3 Packages Wiki Activity Actions

SM-S367VL support #3

New issue
Open
opened 2025-12-28 16:46:14 -05:00 by chipmunkmc · 3 comments
chipmunkmc commented 2025-12-28 16:46:14 -05:00
Owner
Copy link

This is the third bootloader-locked Exynos device I own. Mine is currently borrowed and has been for quite a few months, but supposedly I'll get it back at some point in January.

This is the third bootloader-locked Exynos device I own. Mine is currently borrowed and has been for quite a few months, but supposedly I'll get it back at some point in January.
chipmunkmc commented 2026-02-07 15:49:28 -05:00
Author
Owner
Copy link

Well um... You see I live in the United States, and the borrower moved to a state other than mine, and I don't think I'm crazy enough to go on a road trip to get back the device or anything... It's a shame, I really became interested in this specific phone once I learned it had an exynos7885 (or exynos7884a which is just an underclocked one)...

I have a relative in Canada with the exact same phone, though. Maybe I can get it from him (maybe my family will visit him again?), especially if I trade the SM-J327VPP I got from him for it Still, I haven't really looked into rooting that phone yet...

So since I probably won't have testing hardware soon (if ever) I'll just try to port the phone using its bootloader image; I can't just use upload mode to figure out where the PIT chunk will be and whatnot, but I suppose I can guess using other phones' addresses. I already can find the load address using a previous upload mode dump, fortunately. Maybe someone else will test it...

Well um... You see I live in the United States, and the borrower moved to a state other than mine, and I don't think I'm crazy enough to go on a road trip to get back the device or anything... It's a shame, I really became interested in this specific phone once I learned it had an exynos7885 (or exynos7884a which is just an underclocked one)... I have a relative in Canada with the exact same phone, though. Maybe I can get it from him (maybe my family will visit him again?), especially if I trade the SM-J327VPP I got from him for it Still, I haven't really looked into rooting that phone yet... So since I probably won't have testing hardware soon (if ever) I'll just try to port the phone using its bootloader image; I can't just use upload mode to figure out where the PIT chunk will be and whatnot, but I suppose I can guess using other phones' addresses. I already can find the load address using a previous upload mode dump, fortunately. Maybe someone else will test it...
chipmunkmc commented 2026-02-07 21:04:11 -05:00
Author
Owner
Copy link

After looking around in Ghidra and finding some addresses, I made some untested info in ee332c3097.

Notes: the bootloader is at offset 0x61800 in sboot.bin, loaded to address 0x8f000000 in memory, and its uncached heap begins at 0x90500000 not counting the root chunk.

After looking around in Ghidra and finding some addresses, I made some untested info in ee332c3097a52e3defbb283f3644c174b29dab04. Notes: the bootloader is at offset `0x61800` in `sboot.bin`, loaded to address `0x8f000000` in memory, and its uncached heap begins at `0x90500000` not counting the root chunk.
chipmunkmc commented 2026-02-16 20:54:44 -05:00
Author
Owner
Copy link

Well I asked said relative about testing it, and he ended up deciding to just mail me the phone! Let's just hope this phone has revision <= 9 (otherwise I won't be able to downgrade the bootloader to run this exploit)

Well I asked said relative about testing it, and he ended up deciding to just mail me the phone! Let's just hope this phone has revision <= 9 (otherwise I won't be able to downgrade the bootloader to run this exploit)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
0.0.3
0.0.2
0.0.1
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
chipmunkmc/osmium#3
No description provided.