Related
Welcome to my tutorial !
You can find others tutorials related to the Cube i6 :
Install windows 10
Install Android 4.4.4 (Stock & RemixOS)
I received the magnificent AllDoCube i6 Air 3G last week, and i've been struggling since to get updates,
firmware flashing and all of that working, I searched the whole web and the drivers/Firmwares are nowhere to find,
but on some chinese proxy-needed sites sometimes, or baidu which is a pain in the a** to download from.
So I decided to share the ways to update this tablet at all costs (heh, no worries, -NORMALLY- it wont brick)
Disclamer: This process might contain ROM hacking, this is for advanced users.
THIS TUTORIAL HAS BEEN TESTED ON i632GB1537XXXXXXX MODEL, AND WORKS ON IT,
WHEREAS IT HAS BEEN REPORTED THAT i632GB1522XXXXXXX MODEL BRICKED UPON DOING IT,
SO PLASE DO IT CAREFULLY, IF THE INSTALL VERSION IS 202 YOU SHOULD THINK ABOUT IT BEFORE TRIYING AS IT COULD BRICK!
Software included may be subject to copyright.
Flash your device at your own risk. Developer is not responsible for what you do on your device.
What you need:
Cube i6 Air (3G or Wifi)
Flash Drive (256Mo +)
OTG cable
USB Hub (3 Ports recommended)
EFI BIOS Firmware
DOWNLOAD THE FIRMWARE BEFORE STARTING SO EVERYTHING IS AVAILABLE WHEN YOU DO IT
https://drive.google.com/folderview?id=0B8YPw4HjmqNCZktOZy1OTEN2ZVE&usp=sharing
Get on the drive, go to your device folder, select the wanted version inside BIOS folder
What to do :
1.) Start by plugging the usb drive into your computer, and format it to FAT32 using any formatting tool
2.) Now you need to uncompress the downloaded firmware :
you will find a "Firmware_X.X.X" folder inside, take all of its content, and extract it to your freshly formatted drive.
here's what looks like the root of your usb:
3.) Your USB Drive is ready, now just plug the OTG cable to your tablet, plug your HUB onto that OTG
and fill it with your keyboard and the USB Drive just created.
4.) Press power button until you see the screen backlight, when you see it repeatidely smash "Esc" key on the connected keyboard.
You will see the bios 6 square configuration screen.
Hit "Boot Manager" and select your USB in the list.
5.) The tablet should now boot from your USB, booting to a UEFI Shell. Depending on your device, it might be either 64 or IA32.
Now you just let startup.nsh script do the firmware flashing init, it should drive you to a flashing BIOS screen.
6.) Follow instructions on screen and let the tool flash your BIOS automatically.
Once done, the tablet will shut down.
Congrats! You successfully updated your BIOS !
It is my first tutorial, i will post some photos of steps in the future so come back, the guide will be better soon !
Regards,
Max.
Hi,
I have bought the Cube i6 Air 3G a week ago and i'm still waiting for it to arrive.
Have you update the win 8.1 to win 10?
Does everything works correctly?
Regards
re
Hi, I successfully updated the BIOS as of now,
I changed the bootloader animation to nexus one on Cube ROM.
I also manager to boot on Android x86 but it had too many drivers issues.
Still, 4.4.4 stock cube is working and i reflashed to a new partition scheme of 9Go
and i'm currently testing some win10 pen drives for install, will keep you updated.
Édit: oh you were asking about thé tablet? Weil jack has default, charging takes hours, glass is plastic, firmware is pain but hell this is a goodamn good tablet for its price !
regards,
Max
stalker2106 said:
i'm currently testing some win10 pen drives for install, will keep you updated.
Click to expand...
Click to collapse
I achieved installing Win10 x32 Pro on Cube i6 Through hacking WinPE installation environnement, but now i'm struggling finding the drivers. touchscreen, battery and vital things like hd graphics are not working as of now. Will post a tutorial on how to install Win10 in given time when i'll get out of this mess!
My tablet has arrived yesterday.
From what the little i've used it, it has good performance especially in android.
A lot faster compared to my last android tablet (Cube U39GT).
Something i didn't like was the size of the icons and text in android, my next step is to root and change the dpi.
Regarding windows 10, i found in a chinese tablets blog with win 8 and 10 drivers.
I haven't tested it, but as soon as i find it again, i will let you know where to download them from.
You haven't tried the normal win 10 upgrade? From the microsoft icon?
gtbr said:
My tablet has arrived yesterday.
From what the little i've used it, it has good performance especially in android.
A lot faster compared to my last android tablet (Cube U39GT).
Something i didn't like was the size of the icons and text in android, my next step is to root and change the dpi.
Regarding windows 10, i found in a chinese tablets blog with win 8 and 10 drivers.
I haven't tested it, but as soon as i find it again, i will let you know where to download them from.
You haven't tried the normal win 10 upgrade? From the microsoft icon?
Click to expand...
Click to collapse
I did not try anything as i like "stock" versions of my windows, but tonight i got it working all the way !
My cube i6 is running perfectly windows 10 and oh my god what a paradise it is ! The tablet experience got way better onto that version.
Can you try to update from the icon you are talking about ? i'd be curious if it works. anyway, i'm currently writing+uploading for the win10
tutorial for this tablet, so you'll be able to flash it late tonight, or tomorrow.
EDIT: The dpi is correct in android, only the status bar icons and some other are not in correct dpi but that is KitKat issue I guess. still interested in resolving that though. I'm currently hacking android lollipop ROM also, i'll keep you tuned on that. For rooting, i used KingRoot, it worked, but after a reboot, it tells me "root" is wrecked, so i guess there is some investigation to do there, but I was mainly focused on getting windows 10 ENGLISH STOCK version running to share it with you guys.
EDIT2: Still uploading, but tutorial is here: http://forum.xda-developers.com/android/help/guide-how-to-install-windows-10-t3252042 and it should work on any Z37xx powered device. Enjoy !
Hello,
I'm using this tablet from 2 days now. great !
But, i got wifi problem after sleep : wifi chip cut and never found network anymore.
has to reboot, and all goes right.
same in win and android.
Did you hear about this ? many poeple complain about this.
Any trick or advice ? Is this bios correct this ? Is your bios work on i6 3g dual-boot ? (there is 2 bios for dual boot ?...)
Thanks !
Hi,
I've also have the same problem with the wifi.
I usualy disconnect the wifi and reconnect it, but sometimes it doesnt work and have to reboot the tablet.
I've not noticed it in windows but maybe it's because i'm using the tablet a lot more in android.
I've tryed to update to win 10 using the microsoft icon, but i got an error and was unable to complete the upgrade.
gtbr said:
Hi,
I've also have the same problem with the wifi.
I usualy disconnect the wifi and reconnect it, but sometimes it doesnt work and have to reboot the tablet.
I've not noticed it in windows but maybe it's because i'm using the tablet a lot more in android.
I've tryed to update to win 10 using the microsoft icon, but i got an error and was unable to complete the upgrade.
Click to expand...
Click to collapse
Hello, i have such a tablet for now about 6 Months and it is awesome so far (i often use win8.1).
My Tablet has also DUAL Boot with Android 4 and win 8.1 Bing.
I tried to upgrade to win10 but i also got a message that the partition can not be resized by windows. So i cant upgrade to win 10 with the normal tool from microsoft.
Is there any Solution yet to get this to work?
Anyway, i tried to boot from usb (win8.1 / ubuntu / gparted) but it is not working at all. When i try to boot true windows Advanced Boot Options, the BIOS says that there is no USB device.
When i use the EFI Shell to mount the USB Stick i can see that the BIOS has recognized the USB Stick.
I think that is all very strange, but i will try to update the BIOS soon. The serialnumber is not the same as from @stalker2106 but i will try it.
I hope there is a way to get win 10 working, but Ubuntu would be even better for performance.
Greetings from Germany.
tysonpower said:
Hello, i have such a tablet for now about 6 Months and it is awesome so far (i often use win8.1).
My Tablet has also DUAL Boot with Android 4 and win 8.1 Bing.
I tried to upgrade to win10 but i also got a message that the partition can not be resized by windows. So i cant upgrade to win 10 with the normal tool from microsoft.
Is there any Solution yet to get this to work?
Anyway, i tried to boot from usb (win8.1 / ubuntu / gparted) but it is not working at all. When i try to boot true windows Advanced Boot Options, the BIOS says that there is no USB device.
When i use the EFI Shell to mount the USB Stick i can see that the BIOS has recognized the USB Stick.
I think that is all very strange, but i will try to update the BIOS soon. The serialnumber is not the same as from @stalker2106 but i will try it.
I hope there is a way to get win 10 working, but Ubuntu would be even better for performance.
Greetings from Germany.
Click to expand...
Click to collapse
Check windows 10 Post, there is no need to update BIOS to fix this error, your USB has to be in GPT partition style, check answer on the other thread
But usually the bios update should work, as it did on my tablet. But why bother taking risk if you can get it working without it
Hi,
I have sucessfully updated to win10
I have bios 203 in my cube and serial i632gb1510xxxxxxxxxxx, does anybody have tried to update to 206 on such setup ?
What are the chances that I will brick my device ?
I have downloaded latest Cube i6 roms from cube site (may 2015) . There are two bios-es which have to be installed in chronological order.
Shall I do it first, and then try to update to 206 ?
Edit: I was not patient and tried it on my own.I have successfully updated bios and tablet has started to both android and windows
I will perform some functional tests afterwards.
Actual steps :
I have first downgraded bios to 201(provided here )
Flashed bios1 from link provided
Flashed bios2 from link provided
Flashed bios 206 from guide in first post
Edit2:
I have tested basic functionalities like : Gyro-sensors, WIFI, GPS, 3G network and yet everything works like charm.
Maybe a placebo, however I have the feel that android runs like two times faster
I do suggest to update the windows, however I take no responsibility if you will brick your device. Even if the setup is like mine, neither if it differs
Regards
Why do you first downgrade to 201?
What do you mean with bios1 and bios2?
Many thanks and question
Hello Stalker,
I am new here and i want to
thank you for the instructions!
I bought a cube i6 from china.
It is the 'i6 air remix',
So it should have only Android on it.
When it arrived. it didn't function.
The only think that happens is booting to theEFI-shell.
I could switch between Android and Windows in the boot settings.
But Android did not boot.
I have updated the bios with your instructions
now firmware 2.0.6 is installed.
But still i can not boot Android.
I found a few flash tools and android for the cube i6 .
But i don’t know what is the right version flash tool I have to use.
Maybe you have advise or the right android and flash tool in your google drive download area?
Kind regards and many thanks in advance.
jan-netherlands said:
Hello Stalker,
I am new here and i want to
thank you for the instructions!
I bought a cube i6 from china.
It is the 'i6 air remix',
So it should have only Android on it.
When it arrived. it didn't function.
The only think that happens is booting to theEFI-shell.
I could switch between Android and Windows in the boot settings.
But Android did not boot.
I have updated the bios with your instructions
now firmware 2.0.6 is installed.
But still i can not boot Android.
I found a few flash tools and android for the cube i6 .
But i don’t know what is the right version flash tool I have to use.
Maybe you have advise or the right android and flash tool in your google drive download area?
Kind regards and many thanks in advance.
Click to expand...
Click to collapse
The truth is, the 206 BIOS provided is hacked off i6 remix repository from cube, so i guess there is no big deal flashing it on your device as it works on regular i6.
Moreover, you can use any version of the flash tool as long as you flash a correct rom for your device, which i would suggest to download from official cube repository or geekbuying or so.
Android Geecbuying
Hello Stalker,
Ok. Thank you!
I will try Geecbuying.
Hopefully the windows drivers will function.
There isn't a way to flash from USB I suppose?
Greetings
Hi, well, actually, you should flash over USB with à windows computer. MFT by Intel is recommended. I shall make some tutorial about Android installation and partition resizing.
flash and resize partitions
That is super. When you want to do so.
I was indeed wondering or there would be one android partition on the tablet or two partitions (one for android, one for windows).
I also questioned myself how to see that there are partitions.
In earlier times when I was working with a pc, i use F-disk or partition-magic for this kind of work.
But on the tablet I do not have a clue...
So if you could make me wiser on this, I would be very thankful.
Maybe you could boot on some gparted liveusb? Or inside efi shell some commands could help
bluefish007 said:
Why do you first downgrade to 201?
What do you mean with bios1 and bios2?
Click to expand...
Click to collapse
no particular reason, I just wanted to know, which version of bios is in the latest firmware provided by geekbuying
Additional condition in my decision mechanism was that my serial did not match mentioned ones in w10 thread from stalker, so somehow I have used sleepy sloopy logic and tried to minimalize the risk (I know it have no rational reason and logic behind it at all)
Therefore, I tried the ones from geekbuying repository, to be sure to have latest provided from "official source".
greetings
thermoska said:
no particular reason, I just wanted to know, which version of bios is in the latest firmware provided by geekbuying
Additional condition in my decision mechanism was that my serial did not match mentioned ones in w10 thread from stalker, so somehow I have used sleepy sloopy logic and tried to minimalize the risk (I know it have no rational reason and logic behind it at all)
Therefore, I tried the ones from geekbuying repository, to be sure to have latest provided from "official source".
greetings
Click to expand...
Click to collapse
Ok thanks for the answer! So i can upgrade from 203 at 206 at one part or what do you think?
These tablets were sold with certain Vizio TVs in mid-2016 into 2017, primarily used for Smartcast to the TV.
They are now obsolete since Vizio released firmware for their TVs turning them into normal Smart TVs, requiring the owners of these TVs to get new remotes and the tablets stopped being useful for this function.
Here in 2019, one can buy these tablets, at the low price end, in working condition, for $25 (for the M series) to $40 (for the P series) shipped.
The specs are as follows:
XR6M10:
Snapdragon 410 1.2GHz quadcore APQ8016
2GB RAM
8GB Storage
1280x720 IPS display
802.11n, Bluetooth 4.0
2740mAh battery
MicroUSB for charging, Qi Charging built-in for bundled charge pad or any compatible charging solution
XR6P10:
Snapdragon 615 1.45GHz octocore APQ8039
2GB RAM
16GB Storage
1920x1080 IPS display
802.11n, Bluetooth 4.0
2740mAh battery
MicroUSB for charging, Qi Charging built-in for bundled charge pad or any compatible charging solution
Both tablets feature side-firing stereo speakers, a headphone jack, and NO cameras. The size of the tablet is comparable to the size of a Galaxy Note 9, give or take.
Both tablets came with Android 5.1.1, and OTA updates upgraded them to 6.0.1. There are ZERO available stock ROM files available for the tablets. I've tried sniffing the updater and they seem to go to a dead website.
The stock ROM is fairly clean, and only has the Vizio Smartcast app which needs disabling upon setting up. Aside from this, there is no other bloatware on the tablet to speak of after running a fine-tooth comb through the system apps. You get a clean and snappy tablet.
The problem:
There's no stock ROM file available, neither for Android 5.1.1 or for 6.0.1. Vizio does not have any sort of download for either on their site, nor did in the past. The updater checked a third-party website affiliated with Vizio to manage the tablet's updates, as it does with their TVs. Since the website is inert, it can be safely said that Vizio is no longer interested in their existence at all, especially since the warranty on every single one of these tablets is now up.
The tablet seems it can have the bootloader unlocked, the developer options has the toggle for that, but there's no way to get into fastboot. Holding VOL UP+DOWN+POWER at boot or sending the "adb reboot bootloader" command sends it into a "Qualcomm HS-USB QDLoader 9008" mode under USB. This, from what I understand, is behavior persistent with the locked bootloader, but I have no idea of how to get it out of this and just into fastboot. Stock recovery does not have a fastboot option either.
The desires list:
Have someone that knows the intricacies of the MSM8916 platform and the APQ8016/APQ8039 get their hands on these tablets
Get a ROM dump of both tablets in stock form so people with bricked tablets can flash them with it
Get Root (Patch level on the 6.0.1 stock ROM is from October 2016, shouldn't be hard)
Get the bootloader unlocked, somehow, and if not, figure a way to get something like Safestrap running on it if the out-of-the-box kernel allows for it
Custom ROMs? LineageOS would be sweet, especially with some of the tablet-specific fixes that have dropped in the past couple months overall.
so I ask: is there any interest in the freeing of these super cheap tablets? The price to spec ratio is not bad (once again, I got my 6M10 for $25 shipped, and the seller has like 7 more as of the time of this writing), and it doesn't seem like it would be all too hard to unlock the bootloader and get it rooted (at least, from my perspective, that of a novice in this specific hardware field). There are plenty of these in the wild in the hands of people that bought the TVs and plenty in the hands that bought them from ebay when the tablets became obsolete.
This link contains screenshots of CPU-Z and the About Tablet settings section from the tablet, uploaded to imgur. If anyone needs more information on this tablet that needs an app or adb command, I can make this happen.
Board Pic of the XR6M10, XR6P10 should be the same inside:
(click for larger image)
Update: I have temp root.
I have temp root!-the latest kingroot (NOT Kingoroot) APK seemed to have done the trick. I was able to fire up adaway and get the hosts file set up with adblocks to keep the thing safer.
The root is still temporary so it goes away after a reboot. The rooting process involves it doing the root process once, then rebooting, then failing, then you reboot once more, and then retry rooting from the app. From here, 80% of the time, it works and you're able to get temporary root for that boot session.
Once you're done with anything you need root for, you should reboot and then uninstall Kingroot, which you then need to deactivate the device administrator priveleges for, before it will allow you to cleanly uninstall it.
I also made a huge discovery that may turn out better for anyone that can help getting this thing properly rooted and the bootloader unlocked... it seems the file manager included in the stock ROM is v3.0.0 from Cyanogenmod 12.1.
This makes me think that the ROM creator either used that since it was opensource and readily available than come up with their own solution, or that this ROM has some cyanogenmod roots.
I also found this post from another Q&A thread in this section:
TheDrive said:
This device have made by Chinese/Indian company Borqs. The code name Bennu-M. Platform is Qualcomm APQ8016 (MSM8916 w/o modem). There should work standard method to bring EDL mode. Hold Vol+ and Vol- at power on (press power). Then connect to the PC. Thus device will stay look dead, however should be detected as Qualcomm QDLoader 9008 on the PC side. This is the factory described method.
You can flash factory firmware from this mode using external bootloader (programmer) for MSM8916 firehose protocol. This procedure is described in the thousands of manuals around the net. Qualcomm tools like QPST or QFIL can be used as good as many 3rd party utils to flash and manage any another available way. Many professional 'box' tools should support this device too but only as 'generic' msm8916 (if applicable).
However I can't find the firmware package for this device anywhere. You should ask and require the manufacturer/distributor to publish firmware, the source code and all the corresponding matherials to be able to flash and rebuild firmware from sources in any manner you want without any limitations as required by GNU/GPL free open source software licenses this firmware is obligated to.
Everyone who have the device working or software dead, can try to dump the current firmware and data, stored on the internal eMMC memory module in part(s) or in whole image using free QTools project utilities and suitable external bootloader with ability to dump eMMC, not only to flash as many factory supplied programmers do. There are programmer(s) for MSM8916 available in the project repo. Read and understand manuals carefully before trying anything!
There is definitely another ways to root, dump, flash, manage the device in any manner YOU WANT, not only the way you are "allowed" to use your own device by manufacturer/distributor. FTA!
You can root the device then dump all the multiple partition images manually (dd if=/dev/block/mmbblk0...... of=/sdcard/......) or using built custom recovery like CWM/TWRP for your device. Please note, kernel sources are important but not mandatory to build e.g. CWM. You can build one using CWM image from the similar device and the kernel (boot/recovery) image binaries from your device. There are good manuals and image repacking utils available around like e.g. AndImgTool.
There are the way to produce factory image from the eMMC/partitions dump(s). Use utils like R-Studio to dump particular partition images from the eMMC dump (it's like whole HDD or UFD image with all the sectors raw, one by one, w/o any modifications/compression/etc) Manuals / utils are avavailable to make e.g. sparse and xml scripts set which is flashable by the programmer in the EDL mode (i.e. from any damaged state, because EDL is built in to the PBL and masked to the internal CPU ROM, thus can not be damaged in any manner, except firing the CPU up).
You can also flash partition images from the more common Fastboot mode, unless eMMC GPT and bootloaders (SBL/RPM/TZ/ABoot) stay intact (logo showed). You can't dump from fastboot, which is common due to the (foolish) 'safety' requirements. It's security by obscurity and is definitely not for your favor, but for the corps control over you and force to send valuable private data to foreign clouds.
Please share eMMC full and/or partitions dumps using reliable 'neverending' file cloud/hosting since there is no factory firmware available yet (ever). I do not own this device and never seen being overseas, so I can't share.
Click to expand...
Click to collapse
This gives a little bit more information but seems to be more waffle than helpful. Still need someone, or some individuals, that can get one of these devices into their hands and work on a way to get the bootloader unlocked, the eMMC dumped, and ROMs going.
Update file?
I THINK I have the update file for 6.0.1. I did a packet sniff on a 5.1.1 tablet using a mitm packet sniffer and I ran the system updater, and was able to get this URL:
http://updatev.vo.llnwd.net/v1/idownload/64821.bin
The filesize is 570MB or so, and it looks like it might be the real deal. since it's a .bin file and 7zip can't read it, I won't be able to see what it really is without going over to the box that has a copy of universal extractor installed.
I'll be doing this momentarily and editing this post once I figure out what the contents are or if it's even readable to that extent. Knowing vizio, it could very well be encrypted and need decrypting by the updater application.
Update: it seems to be encrypted. oh joy.
Update 2: I got together with a friend on discord and we successfully decompiled the updater app to a point.
This MEGA link contains all the files thus far and a copy of the tablet's /system/framework folder for decompiling purposes.
However, it doesn't seem we're getting anywhere. the file is still encrypted and I still can't figure out what's needed to decrypt it. Hopefully someone with more knowledge on this can lend a hand.
Sudosftw said:
I THINK I have the update file for 6.0.1. I did a packet sniff on a 5.1.1 tablet using a mitm packet sniffer and I ran the system updater, and was able to get this URL:
http://updatev.vo.llnwd.net/v1/idownload/64821.bin
The filesize is 570MB or so, and it looks like it might be the real deal. since it's a .bin file and 7zip can't read it, I won't be able to see what it really is without going over to the box that has a copy of universal extractor installed.
I'll be doing this momentarily and editing this post once I figure out what the contents are or if it's even readable to that extent. Knowing vizio, it could very well be encrypted and need decrypting by the updater application.
Update: it seems to be encrypted. oh joy.
Update 2: I got together with a friend on discord and we successfully decompiled the updater app to a point.
This MEGA link contains all the files thus far and a copy of the tablet's /system/framework folder for decompiling purposes.
However, it doesn't seem we're getting anywhere. the file is still encrypted and I still can't figure out what's needed to decrypt it. Hopefully someone with more knowledge on this can lend a hand.
Click to expand...
Click to collapse
Just out of curiosity, with the temp root, have you tried using dd to get the recovery image off? If we can do that, we might be able to work on getting a custom recovery built.
Qiangong2 said:
Just out of curiosity, with the temp root, have you tried using dd to get the recovery image off? If we can do that, we might be able to work on getting a custom recovery built.
Click to expand...
Click to collapse
It's not possible to get a proper recovery image from within the system files so far as I know, but my take so far has been that there is no proper way to get that at this time without decrypting that file grabbed from the update server. I'd do it on a 5.x ROM since that will get me permaroot, but the issue is getting and keeping root on a 6.x ROM.
Although encrypted (so far as I can tell) the image linked above is the real deal, and I've given all I can to get it decrypted. A proper exploit to take care of this tablet's vulnerabilities and get temp root (on 6.x) that isn't kingo is what is really needed at this point so to not hinder going around the system with crudware and shady background apps, shouldn't be hard since the security patch level for the 6.x ROM is 2016-10-01.
Even if the ROM is extracted or a recovery image found, custom recovery won't be possible until the bootloader is unlocked, and this isn't doable until someone figures out how the qualcomm qdloader9008 stuff works with this specific tablet. Fastboot is unreachable and I'm almost sure I'm doing something wrong.
I'll get temp root and see about dd'ing stuff later on. What exactly would be needed for me to dd off? Whole disk and then go through it elsewhere? I could definitely see if rsync exists and dd over rsync to another box.
Sudosftw said:
It's not possible to get a proper recovery image from within the system files so far as I know, but my take so far has been that there is no proper way to get that at this time without decrypting that file grabbed from the update server. I'd do it on a 5.x ROM since that will get me permaroot, but the issue is getting and keeping root on a 6.x ROM.
Although encrypted (so far as I can tell) the image linked above is the real deal, and I've given all I can to get it decrypted. A proper exploit to take care of this tablet's vulnerabilities and get temp root (on 6.x) that isn't kingo is what is really needed at this point so to not hinder going around the system with crudware and shady background apps, shouldn't be hard since the security patch level for the 6.x ROM is 2016-10-01.
Even if the ROM is extracted or a recovery image found, custom recovery won't be possible until the bootloader is unlocked, and this isn't doable until someone figures out how the qualcomm qdloader9008 stuff works with this specific tablet. Fastboot is unreachable and I'm almost sure I'm doing something wrong.
I'll get temp root and see about dd'ing stuff later on. What exactly would be needed for me to dd off? Whole disk and then go through it elsewhere? I could definitely see if rsync exists and dd over rsync to another box.
Click to expand...
Click to collapse
I found this today: https://forum.xda-developers.com/axon-7/development/edl-emergency-dl-mode-twrp-unlock-t3553514
The miflash tool seems promising (it works with nearly any device)
For the dd stuff, you can usually figure out the partitions easily with the fstab file in /. However, getting a raw dump is always useful.
Really, the big 3 would be the recovery.img, the boot.img, and the system.img. We can work from there
Qiangong2 said:
I found this today: https://forum.xda-developers.com/axon-7/development/edl-emergency-dl-mode-twrp-unlock-t3553514
The miflash tool seems promising (it works with nearly any device)
For the dd stuff, you can usually figure out the partitions easily with the fstab file in /. However, getting a raw dump is always useful.
Really, the big 3 would be the recovery.img, the boot.img, and the system.img. We can work from there
Click to expand...
Click to collapse
I've had that installed whilst trying to figure the image out and the qdloader stuff, it doesn't do anything for this tablet sadly :/
Sudosftw said:
I've had that installed whilst trying to figure the image out and the qdloader stuff, it doesn't do anything for this tablet sadly :/
Click to expand...
Click to collapse
Hmmm. Which tablet do you have? The M or the P?
Qiangong2 said:
Hmmm. Which tablet do you have? The M or the P?
Click to expand...
Click to collapse
this is the M. the P was out of my price range ($40 shipped over $25 shipped) when I was looking at them, but now the Ms are going for around 25 bucks but 15 shipping from another seller, bringing the price up to 40 bucks where the P was. ended up buying the other Ms from the one seller and gave them out to family members because I was so impressed... but I really should have set some money aside for one of the Ps as well and didn't.
Sudosftw said:
this is the M. the P was out of my price range ($40 shipped over $25 shipped) when I was looking at them, but now the Ms are going for around 25 bucks but 15 shipping from another seller, bringing the price up to 40 bucks where the P was. ended up buying the other Ms from the one seller and gave them out to family members because I was so impressed... but I really should have set some money aside for one of the Ps as well and didn't.
Click to expand...
Click to collapse
Okay. You said miflash doesn't do anything, does the device show up in the application and not function? Or does it not show up at all?
Qiangong2 said:
Okay. You said miflash doesn't do anything, does the device show up in the application and not function? Or does it not show up at all?
Click to expand...
Click to collapse
just doesn't show up at all. and yet installing the qualcomm qdloader drivers says it's connected in device manager, so something's up. tried on two different boxes, different cables, no dice.
Sudosftw said:
just doesn't show up at all. and yet installing the qualcomm qdloader drivers says it's connected in device manager, so something's up. tried on two different boxes, different cables, no dice.
Click to expand...
Click to collapse
Hmmm. That's unusual. Are you running it in win 7 compatibility mode?
It would be nice to see community roms for these devices. I have the XR6P. If you need any info from this device, just tell me what to do.
I'm very interested in this as I have one of these tablets that I would like to use in my vehicle as a display for my piggyback ECU tuner. It doesn't currently support USB OTG, but I read that if I can gain root access I can add the file to give it USB Host functionality. Can anyone confirm this? I have tried several apps to get it rooted including Kingroot as you were able to get a temp root with that. Unfortunately Kingroot, as all the others I have tried, won't even install on the tablet. Again, I'm only looking to get this thing to be OTG capable. If anyone here has any suggestions, I would be very grateful! Thanks all!
I just bought an M remote to replace my broken P remote. My P remote had Android 6. My M remote has Android 5, and the OTA updater says there's no update. Any way to get Android 6 on this?
I have factory firmware for Bennu P and Bennu M , but take some time to upload the file.
ALANCHONG said:
I have factory firmware for Bennu P and Bennu M , but take some time to upload the file.
Click to expand...
Click to collapse
Hey. You can lay out the firmware for XR6M10
XR6M10 and XR6P10 firmware
konog said:
Hey. You can lay out the firmware for XR6M10
Click to expand...
Click to collapse
Mega Link: mega.nz/#F!n65kVYIT!PKH8A1WoD_Nc4DU_-9dbiQ
ALANCHONG said:
Mega Link: mega.nz/#F!n65kVYIT!PKH8A1WoD_Nc4DU_-9dbiQ
Click to expand...
Click to collapse
All the time, an error pops up at 12 seconds
Flash fail (-4002)
Log:
21:59:03.576 Arrival: \\?\USB#VID_05C6&PID_9008#5&13a74b18&0&11#{86e0d1e0-8089-11d0-9ce4-08003e301f73}
21:59:03.591 Thread '_PortDownloadThread' started
21:59:04.610 Get Port ...
21:59:04.610 _GetDevicePortName (0): COM5
21:59:04.630 _ComPort: COM5
21:59:04.640 Get Port (0)
21:59:04.650 Flash ...
21:59:09.668 _Connect (0)
21:59:09.668 Downloading flash programmer: C:\_qcMUP\v8016-SIGNED-VIZIO-user-IMAGES\v8016-SIGNED-VIZIO-user-IMAGES\prog_emmc_firehose_8916.mbn
21:59:14.669 Failed to read the command from the opened port
21:59:14.669 _FlashProgrammer (-4002)
21:59:15.700 Flash (-4002)
21:59:15.700 Flash fail (-4002)
21:59:15.731 Download ended: -4002
21:59:15.763 Thread '_PortDownloadThread' ended
konog said:
All the time, an error pops up at 12 seconds
Flash fail (-4002)
Log:
21:59:03.576 Arrival: \\?\USB#VID_05C6&PID_9008#5&13a74b18&0&11#{86e0d1e0-8089-11d0-9ce4-08003e301f73}
21:59:03.591 Thread '_PortDownloadThread' started
21:59:04.610 Get Port ...
21:59:04.610 _GetDevicePortName (0): COM5
21:59:04.630 _ComPort: COM5
21:59:04.640 Get Port (0)
21:59:04.650 Flash ...
21:59:09.668 _Connect (0)
21:59:09.668 Downloading flash programmer: C:\_qcMUP\v8016-SIGNED-VIZIO-user-IMAGES\v8016-SIGNED-VIZIO-user-IMAGES\prog_emmc_firehose_8916.mbn
21:59:14.669 Failed to read the command from the opened port
21:59:14.669 _FlashProgrammer (-4002)
21:59:15.700 Flash (-4002)
21:59:15.700 Flash fail (-4002)
21:59:15.731 Download ended: -4002
21:59:15.763 Thread '_PortDownloadThread' ended
Click to expand...
Click to collapse
Please check if the driver is installed
Hi all,
Came by a Blackview BV6600 from someone who gave up on it - shipped saying that the device was 'corrupt and couldn't be trusted'. Went back and forth with their crappy customer service and gave up, sold it to me for cheap. It seems like a decently rugged phone but it does have a lot of bloatware and according to some threads on here about the mfgr I don't know if I trust them too much.
I'd like to wipe this phone, and I'm finding it difficult to locate a generic 'How to' for flashing a new OS to a phone. Disclosure; this is the first time I've done something like this. My experience is with computers, I know phones are a different beast and the user has much less freedom due to specifics of the hardware. If I say anything based on incorrect assumptions please correct me.
Again, what I would like to do is akin to installing Linux on what was a Windows box. I'd like to ****can as much weird chinese bloatware as possible (upto and including the entire OS) and replace it with some basic clean open source software. It seems like LineageOS does not have a version for Blackview phones, nor does it have a generic image. I notice that the Android open source project has 'Generic System Images' https://source.android.com/setup/build/gsi#flashing-gsis which sounds like what I want but references a vbmeta.img file which itself, as far as I can tell searching the forums, is likely manufacturer dependent, maybe phone dependent.
Anyway, I'm taking all the steps I see across enough sites to suggest they are platform-independent and won't brick my phone. Been following this video
since it's relatively recent and addresses my specific manufacturer.
So far I have:
Got developer permissions (go to Settings-About Phone, click build number repetitively)
in Settings-System turned on OEM unlocking and USB debugging
Figured out how to put this phone model in fastboot mode (hold volume up during restart)
Installed ADB and Fastboot (Linux), pinged the phone with "adb devices" and checked it's partitioning with " 'adb shell' <enter> 'getprop ro.build.ab_update' " no output, so that suggests 'A only'.
Next step seems to be:
oem unlock using fastboot. I seem to be having trouble here. In fastboot mode connected via USB, I can't detect the device. "Waiting for any device". 'adb devices' gives no response. No idea why. Phone screen looks exactly like in the video, hooked to USB that did return output for USB devices in normal boot mode.
Once I get over this dumb hump, I think I'll need to find a version of TWRP that will work on my device, install TWRP.
At this point I'm even more at sea: Most places suggest Magisk, but I've also seen explainers to wipe the old OS and install LineageOS.
If anyone has advice on what to do from here, specifically the near-term issue of not being able to find my phone via USB debugging while in fastboot mode, please let me know. But of course, long term I'm gonna need to know how to shovel this **** the phone came with out of storage and replace with a clean install so that is welcome as well.
bump
Hey all. Just wondering if anyone can help shed some light on BuzzTV boxes for me? I have the newest model - XRS4900 (Specs/Info: XRS4900) and while it's a great device, the one thing I don't like about it is that it runs straight Android. I would prefer it to run AndroidTV if possible.
I know there are compatible ROM's out there that would work on it, but I cannot for the life of me figure out how to get the thing flashed!
I am able to see it in the Amlogic Burning Tool, but every ROM I try flashing gives me an error.
I can boot to recovery, but it can not see any img files when I browse to the USB or SD Card (tried both)
When I try booting to the bootloader, it just goes to the BuzzTV logo and sits there, almost as though there isn't a bootloader on the device. And fastboot does not return any devices (ADB works though but it's not rooted so there isn't much I can do there)...
And they do not provide their OTA updates for people to download. They will only push them to you based on your MAC address so I can't even look at them to see what's up.
My assumption is that the bootloader is either locked (which I didn't think Amlogic devices had the capability of locking them?), or the ROM is encrypted, or something else is implemented that is preventing me from modifying the device. So I just wanted to reach out and see if anyone out there happens to know what I am dealing with here and maybe has some advice on how to get around these protections so I can flash a different ROM? I would assume the same protections are implemented on all their devices, so I'm looking for anyone who has experience with any of them and has been down this road before? Any help would be greatly appreciated!!
Hi there. Longtime XDAer (back to the OG Moto Droid) but new account. I am a OnePlus devotee that has converted to Pixel 6. I have used Qualcomm's EDL mode with the MsmDownloadTool in the past, is there an equivalent for the Tensor chip? I have no current need for it, but I like to have the appropriate tools ready for future issues, especially in light of the dumb Android 13 bootloader rollback issue some people seem to have.
FWIW, before posting I searched for EDL but that did not return anything. And the PixelFlasher appears to just be a adb/fastboot GUI, is that correct?
There's none afaik, and yes, PixelFlasher is just an GUI for easier operation
Can someone please tell me what EDL is
taanh1412 said:
There's none afaik, and yes, PixelFlasher is just an GUI for easier operation
Click to expand...
Click to collapse
Thank you for your reply! Bummer, I hope someone updates the forum if/when it gets released. As of right now, there'd be no way to fix a real brick if we don't have a EDL type of mode other than sending back to Google. Maybe one of their engineers could leak a version of it someday
bush911 said:
Can someone please tell me what EDL is
Click to expand...
Click to collapse
A very small embedded OS on Qualcomm chips, think of it kind of like a motherboard controller. Very handy when you have completely FUBAR'd the storage OS or bootloader, essentially bricking the device. EDL allows you to gain very low level SoC access to reflash stock images, thus unbricking. It has no printed screen, it just stays black. You have to use a PC tool to flash
centifanto said:
A very small embedded OS on Qualcomm chips, think of it kind of like a motherboard controller. Very handy when you have completely FUBAR'd the storage OS or bootloader, essentially bricking the device. EDL allows you to gain very low level SoC access to reflash stock images, thus unbricking. It has no printed screen, it just stays black. You have to use a PC tool to flash
Click to expand...
Click to collapse
And since Tensor is a modified Exynos (Samsung) processor there almost certainly is no EDL mode. How Google restores bricked units is anyone's guess, but Samsung does have a dedicated download mode that, combined with Odin / Heimdall on a PC / Mac, allows for flashing of stock images.
EDL is Emergency DownLoad mode on Qualcomm processors.
There's a ROM in Qualcomm processors that is always present and is the first step to booting.
In normal operation it will load the SBL/XBL (secondary bootloader) which will load the aboot (Android application bootloader).
If something goes wrong in booting (or if you configure it by test points or boot config) it can load a diagnostic program which is basically a replacement for the SBL/XBL.
That program (which in Qualcomm parlance is called a "loader") allows you to read/write partitions and even memory.
The difficulty comes that a lot of this is securely signed so there can be problems finding a loader that works.
Other brands have ROMs built in which do the same thing but are all incompatible with each other.
MediaTek has MTK mode, Allwinner has FEL mode...
Note: By "ROM" I mean truly read-only memory built into the processor chip itself.
(I think the casual usage of "ROM" to mean an OS loaded onto R/W flash is misleading.)
Strephon Alkhalikoi said:
And since Tensor is a modified Exynos (Samsung) processor there almost certainly is no EDL mode. How Google restores bricked units is anyone's guess, but Samsung does have a dedicated download mode that, combined with Odin / Heimdall on a PC / Mac, allows for flashing of stock images.
Click to expand...
Click to collapse
Interesting. The only Samsung I have messed with was the old Galaxy S5 that luckily had a bootloader exploit. Was a PIA to root though and after that I swore I'd never buy their junk. Nowadays they are impossible unlock and modify, as Exynos versions don't fully work in the US so you have to buy their Snapdragon variants which are locked down like crazy.
Maybe Google will release the download mode procedures and tooling
Renate said:
EDL is Emergency DownLoad mode on Qualcomm processors.
There's a ROM in Qualcomm processors that is always present and is the first step to booting.
In normal operation it will load the SBL/XBL (secondary bootloader) which will load the aboot (Android application bootloader).
If something goes wrong in booting (or if you configure it by test points or boot config) it can load a diagnostic program which is basically a replacement for the SBL/XBL.
That program (which in Qualcomm parlance is called a "loader") allows you to read/write partitions and even memory.
The difficulty comes that a lot of this is securely signed so there can be problems finding a loader that works.
Other brands have ROMs built in which do the same thing but are all incompatible with each other.
MediaTek has MTK mode, Allwinner has FEL mode...
Note: By "ROM" I mean truly read-only memory built into the processor chip itself.
(I think the casual usage of "ROM" to mean an OS loaded onto R/W flash is misleading.)
Click to expand...
Click to collapse
Wow, this is an amazing reply! Thank you! So much detailed and insightful information I didn't know. This is what makes the XDA forums amazing.
And yes, I have always been confused why the word ROM become the standard for the OS installed on Android phones, precisely for the reason you pointed out. Android ROMs are anything but read only
centifanto said:
Interesting. The only Samsung I have messed with was the old Galaxy S5 that luckily had a bootloader exploit. Was a PIA to root though and after that I swore I'd never buy their junk. Nowadays they are impossible unlock and modify, as Exynos versions don't fully work in the US so you have to buy their Snapdragon variants which are locked down like crazy.
Maybe Google will release the download mode procedures and tooling
Click to expand...
Click to collapse
Yeah, Google won't do that. As for Samsung, the Galaxy S4 I own did have a locked bootloader until I used Chainfire's RegionLock Away to permanently unlock the bootloader. The root process for that device was relatively painless, requiring Odin and - at the time - a specialized recovery payload that would root the device as there was no TWRP.
Well for one y'all are missing the fact that since the chip has an exposed serial unit, we can do some reverse engineering on the bootrom and find jump points to certain addresses in memory. Such as the recovery mode. Google host the gs101 and oriel kernel repositories in its open source git repositories. I've found a tone of useful information in there. Ghirda is a good program for reverse engineering.
EDL for Exynos uses Exynos Dead Boot Mode. After changing the USB mode and using dwusb3 drivers we should have enough range to write/send bytes to chipset
NonStickAtom785 said:
Well for one y'all are missing the fact that since the chip has an exposed serial unit, we can do some reverse engineering on the bootrom and find jump points to certain addresses in memory. Such as the recovery mode. Google host the gs101 and oriel kernel repositories in its open source git repositories. I've found a tone of useful information in there. Ghirda is a good program for reverse engineering.
EDL for Exynos uses Exynos Dead Boot Mode. After changing the USB mode and using dwusb3 drivers we should have enough range to write/send bytes to chipset
Click to expand...
Click to collapse
Wow, this is amazing info! Thanks for sharing, I had no idea about this boot mode. I found these comments in this link:
USB download mode is only accessible if first boot method has failed...Once the first boot method fails, USB download mode can be accessed by pressing and holding power button.
This link also looks interesting.
All of this sounds like only someone with advanced knowledge would be able to figure it out, and with the high risk of truly bricking their device.