Better Mobile App

[Firmware] Razr XT910 bricked. OMAP4430 in Device Manager.

Title pretty sums it all. Need some advice and some crazy ideas to try. Anyone?

p34c3m4k3r said:
Title pretty sums it all. Need some advice and some crazy ideas to try. Anyone?
Click to expand...
Click to collapse
I've done a fair bit of this stuff, and ended up having to send my phone into warranty before.
There is a program called OMAPFlash which motorola uses, and they send off the correct signed firmware onto the device. I was only able to get so far. Your device must have bricked when you were writing the mbmloader...
You need to write the mbmloader. Let me see if I can find anythign for you.
Who is the carrier of the phone?

danifunker said:
I've done a fair bit of this stuff, and ended up having to send my phone into warranty before.
There is a program called OMAPFlash which motorola uses, and they send off the correct signed firmware onto the device. I was only able to get so far. Your device must have bricked when you were writing the mbmloader...
You need to write the mbmloader. Let me see if I can find anythign for you.
Who is the carrier of the phone?
Click to expand...
Click to collapse
Thanks for the reply. I bought it unlocked. Managed to find omapflash, but only for windows. Did you find it for linux?
About the device...
- If I plug it in, the white light comes up, for sometime, then shuts off. During this period there is no activity on the usb bus.
- If I plug it in, and press power, the light shuts off and the unit starts being recognized as OMAP4430.
- I tried usbboot from the LG session, since there are some models that use the same cpu. No go. Couldn't upload the code.
- One thing to notice, the file called by OMAP MLO, that carries the signed code, is mbmloader_xx.bin. Tried also with usbboot. No go.
- Formating a 4GB SD with a GPT partition table and two partitions: FAT32 and EXT3 respectively, copying the mbmloader_hs.bin as MLO and mbm.bin as u-boot.bin, to the first partition and trying to boot. No go.
- Using a Windows pc with Windows XP SP3 and the Motorola suite + the OMAP driver, didn't do anything. The phone keeps reseting the bus and it's just recognized as a device without any communication ports.
I'm have some spare time & I will keep trying even the most crazy ideas. I don't think it's something so complex. I have a DD backup of some partitions by the way.
Peace.

I have restored a RAZR XT912 from such a state using the Linux omap_flash binary and a boot loader repair kit that includes the pbrdl.bin and brdl.bin needed to make the TI OMAP device be recognized by adb and then fast boot can flash the mbmloader.bin and mbm.bin.
These files are specific to the device and we have kits for the XT912, XT894, XT875 and XT862.
We do not have them for the XT910 unfortunately, and everything we know about them indicates they are hardware and boot loader revision specific files and not at all cross compatible. Given that you have no other choice and a completely bricked device, it may be worth considering trying the files anyway.
You seem very well versed in the techniques required and would have an excellent chance of success if it works at all.
You may want to use the mbmloader.bin and mbm.bin from available XML.zip firmware files that are current for your device as those will definitely be the right files for the phone rather than the XT912 versions. If you are lucky, the pbrdl.bin and brdl.bin maybe compatible and flash successfully.
The procedure is like that which you have attempted and much easier than trying uboot from sdcard, which would not work from my understanding.
You must have a factory cable though, to power the device directly and that initializes a timed event during which the TI OMAP device is presented to the usb interface.
You run lsusb to be sure its there and then quickly run the first command with omap_flash and then the subsequent commands with fast boot.
If you are successful you will see the boot loader come up after brdl.bin is flashed and then fast boot the mbmloader.bin and mbm.bin and reboot.
If you PM me I will send you links to the files.
Good luck! This should be very interesting, but I have my doubts that the RDL files will be compatible.

cellzealot said:
I have restored a RAZR XT912 from such a state using the Linux omap_flash binary and a boot loader repair kit that includes the pbrdl.bin and brdl.bin needed to make the TI OMAP device be recognized by adb and then fast boot can flash the mbmloader.bin and mbm.bin.
These files are specific to the device and we have kits for the XT912, XT894, XT875 and XT862.
We do not have them for the XT910 unfortunately, and everything we know about them indicates they are hardware and boot loader revision specific files and not at all cross compatible. Given that you have no other choice and a completely bricked device, it may be worth considering trying the files anyway.
You seem very well versed in the techniques required and would have an excellent chance of success if it works at all.
You may want to use the mbmloader.bin and mbm.bin from available XML.zip firmware files that are current for your device as those will definitely be the right files for the phone rather than the XT912 versions. If you are lucky, the pbrdl.bin and brdl.bin maybe compatible and flash successfully.
The procedure is like that which you have attempted and much easier than trying uboot from sdcard, which would not work from my understanding.
You must have a factory cable though, to power the device directly and that initializes a timed event during which the TI OMAP device is presented to the usb interface.
You run lsusb to be sure its there and then quickly run the first command with omap_flash and then the subsequent commands with fast boot.
If you are successful you will see the boot loader come up after brdl.bin is flashed and then fast boot the mbmloader.bin and mbm.bin and reboot.
If you PM me I will send you links to the files.
Good luck! This should be very interesting, but I have my doubts that the RDL files will be compatible.
Click to expand...
Click to collapse
Thanks a lot for your reply and the technical insights! I appreciate your effort.
:good:
Can you tell me the difference between those 2 files? brdl and pbrdl? Are those OMAP model specific?
Yesterday I was able to make omapflash in Windows recognize the device but I need the address of the mbmloader.bin and mbm.bin in the emmc. I think it's the only part missing in my puzzle. The omap4430, according to the specs, first looks for MLO and u-boot.bin when you turn it on. Is the cpu rom somehow modified to look for mbm and mbmloader, by motorola? Using a hex editor you can find the string "MLO" right in the beginning of "mbmloader_hs.bin" and "mbmloader_ns.bin". Does it mean anything related to this matter? I still don't know why motorola provides a secure and non-secure loaders with the firmware package of a phone that "theoretically" can't be unlocked.
I tried uart over the p2_stereo headphone port without success a couple minutes ago.
I will be looking for the service cable in case my battery drained bellow the specs for the flashing process.
Thanks for cellzealot and danifunker, for your replies and your time.
Peace.
PS: I searched for omap_flash binary for linux all over without success, let alone the source code, of course.

I think the OP has some good news to announce and will be posting up how he successfully repaired the bootloader on his XT910 using the files I sent him from the XT912 repair kit. This is very good news and will be very useful for other users with corrupt bootloader devices.

Thank you cellzealot, Once again a great contribution to the community from you !

Nice upload tutorial
Sent from my MZ601 using XDA Premium HD app

As is often the case with these things, many people had a hand in this solution and the files and methods came from various sources.
I think the number of people who manage to corrupt the bootloader is actually quite small, but it is nice to have the right tools and files to fix it if and when the situation arises.
The bootloader repair kit files themselves are Level 4 access Motorola internal files and the Linux binary was posted by a user in a thread on the Bionic XDA forum.
We originally received the level 4 repair kits in bare form without any instructions whatsoever nor the proper binaries to use, and we were rather confused as to what they were.
Being unfamiliar with the two critical components pbrdl.bin and brdl.bin, we assumed they were to be flashed in fastboot and the kits also included the allow_mbmloader_flashing_mbm.bin (which is not actually required to complete the procedure).
In light of all this and rampant rumors about an engineering bootloader that was unlockable, we very unwisely gave in to the temptation after examining them to imagine these were those secret files, and I quickly hosed a friend's Razr that he had lent me for testing GSM stuff on by writing the pbrdl.bin to the mbmloader partition with fastboot !
Fast forward months later after many attempts to recover the device with the Windows binaries and a set of instructions that we received after the fact, and finally the Linux binary surfaced in the Bionic thread and it all fell together.
The key is the Linux binary because the Win binaries and device interfaces are so glitchy. In 32bit Ubuntu everything just works and the timed event is just long enough to perform the required initial command with the omapflash-lnx binary that then allows adb and fastboot to do the rest.
So, as I said...many hands and many missteps later to arrive at success.
It's very gratifying that this can be applied to the XT910 as well and as I told the OP in PM, I would like to have him write up what he did in this case as it may differ somewhat from my experience.
I expect he will do that very shortly and we can post the files as well.

Good to know these files are applicable to RAZR XT910.

cellzealot said:
I think the OP has some good news to announce and will be posting up how he successfully repaired the bootloader on his XT910 using the files I sent him from the XT912 repair kit. This is very good news and will be very useful for other users with corrupt bootloader devices.
Click to expand...
Click to collapse
cellzealot, sorry for the delay and I didn`t forget the topic. Have been busy lately. I will update it later today.
Peace.
:good:

I created a specific topic on the "Development Section". Go take a look and leave some feedback if you like it.
Peace.
:good:

cellzealot said:
I have restored a RAZR XT912 from such a state using the Linux omap_flash binary and a boot loader repair kit that includes the pbrdl.bin and brdl.bin needed to make the TI OMAP device be recognized by adb and then fast boot can flash the mbmloader.bin and mbm.bin.
These files are specific to the device and we have kits for the XT912, XT894, XT875 and XT862.
We do not have them for the XT910 unfortunately, and everything we know about them indicates they are hardware and boot loader revision specific files and not at all cross compatible. Given that you have no other choice and a completely bricked device, it may be worth considering trying the files anyway.
You seem very well versed in the techniques required and would have an excellent chance of success if it works at all.
You may want to use the mbmloader.bin and mbm.bin from available XML.zip firmware files that are current for your device as those will definitely be the right files for the phone rather than the XT912 versions. If you are lucky, the pbrdl.bin and brdl.bin maybe compatible and flash successfully.
The procedure is like that which you have attempted and much easier than trying uboot from sdcard, which would not work from my understanding.
You must have a factory cable though, to power the device directly and that initializes a timed event during which the TI OMAP device is presented to the usb interface.
You run lsusb to be sure its there and then quickly run the first command with omap_flash and then the subsequent commands with fast boot.
If you are successful you will see the boot loader come up after brdl.bin is flashed and then fast boot the mbmloader.bin and mbm.bin and reboot.
If you PM me I will send you links to the files.
Good luck! This should be very interesting, but I have my doubts that the RDL files will be compatible.
Click to expand...
Click to collapse
cellzealot, I have a question here.
Would it be possible to use your repair kit for the XT912 to flash a new, freshly compiled mbmloader.bin in order to completely replace the locked Motorola bootloader with an unlocked version? I understand that the source for mbmloader.bin is available in the repo's -- I would think that it would be a simple matter to compile & package an unlocked version and use your low-level OMAP4 utility to flash it onto the phone, thereby replacing the locked bootloader with a new unlocked version.
Or is there an even lower-level bootloader embedded in the device that checks mbmloader.bin for security at boot time? If so, would it be possible to replace THAT lower-level bootloader with an unlocked version in similar fashion to what I described? I am pretty new to this, but to my way of thinking, there has to be a way to get around Motorola's cryptographic verification of succeeding bootloader stages.
I have an off-contract Verizon XT912, running 9.8.20-72_VZW_16, that I am using as a test-bed for a new ROM I want to develop that will contain native real-time RSA voice encryption built right into the image as a part of the kernel or using a kernel module; I need to get rid of Mororola's entire scheme of cascading locked bootloaders in order to have the freedom to do the development I want -- once I have it developed, I can later implement locking for security purposes in my own bootloader.
Do you see any way that what I described about replacing Motorola's locked bootloader(s) can be accomplished?
Thanks in advance for any help you may be able to offer!

xt862 (droid 3 Verizon) repair kit (pbrdl.bin and brdl.bin) pleeeeease
Hi dear Cellzealot,
You are my last hope to unbrick my xt862 which just repeatedly connects and disconnected via USB as OMAP4430 device. (what I can view via dmesg). Also it apparently responds on ./omapflash-lnx pbrdl.bin from razor repair kit by instantly stopping to connect-disconnect and leaving in disconnected state (i.e. no more usb device via dmesg or lsusb). Also above command returns "OK XXXX bytes sent" in command prompt (what is another indicator that hardware is alive and just waits for bootloader). But so far I have understood from your post - above files are specific for each device. I even contacted Motorolla US service centre but they refused me to provide above files saying they are not available publicly.
Thanks in advance,
With last hope,
Sergiy

PM sent with xt862 repair kit!

droid bionic bootloader repair kit
I tried repairing my bionic with the files I found on xda.. It boots to the AP fastboot screen but shows errors, cant flash with rsd lite. I would appreciate any help. thank you

pbrdl.bin for Defy (MB525)?
Hi Cellzealot and all,
I have a properly bricked Motorola Defy (MB525), which has a locked bootloader. Do you know if there's a signed pbrdl.bin (ie. USB 1st stage bootloader) in existence for this device? (I've tried sending it the droid file - it uploads OK but doesn't run).
Please could you point me in the right direction? Thanks!
(By the way, the Defy is an OMAP3630 device).

Nexus 7 (2012) Cannot be Recognized (Tried Everything)

Hello,
First off, I've gone through the forums and I have looked up other posts and despite everything I cannot figure out how to get my nexus 7 tablet to be recognized by the computer (I tried and after two days of searching for answers I decided to make a post). I like to include this information so people don't assume that I post without browsing or haven't tried anything yet.
The thing that I am having troubles with is that I have a nexus 7 tablet that is softbricked, I have already gone through a lot of ways to fix that problem (I found the best solution is this:http://forum.xda-developers.com/showthread.php?t=1809195). However, the issue is is that I cannot get my computer to recognize the nexus tablet to flash it and restore it back to factory settings.
I have installed and updated the device drivers on my computer, but still I have had no such luck. I found that ADB doesn't recognize the device whilst in the Bootloader, but still will not recognize the device in recovery mode. If anyone has any tips, or suggestions that might work PLEASE let me know, at this point I'm getting desperate and any/all help would be greatly appreciated!
Thank you!

NecroGi said:
Hello,
First off, I've gone through the forums and I have looked up other posts and despite everything I cannot figure out how to get my nexus 7 tablet to be recognized by the computer (I tried and after two days of searching for answers I decided to make a post). I like to include this information so people don't assume that I post without browsing or haven't tried anything yet.
The thing that I am having troubles with is that I have a nexus 7 tablet that is softbricked, I have already gone through a lot of ways to fix that problem (I found the best solution is this:http://forum.xda-developers.com/showthread.php?t=1809195). However, the issue is is that I cannot get my computer to recognize the nexus tablet to flash it and restore it back to factory settings.
I have installed and updated the device drivers on my computer, but still I have had no such luck. I found that ADB doesn't recognize the device whilst in the Bootloader, but still will not recognize the device in recovery mode. If anyone has any tips, or suggestions that might work PLEASE let me know, at this point I'm getting desperate and any/all help would be greatly appreciated!
Thank you!
Click to expand...
Click to collapse
adb is not designed to be usable in bootloader mode. You need fastboot for that. If you have the fastboot.exe program in the same folder as your adb stuff, try this:
fastboot devices
If it reads, then all you need to do is fastboot flash the various .img files back to the tablet. There are tool kits that do this for you, but I prefer doing it manually as there are less chances of things messing up and if they do, you're more likely to know at what step which could be useful for further troubleshooting if need be. It is important to download the correct img files due to differences between the generations and wifi / data enabled ones. There is a flash-all script that you can find in the download of the factory images, which might make it easier, but you can just manually flash the separate files as sometimes you don't need to bother with them all (like the bootloader) though if the script works, then it'll be fine and might make it easier if you are not familiar with the commands.
If you don't have fastboot at all, just grab it from here: http://forum.xda-developers.com/showthread.php?t=2317790
Nexus img files: https://developers.google.com/android/nexus/images
Hit me up on Hangouts if you need more direction.

NecroGi said:
Hello,
First off, I've gone through the forums and I have looked up other posts and despite everything I cannot figure out how to get my nexus 7 tablet to be recognized by the computer (I tried and after two days of searching for answers I decided to make a post). I like to include this information so people don't assume that I post without browsing or haven't tried anything yet.
The thing that I am having troubles with is that I have a nexus 7 tablet that is softbricked, I have already gone through a lot of ways to fix that problem (I found the best solution is this:http://forum.xda-developers.com/showthread.php?t=1809195). However, the issue is is that I cannot get my computer to recognize the nexus tablet to flash it and restore it back to factory settings.
I have installed and updated the device drivers on my computer, but still I have had no such luck. I found that ADB doesn't recognize the device whilst in the Bootloader, but still will not recognize the device in recovery mode. If anyone has any tips, or suggestions that might work PLEASE let me know, at this point I'm getting desperate and any/all help would be greatly appreciated!
Thank you!
Click to expand...
Click to collapse
You won't get adb in bootloader mode.
You have to use the fastboot command.
Please tell the OS on your computer.
Use the tool in my signature as an environment.
Download 7zip, and install that.
Then go here and download the proper image for your device.
It would either be "Factory Images "nakasi" for Nexus 7 (Wi-Fi)" or "Factory Images "nakasig" for Nexus 7 (Mobile)".
Grab the 4.4.2 version.
Extract the downloaded file with 7zip into the "Work" folder in the tool form my signature.
Then extract that "nakasig-kot49h-factory-83d93b5f.tar" file with 7zip.
Then go into the folder that came out of that, and extract the "image-nakasig-kot49h.zip" into the Work folder.
And enter the following commands while in bootloader.
Code:
fastboot oem unlock
fastboot erase userdata
fastboot erase system
fastboot erase recovery
fastboot erase cache
cd nakasig-kot49h
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img
fastboot reboot
Make SURE you grab the correct image for your device. Wifi or Mobile.
I also assume that you know the .img files should be in the Work folder before you type thse commands into my tool.

Hey guys, first of all thank you for the speedy replies and steps I should follow.
Right now I'm using OSX but for the tablet I'm using a virtual Win7 machine to try and get this damn tablet to be recognized by the computer. The process is being delayed a little bit because my micro USB cords are being temperamental, meaning that the tablet has no juice, and when I mess with it (using the power + volume buttons to boot to bootloader/recover) the cord comes unplugged. I know automatically you guys are going to pinpoint this as the source of the issue (mainly because I would too), but it works fine if just laid flat and stays connected. It just has zero charge so when it disconnects/reconnects I literally have to power it back up, just need to wait for it to have some charge before I tinker with it more.
I will post updates after it charges.
Although I already thanked you guys, thanks again for speedy reply. It's much appreciated.

NecroGi said:
Hey guys, first of all thank you for the speedy replies and steps I should follow.
Right now I'm using OSX but for the tablet I'm using a virtual Win7 machine to try and get this damn tablet to be recognized by the computer. The process is being delayed a little bit because my micro USB cords are being temperamental, meaning that the tablet has no juice, and when I mess with it (using the power + volume buttons to boot to bootloader/recover) the cord comes unplugged. I know automatically you guys are going to pinpoint this as the source of the issue (mainly because I would too), but it works fine if just laid flat and stays connected. It just has zero charge so when it disconnects/reconnects I literally have to power it back up, just need to wait for it to have some charge before I tinker with it more.
I will post updates after it charges.
Although I already thanked you guys, thanks again for speedy reply. It's much appreciated.
Click to expand...
Click to collapse
I suggest to STOP!!!
If you are trying to restore the device and the cable disconnects in the middle of it, it might not be recoverable. That would be one of the few ways to really damage the tablet as they are pretty difficult to hard brick. Don't half ass it with stuff like this. A good cable is not THAT much and will certainly be cheaper than a new tablet or getting it to a point where you might have to send it somewhere for service.
I'm not familiar with Macs, but if you are more so, then this might be better than using a Virtual set up:
https://code.google.com/p/adb-fastboot-install/

es0tericcha0s said:
I suggest to STOP!!!
If you are trying to restore the device and the cable disconnects in the middle of it, it might not be recoverable. That would be one of the few ways to really damage the tablet as they are pretty difficult to hard brick. Don't half ass it with stuff like this. A good cable is not THAT much and will certainly be cheaper than a new tablet or getting it to a point where you might have to send it somewhere for service.
I'm not familiar with Macs, but if you are more so, then this might be better than using a Virtual set up:
Click to expand...
Click to collapse
It's actually working fine now (in the sense that the computer can now read it). The Virtual Machine also works just as good, but for some reason the toolkit I'm using won't properly return the tablet to the stock image using the SkipSoft Android ToolKit, so I'm going to have to try and find another way.
Thanks for your guys' help.

Soft Brick Kindle Fire HDX 7 - 4.5.5.3

Hello everyone,
I've been tinkering with my kindle attempting to flash TWRP so I could flash other ROMs on my Kindle Fire HDX 7 (3rd generation) but I have seemed to soft brick the device after using unlock.bat from https://forum.xda-developers.com/kindle-fire-hdx/general/thor-unlocking-bootloader-firmware-t3463982/post70881555#post70881555
The unlock.bat was supposed to unlock my bootloader, but now the device won't power on. If I plug it into the windows a bunch of partitions appear and windows prompts me if I want to format the various drives. If I plug my kindle into Linux, the 7 (i think) partitions show folders various different system functions.
Someone wrote in a separate forum that it's possible to restore kindle if I using something called eMMC Raw tool, but didn't really give any clear instructions.
If anyone could help me recover my device, that would be greatly appreciated. Thank you.

For some reason I can't upload a picture of the various files in the partition.
Side note: could I theoretically put CM 12 or anything else on one of the partitions instead of the stock ROM?

Praxxer1 said:
Hello everyone,
I've been tinkering with my kindle attempting to flash TWRP so I could flash other ROMs on my Kindle Fire HDX 7 (3rd generation) but I have seemed to soft brick the device after using unlock.bat from https://forum.xda-developers.com/ki...r-firmware-t3463982/post70881555#post70881555
The unlock.bat was supposed to unlock my bootloader, but now the device won't power on. If I plug it into the windows a bunch of partitions appear and windows prompts me if I want to format the various drives. If I plug my kindle into Linux, the 7 (i think) partitions show folders various different system functions.
Someone wrote in a separate forum that it's possible to restore kindle if I using something called eMMC Raw tool, but didn't really give any clear instructions.
If anyone could help me recover my device, that would be greatly appreciated. Thank you.
Click to expand...
Click to collapse
Unlock.bat did not "soft brick" your device as the actions it performs are totally benign. More likely you got sloppy and flashed an incompatible aboot (via dd) or erased aboot and don't know how to recover. Me thinks it is the latter. Keep reading; you'll eventually stumble on posts that describe corrective actions. I will edit this post with a link as time permits.
You do not need "eMMC Raw Tool" whatever that is.
edit: https://forum.xda-developers.com/ki...ing-bootloader-firmware-t3463982/post75284993

Davey126 said:
Unlock.bat did not "soft brick" your device as the actions it performs are totally benign. More likely you got sloppy and flashed an incompatible aboot (via dd) or erased aboot and don't know how to recover. Me thinks it is the latter. Keep reading; you'll eventually stumble on posts that describe corrective actions. I will edit this post with a link as time permits.
You do not need "eMMC Raw Tool" whatever that is.
edit: https://forum.xda-developers.com/ki...ing-bootloader-firmware-t3463982/post75284993
Click to expand...
Click to collapse
Ah. I wish I had seen that thread before I started the process! You may be right about the compatible boot. I couldn't find the original aboot_vuln.mbn file mentioned in the thread I was following, but managed to find aboot.img file and flashed that hoping it was the same. I could have sworn though, that the device stopped working the second after I clicked the unlock.bat file (executed outside the fastboot screen), but could be wrong.
Only problem about the thread you linked, device isn't responding to any ADB or fastboot commands, but still shows that my PC recognizes the device as a fire device.
Thank you for your time, I'll keep reading through the thread you linked.

Praxxer1 said:
Only problem about the thread you linked, device isn't responding to any ADB or fastboot commands, but still shows that my PC recognizes the device as a fire device.
Click to expand...
Click to collapse
Likely a Windows driver issue. Suggest installing Motorola Device Manager here which includes composite USB drivers that work reliably with HDX devices. Need need to run MDM; just install it. After connecting the device you will need update the driver via Windows Device Manager. Bit of hit and miss with a non-functioning device. Cables and USB ports also play a huge role, especially with fussy bootloader/fastboot communications. Avoid external hubs, USB3 ports and add-on expansion cards. Change cables, ports, etc. Good luck.

Davey126 said:
Likely a Windows driver issue. Suggest installing Motorola Device Manager here which includes composite USB drivers that work reliably with HDX devices. Need need to run MDM; just install it. After connecting the device you will need update the driver via Windows Device Manager. Bit of hit and miss with a non-functioning device. Cables and USB ports also play a huge role, especially with fussy bootloader/fastboot communications. Avoid external hubs, USB3 ports and add-on expansion cards. Change cables, ports, etc. Good luck.
Click to expand...
Click to collapse
Thanks Davey, I'll definitely give it a try. Just as a bit more information on my situation, the device manager on windows does read Fire Device "ADB composite driver". I also have it connected to the PC using a Fastboot Cable. I will give all of this a try when I get home from work today.
If I am able to communicate with the device after installing the MDM drivers, should I attempt to restore the device? Or try to unlock and flash the stock ROM?

Praxxer1 said:
Thanks Davey, I'll definitely give it a try. Just as a bit more information on my situation, the device manager on windows does read Fire Device "ADB composite driver". I also have it connected to the PC using a Fastboot Cable. I will give all of this a try when I get home from work today.
If I am able to communicate with the device after installing the MDM drivers, should I attempt to restore the device? Or try to unlock and flash the stock ROM?
Click to expand...
Click to collapse
- dump the fastboot cable (all but useless on a HDX); this isn't a generic Android device
- ADB composite drivers come in many flavors; HDX bootloader only likes a few of them
- if/when you reestablish communication first step is to restore aboot and install TWRP; unlocking and ROM installation come later
- do not attempt to reinstall stock; frustration and heartache consume those who do
- again, this is not a run-of-the-mill Android gizmo; many of the tricks you learned in kindergarden do not apply to Amazon tablets

Davey126 said:
- dump the fastboot cable (all but useless on a HDX); this isn't a generic Android device
- ADB composite drivers come in many flavors; HDX bootloader only likes a few of them
- if/when you reestablish communication first step is to restore aboot and install TWRP; unlocking and ROM installation come later
- do not attempt to reinstall stock; frustration and heartache consume those who do
- again, this is not a run-of-the-mill Android gizmo; many of the tricks you learned in kindergarden do not apply to Amazon tablets
Click to expand...
Click to collapse
Lol I feel like I'm in kindergarten tinkering with this HDX. How do I restore aboot? clearly the image I flashed with was not the correct bootloader. Should I attempt to extract aboot from the stock ROM? Or would you be able to share you tool set/point me to a working link for aboot, TWRP, and ROMs (I've looked at 4 threads so far without working links)?
UPDATE: I managed to install the ADB MOT Composite driver, but still no response to simple ADB and Fastboot commands
Thanks again

Praxxer1 said:
Lol I feel like I'm in kindergarten tinkering with this HDX. How do I restore aboot? clearly the image I flashed with was not the correct bootloader. Should I attempt to extract aboot from the stock ROM? Or would you be able to share you tool set/point me to a working link for aboot, TWRP, and ROMs (I've looked at 4 threads so far without working links)?
UPDATE: I managed to install the ADB MOT Composite driver, but still no response to simple ADB and Fastboot commands
Thanks again
Click to expand...
Click to collapse
Not uncommon. Unfortunately, there is no 'fix script' moving forward as each situation is unique. If aboot is too damaged to support basic communication it's pretty much game over for the average laymen. You will need to comb the threads for information nuggets that may apply to your situation. Or cut your losses and move on. I am not big on trying to unbrick these pups unless one well versed in low level trouble shooting. Lousy ROI; has to be a labor of love including copious time researching, trying and (likely) failing. Good luck.
@draxie - for awareness; read back a few posts for context.

1-Click is your friend
Davey126 said:
Not uncommon. Unfortunately, there is no 'fix script' moving forward as each situation is unique. If aboot is too damaged to support basic communication it's pretty much game over for the average laymen. You will need to comb the threads for information nuggets that may apply to your situation. Or cut your losses and move on. I am not big on trying to unbrick these pups unless one well versed in low level trouble shooting. Lousy ROI; has to be a labor of love including copious time researching, trying and (likely) failing. Good luck.
@draxie - for awareness; read back a few posts for context.
Click to expand...
Click to collapse
Right... the symptoms described are the normal state of affairs
after 'fastboot erase aboot' and 'unlock.bat' does no such thing.
The post linked above and/or my original "Bulk mode" post both
have the necessary instructions to recover. Alternatively, 1-Click
can handle this, assuming access to either MacOS or Linux (for
the time being).

Blackview BV6600 - Flashing a new OS, Plz Help

Hi all,
Came by a Blackview BV6600 from someone who gave up on it - shipped saying that the device was 'corrupt and couldn't be trusted'. Went back and forth with their crappy customer service and gave up, sold it to me for cheap. It seems like a decently rugged phone but it does have a lot of bloatware and according to some threads on here about the mfgr I don't know if I trust them too much.
I'd like to wipe this phone, and I'm finding it difficult to locate a generic 'How to' for flashing a new OS to a phone. Disclosure; this is the first time I've done something like this. My experience is with computers, I know phones are a different beast and the user has much less freedom due to specifics of the hardware. If I say anything based on incorrect assumptions please correct me.
Again, what I would like to do is akin to installing Linux on what was a Windows box. I'd like to ****can as much weird chinese bloatware as possible (upto and including the entire OS) and replace it with some basic clean open source software. It seems like LineageOS does not have a version for Blackview phones, nor does it have a generic image. I notice that the Android open source project has 'Generic System Images' https://source.android.com/setup/build/gsi#flashing-gsis which sounds like what I want but references a vbmeta.img file which itself, as far as I can tell searching the forums, is likely manufacturer dependent, maybe phone dependent.
Anyway, I'm taking all the steps I see across enough sites to suggest they are platform-independent and won't brick my phone. Been following this video
since it's relatively recent and addresses my specific manufacturer.
So far I have:
Got developer permissions (go to Settings-About Phone, click build number repetitively)
in Settings-System turned on OEM unlocking and USB debugging
Figured out how to put this phone model in fastboot mode (hold volume up during restart)
Installed ADB and Fastboot (Linux), pinged the phone with "adb devices" and checked it's partitioning with " 'adb shell' <enter> 'getprop ro.build.ab_update' " no output, so that suggests 'A only'.
Next step seems to be:
oem unlock using fastboot. I seem to be having trouble here. In fastboot mode connected via USB, I can't detect the device. "Waiting for any device". 'adb devices' gives no response. No idea why. Phone screen looks exactly like in the video, hooked to USB that did return output for USB devices in normal boot mode.
Once I get over this dumb hump, I think I'll need to find a version of TWRP that will work on my device, install TWRP.
At this point I'm even more at sea: Most places suggest Magisk, but I've also seen explainers to wipe the old OS and install LineageOS.
If anyone has advice on what to do from here, specifically the near-term issue of not being able to find my phone via USB debugging while in fastboot mode, please let me know. But of course, long term I'm gonna need to know how to shovel this **** the phone came with out of storage and replace with a clean install so that is welcome as well.

bump

[Hisense A9] Root - How easy? (Snapdragon 662)

Hisense just released a new device called the A9. Since this phone has Snapdragon 662 I was wondering how easy it would be to root this device. I know there is an EDL for this CPU. The Hisense A5 series was also rootable. Not sure what method was used.
The Onyx Boox Note Air 2 (a 10.3" tablet), which I have, also runs on the same Snapdragon 662 and can be rooted via Magisk. I used the EDL to dump the boot.img on the Note Air 2 to root it via Magisk.
Disclaimer: I'm not a developer or super technical guy, but have rooted a few devices by following guides.
Does anyone know how easy or fast a root would be available? I'm assuming they didn't lock the bootloader on this device as most Chinese devices.

Hello, could you share with us how to root boox device please?

It would be great if GAPPS could be used.

Replying to bump this thread. I have the Hisense A9 and would love to be able to root. It has an option to unlock the bootloader in the developer options if that is helpful.

formeriphoneuser said:
Does anyone know how easy or fast a root would be available? I'm assuming they didn't lock the bootloader on this device as most Chinese devices.
Click to expand...
Click to collapse
Hello and good morning, @formeriphoneuser
I hope you'll always find and get the support you require.
However, prior to your next posting please read the guidances that are stuck on top of every forum like
[Read Before Posting]QUESTIONS DO NOT BELONG IN GENERAL
Hello Everybody, In order to attempt to keep this forum neat and tidy the moderation team is asking you to post your questions into the Questions and Answers (Q&A) forum and not into the General section. You can find the Q&A forum by clicking...
forum.xda-developers.com
and the others. I've moved the thread to Android Q&A.
Thanks for your cooperation!
Regards
Oswald Boelcke
Senior Moderator

I recently good a Hisense A9, and I've been trying to extract the boot.img and / or recovery.img from it (since I can't find either of those online yet). So far I've been trying to get boot.img from EDL mode using this EDL tool. I can boot into EDL mode fine, but when I try to run an EDL command there are lots of errors. It's possible I'm using the wrong Firehose file, but I think it's right. (I'll post a link to the logs below). I've been following this guide mainly. Is anyone else working on this?
*Edit* the firehose file I'm using is 0014d0e100000000_d40eee56f3194665_FHPRG.bin.
Anyway, OP - hopefully I, or someone, can get the boot image or recovery image soon, then we should be able to patch it with Magisk fairly easily and install Google Services etc.
A word of warning to anyone who wants to try working on this - every time I restart after being in EDL mode, the phone goes into a boot loop of sorts. I enter the 6-digit pin at boot-up, and the phone says something in Chinese (which Google translates as something like "optimising the system, please wait", from memory), and then keeps showing the desktop screen for a second, then looping back to the pin code input, then showing the message, and then repeat. If you hold down volume down, it'll go into safe mode, but then the same thing happens when you restart. I've always managed to get out of it, but I'm not 100% sure how! Something like holding the power key down for about 10 seconds while it's looping... The phone vibrates, but doesn't turn off, and then the loop stops and you can enter your 6-digit pin again and it's back to normal. If that doesn't work, then try turning the phone off, then back on again, but holding the power key down so it keeps restarting without fully booting. Last time I made it restart ~5 times, and then it was back to normal. Maybe it cleared some kind of system cache...?
These are the errors I get from the EDL tool when I try to extract the boot image.
https://pastebin.com/ejXfCJs9
https://pastebin.com/5CqUPB0a
https://pastebin.com/LMmEmm6v

RunnyYolk said:
I recently good a Hisense A9, and I've been trying to extract the boot.img and / or recovery.img from it (since I can't find either of those online yet). So far I've been trying to get boot.img from EDL mode using this EDL tool. I can boot into EDL mode fine, but when I try to run an EDL command there are lots of errors. It's possible I'm using the wrong Firehose file, but I think it's right. (I'll post a link to the logs below). I've been following this guide mainly. Is anyone else working on this?
Anyway, OP - hopefully I, or someone, can get the boot image or recovery image soon, then we should be able to patch it with Magisk fairly easily and install Google Services etc.
A word of warning to anyone who wants to try working on this - every time I restart after being in EDL mode, the phone goes into a boot loop of sorts. I enter the 6-digit pin at boot-up, and the phone says something in Chinese (which Google translates as something like "optimising the system, please wait", from memory), and then keeps showing the desktop screen for a second, then looping back to the pin code input, then showing the message, and then repeat. If you hold down volume down, it'll go into safe mode, but then the same thing happens when you restart. I've always managed to get out of it, but I'm not 100% sure how! Something like holding the power key down for about 10 seconds while it's looping... The phone vibrates, but doesn't turn off, and then the loop stops and you can enter your 6-digit pin again and it's back to normal. If that doesn't work, then try turning the phone off, then back on again, but holding the power key down so it keeps restarting without fully booting. Last time I made it restart ~5 times, and then it was back to normal. Maybe it cleared some kind of system cache...?
These are the errors I get from the EDL tool when I try to extract the boot image.
https://pastebin.com/ejXfCJs9
https://pastebin.com/5CqUPB0a
https://pastebin.com/LMmEmm6v
Click to expand...
Click to collapse
Maybe try this loader. This is for sure the one I used for my NA2. Otherwise, you have quite some errors that relate to python. Not sure what the issue is there.

formeriphoneuser said:
Maybe try this loader. This is for sure the one I used for my NA2. Otherwise, you have quite some errors that relate to python. Not sure what the issue is there.
Click to expand...
Click to collapse
Awesome, thanks! I should have mentioned which loader I was using (different to the one you linked). I'll edit my post to say what I used before.

I tried the loader that @formeriphoneuser suggested, but with a similar result. (https://pastebin.com/ucMkEkeW). I also tried with the flag --memory="ufs" in case the device has UFS memory, but similar result.
But the good new is, I've just discovered a reliable way to avoid the boot loop after leaving EDL mode. So to leave EDL mode, make sure any running commands have ended, unplug the device from the computer, and press and hold the eink button (on the left of the phone), volume-up, and power button. Keep them all pressed until the first vibration (after about 15 seconds or so, then release the power button only). Keep the other two pressed while the phone boots, and even while you're entering your 6 digit pin code. When you see the main screen you can release the buttons and your phone shouldn't enter the boot loop. I have no idea how much of that is necessary, but something in there works for me.
I've added an Issue to the github repo for the EDL tool I'm using. Other than that, I think I've hit a brick wall and won't be able to do any more for now. Unless anyone knows how to check that the firehose file is correct for my device, and update it if it's not. Hopefully Hisense will release the stock firmware, or send us an OTA update or something.

Does this work? if the Bootloader could be unlocked.

Arthurliao said:
Does this work? if the Bootloader could be unlocked.
Click to expand...
Click to collapse
The problem with a GSI is that Android doesn't have partial refresh support for the eInk display, which means a driver has to be written from scratch, otherwise the display will be verrrrrry slow.

RunnyYolk said:
I tried the loader that @formeriphoneuser suggested, but with a similar result. (https://pastebin.com/ucMkEkeW). I also tried with the flag --memory="ufs" in case the device has UFS memory, but similar result.
But the good new is, I've just discovered a reliable way to avoid the boot loop after leaving EDL mode. So to leave EDL mode, make sure any running commands have ended, unplug the device from the computer, and press and hold the eink button (on the left of the phone), volume-up, and power button. Keep them all pressed until the first vibration (after about 15 seconds or so, then release the power button only). Keep the other two pressed while the phone boots, and even while you're entering your 6 digit pin code. When you see the main screen you can release the buttons and your phone shouldn't enter the boot loop. I have no idea how much of that is necessary, but something in there works for me.
I've added an Issue to the github repo for the EDL tool I'm using. Other than that, I think I've hit a brick wall and won't be able to do any more for now. Unless anyone knows how to check that the firehose file is correct for my device, and update it if it's not. Hopefully Hisense will release the stock firmware, or send us an OTA update or something.
Click to expand...
Click to collapse
Bit of a long shot here, but I vaguely remember having trouble with EDL on my Oneplus 6T and I think the solution was to use a USB2 port instead of USB3.

RunnyYolk said:
I tried the loader that @formeriphoneuser suggested, but with a similar result. (https://pastebin.com/ucMkEkeW). I also tried with the flag --memory="ufs" in case the device has UFS memory, but similar result.
But the good new is, I've just discovered a reliable way to avoid the boot loop after leaving EDL mode. So to leave EDL mode, make sure any running commands have ended, unplug the device from the computer, and press and hold the eink button (on the left of the phone), volume-up, and power button. Keep them all pressed until the first vibration (after about 15 seconds or so, then release the power button only). Keep the other two pressed while the phone boots, and even while you're entering your 6 digit pin code. When you see the main screen you can release the buttons and your phone shouldn't enter the boot loop. I have no idea how much of that is necessary, but something in there works for me.
I've added an Issue to the github repo for the EDL tool I'm using. Other than that, I think I've hit a brick wall and won't be able to do any more for now. Unless anyone knows how to check that the firehose file is correct for my device, and update it if it's not. Hopefully Hisense will release the stock firmware, or send us an OTA update or something.
Click to expand...
Click to collapse
Also, looking at your pastebins, It seems you are running Ubuntu via a Parallels Virtual Machine. I would suggest using the LiveDVD from the EDL github repo and running it on bare metal to rule out any system related issues. Given that the pastebins show errors relating to libusb1.py, there is a good chance your issues are due to the emulated USB controller provided by Parallels.

matteqa said:
Also, looking at your pastebins, It seems you are running Ubuntu via a Parallels Virtual Machine. I would suggest using the LiveDVD from the EDL github repo and running it on bare metal to rule out any system related issues. Given that the pastebins show errors relating to libusb1.py, there is a good chance your issues are due to the emulated USB controller provided by Parallels.
Click to expand...
Click to collapse
I tried booting the liveDVD from the repo in Parallels, but it wouldn't boot, saying something like Ubuntu was missing. But I'll try it as a bootable USD drive. I won't be able to do it until next weekend at the earliest, but I'll report back when I've tried that method. Thanks for your suggestions!

So I bought a USB drive and flashed the liveDVD from the repo to it, but my only computers are Macs and will recognise the USB drive as bootable - I've tried Fat32 / HFS+ file systems, made sure it's a GUID partition table, and used both Etcher GUI and terminal's `dd` to burn the image to the drive, but still the USB never shows up in the startup utility. Anyway, I've hit a roadblock on this for now - I think my next options are to either pick up a cheap Windows laptop, or put a bounty out for boot.img (or preferably full root! )

RunnyYolk said:
So I bought a USB drive and flashed the liveDVD from the repo to it, but my only computers are Macs and will recognise the USB drive as bootable - I've tried Fat32 / HFS+ file systems, made sure it's a GUID partition table, and used both Etcher GUI and terminal's `dd` to burn the image to the drive, but still the USB never shows up in the startup utility. Anyway, I've hit a roadblock on this for now - I think my next options are to either pick up a cheap Windows laptop, or put a bounty out for boot.img (or preferably full root! )
Click to expand...
Click to collapse
Just checking, have you tried the macOS version of the EDL tool? All of your pastebins are from ubuntu parallels, however there is also a native macOS version in the github repo.

matteqa said:
Just checking, have you tried the macOS version of the EDL tool? All of your pastebins are from ubuntu parallels, however there is also a native macOS version in the github repo.
Click to expand...
Click to collapse
Ah, that's a good call! I did try the native Mac version on one machine, but it wasn't able to find libusb library, so I started using parallels / ubuntu, and then basically forgot that the native mac version existed! So thanks for the reminder - I tried it yesterday on an older Mac, and the native EDL client seems to be working properly. Unfortunately I think the firehose / loader files I have aren't correct. When I ran it with a loader I get sahara - [LIB]: Unexpected error on uploading, maybe signature of loader wasn't accepted ?
type object 'req' has no attribute 'image_id', and then I tried running it without any loader and got sahara - [LIB]: Couldn't find a loader for given hwid and pkhash (0014d0e100430000_56d3f3c74a52172b_[FHPRG/ENPRG].bin) :(.
So I guess we need the correct loader for the A9. I'm pretty clueless about how these files come to exist in the first place (do they have to come from the manufacturer, or can we build them ourselves?), but anyway I'll open a new issue on Github and see if the developer of the client can help.
For completeness' sake, here are logs from each attempt at reading boot_a (I tried three different loaders, each one with and without --skipresponse, and then once with no loader).
https://pastebin.com/AA9d5Tdh
https://pastebin.com/gXHS9pYN
https://pastebin.com/6e5FeWDc
https://pastebin.com/8dGWFNau
https://pastebin.com/iTd8ZsVH
https://pastebin.com/2esPvxyX
https://pastebin.com/Pvz9YxfE
https://pastebin.com/D47mPKt6
*edit* This is the issue on Github: https://github.com/bkerler/edl/issues/303

RunnyYolk said:
Ah, that's a good call! I did try the native Mac version on one machine, but it wasn't able to find libusb library, so I started using parallels / ubuntu, and then basically forgot that the native mac version existed! So thanks for the reminder - I tried it yesterday on an older Mac, and the native EDL client seems to be working properly. Unfortunately I think the firehose / loader files I have aren't correct. When I ran it with a loader I get sahara - [LIB]: Unexpected error on uploading, maybe signature of loader wasn't accepted ?
type object 'req' has no attribute 'image_id', and then I tried running it without any loader and got sahara - [LIB]: Couldn't find a loader for given hwid and pkhash (0014d0e100430000_56d3f3c74a52172b_[FHPRG/ENPRG].bin) :(.
So I guess we need the correct loader for the A9. I'm pretty clueless about how these files come to exist in the first place (do they have to come from the manufacturer, or can we build them ourselves?), but anyway I'll open a new issue on Github and see if the developer of the client can help.
For completeness' sake, here are logs from each attempt at reading boot_a (I tried three different loaders, each one with and without --skipresponse, and then once with no loader).
https://pastebin.com/AA9d5Tdh
https://pastebin.com/gXHS9pYN
https://pastebin.com/6e5FeWDc
https://pastebin.com/8dGWFNau
https://pastebin.com/iTd8ZsVH
https://pastebin.com/2esPvxyX
https://pastebin.com/Pvz9YxfE
https://pastebin.com/D47mPKt6
*edit* This is the issue on Github: https://github.com/bkerler/edl/issues/303
Click to expand...
Click to collapse
Have you tried to read from "boot" instead of "boot_a". Maybe hisense isn't using A/B partitions since they don't care about google play certification. Also, have you tried using --memory=ufs.
Otherwise, it may be that the loader has a custom signature. As far as I know, the loader is proprietary and you have to get it from the manufacturer.

@RunnyYolk
I've also just found a patched version of a SDM662 loader on another forum that might work.
I've reuploaded it here: https://cloud.matteqa.com/index.php/s/M6MxgPFDsYwaKP6

matteqa said:
@RunnyYolk
I've also just found a patched version of a SDM662 loader on another forum that might work.
I've reuploaded it here: https://cloud.matteqa.com/index.php/s/M6MxgPFDsYwaKP6
Click to expand...
Click to collapse
Thanks! I tried this loader, and also the --memory=ufs flag / "boot" alternatives as you suggested, but had the same errors as before. I'm pretty sure I saw boot_a and boot_b directories somewhere when I was exploring the filesystem in adb shell, but I'll double check again when I have time.
Are there any other avenues I could try to root this device? I wonder if there's any point trying to boot TWRP from an A7? Am I right in thinking I can `fastboot boot recover.img` without risk of bricking the phone? (Ie just booting rather than flashing.)... Maybe I'm clutching at straws...