OP status: [WIP]
This will fix devices which were bricked due to firmware incompatibility. This can be caused with the way HTC handles the firmware updates in it's m7's OTAs. If you've been flashing from a 3.x firmware to a 5.x firmware via OTA, or manually, you most likely have a device stuck in QHSUSB_DLOAD. This tool is for you
Currently supported devices: m7ul.
Prerequisites
the appropriate package for the device
a supported bricked device
a usb cable
fastboot
distro utils: md5sum, strings, tail, grep, unzip ( all included in most linux distros)
some basic linux experience
root access on a linux machine
patience
DISCLAIMER: We do NOT guarantee that this method will work for you, or that it is flawless. We are also not responsible if your phone is completely dead after the procedure, or your house burns down because your phone exploded. You are doing this in YOUR OWN RISK.
Instructions
Boot the linux box and download the appropriate package for the device.
Remove the sim card from the phone. Do not connect yet
Extract the package in your working directory
Open up a terminal and cd to that directory
Run revive.sh as root and connect the device
Code:
sudo ./revive.sh
The procedure is automated. At the end of the unbrick process, you will need to charge the device fully and then flash one of the full firmwares bundled, as pointed from the script. This is crucial to ensure device stability.
Notes on the procedure:
You will need to power on the device manually when the script prompts you. To do so, hold power button for ~60secs
USB3 ports might not work properly. Please plug the device in a USB2 port if you face issues
If your firmware is unsupported, please grab p1.img and p19.img from the working directory, note down the error and contact us
This has been tested on S-OFF devices. Please let me know if it works on S-ON as well
This *should* fix other firmware incompatibilities too, as long as the device can be detected
The firmwares included are completely stock, including recovery. You are not advised to use others
Downloads
For HTC One (M7_UL)
32bit MD5: c9b8c0ea1700edfda1d69a2491e59aa5
M7u ??
Thanks it's late for me as HTC changed my phone's motherboard Free of cost
Congrats on the release dexter. Awesome job resurrecting my m7
Thank you very much dexter for this!
Im installing ubuntu. Never try it, hope can get it well and unbrick my m7.
Very helpful and kind!! Thanks for sharing!
Enviado desde mi HTC One_M8 usando Tapatalk 2
Thanks it worked well for me as well (before official release... With usb 3 maybe that's why it didnt work at first dexter)
Posted with my unbricked HTC one
I couldn't, im ATT model. Should pm screen of error or how contact u dexter?
Thanks in advance. Unsupported firmware error i got
Enviado desde mi HTC One_M8 usando Tapatalk 2
Will try that later today ! My last hope before sending it in :fingers-crossed:
I have a linux boot disc here. If someone could tell me how to get it to boot in root (Never done this before) I would be greatful. So i can start after work immediatly !
BanBoo said:
Will try that later today ! My last hope before sending it in :fingers-crossed:
I have a linux boot disc here. If someone could tell me how to get it to boot in root (Never done this before) I would be greatful. So i can start after work immediatly !
Click to expand...
Click to collapse
Root access is when you launch something using the sudo command, I can assist you with team viewer but it's very easy.
Awesome, thank you.
I am running GPe 4.4.2 with 3.x firmware
If I want to install sense 6 ROM and upgrade to a 5.x firmware, what is the safest way?
Thanx @dexter93, I added link to this thread in [Firmware] HTC ONE M7_UL | Firmware 5.11.401.10 | No Red Text | Radio 4T.27.3218.14
---------- Post added at 10:14 AM ---------- Previous post was at 10:12 AM ----------
pet4a said:
Awesome, thank you.
I am running GPe 4.4.2 with 3.x firmware
If I want to install sense 6 ROM and upgrade to a 5.x firmware, what is the safest way?
Click to expand...
Click to collapse
Flash firmware from here http://forum.xda-developers.com/showthread.php?t=2485651
Shame I already got my phone back from HTC, they replaced my PVS4 board with a PVS3 one.
Otherwise I would have definitely tried this.
Sent from my baked potato with blue cheese
[email protected]:~$ cd Downloads
[email protected]:~/Downloads$ sudo ./revive.sh
HTC Unbricking Project M7_UL 0.5beta
Detecting bricked device..
Accessing device on /dev/sde
Gathering data
./revive.sh: line 20: 6281 Illegal instruction (core dumped) ./${emmc_recover} -b p1.img -d "${ubpath}1" -s -q
./revive.sh: line 21: 6283 Illegal instruction (core dumped) ./${emmc_recover} -b p19.img -d "${ubpath}19" -s -q
strings: 'p1.img': No such file
strings: 'p19.img': No such file
Unsupported firmare
thats what the terminal prompts me. seems linke its an unsupported fw:cyclops:. might there be a fix or a new version in the future? looks like it could work somehow...:fingers-crossed::good:
BanBoo said:
[email protected]:~$ cd Downloads
[email protected]:~/Downloads$ sudo ./revive.sh
HTC Unbricking Project M7_UL 0.5beta
Detecting bricked device..
Accessing device on /dev/sde
Gathering data
./revive.sh: line 20: 6281 Illegal instruction (core dumped) ./${emmc_recover} -b p1.img -d "${ubpath}1" -s -q
./revive.sh: line 21: 6283 Illegal instruction (core dumped) ./${emmc_recover} -b p19.img -d "${ubpath}19" -s -q
strings: 'p1.img': No such file
strings: 'p19.img': No such file
Unsupported firmare
thats what the terminal prompts me. seems linke its an unsupported fw:cyclops:. might there be a fix or a new version in the future? looks like it could work somehow...:fingers-crossed::good:
Click to expand...
Click to collapse
Which Ubuntu? have you untar'ed everything in ~/Downloads? 32 or 64bit? Is it a VM?
dexter93 said:
Which Ubuntu? have you untar'ed everything in ~/Downloads? 32 or 64bit? Is it a VM?
Click to expand...
Click to collapse
It`s Ubuntu (64bit) 14.04. Yes i guess... i`ve extracted the whole package from here to ~/Dowloads$. Is there another one? What files should there be? No, not VM I`ve booted from a disc.
Am I suppoused to use a 32bit ubuntu?
Edit: same with Ubuntu 14.04 32bit
2 questions
Given that the phone is dead,how can i have fastboot? Only viewed as QHSUSB_DLOAD, just the sound on windows when connected to usd....no idea if its still charged or not, fastboot commands ofcourse not work (waiting for device)
Also could someone tell me a way to make sure my phone is ul, finding something on its box?
thanks
BanBoo said:
It`s Ubuntu (64bit) 14.04. Yes i guess... i`ve extracted the whole package from here to ~/Dowloads$. Is there another one? What files should there be? No, not VM I`ve booted from a disc.
Am I suppoused to use a 32bit ubuntu?
Edit: same with Ubuntu 14.04 32bit
Click to expand...
Click to collapse
Something's up with ubuntu and the tool binary for some weird reason. Looking into it
τομαικ said:
2 questions
Given that the phone is dead,how can i have fastboot? Only viewed as QHSUSB_DLOAD, just the sound on windows when connected to usd....no idea if its still charged or not, fastboot commands ofcourse not work (waiting for device)
Also could someone tell me a way to make sure my phone is ul, finding something on its box?
thanks
Click to expand...
Click to collapse
You can have fastboot set up on your pc. And use it when the script tells you to.
τομαικ said:
Also could someone tell me a way to make sure my phone is ul, finding something on its box?
thanks
Click to expand...
Click to collapse
I think if it's a single-SIM GSM m7 it should work (dexter can clarify if I'm wrong here).
I had this Using Ubuntu 14 x64
My M7 is Att Unlocked Factory, S OFF, Cid TELUS01 -was trying to get ota, and bricked!-
No Sim when tried as tutorial idicates
HTC Unbricking Project M7_UL 0.5beta
Detecting bricked device..
Accessing device on /dev/sdc
Gathering data
./revive.sh: línea 20: 6467 Instrucción ilegal (`core' generado) ./${emmc_recover} -b p1.img -d "${ubpath}1" -s -q
./revive.sh: línea 21: 6469 Instrucción ilegal (`core' generado) ./${emmc_recover} -b p19.img -d "${ubpath}19" -s -q
strings: 'p1.img': No hay tal fichero
strings: 'p19.img': No hay tal fichero
Unsupported firmare
Related
Basically I'd tried all the methods that I found here (hardspl, sspl-herm, etc) but I still cannot
1) upgrade the radio rom to 1.38...
2) unlock either the sim or CID.
HERM200
ROM 2.10.751.1
extROM 2.10.751.101
Radio ROM 1.14.01.10
Protocol 32.50.7018.00H
IPL 1.01
SPL 1.09
Manufacture at 2007-02
Any idea to this ?
Even imei-check.co.uk doesn't know how to unlock it....
I have noticed that all with the radio xx.xx.01.xx has this problem...waiting for Pof's great work again
i hv checked and and HTC_BOOT is 0182, not 0107 or 0108
Can someone try to dump the radio with hermflasher and post it here?
pof said:
Can someone try to dump the radio with hermflasher and post it here?
Click to expand...
Click to collapse
Cool, I'll do it as soon as I can. Cheers!
I will try, too (Some problem now as I am now using visual studio).
Thx all for help.
Damn SoftBank! Will they ever give up?!?
Of course not! It amuses them!
benkywong said:
i hv checked and and HTC_BOOT is 0182, not 0107 or 0108
Click to expand...
Click to collapse
Have you tried running Des's SSPL and/or flashing Olipro's Hard-SSPL?? ?
Yes. I've tried Des's SSPL and flashing Hard-SSPL 1.1/1.35
mike,
are you able to flash with a different ROM? WM6? I'm planning on getting one, and if I can't change to WM6, probably not - please advise.
I can (actually I am now using LVSW 26/3 version).
For the radio rom, however, I cannot upgrade to 1.38
mikeho305 said:
I can (actually I am now using LVSW 26/3 version).
For the radio rom, however, I cannot upgrade to 1.38
Click to expand...
Click to collapse
Hi Mike, so does that mean you have successfully unlocked the new White X01HT?
Best, Gus
If one can't flash pof's radio it can't be unlocked...
Just got one Apple IMac (Power PC) machine from my friend.
Would anyone please teach me how to make use of the hermflasher to extract the radio rom ?
HERM200
ROM 3.23.0.2
Radio ROM 1.14.01.10
Protocol 32.50.7018.00H
IPL 1.01
SPL 1.30 Olipo
Manufacture at 2007-02
mikeho305 said:
Just got one Apple IMac (Power PC) machine from my friend.
Would anyone please teach me how to make use of the hermflasher to extract the radio rom ?
Click to expand...
Click to collapse
I don't think it will work on a PowerPC mac, all users reported it working on intel mac. If you can get an intel mac or linux machine, start SPL-1.04 from SSPL or flash HardSPL 1.10.Oli (you need a bootloader with 'rtask' command enabled). Once you have it, run hermflasher like this:
Code:
# ./hermflasher -r dumpedGSM.nb
Hi Pof,
These were what I'd done yesterday :-
1) Changed X01HT's SPL to 1.10Oli
2) Installed Redhat 8.0 to one of my "Old" intel PC
3) Connected X01HT to the PC using USB
4) Typed these commands using the terminal
4.1) ./hermflasher -r dumpedGSM.nb
result : Cannot find any device
4.2) ./hermflasher -s /proc/bus/usb/001/017 -r dumpedGSM.nb
result : segmentation error
4.3) ./hermflasher -s /dev/ttyusb1 -r dumpedGSM.nb
result : Cannot find any device
As new comer to Linux, these were what I can do so far. Any idea/suggestions ?
it should be /dev/ttyUSB0 or /dev/ttyUSB1 (note the upper-case)
check your /dev directory after you connect your phone to usb, ttyUSBx files appear automatically, or at least, they should if your USB works right an you have put your phone to bootloader mode...
Thanks for your information. I've tried both ttyUSB1 (default) and ttyUSB2 but I still failed to connect. I am now checking the system log and seems RedHat reports error everytime when I connect X01HT to the USB port of this "old PC". Should I looking for some device driver or better install another Linux ?
hi guys!
Thanks for the affort creating the roms and the applications and roms!
its really great to know you!
but i have a problem. This easy way with Hardspl makes more problems like the old system in my case :-(
------------------------------------- general infos
(i used PDAViet_4.0.0.5a for long time! i was really satisfied with this rom)
i downgraded to WM5 by using RUU_Prophet_220734_2207114_024721_NVID
i downloaded the update_package, because i want to try Prophet Shadow 1.0 (Vista Aero FINAL EDITION) so i need hardspl
-------------------------------------
---- what i did:
-------------------------------------
i started the Hardspl.bak
on my mobilephone an applications started and asked to be installed (i said yes)
afterwards my pc started the RUU
but THIS stopps with the VISTA message: "Applications stops working"
the bat file says:
------------- output on pc ----------------
*****************Hard SPL for Prophet**************
** Make sure that your device is G4 before **
** running this patch!! **
***************************************************
Press any key to continue . . .
Start Time: 19:21:39,85
Initializing...
***************** Done ! **********************
End Time: 19:27:07,96
Press any key to continue . . .
-----------------------------------------------------
What did i wrong?
as i understood i dont need step 3 and step 4. (this is only used, if i have NO RUU, but as i understood the new roms are RUUs ??) step3 and step4 is used, if i wanna use the old gullums pdaviet !? (as i read in an other topic)
I tried to use RUU_Prophet_220739_2207119_024721_QTEK_GER_Ship
to get an official rom on my mobilephone. but also this RUU i cannt use. every other rom except RUU_Prophet_220734_2207114_024721_NVID
i noticed, when i have this white screen (thx to the jumpspl) i have no connection and so the RUU cannot connect. but how can i use RUU, if there is no connection with my mobilephone ?? (during white screen)
my actual phone infos
ipl 2.09.0001
spl 2.20.0001
gsm 02.47.21
os 2.20.7.34
Can anyone help me?
ahhh, windows vista. I got the same crash of the updater app (I'm on vista also).
no problems running it from my laptop that has windows xp.
no idea with VISTA.. Google it.. Maybe some one could help you.
mhh... but i solved the problem with vista by using the OLD method
i am confused. i have the usb driver of Active Sync 4 (for win XP) and only with this new USBAS i am able to Flash the rom.
I FLASHED the rom, so it cant be win Vista, or is it because of a command in bat file?
has anyone an idea???
The problem is the RUU, there isn't a Prophet RUUthat can be used with Vista. HTC didn't develloped one since they didn't release an upgrade in the "Vista age" for Prophet.
So, with the change of the drivers wich you did, you can connect at USB-level and flash the "old-style". But until someone modiefies a Vista-RUU suitable for Prophet, the "new-style" won't work.
There is a Vista-RUU circulating, but it only serves G3, it will give an error when used with a G4. you will find it here: post #14 Don't mind is doesn't show a Prophet. The modifier just didn't change the image.
woooow great!!!
THX man!!
THATS the information what i wanted! in one short answer, i know everything what i need!
perfect!
one more thing:
is it possible to convert the RUU back to the old style? that means, i have the directory for the ext_rom and all the files like in the old style with the upgrade.bat file?!?!
floxe said:
....one more thing:
is it possible to convert the RUU back to the old style? that means, i have the directory for the ext_rom and all the files like in the old style with the upgrade.bat file?!?!
Click to expand...
Click to collapse
Good question, but I don't have an answer. I am sure it can be done (red about it somewhere, I think in the hypercore-thread) but I don't know how.
BTW: the RUU is only the Rom Upgrade Utility, it is the nk.nbf that contains the actual Rom Upgrade, so that's the one to be converted.
UPDATE: First custom rom with Interop Unlock flashed succesfully. Requires hard reset after installing and an unlocked bootloader. See post for proof:
http://forum.xda-developers.com/showpost.php?p=24818275&postcount=242
BIG THANK YOU TO ULTRASHOT!
Without you I couldn't have done it!
NOTICE: Testing full unlock (XIP unlock etc) with ultrashot. Will post new files as soon as I get a working build which doesn't get stucked on boot
Disclaimer:
I AM NOT RESPONSIBLE IF YOU LOOSE DATA, BREAK YOUR PHONE, OR SET YOUR HOUSE ON FIRE. DO THIS AT YOUR OWN RISK. BTW, REQUIRES A HARD RESET SO YOU WILL LOOSE ALL THE DATA IN YOUR PHONE BY FLASHING THIS. IF UNSURE, DON'T DO IT.
PLEASE STOP PM'ING ME FOR HELP, I CAN'T REPLY 20 PMS/HR. Please use the forum, maybe someone can create a discussion topic to help others and leave this for links and development. Thank you very much!
PLEASE STOP SENDING ME PMS ASKING FOR HELP AND USE THE DEDICATED THREAD
THIS THREAD IS FOR DEVELOPMENT ONLY, PLEASE RESPECT THAT AND USE THE Q&A THREAD FOR YOUR QUESTIONS.
LINKS:
Lumia 800: Full Unlock
New firmware: May 16, 2012 (removed foursquare and stuff)
sdb3.rar: Flash it to PARTITION #3. It contains 12070's amss & adsp. Not absolutely required but if you have an older version this should give you better battery life.
http://www.mediafire.com/?kwjladlgvq81rha
OS-NEW:
As always, flash it to PARTITION #9.
Part1: http://www.mediafire.com/?21by2oj7acnhkhw
Part2: http://www.mediafire.com/?wkeduvp9l4199qh
Part3: http://www.mediafire.com/?cnbkms40dy4y06z
Part4: http://www.mediafire.com/?rabunpmnaqclq3o
Complete Mediafire folder access: http://www.mediafire.com/?uo2dqcl34b9cy
___________________
Alternate ROM with Full Unlock + Some apps:
Part1: http://www.mediafire.com/?8gnqm418v32im3e
Part2: http://www.mediafire.com/?bgtg2t5infrnua1
Part3: http://www.mediafire.com/?l0sl5hbr0v9gfi1
Part4: http://www.mediafire.com/?emt2dfswdhn0z0w
Apps preinstalled:
DS Supertool
File Deployer
Metro Theme
WebServer
WinTT
WM Device Center
WP7 Root Tool
___________________
Lumia 710: Interop Unlock (no full unlock yet)
ROM Based on: RM803_059N2L6_1600.3015.8107.12070_010
Mediafire folder access: http://www.mediafire.com/?9z6og65ozgrnr
http://www.mediafire.com/download.php?d3bj3dkfbffbakn
http://www.mediafire.com/download.php?l35zjaebdrsm315
http://www.mediafire.com/download.php?ys5bapu8ubezybo
http://www.mediafire.com/download.php?tnadd4uuoxhatv3
CAUTION: I don't have a 710, so these images AREN'T TESTED. Use at your own risk. Be careful, people are reporting problems with this rom.
Full Unlock Image for Lumia 710 by lucifer3006 -BE CAREFUL, IT HAS BUGS, FOR TESTING PURPOSES ONLY- (thanks ultrashot & lucifer3006): http://www.mediafire.com/?p3318y5l19abb
You have a mirror of all the stuff on mediafire on xdafil.es: http://xdafil.es
Thank you mousey_!
PLEASE DO A FULL BACKUP OF THE NAND BEFORE PLAYING AROUND.
If you are developing fixes for the bootloader 'problem', feel free to grab a copy of the rest of partitions and stuff I posted over this thread here: http://www.mediafire.com/?kknt4lnc3tn7w
INSTRUCTIONS:
Requires an unlocked bootloader (a.k.a. qualcomm development bootloader).
Easy to check: Turn the phone OFF, then press and hold VOLUME UP + POWER until you notice a short vibration. Plug in to the computer. If the phone turns up in disk mode (USB Mass Storage Device), then you have an unlocked bootloader. IF you're in Windows, it will ask if you want to format the disk. SAY NO OR IT WILL EXPLODE (it won't explode but you might break it)
If the device detected by the computer is Nokia DLOAD you have a locked bootloader and you're out of luck, at least for now.
I used 'dd' in Linux, I guess you can do it with Windows version too (http://www.chrysocome.net/dd) but it's more involved to find the appropiate partition:
dd if=./os-new.nb of=/dev/sdX9
Where X is the disk detected by your linux distribution.
After that, you'll need to hard reset the phone. Hold Power button for 10 seconds to exit Qualcomm's disk mode, and press and hold POWER+VOLUMEDOWN+CAMERA until you feel the phone vibrate. After that, RELEASE power button but KEEP HOLDING volume down + camera for five or more seconds. This will trigger the hard reset.
Now time to play with bootloaders and try to get this to work for everyone!
If you like my work and want to donate for a beer (or two), follow this link
Fantastic discovery. I am not a coder. All the best.
Can't reproduce here.
I press both volume buttons and power and I get 'Nokia DLOAD'.
If I stop holding volume buttons, it boots WP7.
The method you've described is how I do dead-mode flash. I don't see why it would show a USB disk.
awesome work mate!! having a look right now!
seems NAND cant be accessed directly form windows PC! strange! need to check more..
im getting usb input on device manager...but no drivers install!
so looks like i need the drivers.
no drivers found...now i need to goto linux.
surya skype me we'll figure this out thats a fantastic discovery mate !have a nice easter ,booom
Ooohh, ****!! I promissed myself to never install Linux... But...
xsacha said:
Can't reproduce here.
I press both volume buttons and power and I get 'Nokia DLOAD'.
If I stop holding volume buttons, it boots WP7.
The method you've described is how I do dead-mode flash. I don't see why it would show a USB disk.
Click to expand...
Click to collapse
The only other thing I did was change usb mode from Zune to Serial on diagnostics app, and tap a bit on the 4 serial ports it shows when in serial mode, but I tried and for me it still works even in zune mode.
Also, what I have is a retail phone, not a development one.. just in case:
OS version: 7.10.7720.68
Firmware rev: 1600.2475.7720.11414
SoC version: 0.74.2.1
Bootloader version: 7.35.0.0
What do you have in your phone?
Sent from my GT-I9100 using XDA
biktor_gj said:
The only other thing I did was change usb mode from Zune to Serial on diagnostics app, and tap a bit on the 4 serial ports it shows when in serial mode, but I tried and for me it still works even in zune mode.
Also, what I have is a retail phone, not a development one.. just in case:
OS version: 7.10.7720.68
Firmware rev: 1600.2475.7720.11414
SoC version: 0.74.2.1
Bootloader version: 7.35.0.0
What do you have in your phone?
Sent from my GT-I9100 using XDA
Click to expand...
Click to collapse
OS version: 7.10.8107.79
Firmware rev: 1600.2483.8107.11501
SoC version: 0.74.2.1
Bootloader version: 7.35.0.0
I'm in Zune mode. I'll try this serial mode. Edit: Serial is same. I just get 'Nokia USB connectivity' instead (in Windows). Shows nothing on Linux.
Heathcliff74 said:
Ooohh, ****!! I promissed myself to never install Linux... But...
Click to expand...
Click to collapse
Maybe you can look here:
http://www.puppylinux.com/
ok guys so this is only available for 7720.11414 or lower(11412) firmware and since you have 11501 this is not available so downgrade guys and woooow !! we're almost there
Oh no, so this wotn work for 1207 firmware?
Great discovery, works great on my Lumia 710 (tried it with Ubuntu 11.10).
OS version: 7.10.8107.79
Firmware version: 1600.3015.8107.12070
Bootloader version: 7.33.0.0
Okay, I kept digging a little deeper, and this is what I know so far (if you want copies of dumps, files etc, just ask for them )
First of all... Thank you Nokia!
LUMIA 800 FLASH FILE SYSTEM LAYOUT:
Partition Begin End Blocks ID
/dev/sdb1 * 1 1000 500 4d Initial Bootloader - SECBOOT
/dev/sdb2 1001 4000 1500 46 Second stage loader? - OSBL, also looks like it has the download mode and seems to init LCD, enable USB etc.
/dev/sdb3 4001 304000 150000 c W95 FAT32 (LBA) - Writable partition with EMMCBOOT, AMSS etc.
EMMCBoot is responsible for loading Windows Kernel (nk.exe). I got a copy of Samsung Galaxy i9001's emmcboot.mbn, and putted it in there. It tries to start, but seems to crash (expected). But hey! it tries to boot it (it even vibrates for 1/10 of a second), so getting something else (did anyone say...android?)running on this phone should be easier than in lots of other phones... Does anyone have u-boot ports for Qualcomm 8255?
/dev/sdb4 304001 31037579 15366789+ 5 Extended partition which holds the OS
/dev/sdb5 304006 304133 64 ef EFI (FAT-12/16/32) - Linux detects it as an EFI partition, but it's just 64Kb size, and seems to have some markers, not sure yet what it is, but could be anything from IMEI and simlock to an actual efi partiton for WinCE...
EDIT AGAIN: this partition contains phone serial number and product code, and possibly imei and simlock. For sure its not an efi partition
/dev/sdb6 304134 310277 3072 58 3Mb size
/dev/sdb7 393216 399359 3072 4a 3Mb size
/dev/sdb8 399360 405503 3072 4b 3Mb size
These three partitions have similar start and end data on their partitions, no idea what they are, since I haven't been able to see if it's even a file system. All the documentation I see seems to tell Windows Mobile uses exFAT for the filesystem, but can't seem to find its header anywhere on the flash... still looking. It could even be where WinMo stores application installers for first boot on the device (but could be perfectly wrong)
All of them start with the following header (hex):
7D 8D 27 82 D7 40 F8 90 53 22 82 43 6D EC 6F 69 49
/dev/sdb9 524288 31156362 15316037+ 48
This las partition is 15Gb size, and contains all the Operating System and all the data on the phone.
Anyone know about how does Windows Phone manage filesystems on NAND? Some help would be really appreciated...
EDIT: A little bit more... The file system for the 15Gb partition has _wmstore header, still incompatible with some kitchens, but still looking...
Here's part of the header:
_wmstore
!zLH?k
_wmpart_B
_wmpart_S
_wmpart_S
_wmpart_N
_wmpart_U
_wmpart_D
_wmpart_I
_wmpart_P
_wmpart_U
PSBdX
GFCB
SRPX
Once we can mount this thing and inject some files we'll have interop unlock
can we flash a rom through that ?
You can dump and write back whatever you want to the flash, so if anyone finds some application to read wmstore dumps and build them back I can check it...
tl;dr: you can do custom roms and whatever you want with it,but need some app to manage it first
Sent from my GT-I9100 using XDA
this is awesome! +1 for u for this!! i am gonna install ubuntu in next 2 hrs and downgrde my lumia...since im on updated, it doesnt have options fro zune serial modes! :///
crap wer da hell was linux!! hahah
anyways...keep it up..hope to see this baby rock!
Keep it up guys!
It's one of the very few positive signs about lumia windows phone development.
surya467 said:
this is awesome! +1 for u for this!! i am gonna install ubuntu in next 2 hrs and downgrde my lumia...since im on updated, it doesnt have options fro zune serial modes! :///
crap wer da hell was linux!! hahah
anyways...keep it up..hope to see this baby rock!
Click to expand...
Click to collapse
Apparently there's no need to downgrade. beidl said he managed to get it working using 12070 firmware
ombadboy said:
Apparently there's no need to downgrade. beidl said he managed to get it working using 12070 firmware
Click to expand...
Click to collapse
but on lumia 710 man on lumia 800 diagnostic app is updated on those firmware and is lack of serial mode
cdbase said:
but on lumia 710 man on lumia 800 diagnostic app is updated on those firmware and is lack of serial mode
Click to expand...
Click to collapse
It seems it has more to do with firmware version than Serial/Zune menu availability on Diagnostics app. I haven't updated my Lumia, so I can't know for sure. Try powering down the phone and holding vol+, vol- & power. If windows detects a USB disk and tells you it's not formatted, it probably works for you (you can check it by going to Control Panel -> Administrative tools -> Computer Management -> Disk Management)
AGAIN, BE CAREFUL, YOU CAN BRICK YOUR PHONE.
yesterday when i tried to update the radio on my dinc4g (including rcdata=radio_data and rpm=radio-powermanagement, but somehow i thought it should be okay to also include boot.img (as this is reversible by TWRP recovery and tz=trusted_zone!!) ... before i compared to similar (but supposedly reversible!! partial firmware updates with their matching firmware downgrades ... all only suggested to remove at least hboot.img and stock-recovery if included) ... there was no new hboot in the new 2014 OTA firmware and stock-recovery (along with the 2ndary bootloaders) i had removed
everything also flashed just fine, no write failed, just all "OK / OKAY" and done, BUT ... after fastboot reboot ... the phone didn't come up anymore and is now STUCK on "QHSUSB_DLOAD" mode => bricked! damn ...
unfortunately the "regular" HTC unbrick tools do not support the Dinc4G ... now i'm hunting for solutions to recover my daily driver >.> already searched xda and elsewhere: tried at least brick-detect from HTC unbrick tools, but they are mainly looking if linux registers the "qhsusb_dload" _and_ adds the partitions of the phone to the running linux ... but mine only registers the serial-usb terminal from qhsusb_dload, but _not_ the phones partition(s) >_>
only thing i found is that the qualcomm QPST (oem preprogramming!) tool sees this device (albeit as said in download-mode only) and offers to flash certain things, but i do not have a QPST backup-file for the Dinc4G to compare to and/or use that to revive my phone.
i'm therefore looking for someone with a working (and at best similarly S-OFF'ed dinc4g phone to create such a QPST backup.
any help is highly welcome
further hunting the web and lots of reading here on XDA (for similarly bricked mobiles ... from almost every manufacturer!) ... the easiest (albeit not always working) idea comes down to the following:
getting a direct dump from the eMMC memory of a running/working system in a known good state:
Is anyone willing to dump the partition table/bootloader part from their working Dinc4G with FW 2.17.605.2 (the regular ICS4.0.4 without the most current 2014 OTA) for me?... best would be from an S-OFF device like mine i assume, just to make sure it matches my situation, but S-ON should also work, as it's just for recovery-boot via microSD (if it work's on a Dinc4G)
in a busybox or other terminal as root (aka: su mode)
Code:
dd if=/dev/block/mmcblk0 of=/sdcard/backup.bin bs=1048576 count=256
this will dump the first 128MB of your own eMMC (internal memory) including your current and working partition table and some of the boot partitions
then just zip that "backup.bin" (which should greatly reduce its size!) ... uploaded it somewhere and forward me the link ...
thanks for your help!!! :fingers-crossed:
thanks to j13smiley, who provided me with a eMMC dump from his Dinc4G ... i couldn't get my bricked fireball so far to failsafe-boot from the microSD with the dump he send me:
but I was able to reconstruct the filesystem-structure quite somewhat further than mdmower here http://forum.xda-developers.com/showthread.php?t=2077608&page=7 with the descriptive help from this thread http://forum.xda-developers.com/showthread.php?t=1959445 using the HOXL as a template for partition types on HTC devices
here is what i've come up with so far (analysing the /dev/mmcblk0 dump from j13smiley:
Code:
omitting empty partition (33)
Partition 33 is deleted
Disk /dev/mmcblk0: 15.9 GB, 15931539456 bytes =!size is wrong, due to using a 16GB uSD to dump the backup!=
1 heads, 16 sectors/track, 1944768 cylinders, total 31116288 sectors =!same as above!=
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System QCname
/dev/mmcblk0p1 * 1 256 128 4d QNX4.x SBL1(cfg_data)
/dev/mmcblk0p2 257 768 256 51 OnTrack DM6 Aux1 SBL2
/dev/mmcblk0p3 769 262110 130671 5d Unknown
/dev/mmcblk0p4 262111 15269886 7503888 5 Extended EXT
/dev/mmcblk0p5 262112 262143 16 5a Unknown (CID+IMEI)
/dev/mmcblk0p6 262145 262656 256 73 Unknown
/dev/mmcblk0p7 262658 293812 15577+ 5b Unknown
/dev/mmcblk0p8 293814 294325 256 5c Priam Edisk
/dev/mmcblk0p9 294327 296374 1024 45 Unknown SBL3(qscbl)
/dev/mmcblk0p10 296376 296887 256 47 Unknown RPM(appsbl)
/dev/mmcblk0p11 296889 300984 2048 46 Unknown TZ(oemsbl)
/dev/mmcblk0p12 300986 303033 1024 4c Unknown HBOOT(aboot/fota)
/dev/mmcblk0p13 303035 303098 32 0 Empty
/dev/mmcblk0p14 303100 315387 6144 34 Unknown SPLASH
/dev/mmcblk0p15 315389 317436 1024 36 Unknown
/dev/mmcblk0p16 317438 319485 1024 0 Empty (dsps)
/dev/mmcblk0p17 319487 411646 46080 77 Unknown (radio)
/dev/mmcblk0p18 411648 432127 10240 7a Unknown (adsp/q6)
/dev/mmcblk0p19 432129 442368 5120 0 Empty (wcnss)
/dev/mmcblk0p20 442370 458750 8190+ 74 Unknown (radio_config)
/dev/mmcblk0p21 458752 491519 16384 48 Unknown BOOT(apps)
/dev/mmcblk0p22 491521 524287 16383+ 71 Unknown (recovery)
/dev/mmcblk0p23 524289 526333 1022+ 76 Unknown (misc)
/dev/mmcblk0p24 526335 534526 4096 4a Unknown MODEMST1
/dev/mmcblk0p25 534528 542719 4096 4b Unknown MODEMST2
/dev/mmcblk0p26 542721 583680 20480 19 Unknown (devlog)
/dev/mmcblk0p27 583682 583689 4 0 Empty
/dev/mmcblk0p28 583691 584202 256 23 Unknown (pdata)
/dev/mmcblk0p29 584204 584235 16 0 Empty
/dev/mmcblk0p30 584237 586797 1280+ 0 Empty (local)
/dev/mmcblk0p31 586799 586926 64 0 Empty
/dev/mmcblk0p32 586928 786431 99752 0 Empty =!possibly wrong start/end&blocks!=
/dev/mmcblk0p33 83 EXT4 (system)
/dev/mmcblk0p34 83 EXT4 (cache)
/dev/mmcblk0p35 83 EXT4 (userdata)
/dev/mmcblk0p36 c FAT32(LBA) (fat)
not fully complete yet, but still much further improved over the previous partition layout details
Anything I can do to help?
I have qdload.pl, a MPRG8960.hex and 8960_msimage.mbn from some XDA thread or other (they don't seem to work though). My fireball is functional, rooted but S-ON (I got it early and htcdev still allowed me to unlock the bootloader). It does have the OTA update though.
I'm interested because my wife's fireball is stuck in QDL mode. She's migrated to a Rezound so it's not urgent.
I suspect it got that way because I used DirtyRacun S-OFF, then went to flash the OTA update. I suspect DR modifies hboot or one of the sbl's, and when I flashed the OTA it might have put me back S-ON.
(Got motivated to try to root her phone because even though it wasn't rooted, it kept trying and failing to download the OTA, killing the battery).
The DR website has an RUU.zip that has images of all the sbl's and an hboot, so working images isn't a problem, but getting them on there is.
mutterc said:
I have qdload.pl, a MPRG8960.hex and 8960_msimage.mbn from some XDA thread or other (they don't seem to work though). My fireball is functional, rooted but S-ON (I got it early and htcdev still allowed me to unlock the bootloader). It does have the OTA update though.
Click to expand...
Click to collapse
if you don't mind: plz attach your MPRG8960.hex and 8960_msimage.mbn files here ... so i could compare against those i have.
and well, if you are still S-ON _and_ the OTA-2014 is already applied then you are "out of luck" ... at least for the next couple of weeks or even months. no S-OFF method known for OTA-2014 applied fireballs!
I suspect it got that way because I used DirtyRacun S-OFF, then went to flash the OTA update. I suspect DR modifies hboot or one of the sbl's, and when I flashed the OTA it might have put me back S-ON.
Click to expand...
Click to collapse
afaik: DR "only" uses security holes in the firmware from 2.17.605.2 (from regular ICS4.0.4 RUU) to remove S-ON/write S-OFF flag ... and then add the engineering hboot of fireball (albeit modified) ... in the general section, several users with S-OFF (before the OTA-2014!) applied now the firmware from the OTA-2014 separately and confirmed that S-OFF stayed even after the OTA and since it doesn't include any new hboot, they still have their previous one
likewise, there are different qhsusb_dload modes, depending on WHEN they kicked in... in the sense of which stage fails (attaching your qdload-fireball to a linux system, there are at least 2 distinct possibilities: a) only qdload-mode or b) qdload-mode AND enumerating partitions ... the latter one is fairly easy to cure whereas the former (like mine) is much harder to come by unfortunately >_<
The DR website has an RUU.zip that has images of all the sbl's and an hboot, so working images isn't a problem, but getting them on there is.
Click to expand...
Click to collapse
they have a RUU.zip (for 2.17.605.2) and it has the firmware bit isolated and included, but that _won't help you at all_ with a bricked phone as you need a predefined partition-layout and -structure files _and_ then manage to get your brick to accept and all load those start-up settings at once. the RUU has only the files, but _not_ their structure!
i managed to already recreate most of the partition-structure of a fireball with the help from some other xda-members, but _still_ that wasn't enough for those software-tools i tried!! maybe my MPRG8960.hex isn't correct (193.692byte / md5sum: 2534fd61ebc7c8bdd9fe0dbb90c77fb0) ... i decided to buy another 2nd-hand fireball (hopefully it should still come W/O the OTA-2014 ) ... to create/dump what is on there to resurrect my bricked fireball, yet even that is still unclear if it will work. (need to wait a few more weeks until the other fireball arrives here: intl shipping & customs take quite a while unfortunately)
kimba.
first thanks for your help with the ota foirmare in theother tread. second HOW CAN I HELP YOU.
although I am on cm11 and have the firmware updated I think that is where you want to get to.
i am reasonable good with unix and adb with directions I am sure I can get anything you need off of my phone. let me know.
kimba99 said:
if you don't mind: plz attach your MPRG8960.hex and 8960_msimage.mbn files here ... so i could compare against those i have.
likewise, there are different qhsusb_dload modes, depending on WHEN they kicked in... in the sense of which stage fails (attaching your qdload-fireball to a linux system, there are at least 2 distinct possibilities: a) only qdload-mode or b) qdload-mode AND enumerating partitions ... the latter one is fairly easy to cure whereas the former (like mine) is much harder to come by unfortunately >_<
[/i]
Click to expand...
Click to collapse
Attached as tar.gz, looks like from your size/md5sums that my MPRG8960.hex is the same.
Mine has only one device (qcserial) showing up in lsusb, which means it's not enumerating partitions, right? Which if I'm still S-OFF means one of the SBLs is scrod, right?
mutterc said:
Attached as tar.gz, looks like from your size/md5sums that my MPRG8960.hex is the same.
Mine has only one device (qcserial) showing up in lsusb, which means it's not enumerating partitions, right? Which if I'm still S-OFF means one of the SBLs is scrod, right?
Click to expand...
Click to collapse
don't just check lsusb ... try the output of
Code:
dmesg | tail
BEFORE ... you attach the bricked fireball to your linux system & then right after attaching (about 10sec later or so should be enough) check again with the SAME
Code:
dmesg | tail
if it only attaches a "qualcomm usb-2-serial device on tty*" then you're in bad luck (as me) currently ... but if dmesg shows and lists some new "/dev/sdb1 /dev/sdb2 /dev/sdb3" devices and so on ... you can fairly easy fix it (at least as _now_ we/i had extracted or better said reconstructed the partition-layout and thereby we could flash any borked or unmatching partition directly).
as for S-OFF, that _should_ have nothing to do with the reason for the brick as there are already fellows here with properly updated OTA2014 firmware _working_ with properly retained S-OFF ... and secondly, it doesn't have to be one of your SBL2*'s as it could also be TZ or RPM not matching one another (as far as I understood the SecureBoot3.0-chain) ... so it depends WHICH file you (tried to) flash (and how) that leaded to your brick.
EDIT: as for your attached MSM8960-files ... identical to mine and thereby unfortunately NOT working (afaik) for recovery of a fireball T_T
any improvements on this problem? I'm having the same problem with my phone so please let me know if you find a way to fix this problem....
bought another Dinc4G ... in replacement for my bricked one. in my trail to revive my bricked one (and/or having another Dinc4g at least to use regularly with a ROM of my choice again)
after requested, the seller _confirmed_ that the 2014-OTA has __not__ yet been applied and the phone still runs fine on 2.17.605.2 ... and "guess what" i received yesterday in my mail:
his Dinc4G _WITH_ the 2014-OTA applied & of course it's stock/locked/s-on!!! DAMN IT!!!
kimba99 said:
bought another Dinc4G ... in replacement for my bricked one. in my trail to revive my bricked one (and/or having another Dinc4g at least to use regularly with a ROM of my choice again)
after requested, the seller _confirmed_ that the 2014-OTA has __not__ yet been applied and the phone still runs fine on 2.17.605.2 ... and "guess what" i received yesterday in my mail:
his Dinc4G _WITH_ the 2014-OTA applied & of course it's stock/locked/s-on!!! DAMN IT!!!
Click to expand...
Click to collapse
That sucks. Having this phone unrooted with the 2014 update is a little like being Sandra Bullock in the film Gravity. I sure hope there's someone smarter than me working on root for this thing with the 2014 update.
not many users (or even devs!) left on our Dinc4G .... pretty unfortunate
i mean temp-root still work's (apparently) on the 2014-OTA ... and the hboot didn't change at all (it's still 1.15) ... i assume one needs to find a way to perm-root the new 2.19.605.2 stock-rom first & from there try the same (or at least similar) "s-off" attack to the 1.15-hboot as previously. it's just that the devs of the prev s-off methods don't tell WHERE or HOW they obtained write-permission to set the s-off flag
still: i managed to trigger the "tampered"-flag above my "*locked*"-flag ... *lol*
kimba99 said:
bought another Dinc4G ... in replacement for my bricked one. in my trail to revive my bricked one (and/or having another Dinc4g at least to use regularly with a ROM of my choice again)
after requested, the seller _confirmed_ that the 2014-OTA has __not__ yet been applied and the phone still runs fine on 2.17.605.2 ... and "guess what" i received yesterday in my mail:
his Dinc4G _WITH_ the 2014-OTA applied & of course it's stock/locked/s-on!!! DAMN IT!!!
Click to expand...
Click to collapse
With the news of the new s-off method for the latest OTA, I was wondering if you were able to fix your phone. Looks like the answer is no, buuuut, you now have s-off with the latest OTA! :good: !
junkmail9 said:
With the news of the new s-off method for the latest OTA, I was wondering if you were able to fix your phone. Looks like the answer is no, buuuut, you now have s-off with the latest OTA! :good: !
Click to expand...
Click to collapse
unfortunately not (yet?) ... but at least, i'm near exactly where i was left on the new phone! real incredible that i could restore my nandroid from the borked phone directly to the new one (okay, after i figured out i need to rename the TWRP-backup folder to match ne new ADB-ID of the phone ... only missing a bunch of photos, that i didn't backup prior to the brick.
i'll try again later, but the brick still doesn't accept to be flashed either way by QPST as it says it is missing "its magical token" (whatever that means, but there are several posts about that specific QPST issue with qhsusb_dload bricked phones here on xda)
finally solved ... but that SURE wasn't for the faint hearted => poor fireball had to strip completely (disassambled) ... JTAG pins are ___under___ the IMEI-battery sticker even (so that had to be removed as well) ... before the "solder party" could begin.
and then thanks to _huzein_ from "gsm-europe" (who provided the RIFF-box and soldering for some smaller money) ... and the famous _legija_ ... the developer of the RIFF-box himself! (who guided us and reflashed my brick via a remote RIFF-session) ... flashing a bricked "HTC fireball" via JTAG for the very FIRST time!! we used the dump from jsmiley13 (so thanks to him again for providing me with the dump) ... after that we needed to reflash the ENG-HBOOT (via RIFF JTAG interface again) though as it had the 1.15.1111 but showed S-OFF _locked_ ?!
now it's back alive ... after 2hrs of remote debugging, remote-flashing etc ... hopefully now, legija can implement a NEW ressurrector.dll for fireball (for the 1ST TIME) and add it as a by now newly supported device on his RIFF-box!
attached below is a small "photo-story" ... for those who are interested *lol* ... and NO it's not an optical illusion, the panels definitely appear to have some slightly different color-hue (esp the green looks not the same)
kimba99 said:
finally solved ... but that SURE wasn't for the faint hearted => poor fireball had to strip completely (disassambled) ... JTAG pins are ___under___ the IMEI-battery sticker even (so that had to be removed as well) ... before the "solder party" could begin.
and then thanks to _huzein_ from "gsm-europe" (who provided the RIFF-box and soldering for some smaller money) ... and the famous _legija_ ... the developer of the RIFF-box himself! (who guided us and reflashed my brick via a remote RIFF-session) ... flashing a bricked "HTC fireball" via JTAG for the very FIRST time!! we used the dump from jsmiley13 (so thanks to him again for providing me with the dump) ... after that we needed to reflash the ENG-HBOOT (via RIFF JTAG interface again) though as it had the 1.15.1111 but showed S-OFF _locked_ ?!
now it's back alive ... after 2hrs of remote debugging, remote-flashing etc ... hopefully now, legija can implement a NEW ressurrector.dll for fireball (for the 1ST TIME) and add it as a by now newly supported device on his RIFF-box!
attached below is a small "photo-story" ... for those who are interested *lol* ... and NO it's not an optical illusion, the panels definitely appear to have some slightly different color-hue (esp the green looks not the same)
Click to expand...
Click to collapse
Looks like I am also having the same issue. Did an exchange remote wipe and came back to my phone completely bricked, Q Download mode. I am guessing the only way is to JTAG the device? Is there any other possibilities? I have qpst, and hpst etc. What is the hex and mbn image used for?
freemenot said:
Looks like I am also having the same issue. Did an exchange remote wipe and came back to my phone completely bricked, Q Download mode. I am guessing the only way is to JTAG the device? Is there any other possibilities? I have qpst, and hpst etc. What is the hex and mbn image used for?
Click to expand...
Click to collapse
depends on HOW your fireball was bricked ... but plain QPST or similar won't help as our CPU, the MSM8960, is toooo new and the unsigned usb-loader (like QPST) won't work ... at least if it's a firmware brick!!! (as legija explained to me)
only JTAG'ing via RIFF-box would help here, _but_ official support from RIFF is _NOT yet_ given (today using my brick was his trail run for "fireball") ... it should be implemented within the next days or a few weeks maybe.
Congrats on getting it back alive!
That is some impressive major surgery. Wow!
impressive!!!
great info!
i wonder how many brave souls will ever try this. a new phone for $200 might be the easier route for most people.
Okay so I have the SDK, JRE and all other tools available. Fastboot and adb commands work when the device is on and unlocked, but when I tell it to reboot to the bootloader, Windows 10 claims that it cannot identify the device and as such the "fastboot oem get_identifier_token" command from HTCDev (EMEA Version) does not do anything except hang at "waiting for device to respond"
I strongly suspect it's a driver fault however the 3.xx versions of the driver are not compatible with Windows 10 and the 4.xx versions simply do nothing when I try to run the exe.
Does anyone have any ideas? The device is new, stock and carrier unlocked (Thanks eBay!) but the stock OS is a bit yuck and I plan to use this ROM: http://forum.xda-developers.com/show....php?t=2526391
Any help appreciated!
Try to find a friend / family member with a Win 7 PC. I mod phones as a side job and keep a Win 7 PC just for stuff like this. I could never get fastboot to work on 2010-2012 HTC phones on Win 8+. Some people say it works for them, but Win 7 will work WAY better for this type of thing, trust me.