I'd like to clarify few technical internals of xperia 2011 phones.
What is the sequence of sw components that are executed on power on?
Where are they stored? I guess that there is not only the one big flash chip which we have the firmware on, right?
What does grounding of testpoint do - what's the internal logical function when testpoint is grounded while xperia gets connected via usb?
Please correct/extend/clarify my following assumptions (that might be completely wrong) about the boot process:
- the very first sw component that gets started on power on, a primary boot code, is stored in a small rom, which cannot ever be changed and contains also signature verification public key
- the primary boot rom verifies integrity and signature of s1boot, which is stored somewhere in the big flash and starts s1boot if signature check of it was valid
- s1boot checks integrity of other fw components stored in the big flash, like the kernel and baseband fw images
- if all signatures/integrity are ok, baseband fw is passed to radio controller cpu and radio is started, linux kernel is loaded into ram and started
- linux kernel uses it's initernal initramfs as root filesystem and executes init scripts stored there
- mtd partitions (like for /system and /data) are mounted (from the big flash mapped as mtd devices), android core processes are started, phone starts...
Now about s1boot - is this component handling all of following functions?
- flash mode usb interface (i.e. S1 protocol for loading/flashing images?)
- fastboot mode usb interface
- booting from flash as described above
I assume that signature verification is done also in any flashing or image usb loading mode provided by s1boot, right?
Is it right that if testpoint is grounded, s1boot temporarily disables signature verification for code image that may be loaded via usb?
Or does it provide kind of jtag interface via usb?
Does the "boot loader unlock via testpoint without loosing drm" method uses the testpoint in order to flash patched s1boot, that returns always valid verification results?
But how that could be possible - I mean, if s1boot is patched, it's integrity would fail the check done by the primary boot code started from the small rom that can't ever be changed?
Please share your knowledge, I am curious and I'd like to know how it works. Already searched a lot regarding this topic. My assumptions are based on possible similarity with older xperia models that bootloader lock bypass was discussed here (but where the testpoint was not used).
Thanks.
boot (kernel) mtd partition
Is there any reason why access to kernel flash area is not mapped as mtd partition in custom kernels?
I see some bits concerning nand setup for boot area implemented in FXP kernel, but the configs are not used in final nand devices setup.
Is there any hardware reason that causes mapping of kernel flash area as mtd device with write access in linux not to work?
boot process description
I've found quite good boot process description, unfortunately not able to post external links, so google for "Qualcomm MSM Snapdragon 7x30 boot process", it's the first link found (points to tjworld net).
The description is for Qualcomm Mobile Station Modem (MSM) Snapdragon 7x30 system-on-chip platforms, so it should be also valid for Xperia 2011 phones as they use MSM8255, which is a 1GHz variant of MSM7x30 (running at 800MHz) - these chipsets belong to Snapdragon S2 generation chipset.
Most probably the main difference in order to apply the googled boot process description to xperia 2011 devices would be that all references to eMMC (mmcblk) should be considered as mtd flash present in xperia devices instead.
What do you think?
j4nn said:
I've found quite good boot process description, unfortunately not able to post external links, so google for "Qualcomm MSM Snapdragon 7x30 boot process", it's the first link found (points to tjworld net).
The description is for Qualcomm Mobile Station Modem (MSM) Snapdragon 7x30 system-on-chip platforms, so it should be also valid for Xperia 2011 phones as they use MSM8255, which is a 1GHz variant of MSM7x30 (running at 800MHz) - these chipsets belong to Snapdragon S2 generation chipset.
Most probably the main difference in order to apply the googled boot process description to xperia 2011 devices would be that all references to eMMC (mmcblk) should be considered as mtd flash present in xperia devices instead.
What do you think?
Click to expand...
Click to collapse
I think you'll have more luck (if any) in the Dev section. Maybe some mod will have the consideration to move your thread that way.
It may also be a good idea (if you're interested in general Android phone booting as apposed to Xperia specific) to look around in the general Android sections of the forums.
However, don't hesitate to centralize your findings in this thread... I'd be thrilled to read whatever you find out (don't have the time to go looking for it, though).
yes, I guess it would be better in dev section, but it's unfortunate that I cannot post replies (nor start thread) there yet...
my 10 posts minimum in the rules not reached yet:-/
j4nn said:
yes, I guess it would be better in dev section, but it's unfortunate that I cannot post replies (nor start thread) there yet...
my 10 posts minimum in the rules not reached yet:-/
Click to expand...
Click to collapse
You're getting close, though
http://www.anyclub.org/2012/02/android-board-bring-up.html
the link above is quite good in explaining what happens in our msm7x30 chipset
I know that this handset is not release yet but I'd like to know if there would be support for it from the community. I'm excited about it because I've been waiting for a handset that seems to meet all my niche requirements:
Medium size screen (4.5")
ARMv8 instruction set (Snapdragon 410)
Removable battery (According to quick set up manual)
MicroSD slot (full size SD would have been nice but this is good enough)
Dual Sim (not sure if it will be available in the UK though )
I know the screen is not the best and it probably won't support Qi charging but I don't think any other handset has all the aforementioned features. I'm not trying to sell the handset but this is in anticipation of posts like "why not get a Nexus" or "just get a Moto G"
It's a nice phone, I bought one for my wife
This one is not available in my region. I got the Y550 instead for a relative. Almost the same spec. Not sure about IO performance though as I didn't have time to check.
Solution?
So, I was searching Google for OT 5042 root (the internal name of Alcatel OT Pop 2 or Orange Roya (NOS Roya in Portugal)), and I've found these instructions on a russian forum. I have not tested them myself, but they do seem very legit, so if anyone who knows exactly what he's doing or has no fear of losing the phone can follow it up.
Disclaimer: The procedure that follows has not been yet tested by me. Proceed at your own risk. You are fully responsible for what happens to your phone from now on. If you have some knowledge on russian, please help translating the board mentioned on the Youtube video description (/watch?v=8tD4kR33vVE).
Note on translation: This post was initially writen in russian and translated with Google translate with some fixes here and there made by me. I'm not a native english speaker and therefore some engrish may be present. Please forgive me for it.
Note to users: This tutorial is regarding the dual SIM version of this phone. It may not work with the single SIM one.
Root dual SIM Alcatel Alcatel OneTouch 5042D POP 2 smartphone
Author: ruslan_3_ from 4pda.ru
Procedure:
1. Download the attached .zip file and extract it to some folder on your computer.
1.1. Install the phone's adb drivers (not needed under Linux or OS X; Windows drivers are available on the phone as a CD-ROM);
1.2 Copy update.zip to the root of your phone's internal memory or SD Card (one of the two may not work, and there is different feedback regarding this issue)
2. Turn on USB debugging
3. Turn on the phone in fastboot mode (press and hold both power and volume down buttons);
3.1 Connect the phone to your computer and wait for the drivers to finish installing (when applied);
4. Open a command prompt where you first extraced the files and type:
HTML:
fastboot -i 0x1bbb devices
It will list all devices connected to the computer on fastboot mode, for example a409dc4d.
6. Install CWM Recovery:
HTML:
fastboot -i 0x1bbb flash recovery image-new.img
7. Enter recovery mode (power + volume up)
8. Install update.zip
Once again, please be very carefully when executing this procedure. It can go really wrong.
If you're using Mac or Linux, paste the specific android SDK tools in the extracted folder and run fastboot with the command ./fastboot if you don't have an alias for it in your .profile or .bashrc (if you don't know what this is, ignore it ).
@imTos, Thanks for information, but you know if there is any custom rom (CM or MIUI) for this equipment, specifically for the version of the 5042A one SIM ??
Thank You ...
Regarding the root procedure, I was told on a portuguese board that it works for any 5042 model.
herbesi01 said:
@imTos, Thanks for information, but you know if there is any custom rom (CM or MIUI) for this equipment, specifically for the version of the 5042A one SIM ??
Thank You ...
Click to expand...
Click to collapse
Hey. I am not aware of any alternative ROM currently on the Internet, especially since Alcatel has not released the phone's source code yet. What I do know, however, is that there are three ROMs for this device: Alcatel's original ROM (build 010 03 single/dual SIM), Orange ROM (single SIM) and the portuguese NOS ROM (build 010 06, single SIM). Between the three, as far as I know, the portuguese one is the one that most ressembles AOSP w/ Google Play and with no bloatware installed by default, from what I've seen in pictures. I don't know if it is possible for the users of the different ROMs to make NANDroid backups and share them online, though it wouldn't be a full help. Keep in mind that both chinese and russian ROMS, from what I've read (and I have no way to confirm if this is true or not!), have a function to report stolen phones, and this text messages a foreign number if you're living outside these countries.
Offtopic: I waste more time trying to guess the captcha than replying to a post. Google, where's the new noCaptcha function?
imTos said:
So, I was searching Google for OT 5042 root (the internal name of Alcatel OT Pop 2 or Orange Roya (NOS Roya in Portugal)), and I've found these instructions on a russian forum. I have not tested them myself, but they do seem very legit, so if anyone who knows exactly what he's doing or has no fear of losing the phone can follow it up.
Disclaimer: The procedure that follows has not been yet tested by me. Proceed at your own risk. You are fully responsible for what happens to your phone from now on. If you have some knowledge on russian, please help translating the board mentioned on the Youtube video description (/watch?v=8tD4kR33vVE).
Note on translation: This post was initially writen in russian and translated with Google translate with some fixes here and there made by me. I'm not a native english speaker and therefore some engrish may be present. Please forgive me for it.
Note to users: This tutorial is regarding the dual SIM version of this phone. It may not work with the single SIM one.
Root dual SIM Alcatel Alcatel OneTouch 5042D POP 2 smartphone
Author: ruslan_3_ from 4pda.ru
Procedure:
1. Download the attached .zip file and extract it to some folder on your computer.
1.1. Install the phone's adb drivers (not needed under Linux or OS X; Windows drivers are available on the phone as a CD-ROM);
1.2 Copy update.zip to the root of your phone's SD Card (internal memory may not work)
2. Turn on USB debugging
3. Turn on the phone in fastboot mode (press and hold both power and volume down buttons);
3.1 Connect the phone to your computer and wait for the drivers to finish installing (when applied);
4. Open a command prompt where you first extraced the files and type:
HTML:
fastboot -i 0x1bbb devices
It will list all devices connected to the computer on fastboot mode, for example a409dc4d.
6. Install CWM Recovery:
HTML:
fastboot -i 0x1bbb flash recovery image-new.img
7. Enter recovery mode (power + volume up)
8. Install update.zip
Once again, please be very carefully when executing this procedure. It can go really wrong.
If you're using Mac or Linux, paste the specific android SDK tools in the extracted folder and run fastboot with the command ./fastboot if you don't have an alias for it in your .profile or .bashrc (if you don't know what this is, ignore it ).
Click to expand...
Click to collapse
this method for root work very well on my Orange Roya
thanks for share it
Worked like a charm on single sim
I would love to see running android l on this device! i mean into 5042a
Please
Hi, i did try to root this phone as you show but after some tries this stuck on load, and dont turn on ok...
i did try hard reset, wipe cache, wipe data, erase from fastboot and a lot of things but always keep on Logo... so could you do a backup from your handset and share it with me please?
i will apreciate it a lot. thanks in advance
I've asked for a backup in many online communities, but no luck. As I said, I didn't try the method myself since I didn't need to use root yet and my phone is still under warranty. Sorry.
imTos said:
I've asked for a backup in many online communities, but no luck. As I said, I didn't try the method myself since I didn't need to use root yet and my phone is still under warranty. Sorry.
Click to expand...
Click to collapse
lol mine is under warranty too.
Root it and if u need to send to warranty u can use Mobile Upgrade Q to restore original firmware.
I cant enter in fastboot can anyone help me please
rushwhq said:
lol mine is under warranty too.
Root it and if u need to send to warranty u can use Mobile Upgrade Q to restore original firmware.
Click to expand...
Click to collapse
Are you sure that can be restored By mobile upgrade?
if bricked : recover phone using Alcatel official tool
Mobile Upgrade Q 4.6.8 Setup.rar
goto http://www.alcatelonetouch.com/global-en/products/smartphones/pop_2-4-5.html
and select the "Support" tab, there download
Mobile Upgrade Q 4.6.8 Setup.rar
link:
http://www.alcatelonetouch.com/glob...OP_2-4-5/otu/mobile-upgrade-q-4-6-8-setup.rar
unrar, start and select 5042D, connect phone via USB cable, start flashing
I had my Pop 2 bricked (eternal boot loop) but got it back to life, 100%
---------- Post added at 10:10 PM ---------- Previous post was at 10:05 PM ----------
in the "russian" tutorial they tell you to copy "update.zip" to your SD card - that did not work for me !
- on the external card cwm did not find the file.
instead update.zip was only found once it was on the INTERNAL SD card !!
Hey guys.
I've found very useful information like stock recovery, stock images, and user custom images for this device on the same board I found the root method. I still haven't had the courage to root my device, though, and I feel kind of an hypocrite because of it, but this is my only phone, and if something had gone wrong I would have no money to buy a new one. I know I'm not the only one in this situation, and I do feel really bad for not helping users that have requested for my help.
I need to know if Mobile Upgrade Q can recognize the device and reinstall the ROM if anything goes wrong. To those who had any problem, was it able to fix it? Were you using stock recovery or CWM when you tryed it (I'm not sure if this is relevant)?
I will update this board (or create a new one?) regarding this device with useful information I've found online, and since stock recovery is already available (that was the main reason I didn't root in the first place (warranty)), I will provide a (not rooted) factory image of the custom build 010 06 when I have time to do so.
hey buddy
i restore my to thr original rom with mobile q. but looks like i upgrade the firmware, and now i cant root again, because i cant put in fastboot "vol - + pwr".
Which exactly build do u have ?
imTos said:
Hey guys.
I've found very useful information like stock recovery, stock images, and user custom images for this device on the same board I found the root method. I still haven't had the courage to root my device, though, and I feel kind of an hypocrite because of it, but this is my only phone, and if something had gone wrong I would have no money to buy a new one. I know I'm not the only one in this situation, and I do feel really bad for not helping users that have requested for my help.
I need to know if Mobile Upgrade Q can recognize the device and reinstall the ROM if anything goes wrong. To those who had any problem, was it able to fix it? Were you using stock recovery or CWM when you tryed it (I'm not sure if this is relevant)?
I will update this board (or create a new one?) regarding this device with useful information I've found online, and since stock recovery is already available (that was the main reason I didn't root in the first place (warranty)), I will provide a (not rooted) factory image of the custom build 010 06 when I have time to do so.
Click to expand...
Click to collapse
---------- Post added at 09:17 AM ---------- Previous post was at 08:32 AM ----------
lol i managed to enter fastboot mode via adb command.. =D
hi, mi alcatel pop 2 wass bricked. When I try to unbrick with Mobile Upgrade it say that my phone is updated and it stop.
how can i unbrick my phone??!!
Please a need a backup from a Alcatel POP 2 ROM, i had bricked. Please could anyone upload it?
seryioo write me PM
---------- Post added at 06:26 AM ---------- Previous post was at 06:11 AM ----------
imTos said:
Regarding the root procedure, I was told on a portuguese board that it works for any 5042 model.
Hey. I am not aware of any alternative ROM currently on the Internet, especially since Alcatel has not released the phone's source code yet. What I do know, however, is that there are three ROMs for this device: Alcatel's original ROM (build 010 03 single/dual SIM), Orange ROM (single SIM) and the portuguese NOS ROM (build 010 06, single SIM). Between the three, as far as I know, the portuguese one is the one that most ressembles AOSP w/ Google Play and with no bloatware installed by default, from what I've seen in pictures. I don't know if it is possible for the users of the different ROMs to make NANDroid backups and share them online, though it wouldn't be a full help. Keep in mind that both chinese and russian ROMS, from what I've read (and I have no way to confirm if this is true or not!), have a function to report stolen phones, and this text messages a foreign number if you're living outside these countries.
Offtopic: I waste more time trying to guess the captcha than replying to a post. Google, where's the new noCaptcha function?
Click to expand...
Click to collapse
Hi
Alcatel has release the source code for this model
OT_5042X_20150310.tar.xz
So now can cook some cm rom or anyelse?
rushwhq said:
seryioo write me PM
Click to expand...
Click to collapse
Hi, I have bricked my phone. I tried to restore with Mobile Upgrade and with a Backup from CWM that I did, but with no result.
I would like you did a backup with the last version of TWRP, all partitions and upload:
Download, install like CWM: https://mega.co.nz/#!tQRzibAA!7tPkqlc1BYsvCCeQRzaqn_VVs959GBsleB_4eNVq9JE
Sources TWRP Recovery: http://4pda.ru/forum/index.php?showtopic=645507&st=340#entry38938719
Thank you.
I am exploring two approaches for phone recovery
#1 compile rom using kernel source from the MFG (The MFG gave me the FTP download info but my device wasn't in the FTP folder. Long story short, the MFG software team is
"working on getting the files for me" That was a few days ago.... We'll see what happens.)
#2 Use MPRG and msimage files along with flashing program and raw image files from the phone for recovery.
All my research says that two files are needed to unbrick your Qualcomm device
#1 MPRGxxx.mbn/hex
#2 xxxx_msimage.mbn
(where xxxx is the Qualcomm chipset)
I know the msimage file is unique to the device because of partition structure for each manufacturer and therefore you'd need to create the file using QPST.
From reading here it appears that the MPRG file is defined as RAM
http://www.androidbrick.com/unbrick...-you-have-the-right-kind-of-rom-qhsusb_dload/
Would this file (MPRGxxxx.mbn) be universal among all devices that use the same chipset? Can someone give a yes or no and why? Thanks!
hmm, sam problem with me.
i just flash my phone yesterday ( redmi note 3 sd) and i had bootloop my phone, i tried many method, but its say, that the bootloader is locked and i cant flash the phone, then i found " tool studio" emmc download. i'm missing those mprgxxxx.mbn .. . i try to figure out how to build these file too
Mprgxxxx.mbn and xxxx_msimage.mbn for MSM 8953
Ok
Obi Anointed said:
Mprgxxxx.mbn and xxxx_msimage.mbn for MSM 8953
Click to expand...
Click to collapse
Help me please
Hello,
I've bought a cheap (60 €) IP68 Chinese phone. It is sold as E&L W5 (ElongMobile). It is also known as Kenxinda W5 and declares itself as "Three Proofings W5".
This phone is based on Mediatek MT6735M SoC 64 bits Arm CPU. It runs a 6.01 Android version.
The bootloader is not locked (I've an option in developer's menu to unlock it).
The maker is not responding to my request for the standard Rom. (Kenxinda, nor E&L and I've tried to contact them in Chinese, thanks Google ).
I've tried to root it using all apk I could find or PC apps to no avail.
I can't either back-up the Rom whatever MTK tool I use (because some of them ask for a rooted phone and the others ask for a scatter file I can't find nor generate).
I I've looked at SuperSU ( http://www.supersu.com/ ) thinking I could install it using the recovery option of the phone. But it seems I'm too dumb because all I get is a message saying it is "an invalid OTA update missing scatter file"... ( the menu gives : recovery, fastboot or normal and I've tried "recovery"... ).
I would like to make a backup of the Rom in the phone, then modify the Rom to gain root access (or root the phone in another way ?) then install the "custom" Rom into the phone using SP flash tool.
I've read countless pages on a lot of sites, but I'm still stuck. So I would be very happy and grateful to get some pointer or how to for this 64bits CPU phones.
Many many thanks in advance for your help and advices.
I got the same phone and I'm looking for a root solution. I've seen that E&L made available a rooted ROM for W5S. I wonder if it would work on the W5 or brick it...
I'm also looking for a way to root this device. From some research it seems that it is equal to the Ginzzu rs71d, someone confirms?
EDIT: I finally rooted with Magisk and Miracle box loader
Tale as old as time. Have a phone given, factory reset with a Google account that wasn't properly removed.
So FRP lock is in play.
Seems like all the old tricks & tips I knew years ago don't seem to work on this device. Seems like the A14 on Android 13 is lock tight.
What I can do is use ODIN to flash back to stock rom, but that didn't really help.
And what I can also do is go through User License agreements, and somehow fumble my way through Learn More links that I can eventually lead to Google Search
But this method doesn't have Java Script enabled, so I can't login to Google account and add my own account that way.
I'm looking towards roms for the previous model since they're so similar but this feels like a dead end before I even think of a download since incompatible roms can't be flashed.
All I really need is Bootable Android 11 or 12 regardless of how functional or broken it is so I can try exploits for those versions. Just enough to activate OEM unlocking and USB debugging is the end goal
Any tips y'all have?
According to this list
LineageOS 20 Supported Phones: All Models For 2023 [UPDATED]
Here's a quick breakdown of ALL the Android phones that can run LineageOS 20...
www.knowyourmobile.com
the popular Lineage OS isn't available for the Galaxy A14
Rottytops said:
Tale as old as time. Have a phone given, factory reset with a Google account that wasn't properly removed.
So FRP lock is in play.
Seems like all the old tricks & tips I knew years ago don't seem to work on this device. Seems like the A14 on Android 13 is lock tight.
What I can do is use ODIN to flash back to stock rom, but that didn't really help.
And what I can also do is go through User License agreements, and somehow fumble my way through Learn More links that I can eventually lead to Google Search
But this method doesn't have Java Script enabled, so I can't login to Google account and add my own account that way.
I'm looking towards roms for the previous model since they're so similar but this feels like a dead end before I even think of a download since incompatible roms can't be flashed.
All I really need is Bootable Android 11 or 12 regardless of how functional or broken it is so I can try exploits for those versions. Just enough to activate OEM unlocking and USB debugging is the end goal
Any tips y'all have?
Click to expand...
Click to collapse
You can't do anything because the bootloader lock is on.
I bypassed frp with sp flash tool but a14 has exynos processor so sp flash tool will not work.
There is no offical previous android, So downgrade will not work too.
Was able to bypass FRP unlock using one of those paid tools, but it may have been unnecessary to pay. (SamFW to be specific)
I'll explain for future googlers dealing with the same issue.
So I had the ATT model of the device. Specifically model SM-A146U. It comes with an Exynos or Mediatek SoC.
Mine was specifically the MT variant.
I used Odin3 to revert to the stock build. Build dated November 29/Dec 1 2022; despite the official release date of the device being Jan 2023.
The emergency code *#0*# does not work, but *#*#88#*#* does.
Obviously you needed Samsung USB, ADB, drivers installed. Additional troubleshooting has me download Microsoft Visual C++ 2015 ; and MT65XX Preload Drivers.
The SamFW tool claims it's free to remove the FRP lock on security patches pre-dating December 2022.
The SamFW tool only suggests you needed Samsung driver's and Visual C++. So I tried several times using the SamFW tool to push it's exploit, and it kept failing.
So in a moment of weakness, I bought the $15 credit pack because it promised "All models", ran the tool again, and still it failed. It required a credit card number for a service called coffee break or something, which is exactly the shady **** I have a cash app card for. I was not going to use my real bank account.
Because it runs a ADB exploit, I reboot into Recovery. Then in recovery menu, I select to Reboot into Bootloader, which puts the device into fastboot.
This is where I discover that I had no ADB drivers.
So I install ADB, and open Terminal/shell, whatever you call it. (Hold Shift and right click in ADB folder to shortcut ADB terminal)
I type:
Fastboot Devices
Didn't get a serial. I reboot Fastboot again, this time with Device Manager open on Windows, and notice for 5 seconds, a device called MT65xx preloader was lacking driver, and unloaded to reload ADB drivers. This is where I find out I'm using a MediaTek SoC
So I finally googled and install MT65xx Preload. Reboot to Fastboot 1 more time. I type
Fastboot Devices
I get a serial.
So not I reboot to system, then on phone in emergency dial type *#*#88#*#* then do another device check. Looks good.
Because I already paid $15 for the premium unlock, that's the first option I pick it finally unlocks. But because all this time I was missing critical mediatek drivers, the free option still could have worked. So I can't confirm if being free would have sufficed, or if I needed that paid service.
But what's done was done, and I was able to get into the phone.
So to recap I used:
SM-A146U ATT stock Rom (5.5GB), earliest build Nov-Dec 2022 (Google it)
Odin v3 Flash Tool (Hold Vol+ Vol- & Power to access)
Samsung USB Drivers (Latest and official)
Google ADB Drivers (Mini installer)
Microsoft Visual C++ 2015
MT65xx preloader Drivers (Google it)
And SamFW 4.6 FRP Tool
Emergency Dial code : *#*#88#*#*
To bypass FRP Lock on Galaxy A14 ATT version, Model SM-A146U ; MediaTek variant.
and to reiterate, Recovery and Fast Boot are not necessary in any part of the process.
I use Recovery to boot into Fastboot, and I only use FastBoot + ADB to personally confirm that my computer recognizes the device connected in several boot modes