Bricked it - Elephone P9000 Questions & Answers

Hey guys
wiping a stock P9000 on Ubuntu 18.04 with the SP flash tool using the 20160315 ROM and she's dead. Complete brick, no connection log on usb and no response to buttons. Doesn't power up on plug in. Removing the battery does nothing.
Any ideas or is she dead for good?

Monkey Bum 1 said:
Hey guys
wiping a stock P9000 on Ubuntu 18.04 with the SP flash tool using the 20160315 ROM and she's dead. Complete brick, no connection log on usb and no response to buttons. Doesn't power up on plug in. Removing the battery does nothing.
Any ideas or is she dead for good?
Click to expand...
Click to collapse
Vol+ while flashing, it should detect the phone and start flashing

Ruben Craveiro said:
Vol+ while flashing, it should detect the phone and start flashing
Click to expand...
Click to collapse
Thanks man!
So only kinda helped, she's "responcive"? SP flash picked up on the phone but it blew an error trying to flash, guess there's something wrong with the RAM... this went way more over my head then I was hoping...
Gave me "ERROR : STATUS_EXT_RAM_EXCEPTION (-1073414139) , MSP ERROE CODE : 0x00"
Here's the log on standard ouput:
[email protected]:~/Downloads/SP_Flash_Tool_v5.1744_Linux$ ./flash_tool.sh
QGtkStyle was unable to detect the current GTK+ theme.
QMetaObject::connectSlotsByName: No matching signal for on_pushButton_browser_clicked()
QThread::setPriority: Cannot set priority, thread is not running
"05-09-2018"
QObject::moveToThread: Cannot move objects with a parent
Connecting to BROM...
Scanning USB port...
Search usb, timeout set as 3600000 ms
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.1
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2
[email protected]/module/cdc_acm
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.1
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0/tty/ttyACM0
vid is 0e8d
device vid = 0e8d
pid is 0003
device pid = 0003
com portName is: /dev/ttyACM0
Total wait time = -1528518421.000000
USB port is obtained. path name(/dev/ttyACM0), port name(/dev/ttyACM0)
USB port detected: /dev/ttyACM0
BROM connected
Downloading & Connecting to DA...
connect DA end stage: 2, enable DRAM in 1st DA: 0
Failed to Connect DA: STATUS_EXT_RAM_EXCEPTION
Disconnect!
BROM Exception! ( ERROR : STATUS_EXT_RAM_EXCEPTION (-1073414139) , MSP ERROE CODE : 0x00.
[HINT]:
)((ConnectDA,../../../flashtool/Conn/Connection.cpp,131))

Monkey Bum 1 said:
Thanks man!
So only kinda helped, she's "responcive"? SP flash picked up on the phone but it blew an error trying to flash, guess there's something wrong with the RAM... this went way more over my head then I was hoping...
Gave me "ERROR : STATUS_EXT_RAM_EXCEPTION (-1073414139) , MSP ERROE CODE : 0x00"
Here's the log on standard ouput:
[email protected]:~/Downloads/SP_Flash_Tool_v5.1744_Linux$ ./flash_tool.sh
QGtkStyle was unable to detect the current GTK+ theme.
QMetaObject::connectSlotsByName: No matching signal for on_pushButton_browser_clicked()
QThread::setPriority: Cannot set priority, thread is not running
"05-09-2018"
QObject::moveToThread: Cannot move objects with a parent
Connecting to BROM...
Scanning USB port...
Search usb, timeout set as 3600000 ms
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.1
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2
[email protected]/module/cdc_acm
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.1
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0/tty/ttyACM0
vid is 0e8d
device vid = 0e8d
pid is 0003
device pid = 0003
com portName is: /dev/ttyACM0
Total wait time = -1528518421.000000
USB port is obtained. path name(/dev/ttyACM0), port name(/dev/ttyACM0)
USB port detected: /dev/ttyACM0
BROM connected
Downloading & Connecting to DA...
connect DA end stage: 2, enable DRAM in 1st DA: 0
Failed to Connect DA: STATUS_EXT_RAM_EXCEPTION
Disconnect!
BROM Exception! ( ERROR : STATUS_EXT_RAM_EXCEPTION (-1073414139) , MSP ERROE CODE : 0x00.
[HINT]:
)((ConnectDA,../../../flashtool/Conn/Connection.cpp,131))
Click to expand...
Click to collapse
Try to flash on a windows pc, it avoids some errors such as this one.. It should detect easily if everything is well installed and should flash with no issues, from my own experience with sp flash tool, i find that i have way less issues when using it on Windows instead of linux..

Ruben Craveiro said:
Try to flash on a windows pc, it avoids some errors such as this one.. It should detect easily if everything is well installed and should flash with no issues, from my own experience with sp flash tool, i find that i have way less issues when using it on Windows instead of linux..
Click to expand...
Click to collapse
Had nothing to do with the Linux version, the scatterfile was wrong for me, put on the 20170904 official build from the elephone.hk forums, that scatter loaded properly and then the phone started responding to the writes. Could be because I'm Canadian, builds for me may turn out to be different than what's typical for the EU?

Try flashing 810's stock rom for me at this point you discribe had ever be my guardian for farer rom decision
---------- Post added at 11:40 PM ---------- Previous post was at 11:40 PM ----------

Related

N9006 MTK 6572 rom need have bricked device

I flashed a wrong rom, and now have phone N9006 mtk 6572 bricked, it gives this error now , dont turn on and connection takes few second,,
it gives this error now
Flash files count is :12
Action : Firmware update.
Selected Samsung Clone: Note 3 Clone(MT6572)
Phone must be off with battery inside.
Please insert USB cable now...
Detected : MTK USB Port (COM21)
Phone detected...Please wait
Sending DA agent, please wait...
Connect error: S_FT_ENABLE_DRAM_FAIL
Error connect phone, aborting.
All done.
I didnt make backup my fault, before that I read the info of phone which was stuck at logo, the info read via volcano box is this, can some one give a backup or any rom to at least revive this phone,
Version: V3.8
SN:xxxxxxxxxxx
Port:COM57
After format or Flash you have to press & hold power button for at least 1.30 mins.
Note for win7 users :
Start your Win 7 64bit with F8 key and choose 'Disable Driver Signature Enforcement'.
After that the spd drivers will have the ability to be loaded.
Available Ports:COM1 COM3 COM8 COM9 COM57
Current Port:COM57
Analysis of USB port,Please insert phone USB cable.
Connecting...
CPU TYPE:MT6572
Hardware version:CA01
Software version:0000
Boot downloading complete!
EMMC_ID:0x45010053454D3034472805A6827A513B
EMMC_PRODUCT_NAME: SAMSUNG :0x53454D303447
EMMC_BOOT1_SIZE: 0x00200000
EMMC_BOOT2_SIZE: 0x00200000
EMMC_PRMB_SIZE: 0x00200000
EMMC_GP1_SIZE: 0x00000000
EMMC_GP2_SIZE: 0x00000000
EMMC_GP3_SIZE: 0x00000000
EMMC_GP4_SIZE: 0x00000000
EMMC_USER_SIZE: 0x0EC000000(3.69 G)
Analysis of system files...
PRELOADER: addr:0x000000 --length:0x880000
MBR: addr:0x880000 --length:0x080000
EBR1: addr:0x900000 --length:0x080000
PRO_INFO: addr:0x980000 --length:0x300000
NVRAM: addr:0xC80000 --length:0x500000
PROTECT_F: addr:0x1180000 --length:0xA00000
PROTECT_S: addr:0x1B80000 --length:0xA00000
SECCFG: addr:0x2580000 --length:0x020000
UBOOT: addr:0x25A0000 --length:0x060000
BOOTIMG: addr:0x2600000 --length:0x600000
RECOVERY: addr:0x2C00000 --length:0x600000
SEC_RO: addr:0x3200000 --length:0x040000
MISC: addr:0x3240000 --length:0x080000
LOGO: addr:0x32C0000 --length:0x300000
EXPDB: addr:0x35C0000 --length:0xA00000
ANDROID: addr:0x3FC0000 --length:0x28A00000
CACHE: addr:0x2C9C0000 --length:0x17800000
USRDATA: addr:0x441C0000 --length:0x52C00000
FAT: addr:0x96DC0000 --length:0x54340000
BMTPOOL: addr:0xFFFF00A8 --length:0x000000
Format addr:0x481C0000 --Format length:0x4EC00000
>>Read phone information success.
these are the info , so please can some one help me urgently thankyou.
bcnboy

Unable to back up NVRAM using FlashToolLinux

I'm having some trouble backing up the NVRAM partition on my new gemini. I downloaded the latest SP Tool build and modified the udev rules according to the wiki, however when I hit 'Read Back' in the tool and restart my gemini its boot hangs and I get the following output from SPFT:
Code:
Connecting to BROM...
Scanning USB port...
Search usb, timeout set as 3600000 ms
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.1
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0/tty/ttyACM0
vid is 0e8d
device vid = 0e8d
pid is 2000
device pid = 2000
com portName is: /dev/ttyACM0
Total wait time = -1554179156.000000
USB port is obtained. path name(/dev/ttyACM0), port name(/dev/ttyACM0)
USB port detected: /dev/ttyACM0
BROM connected
Downloading & Connecting to DA...
connect DA end stage: 2, enable DRAM in 1st DA: 0
Failed to Connect DA: STATUS_PROTOCOL_ERR
Disconnect!
BROM Exception! ( ERROR : STATUS_PROTOCOL_ERR (-1073676283) , MSP ERROE CODE : 0x00.
[HINT]:
)((ConnectDA,../SP-Flash-Tool-src/Conn/Connection.cpp,131))
I haven't found this error code in any of the SPFT docs I've found; can anyone help?
Thanks!
dopaminejunky said:
I'm having some trouble backing up the NVRAM partition on my new gemini. I downloaded the latest SP Tool build and modified the udev rules according to the wiki, however when I hit 'Read Back' in the tool and restart my gemini its boot hangs and I get the following output from SPFT:
Code:
Connecting to BROM...
Scanning USB port...
Search usb, timeout set as 3600000 ms
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.1
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0
[email protected]/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0/tty/ttyACM0
vid is 0e8d
device vid = 0e8d
pid is 2000
device pid = 2000
com portName is: /dev/ttyACM0
Total wait time = -1554179156.000000
USB port is obtained. path name(/dev/ttyACM0), port name(/dev/ttyACM0)
USB port detected: /dev/ttyACM0
BROM connected
Downloading & Connecting to DA...
connect DA end stage: 2, enable DRAM in 1st DA: 0
Failed to Connect DA: STATUS_PROTOCOL_ERR
Disconnect!
BROM Exception! ( ERROR : STATUS_PROTOCOL_ERR (-1073676283) , MSP ERROE CODE : 0x00.
[HINT]:
)((ConnectDA,../SP-Flash-Tool-src/Conn/Connection.cpp,131))
I haven't found this error code in any of the SPFT docs I've found; can anyone help?
Thanks!
Click to expand...
Click to collapse
Hey, I get similar errors when trying to perform any action related to the preloader in Linux, Just described the issue here: https://www.oesf.org/forum/index.php?showtopic=35999
Also looking for a solution, and will follow this tread.

[SHARED] Redmi 9 ENG rom (engineering rom)

after further testing and finally restoring my IMEIs using this rom, i can say that it is indeed working, so hope it helps a lot of you guys stuck with a phone without IMEIs.
link :
Xiaomi Redmi 9 ENG Firmware (Engineering Rom)
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Requirements:
- SP flash tool and right DA file (provided in the post).
-brom bypass (also provided).
-patience and perseverance.
Steps to install:
1)steps to install brom bypass:
-first install python 3 (check on google)
- then run this code in a cmd
Code:
pip install pyusb pyserial json5
-after that make sure to have all the mediatek drivers installed and install libusb from the archive i provided
- after installing libusb you will be greeted by a filter wizard window, check the "install new device filter" then connect the phone to the pc while pressing (volume +, volume - and power button) all at the same time you
will see in the list a new mtk com port appear click on it and then on install, done with the prep'.
2)steps to flash:
-first launch the brom bypass, a window will appear saying 'waiting for bootrom' connect your phone while pressing (volume +, volume - and power button) all together then you will see on the command prompt 'protection disabled' it means you have successfully bypassed the brom.
- now oppen up sp flash tool, select the download agent, select the scatter fille from the rom folder and the auth file (provided with sp flash tool archive on the post) then setup sp flash tool in uart mode with a bud rate of 921600 then flash in format all.
-done.
Hope this helped, cheers !
Thanks Bro <3
Sammar Prince said:
Thanks Bro <3
Click to expand...
Click to collapse
No problem
razers211 said:
after further testing and finally restoring my IMEIs using this rom, i can say that it is indeed working, so hope it helps a lot of you guys stuck with a phone without IMEIs.
link :
Xiaomi Redmi 9 ENG Firmware (Engineering Rom)
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Requirements:
- SP flash tool and right DA file (provided in the post).
-brom bypass (also provided).
-patience and perseverance.
Steps to install:
1)steps to install brom bypass:
-first install python 3 (check on google)
- then run this code in a cmd
Code:
pip install pyusb pyserial json5
-after that make sure to have all the mediatek drivers installed and install libusb from the archive i provided
- after installing libusb you will be greeted by a filter wizard window, check the "install new device filter" then connect the phone to the pc while pressing (volume +, volume - and power button) all at the same time you
will see in the list a new mtk com port appear click on it and then on install, done with the prep'.
2)steps to flash:
-first launch the brom bypass, a window will appear saying 'waiting for bootrom' connect your phone while pressing (volume +, volume - and power button) all together then you will see on the command prompt 'protection disabled' it means you have successfully bypassed the brom.
- now oppen up sp flash tool, select the download agent, select the scatter fille from the rom folder and the auth file (provided with sp flash tool archive on the post) then setup sp flash tool in uart mode with a bud rate of 921600 then flash in format all.
-done.
Hope this helped, cheers !
Click to expand...
Click to collapse
Help sir, how to fix this error? Thanks
razers211 said:
after further testing and finally restoring my IMEIs using this rom, i can say that it is indeed working, so hope it helps a lot of you guys stuck with a phone without IMEIs.
link :
Xiaomi Redmi 9 ENG Firmware (Engineering Rom)
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Requirements:
- SP flash tool and right DA file (provided in the post).
-brom bypass (also provided).
-patience and perseverance.
Steps to install:
1)steps to install brom bypass:
-first install python 3 (check on google)
- then run this code in a cmd
Code:
pip install pyusb pyserial json5
-after that make sure to have all the mediatek drivers installed and install libusb from the archive i provided
- after installing libusb you will be greeted by a filter wizard window, check the "install new device filter" then connect the phone to the pc while pressing (volume +, volume - and power button) all at the same time you
will see in the list a new mtk com port appear click on it and then on install, done with the prep'.
2)steps to flash:
-first launch the brom bypass, a window will appear saying 'waiting for bootrom' connect your phone while pressing (volume +, volume - and power button) all together then you will see on the command prompt 'protection disabled' it means you have successfully bypassed the brom.
- now oppen up sp flash tool, select the download agent, select the scatter fille from the rom folder and the auth file (provided with sp flash tool archive on the post) then setup sp flash tool in uart mode with a bud rate of 921600 then flash in format all.
-done.
Hope this helped, cheers !
Click to expand...
Click to collapse
Help sir, how to fix this error? Thanks
razers211 said:
after further testing and finally restoring my IMEIs using this rom, i can say that it is indeed working, so hope it helps a lot of you guys stuck with a phone without IMEIs.
link :
Xiaomi Redmi 9 ENG Firmware (Engineering Rom)
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Requirements:
- SP flash tool and right DA file (provided in the post).
-brom bypass (also provided).
-patience and perseverance.
Steps to install:
1)steps to install brom bypass:
-first install python 3 (check on google)
- then run this code in a cmd
Code:
pip install pyusb pyserial json5
-after that make sure to have all the mediatek drivers installed and install libusb from the archive i provided
- after installing libusb you will be greeted by a filter wizard window, check the "install new device filter" then connect the phone to the pc while pressing (volume +, volume - and power button) all at the same time you
will see in the list a new mtk com port appear click on it and then on install, done with the prep'.
2)steps to flash:
-first launch the brom bypass, a window will appear saying 'waiting for bootrom' connect your phone while pressing (volume +, volume - and power button) all together then you will see on the command prompt 'protection disabled' it means you have successfully bypassed the brom.
- now oppen up sp flash tool, select the download agent, select the scatter fille from the rom folder and the auth file (provided with sp flash tool archive on the post) then setup sp flash tool in uart mode with a bud rate of 921600 then flash in format all.
-done.
Hope this helped, cheers !
Click to expand...
Click to collapse
Hi thank you i was succesfuly installed this rom and now what to restore IMEI? AT commands not working it says +CME ERROR: 100
thank you in advice i was tryed a lot of forms and i cant make calls, only 4G and SMS, restricted calls
yoalcuadrao said:
thank you in advice i was tryed a lot of forms and i cant make calls, only 4G and SMS, restricted calls
Click to expand...
Click to collapse
don't restore the imei 1 of the phone and put your sim in slot 2, might work now
willkurt27 said:
Help sir, how to fix this error? Thanks
Click to expand...
Click to collapse
did you properly install the mtk drivers ???
Well i hope i would be finally able to unbrick my phone with this... No recovery and fastoboot and by far everything works my device is recognized as mtk device but cannot flash any stock rom with SM Flash Tool
razers211 said:
after further testing and finally restoring my IMEIs using this rom, i can say that it is indeed working, so hope it helps a lot of you guys stuck with a phone without IMEIs.
link :
Xiaomi Redmi 9 ENG Firmware (Engineering Rom)
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Requirements:
- SP flash tool and right DA file (provided in the post).
-brom bypass (also provided).
-patience and perseverance.
Steps to install:
1)steps to install brom bypass:
-first install python 3 (check on google)
- then run this code in a cmd
Code:
pip install pyusb pyserial json5
-after that make sure to have all the mediatek drivers installed and install libusb from the archive i provided
- after installing libusb you will be greeted by a filter wizard window, check the "install new device filter" then connect the phone to the pc while pressing (volume +, volume - and power button) all at the same time you
will see in the list a new mtk com port appear click on it and then on install, done with the prep'.
2)steps to flash:
-first launch the brom bypass, a window will appear saying 'waiting for bootrom' connect your phone while pressing (volume +, volume - and power button) all together then you will see on the command prompt 'protection disabled' it means you have successfully bypassed the brom.
- now oppen up sp flash tool, select the download agent, select the scatter fille from the rom folder and the auth file (provided with sp flash tool archive on the post) then setup sp flash tool in uart mode with a bud rate of 921600 then flash in format all.
-done.
Hope this helped, cheers !
Click to expand...
Click to collapse
thank very much bro
muito obrigado, tive que usar o META modem para escrever IMEI. so deu certo com essa room, deus te abençoe. BRASIL
----------
MOD EDIT: English Translation Below
thank you very much, had to use META modem to write IMEI. it just worked out with this room, god bless you. BRAZIL
tiagoql said:
muito obrigado, tive que usar o META modem para escrever IMEI. so deu certo com essa room, deus te abençoe. BRASIL
Click to expand...
Click to collapse
in english or indonesia please
hello if I flash this rom to my miui 12.5.1 will this work? or my phone will be stucked in bootloop? sorry im newbie
work.
only write imei simcard 2 brother
razers211 said:
after further testing and finally restoring my IMEIs using this rom, i can say that it is indeed working, so hope it helps a lot of you guys stuck with a phone without IMEIs.
link :
Xiaomi Redmi 9 ENG Firmware (Engineering Rom)
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Click to expand...
Click to collapse
Hello and thanks for sharing, I have the same error as @willkurt27
while using SPFlash Tool
What I do:
Launch bypass.bat
Plug my phone with vol - pressed and battery unplugged.
[2021-08-24 21:33:09.958798] Waiting for device
[2021-08-24 21:39:08.793257] Found device = 0e8d:0003
[2021-08-24 21:39:14.833772] Device hw code: 0x707
[2021-08-24 21:39:14.833772] Device hw sub code: 0x8a00
[2021-08-24 21:39:14.833772] Device hw version: 0xca00
[2021-08-24 21:39:14.833772] Device sw version: 0x0
[2021-08-24 21:39:14.833772] Device secure boot: True
[2021-08-24 21:39:14.833772] Device serial link authorization: True
[2021-08-24 21:39:14.833772] Device download agent authorization: True
[2021-08-24 21:39:14.833772] Disabling watchdog timer
[2021-08-24 21:39:14.849712] Disabling protection
[2021-08-24 21:39:14.849712] Using kamakiri
[2021-08-24 21:39:14.849712] Protection disabled
Appuyez sur une touche pour continuer...
Then I use SPFlash Tool v5.1924.0
Tried with DA_6765_6785_6768_6873_6885_6853.bin and MTK_AllInOne_DA.bin
What am I doing wrong?
hckbkl said:
work.
only write imei simcard 2 brother
Click to expand...
Click to collapse
which da will i use? DA_6765_6785_6768_6873_6885_6853 or MTK_AllInOne_DA for redmi 9 mt6768
lobothefoots said:
Hello and thanks for sharing, I have the same error as @willkurt27
while using SPFlash Tool
What I do:
Launch bypass.bat
Plug my phone with vol - pressed and battery unplugged.
[2021-08-24 21:33:09.958798] Waiting for device
[2021-08-24 21:39:08.793257] Found device = 0e8d:0003
[2021-08-24 21:39:14.833772] Device hw code: 0x707
[2021-08-24 21:39:14.833772] Device hw sub code: 0x8a00
[2021-08-24 21:39:14.833772] Device hw version: 0xca00
[2021-08-24 21:39:14.833772] Device sw version: 0x0
[2021-08-24 21:39:14.833772] Device secure boot: True
[2021-08-24 21:39:14.833772] Device serial link authorization: True
[2021-08-24 21:39:14.833772] Device download agent authorization: True
[2021-08-24 21:39:14.833772] Disabling watchdog timer
[2021-08-24 21:39:14.849712] Disabling protection
[2021-08-24 21:39:14.849712] Using kamakiri
[2021-08-24 21:39:14.849712] Protection disabled
Appuyez sur une touche pour continuer...
Then I use SPFlash Tool v5.1924.0
Tried with DA_6765_6785_6768_6873_6885_6853.bin and MTK_AllInOne_DA.bin
View attachment 5392951
What am I doing wrong?
Click to expand...
Click to collapse
try to insert the auth file
lobothefoots said:
Hello and thanks for sharing, I have the same error as @willkurt27
while using SPFlash Tool
What I do:
Launch bypass.bat
Plug my phone with vol - pressed and battery unplugged.
[2021-08-24 21:33:09.958798] Waiting for device
[2021-08-24 21:39:08.793257] Found device = 0e8d:0003
[2021-08-24 21:39:14.833772] Device hw code: 0x707
[2021-08-24 21:39:14.833772] Device hw sub code: 0x8a00
[2021-08-24 21:39:14.833772] Device hw version: 0xca00
[2021-08-24 21:39:14.833772] Device sw version: 0x0
[2021-08-24 21:39:14.833772] Device secure boot: True
[2021-08-24 21:39:14.833772] Device serial link authorization: True
[2021-08-24 21:39:14.833772] Device download agent authorization: True
[2021-08-24 21:39:14.833772] Disabling watchdog timer
[2021-08-24 21:39:14.849712] Disabling protection
[2021-08-24 21:39:14.849712] Using kamakiri
[2021-08-24 21:39:14.849712] Protection disabled
Appuyez sur une touche pour continuer...
Then I use SPFlash Tool v5.1924.0
Tried with DA_6765_6785_6768_6873_6885_6853.bin and MTK_AllInOne_DA.bin
View attachment 5392951
What am I doing wrong?
Click to expand...
Click to collapse
or install mtk drivers properly
lobothefoots said:
Hello and thanks for sharing, I have the same error as @willkurt27
while using SPFlash Tool
What I do:
Launch bypass.bat
Plug my phone with vol - pressed and battery unplugged.
[2021-08-24 21:33:09.958798] Waiting for device
[2021-08-24 21:39:08.793257] Found device = 0e8d:0003
[2021-08-24 21:39:14.833772] Device hw code: 0x707
[2021-08-24 21:39:14.833772] Device hw sub code: 0x8a00
[2021-08-24 21:39:14.833772] Device hw version: 0xca00
[2021-08-24 21:39:14.833772] Device sw version: 0x0
[2021-08-24 21:39:14.833772] Device secure boot: True
[2021-08-24 21:39:14.833772] Device serial link authorization: True
[2021-08-24 21:39:14.833772] Device download agent authorization: True
[2021-08-24 21:39:14.833772] Disabling watchdog timer
[2021-08-24 21:39:14.849712] Disabling protection
[2021-08-24 21:39:14.849712] Using kamakiri
[2021-08-24 21:39:14.849712] Protection disabled
Appuyez sur une touche pour continuer...
Then I use SPFlash Tool v5.1924.0
Tried with DA_6765_6785_6768_6873_6885_6853.bin and MTK_AllInOne_DA.bin
View attachment 5392951
What am I doing wrong?
Click to expand...
Click to collapse
use mtkbypass

EDL TEST PINS MOTO G9 POWER

I'm looking to pinout both test pins. I bought this phone a few days ago. I unlocked it with TWRP, I looked at the possibilities. I made a mistake with TWRP by switching the system to sideload B (I chose between A and B) and the system refused to start. I do not have access to the bootloader with the buttons. I only enter QDLoader HS-USB Driver mode working. I read the instructions on how to make a blank flash. I took the 18 files out of the phone and made a new blank flash for this model - moto g9 power / but in the end it gives me an error. Now I'm looking for a solution. - "C: \ Documents and Settings \ Administrator \ Desktop \ MOTO G9 POWER blankflash \ Blankflash for G9 POWER>. \ Qboot.exe blank-flash Motorola qboot utility version 3.86 [0.000] Opening device: \\. \ COM4 [0.000] Detecting device [0.000] ... cpu.id = 333 (0x14d) [0.000] ... cpu.sn = 2936128399 (0xaf01c38f) [0.000] Opening singleimage [0.000] Loading package [0.000] ... filename = pkg.xml [0.000] Loading programmer [0.000] ... filename = programmer.elf [0.000] Sending programmer [0.156] Handling things over to programmer [0.156] Identifying CPU version [0.156] Waiting for firehose to get ready [3.297] ... SM_KAMORTA_H 1.0 [3.297] Determining target secure state [3.297] ... secure = yes [3.375] Configuring device ... [3.391] Flashing GPT ... [3.391] Flashing partition with gpt.bin [3.406] Initializing storage [3,484] ... blksz = 512 [37.016] Re-initializing storage ... [37.016] Initializing storage [37328] Flashing bootloader ... [37.344] Flashing abl_a with abl.elf [37.344] partition abl_a not found! [37.359] ERROR: do_package () -> do_recipe () -> do_flash () -> pt_find () -> not found [37.375] Check qboot_log.txt for more details [37.375] Total time: 37.375s FAILED: qb_flash_singleimage () -> do_package () -> do_recipe () -> do_flash () -> pt_find () -> not found "the last message puzzles me. I want to transfer the system to sideload A again, so I have to reset the device firmly. Are there people familiar with the possibilities?
2 I built a blankflash for the Moto G8
1 How To Blank Flash & Fix/Repair Hard Bricked Motorola Devices/Moto G8+|Tutorial Get It Working Again - YouTube
Version Bootloader MBM-3.O-cebu retail 232f3ba894-201209
motostockrom.com/motorola-moto-g9-power-xt2091-3
I'm looking to pinout both test pins.
Have you tried using LMSA?
It recovered a dead phone for me once.
Rescue and Smart Assistant (LMSA)
Also, I too once accidentally switched slot to B, and system didn't boot. However, I was able to get into fastboot mode and switch by entering the command to switch slots.
https://support.lenovo.com/bg/en/downloads/ds101291 i saw this but my computer is 32 bit / i am looking for the program qualcomm edl mode flash tool or something like Axon10Pro_ (More) _EDL_Tools_v1.1d because i want to make active a siteloader because i saw that this can be done not so difficult otherwise for edl pinout I saw how it works and no problem
man88nam said:
https://support.lenovo.com/bg/en/downloads/ds101291 i saw this but my computer is 32 bit / i am looking for the program qualcomm edl mode flash tool or something like Axon10Pro_ (More) _EDL_Tools_v1.1d because i want to make active a siteloader because i saw that this can be done not so difficult otherwise for edl pinout I saw how it works and no problem
Click to expand...
Click to collapse
qualcomm edl mode flash tool / Axon10Pro_ (More) _EDL_Tools_v1.1d
In those .XML files, can you delete the line that says "abl" and try again?
I will do, but these files can be downloaded according to the instructions on how to make closed files extracted from the phone itself
https://www.reddit.com/r/MotoG/comments/k73n66
I downloaded from the bootloader 18 files that are original, this is in connection with blank flash, where in the end there is an error, because eight made active "B" sector instead of A
I removed the ABL file from the XML, but the error remains, plus the message for a missing ABL file ELF
[ 37.297] file abl.elf not found in singleimage.bin!
[ 37.297] ERROR: do_package()->do_recipe()->do_flash()->not found
[ 37.297] Check qboot_log.txt for more details
[ 37.297] Total time: 37.297s
I'm just looking for an EDL program that works similar to this command line Set Bootable Partition- Slot A / run_AB-partition-swap - but here it wants some text file for the presence of a port, port_trace.txt
I'm sorry, I can't help further here. Even though the active slot is B, the partition abl_a should exist and should be flashable regardless. It looks as though there isn't such a partition at all, which I don't even know how that happened.
The tool which you are using is correct, it's doing its job properly. Are you sure you have the right firmware version and software channel? Because bootloader.img differ depending on the firmware version and the carrier. I'd also suggest downloading from https://mirrors.lolinet.com/firmware/moto/cebu/official/, instead of the link you mentioned, motostockroms.
Also, try asking in this Telegram group: https://t.me/lolinet. There are people on there who are more knowledgeable, maybe they can help.
After trying the firmware image from lolinet and trying the process again with that firmware, I'd try to get into bootloader mode once again through power buttons, and if that doesn't work, send the phone into the service center.
Motorola_Moto_G9_Power_XT2091-3_RETUK_CEBU_RETAIL_QZC30.Q4-22-57_10_by_(motostockrom.com) With the TWRP program I chose with active slot B / I don't know if it deleted the content from slot A of the bootloader. By the way, I downloaded the original product firmware XT2091-3 according to the instructions for this, which I get when I try blank flash / I have no idea what to do, so I'm looking for a program "qualcomm edl mode flash tool" and I constantly get Indian sites with dangerous behavior.
I thank you for your time
Hey,
Today I found EDL points for Moto G9 power. Infact im also facing firmware issue.
I accidentally locked bootloader with stockrom again trying to unlock but not working.
Causing No valid OS to boot.
if i try unlock again showing message like " enable OEM unlocking in developer options"
unfortunately not podsible. But still waiting for proper EDL flash tool.
feel free to guide if any one got resolution.

Question Bootloop after C10 update

Hey,
I've recently updated my Nord 2 from A21 to C10. Phone was unlocked and rooted, so after having reflashed the original boot.img, I forced the installation of the official OTA through TWRP. I had to set ro.commonsoft.ota=OP515BL1 to make it work. After the installation, TWRP failed to mount /system, but that didn't surprised me. I checked that the boot partition has been well flashed.
Now every time I try to power on the phone, it directly tries to run into recovery mode. However it fails and start again and again...
Maybe the system tries to install the OTA using the original recovery, which of course fails, and because of an unknown reason, it doesn't reboot to system.
Because of the last update, fastboot is not accessible anymore using vol -, and BROM mode is not accessible using vol + / vol -.
I tried to crash the preloader using mtkclient but it didn't work.
I tried to use META mode to switch to fastboot, but preloader only answers "READY" (instead of "READYTOOBTSAF"), and nothing changes.
I try to reverse engineer preloader and lk but it's something new for me. META mode code is still present in the preloader, so I don't understand what's wrong with it. Maybe disabled by default on USB...
Does anyone has a solution to boot into BROM mode or make META mode work ?
Or maybe I could find DA authentication files somewhere ?
@Petitoto can you share a bit about how you got the meta command running?
I'm in a similar situation with a Nord 2T. While mtkclient can get some info out of the preloader, meta never seems to connect.
Code:
mtk gettargetconfig
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Device detected :)
Preloader - CPU: MT6893(Dimensity 1200)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x950
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - Get Target info
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Main - Getting target info...
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Code:
mtk meta FASTBOOT
META - Status: Waiting for PreLoader VCOM, please connect mobile
META - Hint:
Power off the phone before connecting.
For preloader mode, don't press any hw button and connect usb.
...........
META - Hint:
Power off the phone before connecting.
For preloader mode, don't press any hw button and connect usb.
...........
META - Hint:
Power off the phone before connecting.
For preloader mode, don't press any hw button and connect usb.
Hey @Beanow,
I have the same gettargetconfig output, which indicates that the phone is not in BROM mode but stuck in preloader. Trying to interact with the preloader always lead to error because of the DAA (DAA_SIG_VERIFY_FAILED for example).
I have the same issue with mtkclient and meta mode. You can use the following modified mtk-bootseq.py:
py mtk-bootseq.py FASTBOOT COMXX (or python3 mtk-bootseq.py FASTBOOT /dev/ttyACMXX on linux).
Python:
import sys
import time
from serial import Serial
BOOTSEQ = bytes(sys.argv[1], "ascii")
DEVICE = sys.argv[2]
CONFIRM = b"READY" + BOOTSEQ[::-1]
while True:
try:
s = Serial(DEVICE, 115200, timeout=0.1)
print(".\n[+] Device detected")
break
except OSError as e:
sys.stdout.write("."); sys.stdout.flush()
time.sleep(0.1)
print("<-", s.read(256))
def send(bytes):
s.write(bytes)
print("->", str(bytes))
resp = s.read(256)
print("<-", str(resp))
return resp
resp = b''
while resp != CONFIRM:
resp = send(BOOTSEQ)
print("[+] Boot sequence sent")
On another device, it works and I get:
Code:
...............................
[+] Device detected
<- b'READYREADYREADYREADYREADY'
-> b'FASTBOOT'
<- b'READYTOOBTSAF'
[+] Boot sequence sent
However, on my Nord 2, I get:
Code:
...........................................
[+] Device detected
<- b'READYREADYREADYREADYREADY'
-> b'FASTBOOT'
<- b'READY'
-> b'FASTBOOT'
<- b''
-> b'FASTBOOT'
<- b''
Then the next s.write() is hanging.
I get the same result for any other boot mode. However, the code is still present in the preloader.
I unfolded my phone to try to find a test point. I tried all golden points but I only found:
- a point which loads preloader (and not BROM...) in the same way vol + / - do (in red in the picture)
- a point which boots the phone but without Android and OnePlus pictures (what's that ??) (in green)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I don't know how test point is handled: if that's the role of preloader, it may have been disabled by the update (as the BROM and fastboot). We may need to find the DAT0 point of the eMMC to short it and prevent the BROM to find the preloader, making it to go in EDL mode. However, I think that this point isn't exposed, and I won't disassemble my phone further without beeing sure of success...
Thank you so much for the work so far!
Unfortunately I get no response at all on the Nord 2T.
Code:
.......................................
[+] Device detected
<- b''
-> b'FASTBOOT'
<- b''
-> b'FASTBOOT'
Traceback (most recent call last):
File "/media/droid-work/mtkclient/mtk-bootseq.py", line 31, in <module>
resp = send(BOOTSEQ)
File "/media/droid-work/mtkclient/mtk-bootseq.py", line 24, in send
resp = s.read(256)
File "/usr/lib/python3.10/site-packages/pyserial-3.5-py3.10.egg/serial/serialposix.py", line 595, in read
raise SerialException(
serial.serialutil.SerialException: device reports readiness to read but returned no data (device disconnected or multiple access on port?)
How did you connect to the device that you're getting these responses?
In my case, I need to use vol+, vol- and power, like mtkclient, or the ttyACM0 won't exist.
(I've got udevadm monitor up, watching for the usb/tty to be added)
Indeed, you need to run into preloader using vol +, vol -
Maybe a driver / python module issue. I've got similar issues on my linux. Try on windows or try to reinstall drivers.
It should work at least for the first answer. Else it means that your preloader doesn't send any data, which is not the case as mtkclient works.
I also tried a different baud, because a pl_lk log from oplusreserve2 partition suggested it may be used. No luck though. Note, this was a very old log I saved early on. Definitely not reflective of latest Nord 2T update.
Code:
[PLFM] boot_tag size = 0x0
BOOT_TAG_VERSION: 0
BOOT_REASON: 0
BOOT_MODE: 0
META_COM TYPE: 0
META_COM ID: 0
META_COM PORT: 285220864
META LOG DISABLE: 0
FAST META GPIO: 5906
LOG_COM PORT: 285220864
LOG_COM BAUD: 921600
LOG_COM EN: 1
LOG_COM SWITCH: 0
MEM_NUM: 2
MEM_SIZE: 0xAE7B
MEM_SIZE: 0xAE8D
I guess I'll try windows then
Code:
python mtk-bootseq.py FASTBOOT COM4
...................................................................................................................................
[+] Device detected
<- b''
-> b'FASTBOOT'
<- b''
-> b'FASTBOOT'
<- b''
-> b'FASTBOOT'
<- b''
Windows looks to behave similar. Though windows wouldn't take the MTK VCOM driver, so this is win10 default serial, in a VM over USB passthrough.
So, same result not in a VM. Though specifically with powershell I got the same output as you did.
Code:
...........................................
[+] Device detected
<- b'READYREADYREADYREADYREADY'
-> b'FASTBOOT'
<- b'READY'
-> b'FASTBOOT'
<- b''
-> b'FASTBOOT'
<- b''
This is really a helpfull post for us. I've already a oneplus nord 2 phn,from this post i know the more information about this phn.
Thank you so much.
@Beanow So same results...
It's weird that it doesn't work on Linux. Maybe an issue related to pyserial or connection settings.
What's preventing the device to be detected by mtkclient is line 54 in mtkclient/Library/meta.py: and cdc.pid == 0x2000 should be removed. So you can try to switch to fastboot using mtkclient on Linux, but with my Nord2 I get the same results as mtk-bootseq.py on Windows
Petitoto said:
@Beanow So same results...
It's weird that it doesn't work on Linux. Maybe an issue related to pyserial or connection settings.
What's preventing the device to be detected by mtkclient is line 54 in mtkclient/Library/meta.py: and cdc.pid == 0x2000 should be removed. So you can try to switch to fastboot using mtkclient on Linux, but with my Nord2 I get the same results as mtk-bootseq.py on Windows
Click to expand...
Click to collapse
Thanks for this. No need to switch to windows anymore, to use mtk client.
Petitoto said:
It's weird that it doesn't work on Linux. Maybe an issue related to pyserial or connection settings.
Click to expand...
Click to collapse
Is it 'not working' though? It's also weird to me that I had the same output as Linux using Windows' cmd, while there was READY spam in powershell. Same drivers, same python, same libraries, but different output?
I suspect that it might be a timing issue. Maybe the serial console doesn't care about or wait for input at all. And just spams READY a few times. It would be a matter of how fast the connection is established.
Perhaps as well there's a different subsystem sending commands to the 'meta' environment and the READY spam means it's processing those commands rather than whatever we're sending.
All theories, but I would find it really hard to believe there's a problem with Linux drivers / libraries for something as basic as a UART/serial console over USB.
Petitoto said:
@Beanow So same results...
It's weird that it doesn't work on Linux. Maybe an issue related to pyserial or connection settings.
What's preventing the device to be detected by mtkclient is line 54 in mtkclient/Library/meta.py: and cdc.pid == 0x2000 should be removed. So you can try to switch to fastboot using mtkclient on Linux, but with my Nord2 I get the same results as mtk-bootseq.py on Windows
Click to expand...
Click to collapse
I also suspected this PID check and tried to log the else cases, but never reaches those for me.
So removing the check didn't help for mtkclients' meta commands.
Is it 'not working' though? It's also weird to me that I had the same output as Linux using Windows' cmd, while there was READY spam in powershell. Same drivers, same python, same libraries, but different output?
Click to expand...
Click to collapse
Differents results when using cmd and powershell? There is really no reason for that. Unless it's not the same Python environment, with different pyserial for eg. I have issues to run mtk-bootseq on Linux, but always the same output on Windows' cmd.
I suspect that it might be a timing issue. Maybe the serial console doesn't care about or wait for input at all. And just spams READY a few times. It would be a matter of how fast the connection is established.
Click to expand...
Click to collapse
Maybe. On linux, I can get different results depending on baud rate, timeout (and luck?). If there is an issue related to the connection, it might explain why the preloader doesn't answer as expected. But as other commands (like mtk gettargetconfig, but also manually handshaking connections and gathering informations in pyserial) work well, I tend to think it's just disabled.
Perhaps as well there's a different subsystem sending commands to the 'meta' environment and the READY spam means it's processing those commands rather than whatever we're sending.
Click to expand...
Click to collapse
I don't really know how it works. The code is still present in the preloader. However this functionnality is not always enabled. Maybe reversing the preloader more or analysing the log you provided on Github might help to determine whether or not it is enabled. Moreover, even if we manage to switch to fastboot, if the bootloader has been fully disabled, we may face the issue of the preloader trying to run into a non existant fastboot. Maybe the FACTFACT mode may help to reset the device, but I don't really know a lot about this mode.
So removing the check didn't help for mtkclients' meta commands.
Click to expand...
Click to collapse
Once you removed this check, if you print the data sent by the preloader, you'll get the multiple "READY" like mtk-bootseq on Windows. Moreover, I can switch to fastboot using this command on another MTK device.
Dear Sir,
Do you have any method to recover my phone as the figure show?
Thank You

Categories

Resources