Related
I dont know about anyone else but the partition layout on the S3 LTE really bother's me it just wastes so much
has any work been done on seeing if resizing causes any problems
as im tempted to resize cache,system,hidden to pull back 1971mb of space wasted by samsung
then make a custom full odin package with the new partition sizes and flash
clearly i wouldnt be able to use standard samsung packages anymore and would have to make my own
which isnt a problem
All sizes are in true Megabyte/Gigabyte what is called Mib/Gib by people of late
to try and differentiate from the stupid ass rounding hd manufacturers started
TOMBSTONES = 256mb
CACHE = 1024mb
SYSTEM = 1536mb
HIDDEN = 560mb
Leaving 10.8GB for userdata
Im unsure what the tombstones dir is used for so i would be inclined to leave it
but cache can be dropped to 100mb if not using ota updates which i dont
system i could drop to 1024mb and be fine
i dont think hidden is used on the s3 lte
so i could pull back around 1971mb of wasted space
for userdatea with partitions like below
CACHE = 100mb
SYSTEM = 1024mb
HIDDEN = 1mb
Here's the current layout
Note it isnt even 16 fake GB
Model: MMC MAG4FB (sd/mmc)
Disk /dev/block/mmcblk0: 15.8GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 4194kB 8389kB 4194kB BOTA0
2 8389kB 12.6MB 4194kB BOTA1
3 12.6MB 33.6MB 21.0MB ext4 EFS
4 33.6MB 37.7MB 4194kB m9kefs1
5 37.7MB 41.9MB 4194kB m9kefs2
6 41.9MB 46.1MB 4194kB m9kefs3
7 46.1MB 54.5MB 8389kB PARAM
8 54.5MB 62.9MB 8389kB BOOT
9 62.9MB 71.3MB 8389kB RECOVERY
10 71.3MB 164MB 92.3MB fat16 RADIO
11 164MB 432MB 268MB ext4 TOMBSTONES
12 432MB 1506MB 1074MB ext4 CACHE
13 1506MB 3116MB 1611MB ext4 SYSTEM
14 3116MB 3704MB 587MB ext4 HIDDEN
15 3704MB 3712MB 8389kB OTA
16 3712MB 15.8GB 12.0GB ext4 USERDATA
ShonkUK said:
I dont know about anyone else but the partition layout on the S3 LTE really bother's me it just wastes so much
has any work been done on seeing if resizing causes any problems
as im tempted to resize cache,system,hidden to pull back 1971mb of space wasted by samsung
then make a custom full odin package with the new partition sizes and flash
clearly i wouldnt be able to use standard samsung packages anymore and would have to make my own
which isnt a problem
All sizes are in true Megabyte/Gigabyte what is called Mib/Gib by people of late
to try and differentiate from the stupid ass rounding hd manufacturers started
TOMBSTONES = 256mb
CACHE = 1024mb
SYSTEM = 1536mb
HIDDEN = 560mb
Leaving 10.8GB for userdata
Im unsure what the tombstones dir is used for so i would be inclined to leave it
but cache can be dropped to 100mb if not using ota updates which i dont
system i could drop to 1024mb and be fine
i dont think hidden is used on the s3 lte
so i could pull back around 1971mb of wasted space
for userdatea with partitions like below
CACHE = 100mb
SYSTEM = 1024mb
HIDDEN = 1mb
Click to expand...
Click to collapse
You can do it with PIT Magic i did this before for S2 I'd like to do the same thing with s3 but i don't have the PIT file for the international version (My Phone )
I was running Chucktr's CM11 12.16 rom. Went to turn on phone, and got a black screen after the white HTC boot up screen. When I did get it to boot to the bootloader, the recovery did not work either. I got TWRP 2.8.0.1 installed, and can see from there, that there is problems mounting.
E: Primary block device /dev/block/mmcblk0p35 for mount point '/data' is not present!
E: Unable to recreate and-sec folder.
Updating partition details...
e: Unable to mount '/cache'
E: Unable to mount '/data'
E: Unable to mount '/system'
and so on.
Update 2/22/15: Results of parted
parted /dev/block/mmcblk0
GNU Parted 1.8.8.1.179-aef3
Using /dev/block/mmcblk0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
p
p
Error: Invalid partition table on /dev/block/mmcblk0 -- wrong signature 0.
Ignore/Cancel? i
i
i
Model: MMC KYL00M (sd/mmc)
Disk /dev/block/mmcblk0: 15.8GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1 512B 132kB 131kB primary boot
2 132kB 394kB 262kB primary
3 394kB 33.5MB 33.1MB primary
4 33.5MB 15.8GB 15.7GB extended
5 33.5MB 33.6MB 16.4kB logical
6 33.6MB 33.8MB 262kB logical
7 33.8MB 54.8MB 20.9MB logical
8 54.8MB 55.0MB 262kB logical
9 55.0MB 56.1MB 1049kB logical
10 56.1MB 56.3MB 262kB logical
11 56.3MB 58.4MB 2097kB logical
12 58.4MB 59.5MB 1049kB logical
13 59.5MB 59.5MB 32.8kB logical
14 59.5MB 65.8MB 6291kB logical
15 65.8MB 66.8MB 1049kB logical
16 66.8MB 67.1MB 262kB logical
17 67.1MB 109MB 41.9MB logical
18 109MB 151MB 41.9MB logical fat16
19 151MB 159MB 8388kB logical
20 159MB 168MB 8387kB logical
21 168MB 201MB 33.6MB logical fat16
22 201MB 218MB 16.8MB logical
23 218MB 235MB 16.8MB logical
24 235MB 252MB 16.8MB logical
Any ideas on where to start with fixing this?
amgold said:
I was running Chucktr's CM11 12.16 rom. Went to turn on phone, and got a black screen after the white HTC boot up screen. When I did get it to boot to the bootloader, the recovery did not work either. I got TWRP 2.8.0.1 installed, and can see from there, that there is problems mounting.
E: Primary block device /dev/block/mmcblk0p35 for mount point '/data' is not present!
E: Unable to recreate and-sec folder.
Updating partition details...
e: Unable to mount '/cache'
E: Unable to mount '/data'
E: Unable to mount '/system'
and so on.
Update 2/22/15: Results of parted
parted /dev/block/mmcblk0
GNU Parted 1.8.8.1.179-aef3
Using /dev/block/mmcblk0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
p
p
Error: Invalid partition table on /dev/block/mmcblk0 -- wrong signature 0.
Ignore/Cancel? i
i
i
Model: MMC KYL00M (sd/mmc)
Disk /dev/block/mmcblk0: 15.8GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1 512B 132kB 131kB primary boot
2 132kB 394kB 262kB primary
3 394kB 33.5MB 33.1MB primary
4 33.5MB 15.8GB 15.7GB extended
5 33.5MB 33.6MB 16.4kB logical
6 33.6MB 33.8MB 262kB logical
7 33.8MB 54.8MB 20.9MB logical
8 54.8MB 55.0MB 262kB logical
9 55.0MB 56.1MB 1049kB logical
10 56.1MB 56.3MB 262kB logical
11 56.3MB 58.4MB 2097kB logical
12 58.4MB 59.5MB 1049kB logical
13 59.5MB 59.5MB 32.8kB logical
14 59.5MB 65.8MB 6291kB logical
15 65.8MB 66.8MB 1049kB logical
16 66.8MB 67.1MB 262kB logical
17 67.1MB 109MB 41.9MB logical
18 109MB 151MB 41.9MB logical fat16
19 151MB 159MB 8388kB logical
20 159MB 168MB 8387kB logical
21 168MB 201MB 33.6MB logical fat16
22 201MB 218MB 16.8MB logical
23 218MB 235MB 16.8MB logical
24 235MB 252MB 16.8MB logical
Any ideas on where to start with fixing this?
Click to expand...
Click to collapse
Are you S-OFF? If you are, grab an RUU (a real RUU that is the EXE file that runs from Windows, not a flashable ZIP) and run it, reflash back to complete stock, and see if you can recovery that way, it is your best chance (sometimes this needs to be done twice)... If you are S-ON, well, you are probably screwed.
The real underlying issue here is WHY did the partition table get corrupted,the life of the flash memory in this device is less than expected by most people... a lot of Rez's die because of failure of the internal flash memory, I have seen several of them myself.
acejavelin said:
Are you S-OFF? If you are, grab an RUU (a real RUU that is the EXE file that runs from Windows, not a flashable ZIP) and run it, reflash back to complete stock, and see if you can recovery that way, it is your best chance (sometimes this needs to be done twice)... If you are S-ON, well, you are probably screwed.
The real underlying issue here is WHY did the partition table get corrupted,the life of the flash memory in this device is less than expected by most people... a lot of Rez's die because of failure of the internal flash memory, I have seen several of them myself.
Click to expand...
Click to collapse
Thanks for your reply. Unfortunately I am S-ON. I've looked unsuccessfully for a way to S-OFF without running software but have not found anything. Starting to feel like I now own a paperweight.
amgold said:
Thanks for your reply. Unfortunately I am S-ON. I've looked unsuccessfully for a way to S-OFF without running software but have not found anything. Starting to feel like I now own a paperweight.
Click to expand...
Click to collapse
Your chances of recovery at this point are very slim then... S-off is not possible on a non-bootable device, you can try multiple recoveries (CWM, TWRP, Amon Ra) and multiple format/wipes and flashing different ZIP packages, once in a while it recovers itself, but without access to the partition table via S-Off the chances are extremely low.
As I said before, the flash RAM in this device seems to be reaching its life span limits for lots of people... Nothing you did, it's just reaching its limits of writes and starting to fail.
acejavelin said:
Your chances of recovery at this point are very slim then... S-off is not possible on a non-bootable device, you can try multiple recoveries (CWM, TWRP, Amon Ra) and multiple format/wipes and flashing different ZIP packages, once in a while it recovers itself, but without access to the partition table via S-Off the chances are extremely low.
As I said before, the flash RAM in this device seems to be reaching its life span limits for lots of people... Nothing you did, it's just reaching its limits of writes and starting to fail.
Click to expand...
Click to collapse
This has to do with normal phone operation, right? Not how many times you've flashed ROMs? Curious because I rarely flash ROMs so wondering if that would mean my phone might have a longer life. I would be fine with it for another couple years.
feralicious said:
This has to do with normal phone operation, right? Not how many times you've flashed ROMs? Curious because I rarely flash ROMs so wondering if that would mean my phone might have a longer life. I would be fine with it for another couple years.
Click to expand...
Click to collapse
Emmc (your phones flash RAM) has a finite number of writes, when it reaches that point there is nothing you can do. It has nothing to do with flashing ROMs, it happens to completely stock devices as well... Like any other product, there are good ones and bad ones, some last longer than others, just the way it is. You didn't cause it to happen, normal use did, it was just it's time.
Hi. I prepared a list of all partitions in mi pad 4 created by xiaomi in miui 10. I looked in the xda forum for descriptions. This what I found I added for comment the list.
Code:
clover:/ # parted /dev/block/mmcblk0 p
Model: MMC DH6DAB (sd/mmc)
Disk /dev/block/mmcblk0: 62.5GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 67.1MB 70.8MB 3670kB xbl (TWRP:xbl)
2 70.8MB 74.4MB 3670kB xblbak
3 74.4MB 78.6MB 4194kB tz [Firmware] [] (TWRP:Tz)
4 78.6MB 82.8MB 4194kB tzbak [Firmware] [backup]
5 82.8MB 83.4MB 524kB rpm [Firmware] [ ] (TWRP:Rpm)
6 83.4MB 83.9MB 524kB rpmbak [Firmware] [backup]
7 83.9MB 84.4MB 524kB hyp [Firmware] [ ]
8 84.4MB 84.9MB 524kB hypbak [Firmware] [backup]
9 84.9MB 85.5MB 524kB pmic (TWRP:pmic)
10 85.5MB 86.0MB 524kB pmicbak
11 86.0MB 88.1MB 2097kB fsg [FSG backup] (TWRP:fsg)
12 134MB 201MB 67.1MB boot [Kernel] (TWRP:Boot)
13 201MB 3423MB 3221MB ext4 system [OS] (TWRP:System)
14 3423MB 5570MB 2147MB ext4 vendor [Treble] (TWRP:Vendor)
15 5570MB 5571MB 1049kB keymaster [Firmware] [backup] (TWRP:keymaster)
16 5571MB 5572MB 1049kB keymasterbak [Firmware] [backup]
17 5572MB 5573MB 1049kB cmnlib [Firmware] [ ] (TWRP:cmnlib)
18 5573MB 5574MB 1049kB cmnlib64 [Firmware] [ ] (TWRP:cmnlib64)
19 5574MB 5575MB 1049kB cmnlibbak [Firmware] [backup]
20 5575MB 5576MB 1049kB cmnlib64bak [Firmware] [backup]
21 5576MB 5581MB 4194kB mdtpsecapp
22 5581MB 5585MB 4194kB mdtpsecappbak
23 5585MB 5618MB 33.6MB mdtp [Firmware] [ ]
24 5618MB 5652MB 33.6MB mdtpbak [Firmware] [backup]
25 5652MB 5920MB 268MB fat16 modem msftdata
26 5920MB 6189MB 268MB fat16 modembak
27 6189MB 6205MB 16.8MB ext4 dsp [Firmware] [ ] (TWRP:dsp)
28 6205MB 6222MB 16.8MB ext4 dspbak
29 6222MB 6223MB 1049kB abl
30 6223MB 6224MB 1049kB ablbak
31 6224MB 6225MB 1049kB dip [ ]
32 6225MB 6225MB 4096B devinfo [UnlockToken] (TWRP:devinfo)
33 6225MB 6226MB 262kB apdp [ ] (TWRP:apdp)
34 6226MB 6226MB 262kB msadp [ ] (TWRP:msadp)
35 6226MB 6226MB 1024B dpo [ ]
36 6226MB 6260MB 34.2MB splash [SplashScreen] (TWRP:Splash)
37 6260MB 6260MB 4096B limits [ ]
38 6260MB 6261MB 1049kB toolsfv
39 6308MB 6317MB 8389kB logfs
40 6375MB 6376MB 1049kB ddr [Firmware] []
41 6376MB 6376MB 16.4kB sec [ ]
42 6376MB 6377MB 1049kB bluetooth (TWRP:Bluetoth)
43 6377MB 6379MB 1049kB bluetoothbak
44 6442MB 6442MB 1024B fsc [ ]
45 6442MB 6442MB 8192B ssd [ ]
46 6442MB 6445MB 2097kB modemst1 [EFS]
47 6445MB 6447MB 2097kB modemst2 [EFS]
48 6447MB 6480MB 33.6MB ext4 persist [Persist] [Sensors] (TWRP:Persist)
49 6480MB 6749MB 268MB ext4 cache [Cache] (TWRP:Cache)
50 6749MB 6750MB 1049kB misc [ ]
51 6750MB 6817MB 67.1MB recovery [Recovery] (TWRP:Recovery)
52 6817MB 6817MB 524kB keystore [ ]
53 6817MB 6818MB 1049kB devcfg [ ] (TWRP:devcfg)
54 6818MB 6819MB 1049kB devcfgbak
55 6819MB 6820MB 524kB frp [FactoryResetProtection lock]
56 6820MB 6887MB 67.1MB logdump
57 6887MB 6889MB 2097kB sti
58 6912MB 6912MB 131kB storsec
59 6979MB 7114MB 134MB rawdump
60 7114MB 7114MB 65.5kB vbmeta
61 7114MB 7114MB 65.5kB vbmetabak
62 7181MB 8053MB 872MB ext4 cust [Cust] [Blootware] (TWRP:cust)
63 8053MB 8087MB 34.2MB logo
64 8087MB 62.5GB 54.4GB userdata [UserData] (TWRP:Data)
[Firmware] - These partition contains firmware files. These partition are updated when you flash a new ROM.
[Backup] - These are backup partitions which store backup files of the original partition. User can use these partitions in case the original partitions are messed up. These partition are also updated when you flash a new ROM.
[UnlockToken] - This is the partition where the unlock state of the bootloader is stored. This partition is updated when you use mi unlock tool to unlock the bootloader. This partition changes with the change of the bootloader. If the bootloader is changed, this partition must be recreated using the mi unlock tool.
[Persist] - This partition contains all the sensors calibration, without this partition no sensor will be displayed. Not even the rotation sensor will work. This partition does not effect GPS, WiFi or Bluetooth.
[Cust] - This partition contains some more bloatware apps distributed by Xiaomi. Cust partition consists of copy of apps ,and language packs that get installed as per region on first boot or when user changes its region (country) artition Layout
[EFS] - Now this is the most important partition. This partition contains all the unique identification of your devices, like your IMEI, Mac address, Bluetooth address and some other stuff. This partition is very complex and updates on every flashing. So it is mandatory to create a backup of this partition.
[ ] - These partitions are unknown and are created automatically during first boot. Erasing these partitions seems to do nothing
(TWRP:Name) - partition Name in TWRP
Unidentyfied TWRP partitions: Systemimage, Firmware, Vendorimage, EFS, hvp,
Yeah , i need to download the backup files, where is the link?
need backup
hi, i need backup, fsg modem1 modem2 please.
Guys, I took a backup of modemst1,modemst2, and fsg. I got these partitions from MiPad4 LTE version. Here is the link if anyone needs it. https://yadi.sk/d/d5yMpHxAC7fPng
Hi, I have a mi pad 4 LTE which I can't turn on the radio and is stuck with no service.
Any idea how I can fix this? Already tried wiping modemst1 and modemst2 but no luck.
Try flash, not make wipe
You can also try to flash the package with the firmware from the MIUI ROM you had by default : https://osdn.net/projects/xiaomifirmwareupdater/storage/Stable/V10/clover/
320x200 said:
Hi, I have a mi pad 4 LTE which I can't turn on the radio and is stuck with no service.
Any idea how I can fix this? Already tried wiping modemst1 and modemst2 but no luck.
Click to expand...
Click to collapse
Unfortunately, Mipad 4 doesn't support 3G bands. It only works with LTE. If you don't have LTE coverage in your area, it shows no signal. That could be a problem. Also, try to flash modemst1,modemst2, and fsg again. You should've flashed it again instead of swiping.
Hello i have a problem with persist partition, screen rotation does'nt work... where can i find it for reflashing?
I recently flashed to MiUI 11 and my persist tends to be stuffed too. Rotation works but is out by 180 degrees. I didn't format the partition or anything just normal TWRP installation. I have flashed with stock Chinese etc still does the same thing. Please can someone help, driving me crazy. Thanks
lemonised said:
I recently flashed to MiUI 11 and my persist tends to be stuffed too. Rotation works but is out by 180 degrees. I didn't format the partition or anything just normal TWRP installation. I have flashed with stock Chinese etc still does the same thing. Please can someone help, driving me crazy. Thanks
Click to expand...
Click to collapse
I restored this backup of Persist in twrp and fixed my problems with acelerometer you can try maybe works for you too[emoji1419]
https://mega.nz/#F!UMsDgQaK!reujB4FPcVzvFnrVF53VIw
P. D. Its not for flash! Decompress and restore it via Twrp backup restore!
Enviado desde mi Mi 9T Pro mediante Tapatalk
Thanks will give a try
---------- Post added at 02:49 PM ---------- Previous post was at 02:25 PM ----------
motes said:
I restored this backup of Persist in twrp and fixed my problems with acelerometer you can try maybe works for you too[emoji1419]
https://mega.nz/#F!UMsDgQaK!reujB4FPcVzvFnrVF53VIw
P. D. Its not for flash! Decompress and restore it via Twrp backup restore!
Enviado desde mi Mi 9T Pro mediante Tapatalk
Click to expand...
Click to collapse
It works...PERFECTLY Thanks so much!
lemonised said:
Thanks will give a try
---------- Post added at 02:49 PM ---------- Previous post was at 02:25 PM ----------
It works...PERFECTLY Thanks so much!
Click to expand...
Click to collapse
Great! [emoji1433][emoji1433][emoji1433]
Enviado desde mi Mi 9T Pro mediante Tapatalk
motes said:
Great! [emoji1433][emoji1433][emoji1433]
Enviado desde mi Mi 9T Pro mediante Tapatalk
Click to expand...
Click to collapse
So just an update. I flashed with "Xiaomi EU MIUI11 11.0.2.0 Pie for Mi Pad 4 Plus.zip" and the rotation gets messed even if I backup and restore your persist partition. I have to install "xiaomi.eu_multi_MIPAD4_9.8.29_v10-8.1.zip" and then restore your persist partition and things work fine again so it appears either way the MiUI11 ROM is buggy. Good thing your persist works though.
lemonised said:
So just an update. I flashed with "Xiaomi EU MIUI11 11.0.2.0 Pie for Mi Pad 4 Plus.zip" and the rotation gets messed even if I backup and restore your persist partition. I have to install "xiaomi.eu_multi_MIPAD4_9.8.29_v10-8.1.zip" and then restore your persist partition and things work fine again so it appears either way the MiUI11 ROM is buggy. Good thing your persist works though.
Click to expand...
Click to collapse
Yes same problem... I don't know if the dev is going to fix it... Btw the persist is not mine, a guy on the miui11 thread posted it! [emoji1419][emoji1419][emoji1419]
Enviado desde mi Mi 9T Pro mediante Tapatalk
Hi
Hi, i need backup EFS mi pad 4 plus e mi pad 4, please. thank you
After I installed a rom, the tablet had a problem rotating, then followed a tutorial that moved the files in this folder. After that the rotation was even better, but the WIFI network goes down all the time, I've tested other devices that I have here and they don't fall, only in my two mi pad 4 and mi pad 4 plus in which I did these procedures. Help me please. If I reset the original files, is everything back to normal? I can not take it anymore.
motes said:
I restored this backup of Persist in twrp and fixed my problems with acelerometer you can try maybe works for you too[emoji1419]
https://mega.nz/#F!UMsDgQaK!reujB4FPcVzvFnrVF53VIw
P. D. Its not for flash! Decompress and restore it via Twrp backup restore!
Enviado desde mi Mi 9T Pro mediante Tapatalk
Click to expand...
Click to collapse
This link is not working. I need this file. Somebody help me!
I need persist backup file for mi pad 4. This link above is not working. Somebody help me please!
Are there any tools / is it possible to download partitions (img files) from a Qualcomm device using emergency download mode? Simply boot_a / boot_b as I assume user will be encrypted.
I know there is QPST, but from hours of trying and what I have read, it seems to only support older MSM devices not newer Snapdragon? Am I wrong?
Well, if you have the firehose file for that particular soc and the rawprogram0.xml, you can. Usually the firehose file get leaked after the phone is released.
What model are you trying to work on?
HTC U19e
Snapdragon 710
outrage_uk said:
HTC U19e
Snapdragon 710
Click to expand...
Click to collapse
I found a link to a list of programmers. If you see your phone here, which I didn't (but try ctrl-f the processor, that should be in the filename, it's a good bet you'll be able to find it. As far as I know, my phone's MSM8998 does not have a leaked programmer. It's not as universally applicable as a lot of guides make it seem. If you do have the programmer and correct patches, they allow arbitrary read/write to a phone in edl mode. It's a major security backdoor, but very useful for users like us too. However, neither users like us, nor malicious agents are thought very highly of by American phone manufacturers.
Here's how to access partitions without rawprogram0.xml or patch0.xml
Hi,
If you have the correct prog_emmc_firehose_xxxx.mbn file for your QualComm SoC, you can extract the partition table and all partitions without having access to any rawprogram0.xml or patch0.xml.
The basics are in the excellent guide at https://forum.xda-developers.com/android/general/guide-how-to-dump-write-storage-t3949588
Summary:
- trigger EDL mode, which you have if your phone shows up as USB vendor 05c6, product 9008. Make sure you have "Qualcomm HS-USB QDLoader 9008" as the active driver, giving you a virtual COM port.
- use QFIL to load the prog_emmc_firehose_xxx.mbn file - chose Flat Build
- use QPST's fh_loader.exe to talk to the firehose to read or write the emmc at arbitrary sector offsets
With all that working, you can start by reading the GPT partition table, 34 sectors starting from sector 0:
"C:\Program Files (x86)\Qualcomm\QPST\bin\fh_loader.exe" --port=\\.\COM8 --search_path=C:\my\extract\path --convertprogram2read --sendimage=gpt.bin --start_sector=0 --lun=0 --num_sectors=34 --noprompt --showpercentagecomplete --zlpawarehost=1 --memoryname=emmc
Replace COM8 with whatever COM port that Qualcomm HS-USB driver providers according to Windows Device Manager, and ensure that whatever you choose as C:\my\extract\path exists.
When the tool is done, you'll have a C:\my\extract\path\gpt.bin that you can examine to get the sector offsets and counts for each of your partitions. I used Linux' gdisk for that:
$ gdisk -l gpt.bin
...
Number Start (sector) End (sector) Size Code Name
1 131072 294911 80.0 MiB 0700 modem
2 294912 296959 1024.0 KiB FFFF bluetooth
3 296960 297215 128.0 KiB A01E pmic
4 297216 297471 128.0 KiB A01E pmicbak
5 297472 297473 1024 bytes A040 limits
6 297474 299521 1024.0 KiB A01A DDR
7 299522 299777 128.0 KiB A01D sec
8 393216 393727 256.0 KiB A022 apdp
9 393728 394239 256.0 KiB A023 msadp
10 394240 394241 1024 bytes A024 dpo
11 524288 527359 1.5 MiB A02A fsg
12 655360 655361 1024 bytes A029 fsc
13 655362 655377 8.0 KiB A02C ssd
14 655378 658449 1.5 MiB A027 modemst1
15 658450 661521 1.5 MiB A028 modemst2
16 661522 663569 1024.0 KiB A012 sbl1
17 663570 665617 1024.0 KiB A012 sbl1bak
18 665618 665809 96.0 KiB A019 sdi
19 665810 667857 1024.0 KiB A016 tz
20 667858 669905 1024.0 KiB A016 tzbak
21 669906 670905 500.0 KiB A018 rpm
22 670906 671905 500.0 KiB A018 rpmbak
23 671906 672929 512.0 KiB A017 hyp
24 672930 673953 512.0 KiB A017 hypbak
25 673954 740801 32.6 MiB FFFF splash
26 786432 796671 5.0 MiB A015 aboot
27 796672 806911 5.0 MiB A015 abootbak
28 806912 937983 64.0 MiB A036 boot
29 937984 1069055 64.0 MiB A025 recovery
30 1069056 7360511 3.0 GiB A038 system
31 7471104 10616831 1.5 GiB A039 cache
32 10616832 10682367 32.0 MiB A026 persist
33 10682368 10684415 1024.0 KiB A01F misc
34 10684416 10685439 512.0 KiB A02D keystore
35 10747904 10747905 1024 bytes A021 devinfo
36 10878976 10879999 512.0 KiB FFFF config
37 10880000 61071326 23.9 GiB A03A userdata
From there, you have enough information to back up each of your partitions, write a custom recovery, etcetera.
In my case, a Gigaset ME, both the system and userdata partitions were normal, unencrypted ext4 partitions with ample opportunities for forensics and data recovery.
Needless to say, there was no need to unlock bootloaders, install custom recovery, root the phone, or whatever.
I bricked my phone (XT2041-1 "sofiar") by flashing an unnoficial build of TWRP 3.5.0 downloaded from a Telegram channel by doing:
$ fastboot flash recovery_a twrp-3.5.0-0-rav-sofia.img
$ fastboot flash recovery_b twrp-3.5.0-0-rav-sofia.img
$ fastboot reboot recovery
Since then, my phone is hard bricked - won't boot, recognized on Linux in EDL Mode only (i.e. ID 05c6:9008).
I got the latest official stock firmware, named SOFIAR_RETAIL_11_RPES31.Q4U-47-35-12_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip, from lolinet, and in its contents there's boot.img and recovery.img (among others).
I have qdl on my Arch Linux, and am wondering whether I can use it to flash the stock recovery image back to both slots and get my phone booting again.
How should I approach it?
P.s. I also got a blankflash from https://forum.xda-developers.com/t/...equest-solicitud-blankflash-g8-power.4431193/ that is supposed to get the phone working again, but am unsure whether using it will cause loss of data.
I absolutely cannot lose any data from internal storage.
Any help appreciated. Thanks in advance.
Ok, now we're rolling...
First things first. Motorola sucks because they only give you restricted Firehose loaders.
That means of the 70-odd partitions that you have you can only read/write about 1/3 of them using EDL.
If you post your Firehose loader I can tell you which ones you can read/write.
Second, are you sure that the only damage you did was by writing recovery_a and recovery_b?
And you're on Linux, *sad face*.
I was disassembling the Motorola Firehose for my Moto G (2021) and I discovered that they have more reboot options than stock.
There's reset-to-edl and reset-to-fastboot.
I've added those options to my edl.exe (in the sig) this morning. You need to download the very latest.
What may have happened is that you wrote a bad recovery which may have set the boot option in the BCB or misc.
Since the recovery is good enough to be recognized as an image but not good enough to reset this boot option you're stuck.
Your first recourse is flashing a proper recovery.
I'm not sure whether "blank flash" tries to wipe everything. In any case I wouldn't risk it.
Your first try should be to fix the broken things, not everything.
Yes, any edl client that supports ad-hoc xml should be able to get you to fastboot but I'll only answer for my code.
I've tested it.
Code:
C:\>edl /lwhatever.bin
C:\>edl /zf
C:\>fastboot flash recovery_a good_recovery.img
C:\>fastboot flash recovery_b good_recovery.img
C:\>fastboot reboot
I admit to not properly understand what a firehose loader is. :x
Second, are you sure that the only damage you did was by writing recovery_a and recovery_b?
Click to expand...
Click to collapse
Yes, 100%.
So, for now, I should try booting Windows, installing the 9008 driver and following your instructions... Will let you know how it goes.
Thanks a lot.
marc.2377 said:
I admit to not properly understand what a firehose loader is. :x
Click to expand...
Click to collapse
A Firehose loader is a replacement xbl/sbl secondary loader that has special sauce added to it to make it interactive.
It is not to be confused with a Windows driver (which, in this case is Zadig, as per the instructions on my web page).
In this case, your Firehose loader is packed in singleimage.bin in the RPE here: https://mirrors.lolinet.com/firmware/motorola/sofiar/blankflash/
I extracted it for you. I renamed it sofiar.bin
The extension name does not matter.
Code:
C:\>edl /lsofiar.bin
That's slash-ell-sofiar.bin
Edit: And yes, your Firehose loader has the reset-to-fastboot.
Right, thanks for the explanation. I figured that was programmer.elf from my files.
Ok, I got as far as:
> edl /l
Found EDL 9008
Serial: 69cccc95
HWID: 0010a0e102e80000, QC: 0010a0e1, OEM: 02e8, Model: 0000
Hash: 974359c4290cac7f-9f0dc9a802815b5e-2b376b7a7c1be92c-1e816b5287f18610
> edl /lsofiar.bin
Found EDL 9008
Resetting Sahara
Serial: 69cccc95
HWID: 0010a0e102e80000, QC: 0010a0e1, OEM: 02e8, Model: 0000
Hash: 974359c4290cac7f-9f0dc9a802815b5e-2b376b7a7c1be92c-1e816b5287f18610
Sending sofiar.bin 100% Ok
Waiting for Firehose... Ok
> edl.exe /zf
Found EDL 9008
Requesting reset to fastboot... Ok
But it doesn't boot to fastboot.
It seems to me that your tool, edl could be used to write the recovery partition directly, no?
I tried this:
> edl /w /precovery_a recovery.img
Found EDL 9008
Configuring... Ok
Requesting GPT 0 header... Ok, receiving... Ok, requesting entries... Ok, receiving... Ok
Requesting write recovery.img...
<log value="ERROR: range restricted: lun=0, start_sector=1591552, num_sectors=131072" />
Nope
P.s. curiously, the file I downloaded from https://raw.githubusercontent.com/b...a/0010a0e102e80000_974359c4290cac7f_fhprg.bin wasn't accepted as a valid firehose loader file.
Edit: nevermind. Had to restart the phone.
I believe that's an older loader, anyway.
How shall I proceed?
marc.2377 said:
But it doesn't boot to fastboot.
Click to expand...
Click to collapse
Hmm, the screen stays black?
Is it still in EDL mode or some other mode?
Does Windows "bong" when you pull the USB cable?
It's possible that this goes to a fastboot without a screen?
Try holding various buttons, both by long power button reset and /zf
marc.2377 said:
It seems to me that your tool, edl could be used to write the recovery partition directly, no?
Click to expand...
Click to collapse
Yes, it could if Motorola wasn't such a pain with the "range restricted".
They've really clamped down (that other file you mentioned is the same):
Code:
qcomview /r sofiar.bin
Addr LUN Start Count
------ --- -------- --------
007f10 0 0 256
007f28 0 256 78336
007f40 0 1609948 512
007f58 0 1610496 512
007f70 1 1 1
You can do this to see which partitions this means:
Code:
C:\>edl /lsofiar.bin
C:\>edl /g
I have a feeling that the Motorola "Blankflash" stuff writes something to those 3 areas that allow it to write everything.
But it probably wipes the userdata.
I'm not an expert on their tools.
Tell me what the GPT says (you only need to quote stuff in the area of that table).
Edit: It looks like in the multi GB zip there are two "instruction" files, flashfile.xml and servicefile.xml
They are mostly the same except that flashfile will wipe userdata!
Curious. The partition table is as follows:
Code:
Found EDL 9008
Configuring... Ok
Requesting GPT 0 header... Ok, receiving... Ok, requesting entries... Ok, receiving... Ok
# Name Start Count Type
-- ---------------- ---------- ---------- --------------------
1 xbl_a 256 9216 Inactive
2 xbl_b 9472 9216 Bootloader
3 tz_a 18688 8192 Inactive
4 tz_b 26880 8192 TrustZone
5 rpm_a 35072 1024 Inactive
6 rpm_b 36096 1024 Resource/power mgmt
7 hyp_a 37120 1024 Inactive
8 hyp_b 38144 1024 Hypervisor
9 devcfg_a 39168 256 Inactive
10 devcfg_b 39424 256 Device config
11 xbl_config_a 39680 256 Inactive
12 xbl_config_b 39936 256 Boot config
13 abl_a 40192 2048 Inactive
14 abl_b 42240 2048 Android bootloader
15 uefisecapp_a 44288 4096 Inactive
16 uefisecapp_b 48384 4096 be8a7e08
17 qupfw_a 52480 160 Inactive
18 qupfw_b 52736 160 QUP firmware
19 cmnlib_a 52992 1024 Inactive
20 cmnlib64_a 54016 1024 Inactive
21 cmnlib_b 55040 1024 Common lib
22 cmnlib64_b 56064 1024 Common lib64
23 keymaster_a 57088 1024 Inactive
24 keymaster_b 58112 1024 Key master
25 storsec_a 59136 256 Inactive
26 storsec_b 59392 256 Store secure
27 spunvm 59648 16384 Spun VM
28 uefivarstore 76032 1024 165bd6bc
29 multiimgoem_a 77056 64 Inactive
30 multiimgoem_b 77120 64 e126a436
31 multiimgqti_a 77184 64 Inactive
32 multiimgqti_b 77248 64 846c6f05
33 prov_a 77312 512 Inactive
34 prov_b 77824 512 d05e0fc0
35 modem_a 78336 368640 Inactive
36 modem_b 446976 368640 FAT32
37 fsc 815616 256 FSC
38 ssd 815872 16 Secure SW download
39 dsp_a 816128 65536 Inactive
40 dsp_b 881664 65536 DSP
41 ddr 947200 2048 DDR
42 utags 949248 1024 1dd40d18
43 utagsBackup 950272 1024 c490f39c
44 modemst1 951296 8192 Modem ST1
45 modemst2 959488 8192 Modem ST2
46 fsg_a 967680 49152 Inactive
47 fsg_b 1016832 49152 Modem storage
48 persist 1065984 65536 Persist
49 prodpersist 1131520 16384 Persist
50 frp 1147904 1024 FRP
51 cid 1148928 256 459abd04
52 carrier 1149184 32768 c63d32d8
53 metadata 1181952 32768 988a98c9
54 kpan 1214720 16384 56465e10
55 boot_a 1231104 131072 Inactive
56 boot_b 1362176 131072 Boot
57 dtbo_a 1493248 49152 Inactive
58 dtbo_b 1542400 49152 DTBO
59 recovery_a 1591552 131072 Inactive
60 recovery_b 1722624 131072 Recovery
61 misc 1853696 2048 Misc
62 logfs 1855744 16384 Log FS
63 apdp 1872128 512 APDP
64 msadp 1872640 512 MSADP
65 dpo 1873152 2 DPO
66 devinfo 1873160 8 Device info
67 bluetooth_a 1873168 9216 Inactive
68 bluetooth_b 1882384 9216 Bluetooth
69 logo_a 1891600 66848 Inactive
70 logo_b 1958448 66848 Splash
71 vbmeta_a 2025296 128 Inactive
72 vbmeta_b 2025424 128 Verified Boot meta
73 padA 2025552 6064 Empty
74 hw 2031616 16384 b2d77ec0
75 padB 2048000 16384 Empty
76 sp 2064384 16384 40aef62a
77 padC 2080768 16384 Empty
78 padD 2097152 32768 Empty
79 super 2129920 16973824 System
80 userdata 19103744 103038943 User data
Doesn't seem to match the output of qcomview.
Also, the file 0010a0e102e80000_974359c4290cac7f_fhprg.bin lists the following codenames:
Code:
QCA6390
QCS605
SA8150
SDA670
SDA845
SDA855
SDA855A
SDA865
SDC830
SDM450
SDM670
SDM830
SDM845
SDM855
SDM855A
SDM1000
SDX24
SDX24M
SDX55
SM6150
SM6150P
SM7150
SM7150P
SM_NICOBAR
While programmer.elf (same as sofiar.bin that you uploaded) lists, additionally, QCM_NICOBAR and QCS_NICOBAR.
I wonder whether this is actually the correct file for me...
Btw, before attempting any further writing strategies, I confess to being interested in pulling userdata. As I understand the real decryption key is stored in the TEE functionality of the chipset and such an image would be unreadable for me, except if I were to restore it later.
With your tool I got the "range restricted" for edl /r /puserdata parts\userdata.img /t too.
Code:
Addr LUN Start Count
------ --- -------- --------
007f10 0 0 256 - GPT
007f28 0 256 78336 - xbl_a to prov_b
007f40 0 1609948 512 - ??? random spot in recovery_a
007f58 0 1610496 512 - ??? random spot in recovery_a
007f70 1 1 1
So, basically, you have free read/write access to partions 1 to 34
Reading is always safe.
Also, you're on the B slot.
So why does reboot to fastboot fail?
It could be that it was never implemented correctly in this Firehose
It could be that this Firehose is not for your device
It could be that xbl and/or abl was damaged somehow
I'd do some checking, xbl_b and abl_b to start with.
Read 'em then compare them to the xbl and abl you have in your big packages.
Code:
C:\>edl /lsofiar.bin
C:\>edl /r /t /pxbl_b xblb.img
C:\>edl /r /t /pabl_b ablb.img
The /t will copy these ELF files only as big as they need to be (not all the blank space).
OTOH, they will enlarge to an exact number of 512 byte sector.
So they could be 511 bytes bigger than what comes out of that package.
If things are wacky, try without /t, but they'll be padded with all the zeroes in the partition.
If those files aren't in the big package, here's ones I extracted from the blankflash.
Check 'em all.
Also, it's possible that somehow the slots got switched.
While you're at it, look at xbl_a and abl_a also.
Hey, thanks for the continued efforts to help me. Sorry for absence for the past days, real life caugh in ^^
I'm glad to report that, amidst some binary checking and all that, I managed to resuscitate my phone using the blankflash strategy, after carefully revising it.
Strangely, it seems that TWRP got installed in the boot partition, such as that "normal boot" kept entering TWRP, despite I having flashed the stock recovery images to both recovery slots. I'll detail this all later.
At this point my phone is on and I backed up what I needed, and have been using it. A few strange glitches are present, i.e. battery charging is acting weird. I plan on doing a clean flashing of the stock ROM soon. Maybe I should take the opportunity to study how to make a fully working port of the latest LineageOS for this device, too.
Will get back within a few days with a detailed report of the endeavour
marc.2377 said:
Will get back within a few days with a detailed report of the endeavour
Click to expand...
Click to collapse
I'm looking forward to hearing how you got EDL mode working.
I bricked XT2041-3 Sofiar (downgrade to A10) and am stuck trying the phone to succeed at qboot blank-flash, but it hangs (on linux):
Code:
< waiting for device >
Motorola qboot utility version 3.86
[ 0.000] Opening device: /dev/ttyUSB0
[ 0.000] Detecting device
[ 0.002] ...cpu.id = 266 (0x10a)
[ 0.002] ...cpu.sn = 3773339940 (0xe0e89924)
[ 0.002] Opening singleimage
[ 0.002] Loading package
[ 0.004] ...filename = pkg.xml
[ 0.005] Loading programmer
[ 0.005] ...filename = programmer.elf
[ 0.005] Sending programmer
[ 0.178] Handling things over to programmer
[ 0.178] Identifying CPU version
[ 0.178] Waiting for firehose to get ready
With --debug=2 there can be seen some parsing errors in xmls being passed for about 13 more seconds. On Windows VM phone is recognized as a single QDLoader 9008 device, but qboot fails after half a minute with IO Errors. Is this even EDL mode?
A tried without luck Renate's edl tool. edl.exe /lsingleimage.bin:
Code:
Found EDL 9008
Could not open device
I was growing increasingly desperate, so I opened the phone and played with EDL points according to
MatiasLopezxD. No combination of vol-, power, shorting points, plugging usb seem to make a difference. I must be missing something simple.
Any help would be appreciated.
@ybea: Quick answer for now - I got into EDL mode by holding down VolDown+Power for about 8-10 seconds. Let me know if it works for you. What's your output for lsusb?
Same as yours - ID 05c6:9008 (Qualcomm, Inc. Gobi Wireless Modem (QDL mode)). It reconnects after pressing power for 9 seconds (with or without vol-), nothing new.
Try restarting it into EDL mode while it's plugged. I found that to be necessary sometimes.
Edit: Btw, I don't remember why exactly, but I only had success running the blankflash from Windows. Linux didn't do the magic, nor a Windows VM with USB redirection...
marc.2377 said:
Edit: Btw, I don't remember why exactly, but I only had success running the blankflash from Windows. Linux didn't do the magic, nor a Windows VM with USB redirection...
Click to expand...
Click to collapse
That was it! I didn't event try it on the metal, because Motorola driver installer and uninstaller crash for me for some reason. Should be straightforward from now.
Thank you so much. You saved the day.
ybea said:
A tried without luck Renate's edl tool. edl.exe /lsingleimage.bin
Click to expand...
Click to collapse
Sorry. edl.exe uses the generic Zadig (i.e. WinUsb) driver).
If you have the Qualcomm driver loaded it's stealing the poor WinUsb interface and forcing it into some bogus virtual com port.
Also, singleimage is Motorola's completely morally bankrupt idea of packing stuff in a file.
It is not a Firehose loader, although it contains one.
Add to all your miseries, Motorola is crap and releases only restricted Firehose loaders.
If you're still stuck, ship me the "single-and-totally-bogus.bin" and I'll extract the Firehose loader for you.
Better poke me or I won't see it.
No longer stuck. The problem for me was neither VM USB passthrough nor blankflash tools for linux did work, although both showed proper EDL mode. It seems it only works on native Windows. Thanks for your interest.