Better Mobile App

[Q] OTA update fails on stock firmware

I've been trying to figure out why my OTA update fails. I'm using stock 2.3.6 with kernel XWKK2 with XSA CSC.
The update fails when the counter reaches16% after the first reboot and then boots back into the old system with a message saying that it failed and no trace of the ~200mb download that it performed.
However, there is a file in /system/fota called "ssfback". It seems to contain the dates and times and some other info about the updates. Does anyone know what this file means?
Code:
$ hexdump -C ssfback
00000000 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000010 93 01 00 40 3e 01 00 80 44 41 54 41 05 00 00 00 |[email protected]>...DATA....|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 44 4f 4e 45 00 00 00 00 |........DONE....|
00000040 55 55 55 55 00 00 00 00 00 90 e5 05 00 30 8a 00 |UUUU.........0..|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 31 32 2d 30 36 30 33 2d 30 38 32 36 35 36 00 00 |12-0603-082656..|
00000070 31 32 2d 30 36 30 33 2d 30 38 32 37 31 36 00 00 |12-0603-082716..|
00000080 93 01 00 40 3e 01 00 80 44 41 54 41 05 00 00 00 |[email protected]>...DATA....|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000a0 00 00 00 00 00 00 00 00 44 4f 4e 45 00 00 00 00 |........DONE....|
000000b0 55 55 55 55 00 00 00 00 00 80 e5 05 00 20 8a 00 |UUUU......... ..|
000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000d0 31 32 2d 30 36 30 33 2d 30 38 34 37 32 36 00 00 |12-0603-084726..|
000000e0 31 32 2d 30 36 30 33 2d 30 38 34 37 34 36 00 00 |12-0603-084746..|
000000f0 93 01 00 40 3e 01 00 80 44 41 54 41 05 00 00 00 |[email protected]>...DATA....|
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000110 00 00 00 00 00 00 00 00 44 4f 4e 45 00 00 00 00 |........DONE....|
00000120 55 55 55 55 00 00 00 00 00 80 e5 05 00 20 8a 00 |UUUU......... ..|
00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000140 31 32 2d 30 36 30 33 2d 32 32 33 34 32 39 00 00 |12-0603-223429..|
00000150 31 32 2d 30 36 30 33 2d 32 32 33 34 34 39 00 00 |12-0603-223449..|
00000160 93 01 00 40 3e 01 00 80 44 41 54 41 05 00 00 00 |[email protected]>...DATA....|
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000180 00 00 00 00 00 00 00 00 44 4f 4e 45 00 00 00 00 |........DONE....|
00000190 55 55 55 55 00 00 00 00 00 80 e5 05 00 20 8a 00 |UUUU......... ..|
000001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001b0 31 32 2d 30 36 30 34 2d 32 32 34 34 32 33 00 00 |12-0604-224423..|
000001c0 31 32 2d 30 36 30 34 2d 32 32 34 34 34 32 00 00 |12-0604-224442..|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000470

[Q] Extract GT-S5300 firmware

Hi, I've bought a Samsung Galaxy Pocket GT-S5300 and downloaded the italian firmware S5300AILD3 brand Tim. It's composed by one file with extension tar.md5. My question is: is it possible extract the pda, phone, csc, pit and bootloader files from this firmware? If yes, how? Maybe can I use splitfus2?
With winzip i managed to open the file with extension tar.md5, that contains:
Sbl.bin
BcmCP.img
param.lfs
boot.img
system.img
csc.ext4
Unfortunately I can't find them on internet...
Hi, I've bought a Samsung Galaxy Pocket GT-S5300 and downloaded the italian firmware S5300AILD3 brand Tim. It's composed by one file with extension tar.md5. My question is: is it possible extract the pda, phone, csc, pit and bootloader files from this firmware? If yes, how? Maybe can I use splitfus2?
With winzip i managed to open the file with extension tar.md5, that contains:
Sbl.bin
BcmCP.img
param.lfs
boot.img
system.img
csc.ext4
Unfortunately I can't find them on internet...

a last thing: if I select the "Re-partition" and "Update bootloader" options and flash only the file S5300AILD3/S5300TIMLD3/S5300XXLD2/S5300AILD3.tar.md5 with the option PDA of odin, can I do a full flash or would I make a disaster?

marsece said:
Hi, I've bought a Samsung Galaxy Pocket GT-S5300 and downloaded the italian firmware S5300AILD3 brand Tim. It's composed by one file with extension tar.md5. My question is: is it possible extract the pda, phone, csc, pit and bootloader files from this firmware? If yes, how? Maybe can I use splitfus2?
With winzip i managed to open the file with extension tar.md5, that contains:
Sbl.bin
BcmCP.img
param.lfs
boot.img
system.img
csc.ext4
Unfortunately I can't find them on internet...
Click to expand...
Click to collapse
I've checked, SplitFUS2 almost suitable for S5300, but...
It seems, SG Pocket has ext4 fs support and CSC supplied as ext4. SplitFUS2 expecting csc.rfs as the filename, so I modifeied it and uploaded as minor release update SplitFUS v2.01 for Windows/Cygwin version.
Linux comes a bit later...
off topic, but I think Galaxy Toolbox also works on Galaxy Pocket. Could you make and send me a bml15 backup image?

Thank you very much for this version of SplitFUS2
Doky73 said:
off topic, but I think Galaxy Toolbox also works on Galaxy Pocket. Could you make and send me a bml15 backup image?
Click to expand...
Click to collapse
I've installed Galaxy Toolbox, but I can't make the bml15 backup image: when I press SAVE button the program says "bml15 backup saved to /mnt/sdcard/SGYunlock/bml15.img.SAVE", but the folder remains empty. Also, the program can read all the Device Infos, except the "Burnt in model ID" and "IMEI".

marsece said:
I've installed Galaxy Toolbox, but I can't make the bml15 backup image: when I press SAVE button the program says "bml15 backup saved to /mnt/sdcard/SGYunlock/bml15.img.SAVE", but the folder remains empty. Also, the program can read all the Device Infos, except the "Burnt in model ID" and "IMEI".
Click to expand...
Click to collapse
Sad to hear it...
I thought the hardware is almost the same.
Phone rooted, and SDcard was accessible while tested?

Doky73 said:
Sad to hear it...
I thought the hardware is almost the same.
Phone rooted, and SDcard was accessible while tested?
Click to expand...
Click to collapse
Yes, I use "universal root v20" for the root and SuperSu upgrade to version 0.90. RootValidation test says that my phone is complete rootedXP

marsece said:
Yes, I use "universal root v20" for the root and SuperSu upgrade to version 0.90. RootValidation test says that my phone is complete rootedXP
Click to expand...
Click to collapse
ok, I see... Just wanted to be sure, otherwise Galaxy Toolbox also checks root access at start, and exits when no root...

However I'm interested in a version of Galaxy Toolbox for my s5300. If I can do something, please tell me!

marsece said:
However I'm interested in a version of Galaxy Toolbox for my s5300. If I can do something, please tell me!
Click to expand...
Click to collapse
Well, I can't promise anything, but this might help: Download Mobile Odin Lite, and make a dump with. The dump file contains useful info about the partitions

Doky73 said:
Well, I can't promise anything, but this might help: Download Mobile Odin Lite, and make a dump with. The dump file contains useful info about the partitions
Click to expand...
Click to collapse
I sent you a pm message with my mobileodin.txt file

marsece said:
I sent you a pm message with my mobileodin.txt file
Click to expand...
Click to collapse
ok, got it, and examined.
Unfortunately Pocket's partition layout seems quiet different from SGY.
On Galaxy Y the /dev/bml15 partition contains vital data for network locks and bin counter
We have to find similar partition, it might be here somewhere there:
Code:
links:
lrwxrwxrwx root root 2012-06-12 10:00 p16 -> /dev/block/mmcblk0p16
lrwxrwxrwx root root 2012-06-12 10:00 p15 -> /dev/block/mmcblk0p15
lrwxrwxrwx root root 2012-06-12 10:00 p14 -> /dev/block/mmcblk0p14
lrwxrwxrwx root root 2012-06-12 10:00 p13 -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 2012-06-12 10:00 p12 -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 2012-06-12 10:00 p11 -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 2012-06-12 10:00 p10 -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 2012-06-12 10:00 p9 -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 2012-06-12 10:00 p8 -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2012-06-12 10:00 p7 -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2012-06-12 10:00 p6 -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2012-06-12 10:00 p5 -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2012-06-12 10:00 p4 -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2012-06-12 10:00 p3 -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2012-06-12 10:00 p2 -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2012-06-12 10:00 p1 -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2012-06-12 10:00 p1 -> /dev/block/mmcblk1p1
----- partitions -----
major minor #blocks name
179 0 3815424 mmcblk0
179 1 2048 mmcblk0p1
179 2 2048 mmcblk0p2
179 3 12800 mmcblk0p3
179 4 5120 mmcblk0p4
179 5 5120 mmcblk0p5
179 6 5120 mmcblk0p6
179 7 307200 mmcblk0p7
179 8 102400 mmcblk0p8
179 9 1048576 mmcblk0p9
179 10 10240 mmcblk0p10
179 11 2302447 mmcblk0p11
179 12 10240 mmcblk0p12
179 13 256 mmcblk0p13
179 14 256 mmcblk0p14
179 15 1024 mmcblk0p15
259 0 16 mmcblk0p16
179 16 1921024 mmcblk1
179 17 1920955 mmcblk1p1
dumping a suspected partition into file (by dd or cat) and searching for string data like IMEI or carrier identifier might help, but I don't want to instruct it anyone, because it might cause irreversible result.
I've read in Galaxy Ace topics, that dd-ing /dev/bml5 hard bicked the phone (but cat-ing was ok)
So do it on your own risk ;-)
we can exclude
/dev/block/mmcblk0p7 /system
/dev/block/mmcblk0p8 /cache
/dev/block/mmcblk0p9 /data
mmcblk0p3 - suspected modem
mmcblk0p15 has the same size as bml15 ... maybe this is the right one...
If you're brave enough, then try
cat /dev/block/mmcblk0p15 >/sdcard/external_sd/mmcblk0p15.cat_image
(I'm not sure if cat requires busybox or not...)
then examine the file on PC. In hex editor look for IMEI, I'ts maybe at 0x80000...

Interesting post
I was looking for something similar,. but also looking how to flash the firmware
which odin version are u using? thanks

troyaneitor1 said:
Interesting post
I was looking for something similar,. but also looking how to flash the firmware
which odin version are u using? thanks
Click to expand...
Click to collapse
until now I have used odin v1.85 and flashed selecting the entire firmware.tar.md5 under the voice PDA of odin. Another thing: on this forum
http://translate.googleusercontent....=12733&usg=ALkJrhi1SQIo7Y09HFfIyJznTEpoRsz0CQ
I've found these files:
Boot_S5300Xxlc9_Rev04.tar.rar (42.2 KB, 51 views)
Pda_S5300Jplc5_Rev04.tar.part1.rar (50.00 MB, 152 views)
Pda_S5300Jplc5_Rev04.tar.part2.rar (50.00 MB, 200 views)
Pda_S5300Jplc5_Rev04.tar.part3.rar (13.07 MB, 142 views)
GT-S5300-MULTI-CSC-Ojplc5.tar.rar (17.35 MB, 125 views)
Coriemmc_0117.pit.rar (01.01 KB, 33 views)
S5300_Downloader.rar (168.9 KB, 79 views)
I would be interested in download them, but the forum requires a paymentXP...maybe do you know someone that could download them?

Same like u. after opening account it asked to pay

Doky73 said:
mmcblk0p15 has the same size as bml15 ... maybe this is the right one...
If you're brave enough, then try
cat /dev/block/mmcblk0p15 >/sdcard/external_sd/mmcblk0p15.cat_image
(I'm not sure if cat requires busybox or not...)
then examine the file on PC. In hex editor look for IMEI, I'ts maybe at 0x80000...
Click to expand...
Click to collapse
I got the file and send pm. Yes, it contains the IMEI at 0x80000

marsece said:
I've found these files:
Boot_S5300Xxlc9_Rev04.tar.rar (42.2 KB, 51 views)
Pda_S5300Jplc5_Rev04.tar.part1.rar (50.00 MB, 152 views)
Pda_S5300Jplc5_Rev04.tar.part2.rar (50.00 MB, 200 views)
Pda_S5300Jplc5_Rev04.tar.part3.rar (13.07 MB, 142 views)
GT-S5300-MULTI-CSC-Ojplc5.tar.rar (17.35 MB, 125 views)
Coriemmc_0117.pit.rar (01.01 KB, 33 views)
S5300_Downloader.rar (168.9 KB, 79 views)
Click to expand...
Click to collapse
I found a better one free
https://hotfile.com/dl/156305309/e6b7a3d/GT-S5300_PLS_S5300XXLD2_S5300PLSLD1_S5300XXLD2.zip.html
that contains:
BOOT_S5300XXLD2_REV04.tar.md5
DefaultCalDataWithBoot_S5300XXLD2_REV04.tar.md5
GT-S5300-csc-PLSLD1.tar.md5
MODEM_S5300XXLD2_REV04.tar.md5
PDA_S5300XXLD2_REV04.tar.md5
but no pitXP

marsece said:
but no pitXP
Click to expand...
Click to collapse
Theoretically the PIT file is somewhere there on the partitions. On SGY its bml4, which is a 262.144 bytes (a relatively small) partition.
You can check the content of the partitions, the Partition Information Table is one of them, it usually starts with HEX 76 98 34 12

For the moment I found this
76 98 34 12 12 00 00 00 42 72 6f 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 00 47 41 4e 47 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6d 6d 63 2e 69 6d 67 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 42 4f 4f 54 00 4c 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 63 6d 42 6f 6f 74 2e 69 6d 67 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I've attachted it in a image...maybe could the pit be this?

marsece said:
For the moment I found this
...........
I've attachted it in a image...maybe could the pit be this?
Click to expand...
Click to collapse
Finally I found the coriemmc_0117.pit file on internet...it starts like this but contains more informations; however I tried it on my s5300 in a full flash with odin and all seems to have gone smoothly

Thanks for the info and files
I tried to flash it but i got error message
could u list steps u used to flash files??
thanks

[Q] help~~ who know this ext4 format

the file head is :
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 3A FF 26 ED 01 00 00 00 20 00 10 00 00 10 00 00 :&?
00000010 00 00 03 00 BF 07 00 00 00 00 00 00 00 00 00 00 ?
00000020 C1 CA 00 00 00 00 00 00 01 00 00 00 10 10 00 00 潦
The right should be:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 3A FF 26 ED 01 00 00 00 1C 00 0C 00 00 10 00 00 :&?
00000010 00 00 03 00 C0 07 00 00 00 00 00 00 C1 CA 00 00 ? 潦
00000020 01 00 00 00 0C 10 00 00 00 00 00 00 00 00 00 00
simg2img can't work;

showjechar said:
the file head is :
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 3A FF 26 ED 01 00 00 00 20 00 10 00 00 10 00 00 :&?
00000010 00 00 03 00 BF 07 00 00 00 00 00 00 00 00 00 00 ?
00000020 C1 CA 00 00 00 00 00 00 01 00 00 00 10 10 00 00 潦
The right should be:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 3A FF 26 ED 01 00 00 00 1C 00 0C 00 00 10 00 00 :&?
00000010 00 00 03 00 C0 07 00 00 00 00 00 00 C1 CA 00 00 ? 潦
00000020 01 00 00 00 0C 10 00 00 00 00 00 00 00 00 00 00
simg2img can't work;
Click to expand...
Click to collapse
hello ~

showjechar said:
the file head is :
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 3A FF 26 ED 01 00 00 00 20 00 10 00 00 10 00 00 :&?
00000010 00 00 03 00 BF 07 00 00 00 00 00 00 00 00 00 00 ?
00000020 C1 CA 00 00 00 00 00 00 01 00 00 00 10 10 00 00 潦
The right should be:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 3A FF 26 ED 01 00 00 00 1C 00 0C 00 00 10 00 00 :&?
00000010 00 00 03 00 C0 07 00 00 00 00 00 00 C1 CA 00 00 ? 潦
00000020 01 00 00 00 0C 10 00 00 00 00 00 00 00 00 00 00
simg2img can't work;
Click to expand...
Click to collapse
sudo java -jar ./sgs2toext4.jar system.img system_ext4.img

LG G5 Bootloop

Hello guys,
Since yesterday my g5 is blocked:
a message that the system was corompu appeared, so I wanted to put my re G5 zero except that it is not recognized by LGUP while he is detect by LG MOBILE SUPPORT TOOL and LG Bridge which does not start a recovery.
Do you have an idea ?
PS: I am french and translation through google sorry for spelling.

There's a reason of this bootlop and corrupted system?
Install the right driver for LGUP, it seems impossible that it's not recognized.

Erario said:
There's a reason of this bootlop and corrupted system?
Install the right driver for LGUP, it seems impossible that it's not recognized.
Click to expand...
Click to collapse
The reason comes from the fact bootloop of modifying the build.prop; I have yet resataure the file via a backup that I had done beforehand.
Since the message of corompu system over any access TWRP it was replaced by the original one.
Normally all the drivers are installed jai installed:
LGH850_DLL.msi
LGUP_Lab_Frame_Ver_1_11.msi
LGMobileDriver_WHQL_Ver_4.0.4.exe
LOG LG UP
[12:19:32] Start Find Available USB Port
[12:19:32] Find 0 Port de communication (COM1)
[12:19:32] Find 1 LGE AndroidNet USB Serial Port (COM41)
[12:19:32] CBasicComControl:pen, the port(COM 41) is constructed successfully => HANDLE : 0x2bc
[12:19:32] CPort:penPort() Success. Port number is 41
[12:19:32] [T000003] 41 54 0D AT.
[12:19:33] CBasicCom::SendRecvPacket, PACKET_ERROR code = 1460 Msg => [12:19:33] [T000005] EF 00 16 65 7E ...e.
[12:19:34] [R000007] EF 00 00 05 00 AD 7E .......
[12:19:34] ---------------------------------------------------------------------------------
[12:19:34] SubProcess Name : NoOperationCmd
[12:19:34] [T000004] 06 4E 95 7E .N..
[12:19:35] [R000004] 02 6A D3 7E .j..
[12:19:35] [T000005] EF 00 16 65 7E ...e.
[12:19:36] [R000007] EF 00 00 05 00 AD 7E .......
[12:19:36] [T000005] EF A0 1C C0 7E .....
[12:19:37] [R000150] EF A0 00 00 00 00 00 4C 47 2D 48 38 35 30 00 00 00 55 6E 6B 6E 6F 77 6E 00 00 00 00 00 00 00 00 .......LG-H850...Unknown........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 35 37 36 35 37 30 37 31 31 36 36 38 34 33 00 ................357657071166843.
00 00 00 00 64 1E 41 6E 64 72 6F 69 64 00 00 00 55 6E 6B 6E 6F 77 6E 00 00 00 00 00 00 00 00 00 ....d.Android...Unknown.........
00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 63 6F 6D 6D ...........................1comm
6F 6E 00 00 77 4F 50 45 30 00 00 00 00 00 00 00 00 00 00 0F 40 7E [email protected]
[12:19:37] CComPort::ClosePort, Closed Port Successfully for COM 41
[12:19:37] CBasicComControl::Close, the port(COM41) is closed successfully
[12:19:37] ==> COM41 is detected
[12:19:37] ModelListManager is initialized
[12:19:52] CBasicComControl::IsConnected, the port(COM41) connection is not detected
Click to expand...
Click to collapse

Backing up partitions without root and unlocked bootloader

Hi everybody!
Here is my situation:
I have a Xiaomi Redmi Note 4x, snapdragon, 16GB (no unlocked bootloader, no root).
Pictures from my DCMI folder were deleted accidentaly. I would really like to be able to recover them.
But I cannot use tools (PC, or android) to analyze partition for deleted files, unless my phone is root-ed.
And I cannot root the phone unless the bootloader is unlocked, and if I try unlocking the bootloader I lose all data from the phone.
I know some things about smartphones, and I have done some research on my own yesterday.
From what I understand my only option would be to low level backup the internal memory partitions (9GB are left available to the user from the total 16GB).
And then try to recover the pictures from the saved images.
To do that I have to enter EDL Mode using Test Point on the PCB board, then use tools like emmcdl.exe to save the phone partitions.
How can I do this in more detail?
Can anybody confirm that it is indeed possible, and also guide me what to do more precisely, so I can be sure I do not lose any data and still have a try to recover the lost pictures
Would the saved partitions be encrypted?
Backing up user data settings from the phone, using low level, would be very useful for me anyway. so I would be glad to be able to do it, even if I can't recover much of my lost files.
Thanks in advance.

Once data is deleted is impossible to recover on our side u need to send it to lab to recover ur data.. ?

In principle, it should be possible to read out the raw partition images in EDL mode. These guys have done something similar: https://alephsecurity.com/2018/01/22/qualcomm-edl-2/
You can even unlock the bootloader and keep your data, if the Redmi Note 4 still uses the same two bits in the devinfo partition to mark locked/unlocked state.
The big But is: Can you really restore deleted files from a raw ext4 partition, especially once other processes have written to the partition? Because that's what you get.
Please keep me updated what you did and what came out of it. I could not get Alephsecurity's tools to work, but that might be due to Windows driver issues.

The Redmi Note 4 (mido) and Redmi Note 3 (kenzo) still have the bits set at 0x10 and 0x18 in the devinfo partition after unlocking, as described in the alephsecurity blog post. The Redmi Note 5 (whyred) instead has a bit set at 0x90 in an otherwise conspiciously blank partition, so unlocking might work differently there.
Here are the officially unlocked devinfo parititons of a mido, a kenzo, and a whyred:
[email protected]:~/tmp devinfo$ hexdump -C devinfo-mido.img
00000000 41 4e 44 52 4f 49 44 2d 42 4f 4f 54 21 00 00 00 |ANDROID-BOOT!...|
00000010 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000e0 01 00 00 00 15 53 8a 17 83 99 ce 55 db a2 19 e5 |.....S.....U....|
...
[email protected]:~/tmp devinfo$ hexdump -C devinfo-kenzo.img
00000000 41 4e 44 52 4f 49 44 2d 42 4f 4f 54 21 00 00 00 |ANDROID-BOOT!...|
00000010 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000e0 01 00 00 00 02 00 00 00 57 18 b2 5e 67 10 48 a0 |........W..^g.H.|
...
[email protected]:~/tmp devinfo$ hexdump -C devinfo-whyred.img
00000000 41 4e 44 52 4f 49 44 2d 42 4f 4f 54 21 00 00 00 |ANDROID-BOOT!...|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000090 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00800000
I unlocked officially, installed TWRP/Lineage, booted TWRP, and then I saved the devinfo partition with "adb pull /dev/block/bootdevice/by-name/devinfo devinfo.img".

​
tijoro said:
The Redmi Note 4 (mido) and Redmi Note 3 (kenzo) still have the bits set at 0x10 and 0x18 in the devinfo partition after unlocking, as described in the alephsecurity blog post. The Redmi Note 5 (whyred) instead has a bit set at 0x90 in an otherwise conspiciously blank partition, so unlocking might work differently there.
Here are the officially unlocked devinfo parititons of a mido, a kenzo, and a whyred:
".
Click to expand...
Click to collapse
Thanks for your replies tijoro.
But I had to recover those files in a day or two, because I had to use my phone, and using it would mean overwriting that info, etc, so I ended up by not recovering them (I don't mind, they weren't that important in the end).
I understand I could have read my user partition in EDL mode, but it would most likely be encrypted data, and MIUI doesn't allow me to set a password (just unlock pattern), so I probably couldn't decrypt it and then try to recover my files.
I didn't check this thread until now since march. I also found that link you gave in your first post, by researching for "edl mode" and unlock
I guess soon I will try and unlock my bootloader with devinfo because unlocking officially would mean losing user data, and I cannot backup many applications user data with MIUI not being rooted.