hey guys i need ur help.i just flashed new firmware android marshmallow 6.0.1 on my D6502 and there was a file called simlock.ta and it just bricked my phone.
1.my phone is working fine but no simcard is valid and my network is completely bricked,
from menu services
bootloader status:unknown
hwconfig:unknown
2.simlock.ta file inside the firmware that i flashed :silly::silly:
Code:
// [SIMLOCK S1]
02
000007DA 0141 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 4D 4F 50
5F 49 44 3D 22 38 35 38 37 22 3B 4F 50 5F 4E 41
4D 45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 20 4D
41 41 22 3B 43 44 41 5F 4E 52 3D 22 31 32 39 31
2D 34 36 37 35 22 3B 52 4F 4F 54 49 4E 47 5F 41
4C 4C 4F 57 45 44 3D 22 31 22 3B 00 00 00 09 00
07 30 30 31 30 31 2D 2A 00 00 00 00 00 00 00 00
00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00
00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
3.please avoid telling repeated answers i know all of them .i flashed any firmware from other region but not fixed.i flashed other simlock.ta file from other firmwares but i couldnt find the right simlock.ta and i wanna know what is the correct simlock.ta for my device cause this file inside android 6.0.1 completely reset my network and bootloader status.
4.i was in bootloader unlocked phone but now i cant unlock or relock it when i try to unlock or relock in flashtool or command prompt it says this command is not allowed
5.i can go to flash mode via volume- and power button but my fast boot (volume+ and power button) is not allowed.fastboot damaged and i cant flash any kernel via fastboot or use a recovery mode.
adb mode is not accessible cause no fast boot for my phone.i cant get adb shell from my phone so restoring ta backup is not allowed however i dont have any backup from ta partition.
6.the only solution left that i think it works and that was working for older devices is flashing a simlock.ta on sonyerricson arc,arc s,x10,neo, xperia play or older devices there was a unbrick simlock.ta called "TA brick fix" that we can fix this by flashing but on z2 its not working.please gimme any simlock.ta file that u think it is working for d6502 or tell me a working guide line to fix this issue.
7.i contact my support area but they told me i have to change my main board cause they cant fix it.i know guys there is only problem with simlock.ta only this file damaged my phone and i wanna make the own working simlock.ta back.
8.i am a developer and i know enough about coding and hex editing if u have a deep idea about how simlock.ta hex file works tell me to test it.i dont know what is the right algorithm for simlock.ta on Z2
9.please if u have D6502(L50w)/D6503 Z2 backup ur .ta partition and send it here ill check for solution (Im aware that flashing any other .ta partition from another device can lead me to hard brick,i only want to analyse .ta partitions to find a solution).
.ta partition backup guidehttp://forum.xda-developers.com/showthread.php?t=2292598 :highfive::highfive::fingers-crossed::good:
maybe i can help
i have Z2 D6502 too
Before i Unlock the bootloader,i backed up ta partition
my backup maybe can help you
@untraceablezing
One thing I want to know for sure, which ROM did you flashed as mentioned in the first line? If it is a custom ROM, can you post the link to the relevant threads/posts?
Persiastar said:
i have Z2 D6502 too
Before i Unlock the bootloader,i backed up ta partition
my backup maybe can help you
Click to expand...
Click to collapse
Only thing that will do is turn your xperia device into a nice shiny permanent paperweight. Never ever use another device's ta keys once they are gone they are gone for good..
Sent from my Xperia XA using XDA Labs
hi i have same problem. do you find any solution?? please
iXaidyiu said:
@untraceablezing
One thing I want to know for sure, which ROM did you flashed as mentioned in the first line? If it is a custom ROM, can you post the link to the relevant threads/posts?
Click to expand...
Click to collapse
as you see . simlock.ta only on offcial firmware from sony . what i see here , maybe he flashed stock rom with simlock.ta actived . so his phone become no signal like locked phone... cant use his local SIM provider .
Hafyzy said:
as you see . simlock.ta only on offcial firmware from sony . what i see here , maybe he flashed stock rom with simlock.ta actived . so his phone become no signal like locked phone... cant use his local SIM provider .
Click to expand...
Click to collapse
exactly.when u go for a pro option in flashtool it gives u an option to write trim area which means u can flash any file with .ta extension.in older versions of flashtool even if u choose simlock.ta or other .ta files the flashtool automatically ignores the file and skip it but in new release of flashtool u r able to flash a file to trim area.so i flashed the simlock.ta without backing up my trim area and now there is a problem with any simcard in any location u use it.reflashing is not working.the only way is to hack into the trim area like 2011 series.i remember i could fix this error on xperia arc/arc s and... but in Z1 or Z2 new method of trim area comes out that i cant find any fix to that till now.i contact the sony developers but they said the only way is to change ur main board.so im still searching for a way to fix such problems to these phones.in Z1 phone u may lose ur camera too.so i go some hex learning for sony devices and maybe i could find the solution.ill post the solution if i get any...stay tuned:victory:
Still on progress...
Hafyzy said:
as you see . simlock.ta only on offcial firmware from sony . what i see here , maybe he flashed stock rom with simlock.ta actived . so his phone become no signal like locked phone... cant use his local SIM provider .
Click to expand...
Click to collapse
exactly.when u go for a pro option in flashtool it gives u an option to write trim area which means u can flash any file with .ta extension.in older versions of flashtool even if u choose simlock.ta or other .ta files the flashtool automatically ignores the file and skip it but in new release of flashtool u r able to flash a file to trim area.so i flashed the simlock.ta without backing up my trim area and now there is a problem with any simcard in any location u use it.reflashing is not working.the only way is to hack into the trim area like 2011 series.i remember i could fix this error on xperia arc/arc s and... but in Z1 or Z2 new method of trim area comes out that i cant find any fix to that till now.i contact the sony developers but they said the only way is to change ur main board.so im still searching for a way to fix such problems to these phones.in Z1 phone u may lose ur camera too.so i go some hex learning for sony devices and maybe i could find the solution.ill post the solution if i get any...stay tuned:victory::victory:
Hey bro I also have the same problem.
Have you found any solution?
Related
THought i would upload it for the ppl who dont have access to qtek.se
http://rapidshare.com/files/27550822/895179-tytn_den_upgrade.zip.html
Tnx to Abubasim for heads up on this
can u upload this file again
Please, can you upload this rom again and pm me or just post it here bro? i needed badly as my herm200 is CID locked and flashed so now im stucked with DOPOD screen (never boots-just stays DOPOD) and bootloader Herm 200 IPL-1.00 Herm200 SPL 2.03. i need an original rom so i can bypass cid then hard SPL it.PLEASE
armendkasa said:
Please, can you upload this rom again and pm me or just post it here bro? i needed badly as my herm200 is CID locked and flashed so now im stucked with DOPOD screen (never boots-just stays DOPOD) and bootloader Herm 200 IPL-1.00 Herm200 SPL 2.03. i need an original rom so i can bypass cid then hard SPL it.PLEASE
Click to expand...
Click to collapse
go to here, maybe you can find it
THANK YOU
i really appreciate your effort uploading the ROM for me. i really do, but,trying to flash my bricked herm200 with this ROM it restarts on 1 %.
the way i bricked my phone was weird. i have a friend that offered to put some customization to my Hermes 200 and he tried to flash it by unlocking SIM only (maybe was afraid to CID unlock it). when i got the phone it had a "German like" language which i didn't understand so i thought WHY NOT. it asked my friend to press "YA" so he did (while SIM unlocking it). NOW-i know my Hermes 200 originally had danish ROM since i read allot to fix this problem i have and so i found out (by mtty and USB monitoring) that i have
00000000 48 54 43 53 48 00 45 00 52 00 4D 00 32 00 30 00 30 00 00 00 00 00 00 00 00 00 00 HTCSH.E.R.M.2.0.0..........
0000001B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
00000036 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
00000051 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
0000006C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
00000087 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
000000A2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
000000BD 00 00 00 00 00 00 00 51 54 45 4B 5F 46 30 38 00 00 00 00 00 00 00 00 00 00 00 00 .......QTEK_F08............
000000D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
000000F3 00 00 00 00 00 00 00 00 00 00 00 00 00 .............
Click to expand...
Click to collapse
QTEK_F08 CID LOCK. This is the only ROM on the table of ROM's at
http://forum.xda-developers.com/wiki/index.php?title=Hermes_Upgrades
that is actually CID Locked by
Danish QTEK_F08
Click to expand...
Click to collapse
Danish DOPOD ROM.
i tried ALL the tips, ALMOST (i say almost because i still have hope) ALL METHODS to unbrick my herm200. NOW since i know that the only way to unbrick my herm200 is to flash its own ROM originally sold with I HAVE HOPES.
if by any chance, you have a back up of this ROM (Danish with CID LOCK QTEK_F08) or ANYONE in this World i would be MORE THAN THANKFUL and will try to repay my dept to the one who finds the original ROM with CID QTEK_F08 Lock in any way possible.
THANK YOU in advance.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Edit-FIXED it!!!
Found a danish rom for dopod and it flashed it without a problem. I found a solution by finding the original rom using mtty tool and usb monitor to find out what CID is the phone locked in to and then flashed it with the original rom then super CID it and then happily flashed a sweet looking manila 2d rom.
THANK YOU EVERYONE on XDA WONDERFUL FAMILY. THANKS TO ALL OF YOU I MANAGED TO FIND A SOLUTION.
THANK YOU AGAIN.
Maybe someone was in his personal archive this file.
armendkasa said:
Edit-FIXED it!!!
Found a danish rom for dopod and it flashed it without a problem. I found a solution by finding the original rom using mtty tool and usb monitor to find out what CID is the phone locked in to and then flashed it with the original rom then super CID it and then happily flashed a sweet looking manila 2d rom.
THANK YOU EVERYONE on XDA WONDERFUL FAMILY. THANKS TO ALL OF YOU I MANAGED TO FIND A SOLUTION.
THANK YOU AGAIN.
Click to expand...
Click to collapse
Maybe someone was in his personal archive this file RUU_Hermes_QTEK_DAN_2.11.253.1_102_6275_1.38.00.10 _108_Ship
Put please to something. I would be very grateful to you. This is the only chance to save the brick.
Has anybody just worked on getting U-boot working on the Gen 8's without all the crap from Archos?
omappedia.org/wiki/Bootloader_Project
omappedia.org/wiki/Zoom_Flashing
And then just using Debian\Fedora or other ARM Linux distro working again without all the stinking .AOS, Archos permissions and signature checking?
Is there an in circuit flasher for the firmware flash for firmware development and recovery? Did they leave the JTAG pins accessible?
2ShedsJackson said:
Has anybody just worked on getting U-boot working on the Gen 8's without all the crap from Archos?
omappedia.org/wiki/Bootloader_Project
omappedia.org/wiki/Zoom_Flashing
And then just using Debian\Fedora or other ARM Linux distro working again without all the stinking .AOS, Archos permissions and signature checking?
Is there an in circuit flasher for the firmware flash for firmware development and recovery? Did they leave the JTAG pins accessible?
Click to expand...
Click to collapse
I don't think anybody's really bothered to. With the SDE, you can flash anything you want without any AOS or signature interference.
Archos gave us a developer boot loader, so why replace it? I know there are some benefits to custom ones, especially MagLDR, but you could just make a bootloader that runs through Developer mode anyways.
Ah, I must have been misinformed. Is there a working kernel config somehwere for the Gen 8 (omap3360) ?
2ShedsJackson said:
Ah, I must have been misinformed. Is there a working kernel config somehwere for the Gen 8 (omap3360) ?
Click to expand...
Click to collapse
Here's the kernel git repositories from Archos: http://gitorious.org/archos/archos-gpl-gen8-kernel
Here's the master repository: http://gitorious.org/archos/archos-gpl-gen8-kernel
There's also alot of google code pages and git repositories by independent devs. Google "gen8 git" and "gen8 google code" to find them.
By the way, why are you called Two Sheds when you only have one shed, Arthur?
Thanks! I noticed all the custom kernels in other posts. Not many post their configs.
I'll still need to look into u-boot for the gen8's since I'd like to be able to see all the source for the bootloader for security reasons.
2ShedsJackson said:
Thanks! I noticed all the custom kernels in other posts. Not many post their configs.
I'll still need to look into u-boot for the gen8's since I'd like to be able to see all the source for the bootloader for security reasons.
Click to expand...
Click to collapse
Technically, I think the source code for the Archos bootloader is buried in that repository I linked, if it helps.
msticninja said:
Technically, I think the source code for the Archos bootloader is buried in that repository I linked, if it helps.
Click to expand...
Click to collapse
I haven't found a bootloader in there yet.
My desire is to just replace what Archos used with u-boot
lists.denx.de/pipermail/u-boot/2010-June/073167.html
Plus have a resore util to resore the flash back to factory new.
Then you won't have to worry about the signature checking
forum.xda-developers.com/showthread.php?t=1018260&highlight=signature+check
The current firmware is a train wreck IMHO. Why does it have to be so clumsy to multiboot or install a new OS or UrukDroid?
2ShedsJackson said:
I haven't found a bootloader in there yet.
My desire is to just replace what Archos used with u-boot
lists.denx.de/pipermail/u-boot/2010-June/073167.html
Plus have a resore util to resore the flash back to factory new.
Then you won't have to worry about the signature checking
forum.xda-developers.com/showthread.php?t=1018260&highlight=signature+check
The current firmware is a train wreck IMHO. Why does it have to be so clumsy to multiboot or install a new OS or UrukDroid?
Click to expand...
Click to collapse
Well, that's Archos' style, and we don't have good enough android developers here to make the corrections.
The Recovery Menu in Urukdroid 1.1RC1 is pretty damn good, but it's obviously a second layer bootloader, and all the multi-boot OSes must use the same kernel. Backup/Restore has everything I need though.
"Archos gen8 boots using OMAP boot ROM from internal eMMC card. Primary bootloader ("boot0") is in 0x20000 bytes after the first sector of internal flash (i.e. at 0x200) and secondary bootloader is written into rawfs, /mnt/rawfs/avboot. boot0 contains image size and loading address in first 8 bytes."
Here's the thread on unlocking it:
http://forum.xda-developers.com/showthread.php?t=1018260&
msticninja said:
"Archos gen8 boots using OMAP boot ROM from internal eMMC card. Primary bootloader ("boot0") is in 0x20000 bytes after the first sector of internal flash (i.e. at 0x200) and secondary bootloader is written into rawfs, /mnt/rawfs/avboot. boot0 contains image size and loading address in first 8 bytes."
[/URL]
Click to expand...
Click to collapse
Anyone know what hardware/flash device they used for the internal eMMC?
I found this interesting as well:
omappedia.org/wiki/E-MMC_boot
You can boot omap3630 without x-loader
Step-1 : Copy the following settings(512+8 bytes) in front of u-boot.bin file;
This is the TOC settings for Clock and SDRAM. And say new file name as u-boot.bin.ift
A0 00 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 48 53 45 54 54 49 4E 47 53 00 00
F0 00 00 00 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 48 52 41 4D 00 00 00 00 00 00 00
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C1 C0 C0 C0 01 01 00 00 FD 01 00 05 40 00 00 00 03 00 00 00 02 00 00 00 0A 13 00 00 15 00 00 00
07 00 37 00 00 00 00 00 00 0C C8 08 11 00 00 00 00 00 00 00 0C B0 41 04 09 00 00 00 37 00 00 00
00 00 00 00 0C 2C 11 00 01 00 00 00 00 00 00 00 C2 C0 C0 C0 01 00 00 00 00 00 02 00 00 01 00 00
0A 00 00 00 00 00 00 00 85 00 00 00 03 00 00 00 99 80 58 03 32 00 00 00 00 00 00 00 C6 B4 E1 A2
1C 13 02 00 01 E6 05 00 03 00 00 00 99 80 58 03 32 00 00 00 00 00 00 00 C6 B4 E1 A2 1C 13 02 00
01 E6 05 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C0 D5 02 00 00 00 E8 80
----------- -----------
4-byte-size 4byteLoadAddr
====> Step-1 can be done automatically using the http://code.google.com/p/omap-u-boot-utils/ utility.
a. Download the code (git tree)
b. make
c. copy the u-boot.bin in same location.
d. ./gpsign -c configs/sample-3630.cfg -l 80000000 -f u-boot.bin
e. output file u-boot.bin.ift
Step-2: Copy the image(say, u-boot.bin.ift) in MMC/SD card
Step-3: Boot from MMC/SD card and follow the steps as below to flush image in eMMC
#mmcinit 0
#mmcinit 1
#fatload mmc 0 90000000 u-boot.bin.ift
#mmc write.i 1 90000000 0 ${filesize}
Step-4: Remove the MMC/SD card and reboot the system.
[Change the dipswitch settings for SDP only for eMMC boot.]
Too much info there for me to absorb. But the UART pins were just posted on openaos if you want to get serial access. I know it can access the upstream kernel, not sure what else.
http://www.openaos.org/archives/692
Yes. We've been using the serial debug using a FTDI 3V serial to USB adapter. The firmware actually outputs to serial from pretty early on. I just need to be able to recover the flash via jtag or other method in-circuit flasher etc
http://wiki.meego.com/ARM/N900/Install/U-Boot_from_scratch
The Nokia N900 uses a similar OMAP 3430 ARM Cortex A8 to the Gen8 omap3630.
Once I get a working flash util (or find one) u-boot should come together pretty quickly. We just need a way to recover from broken firmware.
coreboot is also just coming up on ARM. So far it's working in qemu for the ARM versatile platform.
flashrom is also being ported to ARM.
So it's possible that we will have u-boot, coreboot and flashrom support soon.
This would be really cool!
2ShedsJackson said:
http://wiki.meego.com/ARM/N900/Install/U-Boot_from_scratch
The Nokia N900 uses a similar OMAP 3430 ARM Cortex A8 to the Gen8 omap3630.
Once I get a working flash util (or find one) u-boot should come together pretty quickly. We just need a way to recover from broken firmware.
coreboot is also just coming up on ARM. So far it's working in qemu for the ARM versatile platform.
flashrom is also being ported to ARM.
So it's possible that we will have u-boot, coreboot and flashrom support soon.
Click to expand...
Click to collapse
I have alot of experience with modules, kernel building, and scripting. And big gaps in my knowledge too. Especially in this low-level stuff you're working on. Even so, please let me know if there is a way I can help.
I'm working on getting kexec to work on the sde kernel. If I can get it working, I'm just going to try to chainload uboot. I feel that replacing the stock bootloader may not benefit the community, because they will brick their device if something goes wrong.
To recover from bad firmware, usb booting is close to working. https://github.com/swetland/omap4boot and https://patchwork.kernel.org/patch/10718/
https://www.droid-developers.org/wiki/Main_Page has lots of bootloader and recovery info for the omaps as well.
They also have a forum on XDA Motorola Droid and Milestone
http://forum.xda-developers.com/forumdisplay.php?f=667
brick recovery...
Any progress...
Just bought a bricked A101.
There's no response from the system anymore and no boot messages over UART. The eMMC structure seems completely borked
I guess i'll need some code to start the device from external sdcard and reflash the eMMC from scratch. At least that's the plan so far.
So i already did some investigations on the mainboard and it seems archos made a quite straight design for the A101. So it seems quite easy to tweak the hardware. I will open a new thread with my findings the next days.
Right now my starting point is the x-loader mainline repository.
Look here: http://gitorious.org/x-load-omap3/
I use the overo configuration as a base, because it's very similar to the things Archos put on the A101.
So any thoughts about it?
Anyone who started something related?
BTW, anyone who got dumps from boot0 and avboot of the gen8 devices?
Would be very helpful...
Best regards,
scholbert
Hi,
i know this is an old thread, but there's some news
So i thought it would be nice to leave a message here as well...
Made some progress on porting u-boot to Gen8, especially A101IT:
http://forum.xda-developers.com/showpost.php?p=23813784&postcount=117
Happy hacking
scholbert
Hello @ all xda-developers user & team
I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB
internal it should be 2.5 GB
is there a way to change the stor size like on the MTK6589??
i search for an easy way like the meteos-mtk6589-rom-edit app / tool
but nothing...
now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different...
thats how is looks like
000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00
000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00
000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00
000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA
if some one could help me I would be very happy
greetings TO
theoverfiend said:
Hello @ all xda-developers user & team
I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB
internal it should be 2.5 GB
is there a way to change the stor size like on the MTK6589??
i search for an easy way like the meteos-mtk6589-rom-edit app / tool
but nothing...
now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different...
thats how is looks like
000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00
000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00
000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00
000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA
if some one could help me I would be very happy
greetings TO
Click to expand...
Click to collapse
Hello. I have a THL W100S. The processor is also MTK6582. I made a stupidity, trying to make repartition with meteos-mtk6589 and now my phone is dead
I did not even install CWM
Now I do not know if I can revive it. I tried with SP Flash Tool, but no reaction... Is there any solution to solve this problem?
1. Do a full backup of the current firmware in recovery
2. Install the application, run (on request Root rights answer - YES \ grant)
3. Choose the size of data partition (2.5GB or 2.77GB)
4. Select in the program restarts in recovery
5. Do wipe data
6. Restoring the backup firmware
7. Boot the system
I set 2.77GB, can this be a problem, maybe it was better to choose 2.5GB? After point 5 phone has rebooted and then show only one. This - gifti.me/i/6ylSuEc.gif
theoverfiend said:
Hello @ all xda-developers user & team
I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB
internal it should be 2.5 GB
is there a way to change the stor size like on the MTK6589??
i search for an easy way like the meteos-mtk6589-rom-edit app / tool
but nothing...
now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different...
thats how is looks like
000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00
000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00
000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00
000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA
if some one could help me I would be very happy
greetings TO
Click to expand...
Click to collapse
I have the same problem. My phone is a W450 mtk6582.
Many thanks
My phone is an Star W450 to...
@hat3ck
my first try was the meteos-mtk6589 but i have a cwm installed.. ... and the phone didn't boot at least
I fix it by flash all options without preloader
and it's like it was
try to flash again.
greetz TO
theoverfiend said:
My phone is an Star W450 to...
@hat3ck
my first try was the meteos-mtk6589 but i have a cwm installed.. ... and the phone didn't boot at least
I fix it by flash all options without preloader
and it's like it was
try to flash again.
greetz TO
Click to expand...
Click to collapse
Thanks for reply! I tried flashing, but nothing, maybe I don't have the need drivers? Can you make a screenshot of window manage without conected phone? Or how I can verify if my laptop sees the phone...
@hat3ck
try this Tutorial 4 Driver install
(under the red ATTENTION text)
http://forum.xda-developers.com/showthread.php?t=2160490
p.s. whats your home country / language?
Greetz TO
theoverfiend said:
@hat3ck
try this Tutorial 4 Driver install
(under the red ATTENTION text)
http://forum.xda-developers.com/showthread.php?t=2160490
p.s. whats your home country / language?
Greetz TO
Click to expand...
Click to collapse
Thanks, I will try now. Language Romanian, but I can understand and Russian.
okay i dont understand Romanian and Russian. it's like for me. :laugh:
if you run Windows 8 it's a little bit tricky to install the drivers.
Instructions for Win8:
1) Windows Key + X -> Start command prompt (administrator).
2) C: \ Windows \ System32 \ shutdown.exe / r / o
3) Select Troubleshooting
4) Advanced Options
5) Start Settings
6) Restart
7)Disable Driver Signature Enforcement.
Greetz TO
theoverfiend said:
Hello @ all xda-developers user & team
I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB
internal it should be 2.5 GB
is there a way to change the stor size like on the MTK6589??
i search for an easy way like the meteos-mtk6589-rom-edit app / tool
but nothing...
now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different...
thats how is looks like
000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00
000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00
000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00
000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA
if some one could help me I would be very happy
greetings TO
Click to expand...
Click to collapse
Hi, you must modify EBR1 and EBR2 like this:
1. EBR1 from:
00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 20 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA
to
00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 50 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA
2. EBR2 from:
00 00 83 00 00 00 00 24 3A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
to
00 00 83 00 00 00 00 24 6A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
Flash the files with SPFlashTool. Please make a backup before!! If something go wrong just reflash old EBR1 and EBR2.
Thanks!
mircam said:
Hi, you must modify EBR1 and EBR2 like this:
1. EBR1 from:
00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 20 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA
to
00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 50 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA
2. EBR2 from:
00 00 83 00 00 00 00 24 3A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
to
00 00 83 00 00 00 00 24 6A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
Flash the files with SPFlashTool. Please make a backup before!! If something go wrong just reflash old EBR1 and EBR2.
Thanks!
Click to expand...
Click to collapse
so, is it successfull? can you report it and make a n00b tutorial here? thx a lot!
I have a Thl W100S but I can't root it a 100% ! Framaroot says success but after reboot no root access, other software don't root a 100% any suggestions guys? Its the 2nd day I have it latter I will try again, thanks in advance
Sent from my W100 using XDA Premium 4 mobile app
matrix0807 said:
so, is it successfull? can you report it and make a n00b tutorial here? thx a lot!
Click to expand...
Click to collapse
Hi
My ebr1 and ebr2 matches this. I will definintly try this and let you know the result.
My phone is Symphony W128.
Can u root symphony w128
Sent from my Symphony W128 using xda premium
can you post edited files?
Was repartitioning for MTK6582 successful?
Sent from my NOA H42 using Tapatalk
Sargos76 said:
I have a Thl W100S but I can't root it a 100% ! Framaroot says success but after reboot no root access, other software don't root a 100% any suggestions guys? Its the 2nd day I have it latter I will try again, thanks in advance
Sent from my W100 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Hi
try kingroot this version rooted my mtk6582
hey guys i need ur help.i just flashed new firmware android marshmallow 6.0.1 on my D6502 and there was a file called simlock.ta and it just bricked my phone.
1.my phone is working fine but no simcard is valid and my network is completely bricked,
from menu services
bootloader status:unknown
hwconfig:unknown
2.simlock.ta file inside the firmware that i flashed :silly::silly:
Code:
// [SIMLOCK S1]
02
000007DA 0141 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 4D 4F 50
5F 49 44 3D 22 38 35 38 37 22 3B 4F 50 5F 4E 41
4D 45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 20 4D
41 41 22 3B 43 44 41 5F 4E 52 3D 22 31 32 39 31
2D 34 36 37 35 22 3B 52 4F 4F 54 49 4E 47 5F 41
4C 4C 4F 57 45 44 3D 22 31 22 3B 00 00 00 09 00
07 30 30 31 30 31 2D 2A 00 00 00 00 00 00 00 00
00 00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00
00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
3.please avoid telling repeated answers i know all of them .i flashed any firmware from other region but not fixed.i flashed other simlock.ta file from other firmwares but i couldnt find the right simlock.ta and i wanna know what is the correct simlock.ta for my device cause this file inside android 6.0.1 completely reset my network and bootloader status.
4.i was in bootloader unlocked phone but now i cant unlock or relock it when i try to unlock or relock in flashtool or command prompt it says this command is not allowed
5.i can go to flash mode via volume- and power button but my fast boot (volume+ and power button) is not allowed.fastboot damaged and i cant flash any kernel via fastboot or use a recovery mode.
adb mode is not accessible cause no fast boot for my phone.i cant get adb shell from my phone so restoring ta backup is not allowed however i dont have any backup from ta partition.
6.the only solution left that i think it works and that was working for older devices is flashing a simlock.ta on sonyerricson arc,arc s,x10,neo, xperia play or older devices there was a unbrick simlock.ta called "TA brick fix" that we can fix this by flashing but on z2 its not working.please gimme any simlock.ta file that u think it is working for d6502 or tell me a working guide line to fix this issue.
7.i contact my support area but they told me i have to change my main board cause they cant fix it.i know guys there is only problem with simlock.ta only this file damaged my phone and i wanna make the own working simlock.ta back.
8.i am a developer and i know enough about coding and hex editing if u have a deep idea about how simlock.ta hex file works tell me to test it.i dont know what is the right algorithm for simlock.ta on Z2
9.please if u have D6502(L50w)/D6503 Z2 backup ur .ta partition and send it here ill check for solution (Im aware that flashing any other .ta partition from another device can lead me to hard brick,i only want to analyse .ta partitions to find a solution).
.ta partition backup guidehttp://forum.xda-developers.com/showthread.php?t=2292598 :highfive::highfive::fingers-crossed::good:
http://www.4shared.com/zip/aLCY46Xoce/TA-backup-20160423101131.html
Xperia Z2(D6502)
I have same problem with my Xperia U, i have flashed the simlock.ta, after that no network no simcard, bootloader unlock allowed : no
Can't boot to fastboot mode.
Do you find the way fix the problem mind to share with me?
riclim said:
I have same problem with my Xperia U, i have flashed the simlock.ta, after that no network no simcard, bootloader unlock allowed : no
Can't boot to fastboot mode.
Do you find the way fix the problem mind to share with me?
Click to expand...
Click to collapse
No,i contact the sony Co and they said the only way is changing the motherboard with a broken lcd or damaged phone.but still trying to find a way to hack into trim area like 2011 series mobiles
untraceablezing said:
No,i contact the sony Co and they said the only way is changing the motherboard with a broken lcd or damaged phone.but still trying to find a way to hack into trim area like 2011 series mobiles
Click to expand...
Click to collapse
I think this problem hard to hack and fix it, i found the answer is every phone have a unique simlock.ta code, if you didn't back up it, after flash the .ta file, the phone will half brick, don't know how to find back the phone .ta file code, every phone is different
Hi everybody!
Here is my situation:
I have a Xiaomi Redmi Note 4x, snapdragon, 16GB (no unlocked bootloader, no root).
Pictures from my DCMI folder were deleted accidentaly. I would really like to be able to recover them.
But I cannot use tools (PC, or android) to analyze partition for deleted files, unless my phone is root-ed.
And I cannot root the phone unless the bootloader is unlocked, and if I try unlocking the bootloader I lose all data from the phone.
I know some things about smartphones, and I have done some research on my own yesterday.
From what I understand my only option would be to low level backup the internal memory partitions (9GB are left available to the user from the total 16GB).
And then try to recover the pictures from the saved images.
To do that I have to enter EDL Mode using Test Point on the PCB board, then use tools like emmcdl.exe to save the phone partitions.
How can I do this in more detail?
Can anybody confirm that it is indeed possible, and also guide me what to do more precisely, so I can be sure I do not lose any data and still have a try to recover the lost pictures
Would the saved partitions be encrypted?
Backing up user data settings from the phone, using low level, would be very useful for me anyway. so I would be glad to be able to do it, even if I can't recover much of my lost files.
Thanks in advance.
Once data is deleted is impossible to recover on our side u need to send it to lab to recover ur data.. ?
In principle, it should be possible to read out the raw partition images in EDL mode. These guys have done something similar: https://alephsecurity.com/2018/01/22/qualcomm-edl-2/
You can even unlock the bootloader and keep your data, if the Redmi Note 4 still uses the same two bits in the devinfo partition to mark locked/unlocked state.
The big But is: Can you really restore deleted files from a raw ext4 partition, especially once other processes have written to the partition? Because that's what you get.
Please keep me updated what you did and what came out of it. I could not get Alephsecurity's tools to work, but that might be due to Windows driver issues.
The Redmi Note 4 (mido) and Redmi Note 3 (kenzo) still have the bits set at 0x10 and 0x18 in the devinfo partition after unlocking, as described in the alephsecurity blog post. The Redmi Note 5 (whyred) instead has a bit set at 0x90 in an otherwise conspiciously blank partition, so unlocking might work differently there.
Here are the officially unlocked devinfo parititons of a mido, a kenzo, and a whyred:
[email protected]:~/tmp devinfo$ hexdump -C devinfo-mido.img
00000000 41 4e 44 52 4f 49 44 2d 42 4f 4f 54 21 00 00 00 |ANDROID-BOOT!...|
00000010 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000e0 01 00 00 00 15 53 8a 17 83 99 ce 55 db a2 19 e5 |.....S.....U....|
...
[email protected]:~/tmp devinfo$ hexdump -C devinfo-kenzo.img
00000000 41 4e 44 52 4f 49 44 2d 42 4f 4f 54 21 00 00 00 |ANDROID-BOOT!...|
00000010 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000e0 01 00 00 00 02 00 00 00 57 18 b2 5e 67 10 48 a0 |........W..^g.H.|
...
[email protected]:~/tmp devinfo$ hexdump -C devinfo-whyred.img
00000000 41 4e 44 52 4f 49 44 2d 42 4f 4f 54 21 00 00 00 |ANDROID-BOOT!...|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000090 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00800000
I unlocked officially, installed TWRP/Lineage, booted TWRP, and then I saved the devinfo partition with "adb pull /dev/block/bootdevice/by-name/devinfo devinfo.img".
tijoro said:
The Redmi Note 4 (mido) and Redmi Note 3 (kenzo) still have the bits set at 0x10 and 0x18 in the devinfo partition after unlocking, as described in the alephsecurity blog post. The Redmi Note 5 (whyred) instead has a bit set at 0x90 in an otherwise conspiciously blank partition, so unlocking might work differently there.
Here are the officially unlocked devinfo parititons of a mido, a kenzo, and a whyred:
".
Click to expand...
Click to collapse
Thanks for your replies tijoro.
But I had to recover those files in a day or two, because I had to use my phone, and using it would mean overwriting that info, etc, so I ended up by not recovering them (I don't mind, they weren't that important in the end).
I understand I could have read my user partition in EDL mode, but it would most likely be encrypted data, and MIUI doesn't allow me to set a password (just unlock pattern), so I probably couldn't decrypt it and then try to recover my files.
I didn't check this thread until now since march. I also found that link you gave in your first post, by researching for "edl mode" and unlock
I guess soon I will try and unlock my bootloader with devinfo because unlocking officially would mean losing user data, and I cannot backup many applications user data with MIUI not being rooted.