hi
the other day i tried to dd in a bootloader to add fastboot to my K8+ (2018) LMX210ULMA and wiped my preloader. The device uses an mt6750 chipset and i had made a back up so i have the approriate software to restore it, i even have the scatter file.
The problem is that there is no da_pl.bin file for lg phones to use sp flashtool, i have no download mode and no fastboot.
i have two pc`s one running ubuntu the other windows 7.
i would appreciate any help
any help at all
ok so ive found some versions of sp flash tool that are supposed to get around the authorization stuff and i have an auth file but i keep getting brom errors. the same one in fact. on linux ifs 0x00. ive been looking at and following the tutorials ivs made android rules and all kinds of things but i cant get it to flash. it started to befote i added the stuff in the tutorials. The red line would go acrross the bottom but now i just get the brom errots.
Thumb up for boldness... :good:
Now you have some interesting project there.
Keep us update if you manage to find out any solution.
No idea how to help but Good luck!
https://blog.hovatek.com/so-whats-all-this-talk-about-meditek-secure-boot-and-da-files/
https://ifindhub.com/download-mtk-secure-boot-da-loader-files-mtk-devices.html
ill get there eventually. I have been looking at all the config and ini files and i hate to say it but security might be essier than you think to overcome. just have to erase a few lines here and there and teplace some as needed. idk ty. Dont worry ill keep you guys posted
i really think sometime we over think and see past the easiest solutions. but what do i know im trying to flash an mtk preloader on an lg phone.
im actually trying to unbrick a few phones. two qc `s and the mtk. I kinda bricked one of my lmx210`s on purpose not thinking it would brick. well jokes on me.
Im have a couple questions maybe somebody can help with. In the past couple months on my journey through madness i have tried a few hindred different ways and more flashtools than you could imagine. So far nothing has worked but ive learned alot of theory.
so far though i know that the mtk board is in bootrom mode. We will get back to that as i have an idea....
ok on the qc boards we have the dreaded 9008 mode. I made some progress today. i wanted to see if the LMX210 could boot from SD card instead of the internal. I believe it can but im having trouble with what to do next. p
i used dd to flash the gpt on my sdcard then formatted the partitions to the proper filesystem. when i plugged it in to the usb it lit up but did not boot. But it lit up for the first time since bricking.
But it only lights up with usb plugged in. Add the batrery and it goes dead. It also doesnt show 9008 mode any more.
i went back and changed the boot and recovery images to reflect using the mmcblk system and now windows device manager can see it. But no boot. im wondering first if i might need a special boot loader to boit from sd and two if i might be able to use the same trick to get the mtk running
Some LG firmwares include some files for SPFT, like LGX240ARAT and LGX230HAT.
but do they work with MT6750? In LGX240ARAT there is a dll that mentions MT6755,
but not MT6750. Newer versions probably needed. Or maybe you could hack it. ??...
part of my problem is not knowing what scatter file to use. these phones have thier info all twaktup. the mtk gives several different board/chip types. like we have 6722, 6755, 6750, 6736 and so on. im pretty sure though its a 6750 board with 6755 chipset but do i use the scatter for the board or the chipset.
Ok idea!!
I can pick the phone up as bootrom mode on port in my ubuntu as /dev/ttyACM0.
That means i can write to it. How can i dd the preloader.bin to the right place on there
Duhjoker said:
Ok idea!!
I can pick the phone up as bootrom mode on port in my ubuntu as /dev/ttyACM0.
That means i can write to it. How can i dd the preloader.bin to the right place on there
Click to expand...
Click to collapse
As I don't know much about but have played a bit with these.
https://gitlab.com/zeroepoch/aftv2-tools
https://forum.xda-developers.com/hd...fire-hd-8-2018-downgrade-unlock-root-t3894256
And there is tools like eMMC Pro, etc. that might work too... ?
I think the m250 did answer to some handshake but there was some problems
because I didn't continue testing those py scripts...
I would try what I could read from it first. From those scatter files I guess that
preloader is on its own partition. The other one should start with partition table, pgpt .. ??
CXZa said:
As I don't know much about but have played a bit with these.
https://gitlab.com/zeroepoch/aftv2-tools
https://forum.xda-developers.com/hd...fire-hd-8-2018-downgrade-unlock-root-t3894256
And there is tools like eMMC Pro, etc. that might work too... ?
I think the m250 did answer to some handshake but there was some problems
because I didn't continue testing those py scripts...
I would try what I could read from it first. From those scatter files I guess that
preloader is on its own partition. The other one should start with partition table, pgpt .. ??
Click to expand...
Click to collapse
Hi,
If you can reach bootROM mode by pressing any of the volume keys while you connect the phone (Mediatek Inc. MT6627) you should be able write and read the EMMC with amonet.
The tool needs some modifications in order to make it work to MT6750. You can probably try with the mt6753 version which may work for MT6750:
https://github.com/Dinolek/amonet
For reference, use this commit:
https://github.com/R0rt1z2/amonet/commit/6b57d0a99f42739d3b3b2ce962b32ecb8fefd950
Contains all the stuff that needs to be edited in order to make it work for that phone
Regards!
Thank you i can give it a try. Its already in bootrom mode though and accepts the handshake. The problem is that the py command that flashes the preloader and stuff on it also wants to flash other stuff as well that i dont have or does not work with the board.
The py command needs to be modified to only flash the preloader, lk.bin, laf and twrp. If those items only could be flashed i could bring the rest of the device up using lgup
I have tried to modify the commands myself to include just those items but it errors. I dont know enough about the python language to be able to do it on my own.
Duhjoker said:
Thank you i can give it a try. Its already in bootrom mode though and accepts the handshake. The problem is that the py command that flashes the preloader and stuff on it also wants to flash other stuff as well that i dont have or does not work with the board.
The py command needs to be modified to only flash the preloader, lk.bin, laf and twrp. If those items only could be flashed i could bring the rest of the device up using lgup
I have tried to modify the commands myself to include just those items but it errors. I dont know enough about the python language to be able to do it on my own.
Click to expand...
Click to collapse
PM me if you need help editing the python script
Regards.
I really appreciate your offer for help. I was looking at the reference for porting and now that i can see the things that would need changing why not go ahead and unlock the bootloader while we are at it. We could save a ton of devices and at the same time give them th3 extra value of being able to twrp and root them.
I have been looking for some way to unLock the bootloader on these phones for days and though it will be some work being able to reflash the preloader AND unlock the bootloader which was my main intent when i bricked it would be worth the extra effort.
Rortiz2 said:
PM me if you need help editing the python script
Regards.
Click to expand...
Click to collapse
I couldnt post the main.py script in the pm but i can attach it here. Thank you so much.
Here is the raw preloader extracted using salt on my pc.
Ok so i went through your source code for the meizu m2 amonet to match it with source code for the mt6750 and i only had to change a couple things. Its pretty much identical to the commit you pointed me too.
As far as i can see your amonet should work just fine with the sp200/lm-x210ulma boards. I did add my .img files to the bin folder though.
Any way i keep getting errors.
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/serial/serialposix.py", line 501, in read
'device reports readiness to read but returned no data '
serial.serialutil.SerialException: device reports readiness to read but returned no data (device disconnected or multiple access on port?)
During handling of the above exception, another exception occurred:
Rortiz2 said:
Hi,
Contains all the stuff that needs to be edited in order to make it work for that phone
Regards!
Click to expand...
Click to collapse
Hi,
Didn't continue experiments but now also @Duhjoker might be interested about this last new development...
[EXPLOIT] [BOOTLOADER] Mediatek based LG K10 2017 M250 bootloader secure boot bypass. by @OficerX
https://forum.xda-developers.com/lg-k10/how-to/exploit-mediatek-based-lg-k10-2017-m250-t4183545
MT6755 and MT6750 are essentially the same, MT6750 is cheaper and slower version of MT6755, these are compatible, you can use tools for 6755 on 6750.
Here (https://github.com/arturkow2000/lgk10exploit) you have tools that can help you flash preloader (write_boot0.py), these should work on your device.
Open config.py set BR_DEV_PATH to /dev/ttyACM0
then write: python write_boot0.py --brom path_to_your_preloader_bin
This is slow process, may take few minutes (you will see progress while flashing).
Related
So, here is the firmware flash guide for B15Q. It assumes either a Win7 x86 machine or a x64 with driver signature verification disabled (but Win8/8.1 in any variant or W7x64 is NOT RECOMMENDED).
I assume no warranty for bricked devices, especially not if you manage to kill your PRELOADER or DSP_BL. Double and triple check before downloading.
0) Driver and toolkit setup
Get the driver set, scatter file and spFlashTool from this thread: http://forum.xda-developers.com/general/general/stock-rom-cat-b15q-rom-development-t2988774
Remove back shell from phone, remove battery (!)
Attach phone via USB. Windows should now, approx. once every 2-3s, make a sound similar as if you put in a USB stick and then pull it out again.
Start=>Run=>devmgmt.msc, in the View menu choose "Devices by connection"
Click yourself through the tree until you find an unknown device (MT65xx Preloader or similar)
Rightclick on the device and press "Install drivers"; you shall find the drivers in "MTKUsbAll_0.9.2\New inst. win 7&8x64" folder.
Launch "SP Flash Tool v5.1352.01\flash_tool.exe"
In the tab "Download", click on the "Scatter loading" button and select the downloaded file "MT6582_Android_scatter.txt". spFlashTool usually remembers this across restarts.
Unplug the phone at the computer side if you want to work with it later (the MicroUSB ports don't like too many inserts, they wear out physically).
A) ReadBack for backup of existing firmware/userdata
This will involve a ****load of typing for the first readback.
Open the scatterfile using Notepad++ or any editor capable of handling UNIX line endings, NOT notepad
You will see a lot of blocks like
Code:
- partition_index: SYS0
partition_name: PRELOADER
file_name: preloader.bin
is_download: true
type: SV5_BL_BIN
linear_start_addr: 0x0
physical_start_addr: 0x0
partition_size: 0xC00000
region: EMMC_BOOT_1
storage: HW_STORAGE_EMMC
boundary_check: true
is_reserved: false
operation_type: BOOTLOADERS
reserve: 0x00
In spFlashTool, select the "Readback" tab.
For all the blocks you see in the scatterfile (IDs 0-23), repeat the following:
Click "Add"
Double-click on the newly appeared row
Choose a filename (e.g. preloader.bin for the first block; some blocks will have name = NONE, use the partition_name here for the filename) and click SAVE
A window "Readback block start address" will appear
Choose Type = "hex". Copy (Ctrl+C,Ctrl+V, and take care to exactly select the hex value! Do NOT type the hex values by hand!) the value from linear_start_address (with the 0x) into the "Start address" box and the partition_size value in the "Length" box, press OK.
Unless you are at the SYS23 partition BMTPOOL, proceed to the next block, repeat from above.
The SYS23 partition can not be backed up, because it has invalid lengths. Do not enter it into spFlashTool.
CHECK THE VALUES FOR START ADDRESS AND LENGTH IN THE TABLE. CHECK THEM ANOTHER TIME.
Press "Read back" button at the top.
Plug in the phone with the battery removed(!) and wait. This process will take time and consume approx. 3-4GB of disk space.
Archive the files you created somewhere safe. Do NOT distribute anything to other people except the BOOTIMG, RECOVERY and ANDROID partitions, because the other partitions contain data that is hardcoded to your board (e.g. IMEI/MAC addresses, sensor calibrations,...) or your private data and app data (SYS22/USRDATA).
If you want a full backup to disassemble by hand lateron (aka you trust in nothing going wrong and don't want to do the hard work except when you need it), just create one readback section with start=0x0 and length=0xE5720000 - this backups everything in one file.
B) Download for flashing new firmware
In spFlashTool, select the "Download" tab
In the dropdown box below the scatter file, keep it at "Download only" or set it if this is not the case
Uncheck all the boxes in the table
Double click on the "Location" column of the BOOTIMG, RECOVERY, ANDROID or USRDATA rows which you want to flash, select the appropriate image file.
Check that you selected the correct images for the correct partitions!
CHECK THAT ONLY THE ROWS WHICH YOU WANT TO FLASH ARE CHECKED. ESPECIALLY, NEVER EVER CHECK THE PRELOADER, MBR AND EBR PARTITIONS. YOU HAVE BEEN WARNED.
Press Download
Plug in the phone with the battery removed and wait. spFlashTool will tell you when it's done.
Unplug phone from computer (!) and put in the battery.
If you get an error "PMT changed for the ROM; it must be downloaded", reboot your machine.
When you have a running ROM on it, you may also try to keep the battery in the phone during flashing; just press Download on the PC, then select Shutdown in the Android menu that appears after holding Power pressed. Once the phone has shut down, it will vibrate shortly and then be detected by spFlashTool. I also recommend using a high-quality USB cable and not a worn out one because USB cables with worn out plugs may lead to issues during transmission.
NAND reflush?
Excellent stuff you wrote here - thank you.
Any hints on how to resurrect dead B15Q that has damaged/erased NAND or a Preloader?
In this link http: // forum . xda-developers . com/ showthread.php?t=1943442 a forum member
claims that mt65xx have META mode even if they appear dead - like mine B15Q is right now - and could be
revived with SPFT and proper W7 drivers.
Does under those circumstances PRELOADER might be reflashed?
I read just afterwards that one should not do fully ticked Memory Test as it silently reformats NAND.
I guess this is what happened in my case.
Also, a reason to do this test was that reflashing the phone with 1.010 BOOTIMG, ANDROID and RECOVERY, having it back for a brief moment and then upgrading it via OTA to 1.019 that had bricked it in a reboot loop.
Any clue would be welcome.
uhuru-meditation said:
Excellent stuff you wrote here - thank you.
Any hints on how to resurrect dead B15Q that has damaged/erased NAND or a Preloader?
In this link http: // forum . xda-developers . com/ showthread.php?t=1943442 a forum member
claims that mt65xx have META mode even if they appear dead - like mine B15Q is right now - and could be
revived with SPFT and proper W7 drivers.
Does under those circumstances PRELOADER might be reflashed?
I read just afterwards that one should not do fully ticked Memory Test as it silently reformats NAND.
I guess this is what happened in my case.
Also, a reason to do this test was that reflashing the phone with 1.010 BOOTIMG, ANDROID and RECOVERY, having it back for a brief moment and then upgrading it via OTA to 1.019 that had bricked it in a reboot loop.
Any clue would be welcome.
Click to expand...
Click to collapse
Bigal1337's image should also contain a preloader, but I guess in your total-dead state it'd be better to send in the device for warranty... after all no one can prove what exactly zeroed out your NAND.
harddisk_wp said:
.....but I guess in your total-dead state it'd be better to send in the device for warranty... after all no one can prove what exactly zeroed out your NAND.
Click to expand...
Click to collapse
It is all OK now and B15Q is alive and works well, as it did before the "big brick" Christmas blackout.
The main thing is that thanks to MTK low-level USB communication on chipset as is in B15Q makes it "unbrickable", really.
The other thing is my bad clicking around and "checking memory" while not really knowing what I am doing.
As well as Windows x64 drivers, admin rights and all the other voodoo lurking in there.
What troubles me more is how come that CAT ppl. allowed "bricking" device upon system update, while root or no root shouldn't really matter there?
They sell it unlocked, so they should sell it, as well, with an easy option to root it. As Nexus One from Google had this "build-in" option.
I still hope that future updates will not have the same behaviour and also that there will be an alternate option for some other flavour of Android.
uhuru-meditation said:
It is all OK now and B15Q is alive and works well, as it did before the "big brick" Christmas blackout.
The main thing is that thanks to MTK low-level USB communication on chipset as is in B15Q makes it "unbrickable", really.
The other thing is my bad clicking around and "checking memory" while not really knowing what I am doing.
As well as Windows x64 drivers, admin rights and all the other voodoo lurking in there.
What troubles me more is how come that CAT ppl. allowed "bricking" device upon system update, while root or no root shouldn't really matter there?
They sell it unlocked, so they should sell it, as well, with an easy option to root it. As Nexus One from Google had this "build-in" option.
I still hope that future updates will not have the same behaviour and also that there will be an alternate option for some other flavour of Android.
Click to expand...
Click to collapse
I think I have found something... this chinese rooter apparently messed with internal symlinks, and the firmware update broke as it assumed "stock" contents...
Another reason not to trust rooters where one can't even read the description because its chinese...
harddisk_wp said:
Another reason not to trust rooters where one can't even read the description because its chinese...
Click to expand...
Click to collapse
I agree there. I gave up on rooting B15Q.
On the side note: lately I had 2 spontaneous reboots after this reflash and resurrect.
It happened after I used "official" messaging app more precisely after I send a message and close the app..
.
Did anyone noticed this? - it is 1022 I have up and running.
Other than that it works fine.
Hello,
I tried your workaround but haven't succeeded yet. And yes my phone also is bricked, unfortunately.
My phone halts where you have to choose a language after a factory reset. At that moment I get some messages that some services had stopped. Like Google keyboard, Youtube and some more. I can click OK but this doesn't get me passed these messages and they reappear. I only can switch off the phone.
I tried your workaround on a x64 machine (and got the PMT message) because that's what I have. I am preparing a x86 machine which has XP on it but on launching SP Flash Tools I get the message the configuration of the computer is not correct. Will W7 32-bits do the trick?
Also two more questions.
The downloaded images are : boot.img, recovery.img, system.img and uboot.img.
In your explanation you're mentioning : BOOTIMG, RECOVERY, ANDROID or USRDATA.
I presume that in SP Flash Tool I have to use the system.img in the row ANDROID?
Or should it be in the row USRDATA?
You don't use uboot.img. What's the reason for that? For what purpose is this image?
Update 19 april 2015.
I managed bringing back my phone to life. I did another attempt by rebooting my 64-bits computer (as you wrote in the beginning) because at that moment I didn't had a 32-bits machine. It worked wonderwell. So, I'm using my phone again. Like uhuru-meditation I give up rooting for the moment. Nevertheless Android 4.4.2 I still like this phone. Hope it won't let me down after this major reset. Keep fingers crossed.
harddisk_wp many thanks for your hard working in making this workaround. It sure has cost you more then an hour's work.
I hope you read my questions and can or will answer them.
CAT B15 help
Hi guys, i'm sorry i have to ask this in this forum but i've been asking for a couple of months now, and got no answer. I have a CAT B15 (not the B15Q). It is single sim version (IMEI write on the back) and i managed to do plenty of things in it. I swapped memory and worked fine, and even i installed a Dual Sim android rom and i managed to use the secondary Sim bay in it (that was tapped with a plastic fake sim) and used the phone with 2 sims for like 2 weeks. Then i started to play with deodex and build.prop and softbricked the phone, but it was piece of cake since it is easy to unbrick. The problem was that i wrongly flashed the phone with scatter file, and flashed all partitions in it, EBR1, MBR, UBOOT, etc, etc. The result was a non-working dual SIM phone. Everything works, but the SIMS, it does not detect any SIMs in it, in any of the SIM bays, and the IMEIs are wrong numbered. I did no buckup of the phone so i'm pretty screwed. I've been asking for someone to upload the EMEA_SS or US_SS ROM for the CAT B15, but nobody responded. I thaught maybe the CAT B15Q has a similar software/bands flashing partitions, but that i leave to you for answer. Anyway, if any of you has the possibility of taking the images of a single sim CAT B15 it would save me this awesome phone for me. I'm also willing to give a 20GB account of ownCloud server for 1-year free of charge if storage space is needed, no problem. This are the links i've been searching and asking.
All About CAT B15: http://forum.xda-developers.com/show....php?t=2430904
Root for Catterpillar B15: http://forum.xda-developers.com/show....php?t=2263455
Best regards,
2 Questions
Good day
I have the same questions as a previous user, but I cannot find any answer to it:
"Also two more questions.
The downloaded images are : boot.img, recovery.img, system.img and uboot.img.
In your explanation you're mentioning : BOOTIMG, RECOVERY, ANDROID or USRDATA.
I presume that in SP Flash Tool I have to use the system.img in the row ANDROID?
Or should it be in the row USRDATA?
You don't use uboot.img. What's the reason for that? For what purpose is this image?"
Could you please help with these? Should I use uboot.img as well? And does system.img go to the Android row?
I added this 3d question later: is it safe to flash SS phone with the DS file?
Kind regards
"PMT changed for the ROM" and SP Flash Tool version
Hello,
I'd like to say big thanks and report that my B15Q was saved thanks to this thread, after a failed upgrade to the 1.016.00 firmware (due to the Chinese root app).
Moreover, I would like to point out that the procedure worked only with the v5.1352.01 version of SP Flash Tool. All other versions I've tried bailed out with the "PMT changed for the ROM; it must be downloaded" message. Unfortunately, the thread which is listed in the instructions refers to a version of SP Flash Tool more recent than v5.1352.01. A link to the said version can be found in this post: http://forum.xda-developers.com/showpost.php?p=58810386&postcount=4
Regards,
Aurél
harddisk_wp said:
0) Driver and toolkit setup
Get the driver set, scatter file and spFlashTool from this thread: http://forum.xda-developers.com/general/general/stock-rom-cat-b15q-rom-development-t2988774
Remove back shell from phone, remove battery (!)
Attach phone via USB. Windows should now, approx. once every 2-3s, make a sound similar as if you put in a USB stick and then pull it out again.
Start=>Run=>devmgmt.msc, in the View menu choose "Devices by connection"
Click yourself through the tree until you find an unknown device (MT65xx Preloader or similar)
Rightclick on the device and press "Install drivers"; you shall find the drivers in "MTKUsbAll_0.9.2\New inst. win 7&8x64" folder.
Launch "SP Flash Tool v5.1352.01\flash_tool.exe"
...
...
If you get an error "PMT changed for the ROM; it must be downloaded", reboot your machine.
Click to expand...
Click to collapse
my b15 loopboot
Hello such greetings from Venezuela have a cat b15q dual sim to load the firmware with sp flashtool v3 makes the whole process but remains frozen on the logo even doing a wipe and there no moves have the rom that is posted here I can I am doing wrong excuse my English but I use a translator
Thanks on advanced . Worked fine on my b15q cat . Really much apreciated .
Hello, I'd like to say big thanks and report that my B15Q was saved thanks .Thanks this rom launch perfect
uhuru-meditation said:
It is all OK now and B15Q is alive and works well, as it did before the "big brick" Christmas blackout.
The main thing is that thanks to MTK low-level USB communication on chipset as is in B15Q makes it "unbrickable", really.
...
Click to expand...
Click to collapse
Would you please care to share how you achieved that?
(Following some guide which said that upon ""PMT changed for the ROM..." error one should format the device before downloading, we did that (after reading back everything) but unfortunately, spFlashTool doesn't like the readback PRELOADER partition we extracted.)
goodnight I hope will help me have a cat b15q and remained in recovery mode and I need to flash it revive hope help me thank you .. I'm from Venezuela and one who does not get that software. Excuse my English but q use the translator
CAT B15Q - My Rear Camera doesn't work anymore
Good evening everyone.
After a bad update, my rear camera on CAT B15Q doesn't work anymore. I read all the posts here and I'm using Windows Vista Home Premium 32 bits. I downloaded all the necessary files and when I open the SP Flash Tool, I think it didn't recognize my smartphone and when I try to download any file to the phone the status bar on SPFT still stopped, like if anything is going on. I buy this B15Q on Paraguay. Could this fact be my problem? Anyone could help me, please???
Hi guys, i really hope you can help me, i m so deseperate...
After OTA Update my CATERPILLAR S30 bricked into bootloop, i can access to the stock recovery (wipe data/factory not fix it) and bootloader show me ; "DC CHECK"
I read that it could be my bootloader (emmc) wich it's corrupted...
The chipset is a Qualcomm Snapdragon MSM8909, of course USB debugging is disabled and i can't find any stock rom, backup for this phone....
Please HELP ME...i work hight in the mountain and if i cant communicate it will become....quite dangerous for me...
If someone has a backup (EU AREA), a stock rom or any solution for me ill be gratefull
Bye
Nobody can upload me OTA file (wich i ll .zip), boot.img, backup or any kind of solution please...?
AnY-One said:
Nobody can upload me OTA file (wich i ll .zip), boot.img, backup or any kind of solution please...?
Click to expand...
Click to collapse
What software version are you on?
Chuggers said:
What software version are you on?
Click to expand...
Click to collapse
Hello there and thanks helping me...
I'm AnY-One but i can't log in with; i dont know why...
I dont know what is my software version i only can say to you that the last update i tried to install came about 10-12/01 (EU France) and i bought this phone the 24/12 and i already did a first update.
So my phone stuck in bootloop (Qualcomm HS-USB QDLoader 9008 recognized) when i tried to install the 2nd update 10-12/01 so...
I have all qualcomm developpers tools with qualcomm flash utility and i can access to stock recovery...perhaps just a boot.img should work...
Pleassse help guys...
"and...as you can read; SORRY FOR MY ENGLISH"
---------- Post added at 05:32 PM ---------- Previous post was at 04:52 PM ----------
an update.zip that i can flash from recovery should be welcome
---------- Post added at 06:19 PM ---------- Previous post was at 05:32 PM ----------
Got it, i think software version (viewing in recovery mode) is LTE_D0201121.0_S30_0.017.01
Zi0nlive said:
-snip-
Click to expand...
Click to collapse
Is warranty not an option?
nagalun said:
Is warranty not an option?
Click to expand...
Click to collapse
it is but it takes time...and i like to fix my mistakes by my self...
Have you a solution for me? can you upload the OTA files or a backup rom .zip?
Zi0nlive said:
it is but it takes time...and i like to fix my mistakes by my self...
Have you a solution for me? can you upload the OTA files or a backup rom .zip?
Click to expand...
Click to collapse
You can access recovery?
Usually when you see "Qualcomm HS-USB QDLoader 9008" it is because the phone can't load the bootloader (bios), so I am a bit confused about the state of your phone.
You likely need more files than the OTA has.
nagalun said:
You can access recovery?
Usually when you see "Qualcomm HS-USB QDLoader 9008" it is because the phone can't load the bootloader (bios), so I am a bit confused about the state of your phone.
You likely need more files than the OTA has.
Click to expand...
Click to collapse
That's a good question ; yes i can access to QDloader HS-USB 9008 with qualcomm drivers ; I CAN ONLY acces to
recovery holding VOL+ then plugin in USB. Phone off then : POWER + VOL+ doesnt boot recovery.
Wipe Data/factory seems to work, adb sideload; device is regognized in adb shell but most of commands answer are: "FAILED (remote: unknown command)" when i choose reboot in bootloader it's the boot screen with 'DC CHECK MODE' left corner..
Is there someone reading me who has the same phone?
Is there someone able to upload me .img (system, boot ...) that i can flash with QPST Tools? Stock Firmware? Nandroid Backup?
Is there someone who can guide me to repair that phone stuck in bootscreen? I think the problem come from my stupidity fogetting to unroot (Kingoroot apk replaced by SuperSU) before OTA update.
How extract my proper firmware
Hello
How extract the om from the device
Help Me
Same problem...
I have the same problem too... Please help
sharing my experience in a similar quest
Hello ! You probably must have resolved the issue by now. Like you, I too had a similar issue ( Reliance Jio Lyf Wind4 - Haier L51)
In my nooby quest for a solution have made some progress. The learning is:
One needs : Mprg8909.hex, 8909_msimage.mbn, rawprogram0.xml, patch0,xml to recover.
If you can get hold of a phone similar to yours, you can dump all the partitions. That can then be used to get the required information to make your unique rawprogram0.xml. The process of dumping becomes very easy if the phone is root and you are running an insecure boot. Using basing Linux commands like fdisk,gparted,proc you can get and idea of your partition details. The dd command will help you dump the partitions.
Yes the tools to use is from the QPST suite or look for the stand alone emmcdl.exe
As your phone is showing the QUSB 9008 mode you need to be able to switch the phone to Emergency Download Mode after which you can use MIflash or similar tool to flash the ROm from the dumped images. Thats where the rawprogram0.xml comes in. It details partition information required to revive the phone.
Havent succeeded yet, but am feeling encouraged. Probably need to resolve syntax errors creating the rawprogram0.xml and figure out if just this much is enough to switch the phone to EDL.
After lurking here for months, this is my first post, therefore I request indulgence in case I have inadvertently erred
TooSour
AnY-One said:
Hi guys, i really hope you can help me, i m so deseperate...
After OTA Update my CATERPILLAR S30 bricked into bootloop, i can access to the stock recovery (wipe data/factory not fix it)
and bootloader show me ; "DC CHECK"
I read that it could be my bootloader (emmc) wich it's corrupted...
The chipset is a Qualcomm Snapdragon MSM8909, of course USB debugging is disabled and i can't find any stock rom, backup for this phone....
Please HELP ME...i work hight in the mountain and if i cant communicate it will become....quite dangerous for me...
If someone has a backup (EU AREA), a stock rom or any solution for me ill be gratefull
Bye
Click to expand...
Click to collapse
You will need:
Hi
I have a similar issue with a different phone (Reliance LYF LS 5014 - a.k.a. Haier HL-L51) Service centres will claim that the motherboard needs to be changed (and charge you an arm and a leg ;p) Even if you get the firmware image it wont help. Thats becuase if you are bricked and in the QLoader 9008 , you first have to get the phone in EDL (emergency download mode) only then can you use MI Flash et al to flash your ROM.
The route I am taking is as follows: got hold of a similar phone and dumped all the partitions using the dd command. Then getting hold of all partition information using gdisk/parted/df et al This is so that I can create a partition.xml. From this I could run a Python script ( PartitionTool.py) to get rawprogram0.xml, patch0.xml. Using emmcldl and partiton.xml I can create the 8909_msimage.mbn . Hopefully, armed with these and QPST /Miflash I should be able to revive my phone. I have read that one needs the mprg8909.hex to kick the phone into EDL but am not convinced that without it I will remain stuck. That file seems to be guarded like a state secret by phone manufacturers.
ALl this I have learnt the hard way over almost a fortnight. I confess that I do fall into the "noob" category and cant program/develop to save my life. Therefore it should be easy for anyone with the right amount of enthu
Cheers
Zi0nlive said:
Is there someone reading me who has the same phone?
Is there someone able to upload me .img (system, boot ...) that i can flash with QPST Tools? Stock Firmware? Nandroid Backup?
Is there someone who can guide me to repair that phone stuck in bootscreen? I think the problem come from my stupidity fogetting to unroot (Kingoroot apk replaced by SuperSU) before OTA update.
Click to expand...
Click to collapse
on continuing my quest for a solution
Havent given up yet.
Discovered two really useful utilities: emmcdl and fh_loader both work from the DOS command prompt and are useful to download images and partitions to the phone.
Managed to create a rawpartition0.xml which I think is for my phone ( LYF Wind 4 a.k.a Haier HL L51 and LS5014) For this I used a similar phone and after rooting it managed to extract start sector and size in kilobytes info for each of the partitions.
Also used EFS Professional to get a backup of emcc firmware.
Have successfully downloaded all the partitions but am failing at the bootloader (emmc firmware) part. Continuing my quest for a solution and will share whatever I figure.
Cheers
Vonageext4ts said:
Havent given up yet.
Discovered two really useful utilities: emmcdl and fh_loader both work from the DOS command prompt and are useful to download images and partitions to the phone.
Managed to create a rawpartition0.xml which I think is for my phone ( LYF Wind 4 a.k.a Haier HL L51 and LS5014) For this I used a similar phone and after rooting it managed to extract start sector and size in kilobytes info for each of the partitions.
Also used EFS Professional to get a backup of emcc firmware.
Have successfully downloaded all the partitions but am failing at the bootloader (emmc firmware) part. Continuing my quest for a solution and will share whatever I figure.
Cheers
Click to expand...
Click to collapse
1. Why can't you go to the Rjio service center and get it flashed? Just tell them it got screwed after an update.
2. How did you manage to root the phone? Mine is Flame1 which has same MSM8909 chipset.
I am very not happy with the stock ROM but I don't think anyone has come up with a custom ROM for this cheap chipset.
I have bricked my CAT S30 too. Is there someone who have a solution? Or can somehow make a ROM copy so I can somehow flash it to the phone? I made a lot of searching and can not figure out how to make the phone work again.
hello I need firmware for S30 because I lightened too much after the root and I deleted something I should not, is now locked in the home screen CAT, but I can get into fastboot and bootloader.
thank you guys
file for CAT S30
Hello
I purchased another CAT S30 which has just lit downloaded a system update and I extracted from the cache, now the load so you can work on it.
if you need other things tell me how can I copy them from working phone.
my I crashed after I canceled the DownloadProviderUi.apk files and perhaps I put not compatible. now I can only access the fastboot or DC CHECK mode.
I tried to flash the .zip program but by mistake, I tried to flash the update and installs it by error although it says it has been installed, and still does not start, remains in the white screen CAT
https://www.dropbox.com/s/trqfxvnp90qt8vn/__FUMO.zip?dl=0
Vonageext4ts said:
Havent given up yet.
Discovered two really useful utilities: emmcdl and fh_loader both work from the DOS command prompt and are useful to download images and partitions to the phone.
Managed to create a rawpartition0.xml which I think is for my phone ( LYF Wind 4 a.k.a Haier HL L51 and LS5014) For this I used a similar phone and after rooting it managed to extract start sector and size in kilobytes info for each of the partitions.
Also used EFS Professional to get a backup of emcc firmware.
Have successfully downloaded all the partitions but am failing at the bootloader (emmc firmware) part. Continuing my quest for a solution and will share whatever I figure.
Cheers
Click to expand...
Click to collapse
Hi.. i have a CAT S30 stuck in logo, how i can use your file? thanks
Hi got this same phone only two weeks ago, and broke it trying to root it, got stuck on Bootscreen, however I found an unofficial rom for the device, loaded into an SD card and applied via recovery and boom, its a working phone again.
If you still need help, let me know so I send you a link to the ROM.
These tablets were sold with certain Vizio TVs in mid-2016 into 2017, primarily used for Smartcast to the TV.
They are now obsolete since Vizio released firmware for their TVs turning them into normal Smart TVs, requiring the owners of these TVs to get new remotes and the tablets stopped being useful for this function.
Here in 2019, one can buy these tablets, at the low price end, in working condition, for $25 (for the M series) to $40 (for the P series) shipped.
The specs are as follows:
XR6M10:
Snapdragon 410 1.2GHz quadcore APQ8016
2GB RAM
8GB Storage
1280x720 IPS display
802.11n, Bluetooth 4.0
2740mAh battery
MicroUSB for charging, Qi Charging built-in for bundled charge pad or any compatible charging solution
XR6P10:
Snapdragon 615 1.45GHz octocore APQ8039
2GB RAM
16GB Storage
1920x1080 IPS display
802.11n, Bluetooth 4.0
2740mAh battery
MicroUSB for charging, Qi Charging built-in for bundled charge pad or any compatible charging solution
Both tablets feature side-firing stereo speakers, a headphone jack, and NO cameras. The size of the tablet is comparable to the size of a Galaxy Note 9, give or take.
Both tablets came with Android 5.1.1, and OTA updates upgraded them to 6.0.1. There are ZERO available stock ROM files available for the tablets. I've tried sniffing the updater and they seem to go to a dead website.
The stock ROM is fairly clean, and only has the Vizio Smartcast app which needs disabling upon setting up. Aside from this, there is no other bloatware on the tablet to speak of after running a fine-tooth comb through the system apps. You get a clean and snappy tablet.
The problem:
There's no stock ROM file available, neither for Android 5.1.1 or for 6.0.1. Vizio does not have any sort of download for either on their site, nor did in the past. The updater checked a third-party website affiliated with Vizio to manage the tablet's updates, as it does with their TVs. Since the website is inert, it can be safely said that Vizio is no longer interested in their existence at all, especially since the warranty on every single one of these tablets is now up.
The tablet seems it can have the bootloader unlocked, the developer options has the toggle for that, but there's no way to get into fastboot. Holding VOL UP+DOWN+POWER at boot or sending the "adb reboot bootloader" command sends it into a "Qualcomm HS-USB QDLoader 9008" mode under USB. This, from what I understand, is behavior persistent with the locked bootloader, but I have no idea of how to get it out of this and just into fastboot. Stock recovery does not have a fastboot option either.
The desires list:
Have someone that knows the intricacies of the MSM8916 platform and the APQ8016/APQ8039 get their hands on these tablets
Get a ROM dump of both tablets in stock form so people with bricked tablets can flash them with it
Get Root (Patch level on the 6.0.1 stock ROM is from October 2016, shouldn't be hard)
Get the bootloader unlocked, somehow, and if not, figure a way to get something like Safestrap running on it if the out-of-the-box kernel allows for it
Custom ROMs? LineageOS would be sweet, especially with some of the tablet-specific fixes that have dropped in the past couple months overall.
so I ask: is there any interest in the freeing of these super cheap tablets? The price to spec ratio is not bad (once again, I got my 6M10 for $25 shipped, and the seller has like 7 more as of the time of this writing), and it doesn't seem like it would be all too hard to unlock the bootloader and get it rooted (at least, from my perspective, that of a novice in this specific hardware field). There are plenty of these in the wild in the hands of people that bought the TVs and plenty in the hands that bought them from ebay when the tablets became obsolete.
This link contains screenshots of CPU-Z and the About Tablet settings section from the tablet, uploaded to imgur. If anyone needs more information on this tablet that needs an app or adb command, I can make this happen.
Board Pic of the XR6M10, XR6P10 should be the same inside:
(click for larger image)
Update: I have temp root.
I have temp root!-the latest kingroot (NOT Kingoroot) APK seemed to have done the trick. I was able to fire up adaway and get the hosts file set up with adblocks to keep the thing safer.
The root is still temporary so it goes away after a reboot. The rooting process involves it doing the root process once, then rebooting, then failing, then you reboot once more, and then retry rooting from the app. From here, 80% of the time, it works and you're able to get temporary root for that boot session.
Once you're done with anything you need root for, you should reboot and then uninstall Kingroot, which you then need to deactivate the device administrator priveleges for, before it will allow you to cleanly uninstall it.
I also made a huge discovery that may turn out better for anyone that can help getting this thing properly rooted and the bootloader unlocked... it seems the file manager included in the stock ROM is v3.0.0 from Cyanogenmod 12.1.
This makes me think that the ROM creator either used that since it was opensource and readily available than come up with their own solution, or that this ROM has some cyanogenmod roots.
I also found this post from another Q&A thread in this section:
TheDrive said:
This device have made by Chinese/Indian company Borqs. The code name Bennu-M. Platform is Qualcomm APQ8016 (MSM8916 w/o modem). There should work standard method to bring EDL mode. Hold Vol+ and Vol- at power on (press power). Then connect to the PC. Thus device will stay look dead, however should be detected as Qualcomm QDLoader 9008 on the PC side. This is the factory described method.
You can flash factory firmware from this mode using external bootloader (programmer) for MSM8916 firehose protocol. This procedure is described in the thousands of manuals around the net. Qualcomm tools like QPST or QFIL can be used as good as many 3rd party utils to flash and manage any another available way. Many professional 'box' tools should support this device too but only as 'generic' msm8916 (if applicable).
However I can't find the firmware package for this device anywhere. You should ask and require the manufacturer/distributor to publish firmware, the source code and all the corresponding matherials to be able to flash and rebuild firmware from sources in any manner you want without any limitations as required by GNU/GPL free open source software licenses this firmware is obligated to.
Everyone who have the device working or software dead, can try to dump the current firmware and data, stored on the internal eMMC memory module in part(s) or in whole image using free QTools project utilities and suitable external bootloader with ability to dump eMMC, not only to flash as many factory supplied programmers do. There are programmer(s) for MSM8916 available in the project repo. Read and understand manuals carefully before trying anything!
There is definitely another ways to root, dump, flash, manage the device in any manner YOU WANT, not only the way you are "allowed" to use your own device by manufacturer/distributor. FTA!
You can root the device then dump all the multiple partition images manually (dd if=/dev/block/mmbblk0...... of=/sdcard/......) or using built custom recovery like CWM/TWRP for your device. Please note, kernel sources are important but not mandatory to build e.g. CWM. You can build one using CWM image from the similar device and the kernel (boot/recovery) image binaries from your device. There are good manuals and image repacking utils available around like e.g. AndImgTool.
There are the way to produce factory image from the eMMC/partitions dump(s). Use utils like R-Studio to dump particular partition images from the eMMC dump (it's like whole HDD or UFD image with all the sectors raw, one by one, w/o any modifications/compression/etc) Manuals / utils are avavailable to make e.g. sparse and xml scripts set which is flashable by the programmer in the EDL mode (i.e. from any damaged state, because EDL is built in to the PBL and masked to the internal CPU ROM, thus can not be damaged in any manner, except firing the CPU up).
You can also flash partition images from the more common Fastboot mode, unless eMMC GPT and bootloaders (SBL/RPM/TZ/ABoot) stay intact (logo showed). You can't dump from fastboot, which is common due to the (foolish) 'safety' requirements. It's security by obscurity and is definitely not for your favor, but for the corps control over you and force to send valuable private data to foreign clouds.
Please share eMMC full and/or partitions dumps using reliable 'neverending' file cloud/hosting since there is no factory firmware available yet (ever). I do not own this device and never seen being overseas, so I can't share.
Click to expand...
Click to collapse
This gives a little bit more information but seems to be more waffle than helpful. Still need someone, or some individuals, that can get one of these devices into their hands and work on a way to get the bootloader unlocked, the eMMC dumped, and ROMs going.
Update file?
I THINK I have the update file for 6.0.1. I did a packet sniff on a 5.1.1 tablet using a mitm packet sniffer and I ran the system updater, and was able to get this URL:
http://updatev.vo.llnwd.net/v1/idownload/64821.bin
The filesize is 570MB or so, and it looks like it might be the real deal. since it's a .bin file and 7zip can't read it, I won't be able to see what it really is without going over to the box that has a copy of universal extractor installed.
I'll be doing this momentarily and editing this post once I figure out what the contents are or if it's even readable to that extent. Knowing vizio, it could very well be encrypted and need decrypting by the updater application.
Update: it seems to be encrypted. oh joy.
Update 2: I got together with a friend on discord and we successfully decompiled the updater app to a point.
This MEGA link contains all the files thus far and a copy of the tablet's /system/framework folder for decompiling purposes.
However, it doesn't seem we're getting anywhere. the file is still encrypted and I still can't figure out what's needed to decrypt it. Hopefully someone with more knowledge on this can lend a hand.
Sudosftw said:
I THINK I have the update file for 6.0.1. I did a packet sniff on a 5.1.1 tablet using a mitm packet sniffer and I ran the system updater, and was able to get this URL:
http://updatev.vo.llnwd.net/v1/idownload/64821.bin
The filesize is 570MB or so, and it looks like it might be the real deal. since it's a .bin file and 7zip can't read it, I won't be able to see what it really is without going over to the box that has a copy of universal extractor installed.
I'll be doing this momentarily and editing this post once I figure out what the contents are or if it's even readable to that extent. Knowing vizio, it could very well be encrypted and need decrypting by the updater application.
Update: it seems to be encrypted. oh joy.
Update 2: I got together with a friend on discord and we successfully decompiled the updater app to a point.
This MEGA link contains all the files thus far and a copy of the tablet's /system/framework folder for decompiling purposes.
However, it doesn't seem we're getting anywhere. the file is still encrypted and I still can't figure out what's needed to decrypt it. Hopefully someone with more knowledge on this can lend a hand.
Click to expand...
Click to collapse
Just out of curiosity, with the temp root, have you tried using dd to get the recovery image off? If we can do that, we might be able to work on getting a custom recovery built.
Qiangong2 said:
Just out of curiosity, with the temp root, have you tried using dd to get the recovery image off? If we can do that, we might be able to work on getting a custom recovery built.
Click to expand...
Click to collapse
It's not possible to get a proper recovery image from within the system files so far as I know, but my take so far has been that there is no proper way to get that at this time without decrypting that file grabbed from the update server. I'd do it on a 5.x ROM since that will get me permaroot, but the issue is getting and keeping root on a 6.x ROM.
Although encrypted (so far as I can tell) the image linked above is the real deal, and I've given all I can to get it decrypted. A proper exploit to take care of this tablet's vulnerabilities and get temp root (on 6.x) that isn't kingo is what is really needed at this point so to not hinder going around the system with crudware and shady background apps, shouldn't be hard since the security patch level for the 6.x ROM is 2016-10-01.
Even if the ROM is extracted or a recovery image found, custom recovery won't be possible until the bootloader is unlocked, and this isn't doable until someone figures out how the qualcomm qdloader9008 stuff works with this specific tablet. Fastboot is unreachable and I'm almost sure I'm doing something wrong.
I'll get temp root and see about dd'ing stuff later on. What exactly would be needed for me to dd off? Whole disk and then go through it elsewhere? I could definitely see if rsync exists and dd over rsync to another box.
Sudosftw said:
It's not possible to get a proper recovery image from within the system files so far as I know, but my take so far has been that there is no proper way to get that at this time without decrypting that file grabbed from the update server. I'd do it on a 5.x ROM since that will get me permaroot, but the issue is getting and keeping root on a 6.x ROM.
Although encrypted (so far as I can tell) the image linked above is the real deal, and I've given all I can to get it decrypted. A proper exploit to take care of this tablet's vulnerabilities and get temp root (on 6.x) that isn't kingo is what is really needed at this point so to not hinder going around the system with crudware and shady background apps, shouldn't be hard since the security patch level for the 6.x ROM is 2016-10-01.
Even if the ROM is extracted or a recovery image found, custom recovery won't be possible until the bootloader is unlocked, and this isn't doable until someone figures out how the qualcomm qdloader9008 stuff works with this specific tablet. Fastboot is unreachable and I'm almost sure I'm doing something wrong.
I'll get temp root and see about dd'ing stuff later on. What exactly would be needed for me to dd off? Whole disk and then go through it elsewhere? I could definitely see if rsync exists and dd over rsync to another box.
Click to expand...
Click to collapse
I found this today: https://forum.xda-developers.com/axon-7/development/edl-emergency-dl-mode-twrp-unlock-t3553514
The miflash tool seems promising (it works with nearly any device)
For the dd stuff, you can usually figure out the partitions easily with the fstab file in /. However, getting a raw dump is always useful.
Really, the big 3 would be the recovery.img, the boot.img, and the system.img. We can work from there
Qiangong2 said:
I found this today: https://forum.xda-developers.com/axon-7/development/edl-emergency-dl-mode-twrp-unlock-t3553514
The miflash tool seems promising (it works with nearly any device)
For the dd stuff, you can usually figure out the partitions easily with the fstab file in /. However, getting a raw dump is always useful.
Really, the big 3 would be the recovery.img, the boot.img, and the system.img. We can work from there
Click to expand...
Click to collapse
I've had that installed whilst trying to figure the image out and the qdloader stuff, it doesn't do anything for this tablet sadly :/
Sudosftw said:
I've had that installed whilst trying to figure the image out and the qdloader stuff, it doesn't do anything for this tablet sadly :/
Click to expand...
Click to collapse
Hmmm. Which tablet do you have? The M or the P?
Qiangong2 said:
Hmmm. Which tablet do you have? The M or the P?
Click to expand...
Click to collapse
this is the M. the P was out of my price range ($40 shipped over $25 shipped) when I was looking at them, but now the Ms are going for around 25 bucks but 15 shipping from another seller, bringing the price up to 40 bucks where the P was. ended up buying the other Ms from the one seller and gave them out to family members because I was so impressed... but I really should have set some money aside for one of the Ps as well and didn't.
Sudosftw said:
this is the M. the P was out of my price range ($40 shipped over $25 shipped) when I was looking at them, but now the Ms are going for around 25 bucks but 15 shipping from another seller, bringing the price up to 40 bucks where the P was. ended up buying the other Ms from the one seller and gave them out to family members because I was so impressed... but I really should have set some money aside for one of the Ps as well and didn't.
Click to expand...
Click to collapse
Okay. You said miflash doesn't do anything, does the device show up in the application and not function? Or does it not show up at all?
Qiangong2 said:
Okay. You said miflash doesn't do anything, does the device show up in the application and not function? Or does it not show up at all?
Click to expand...
Click to collapse
just doesn't show up at all. and yet installing the qualcomm qdloader drivers says it's connected in device manager, so something's up. tried on two different boxes, different cables, no dice.
Sudosftw said:
just doesn't show up at all. and yet installing the qualcomm qdloader drivers says it's connected in device manager, so something's up. tried on two different boxes, different cables, no dice.
Click to expand...
Click to collapse
Hmmm. That's unusual. Are you running it in win 7 compatibility mode?
It would be nice to see community roms for these devices. I have the XR6P. If you need any info from this device, just tell me what to do.
I'm very interested in this as I have one of these tablets that I would like to use in my vehicle as a display for my piggyback ECU tuner. It doesn't currently support USB OTG, but I read that if I can gain root access I can add the file to give it USB Host functionality. Can anyone confirm this? I have tried several apps to get it rooted including Kingroot as you were able to get a temp root with that. Unfortunately Kingroot, as all the others I have tried, won't even install on the tablet. Again, I'm only looking to get this thing to be OTG capable. If anyone here has any suggestions, I would be very grateful! Thanks all!
I just bought an M remote to replace my broken P remote. My P remote had Android 6. My M remote has Android 5, and the OTA updater says there's no update. Any way to get Android 6 on this?
I have factory firmware for Bennu P and Bennu M , but take some time to upload the file.
ALANCHONG said:
I have factory firmware for Bennu P and Bennu M , but take some time to upload the file.
Click to expand...
Click to collapse
Hey. You can lay out the firmware for XR6M10
XR6M10 and XR6P10 firmware
konog said:
Hey. You can lay out the firmware for XR6M10
Click to expand...
Click to collapse
Mega Link: mega.nz/#F!n65kVYIT!PKH8A1WoD_Nc4DU_-9dbiQ
ALANCHONG said:
Mega Link: mega.nz/#F!n65kVYIT!PKH8A1WoD_Nc4DU_-9dbiQ
Click to expand...
Click to collapse
All the time, an error pops up at 12 seconds
Flash fail (-4002)
Log:
21:59:03.576 Arrival: \\?\USB#VID_05C6&PID_9008#5&13a74b18&0&11#{86e0d1e0-8089-11d0-9ce4-08003e301f73}
21:59:03.591 Thread '_PortDownloadThread' started
21:59:04.610 Get Port ...
21:59:04.610 _GetDevicePortName (0): COM5
21:59:04.630 _ComPort: COM5
21:59:04.640 Get Port (0)
21:59:04.650 Flash ...
21:59:09.668 _Connect (0)
21:59:09.668 Downloading flash programmer: C:\_qcMUP\v8016-SIGNED-VIZIO-user-IMAGES\v8016-SIGNED-VIZIO-user-IMAGES\prog_emmc_firehose_8916.mbn
21:59:14.669 Failed to read the command from the opened port
21:59:14.669 _FlashProgrammer (-4002)
21:59:15.700 Flash (-4002)
21:59:15.700 Flash fail (-4002)
21:59:15.731 Download ended: -4002
21:59:15.763 Thread '_PortDownloadThread' ended
konog said:
All the time, an error pops up at 12 seconds
Flash fail (-4002)
Log:
21:59:03.576 Arrival: \\?\USB#VID_05C6&PID_9008#5&13a74b18&0&11#{86e0d1e0-8089-11d0-9ce4-08003e301f73}
21:59:03.591 Thread '_PortDownloadThread' started
21:59:04.610 Get Port ...
21:59:04.610 _GetDevicePortName (0): COM5
21:59:04.630 _ComPort: COM5
21:59:04.640 Get Port (0)
21:59:04.650 Flash ...
21:59:09.668 _Connect (0)
21:59:09.668 Downloading flash programmer: C:\_qcMUP\v8016-SIGNED-VIZIO-user-IMAGES\v8016-SIGNED-VIZIO-user-IMAGES\prog_emmc_firehose_8916.mbn
21:59:14.669 Failed to read the command from the opened port
21:59:14.669 _FlashProgrammer (-4002)
21:59:15.700 Flash (-4002)
21:59:15.700 Flash fail (-4002)
21:59:15.731 Download ended: -4002
21:59:15.763 Thread '_PortDownloadThread' ended
Click to expand...
Click to collapse
Please check if the driver is installed
Hi
I just got a third LMX210 today to add to my collection. Lol really im just trying to solve a problem. I bought a ulma to replace cm and i came across a ulm model and decided to just replace my cm today. The problem is that all three of these phone which normally have easily unlockable bootloaders will not boot into fastboot. The fortune 2 will not even boot into recovery. They all will boot into a blank screen with the android robot and will boot into download mode.
The natural solution would be to install an older or even plain stock firmware. But say you dont have a windows 10 or Mac computer. I havent found a way to flash lg firmware using a linux distribution yet.
On the other phones i tried removing the laff partition to force the phone into fastboot by plugging into pc while holding the volume up button. This did nothing but repeat the logo until the button released.
Yes usb debugging was enabled and adb was used to try these procedures. The drones at lg know nothing and ask to send the phones in for repair.
Short of re-installing the stock firmware there has to be way to get past this. And to tell you the truth i dont have a way to flash the stock firmware so i dont even know if that will work.
Ok guys got any ideas?
Update.
Ok spent 4 hours on a windows pc today trying to flash firmware and install qcom drivers thinking the download errors were due to the drivers. Then at the last moments went to Tecknights page and downloaded and installed the lgup dual mode program.
So the bastitches of higher android office decided to screw everyone out of bootloader unlocking. The ARB numbers have recently (like in the past 3 months) been changed to 003. Meaning you cannot flash firmware with an ARB number lower than 003.
But that doesnt stop us completely. Two ideas initially popped into my head. Hex edit the .kdz so that the ARB number matches the phone. Or lol split the .kdz into its seperate partition images then wipe the partitions and use qdl or lgup to repair the now bricked phone. No device data no ARB no problem.
Im hoping the former works over the latter but ill keep you informed.
But really guys thats extreme and i cant see too many folks going through the wipe process to enable fastboot. So we have to find an easier way.
Is there any way to know what partition the ARB protection resides in? If those parts could be wiped im thinking it might fool the flashtool into thinking that there isnt any protection.
one of your devices is MTK isn't it? can't you use SP Flash Tool like for other Mediatek devices? you should be able to flash images to emmc_user with locked bootloader, for example boot, recovery, system, ... all you need is a correct scatter file (which you could create with WwR MTK)
So your saying finish porting my recovery and use sp flash tools to install it. See i have been curious about that procedure and how not having an unlocked bootloader would effect flAshing from recovery. I was thinking brick. But its worth a try if it wont brick and i get full Root with magisk. Ty
Btw when i was porting my recovery i ran into a rather large well too large problem. When i went repack using abdroid image studio which i have used in the past with out problem, it would not shrink the image back down even though i was only trading a few files. How do i fix that
start with readback boot / recovery. then try to unpack, so you will know the scatter is right (at least, for this partitions) or compare files with your already existing backup files
no problems here with unpacking/ repacking with AIK
IDEA:::: ok so for the Qcom boards i have a solution possibly. I know that the older software versions have working fastboot and recovery going and can be boot loader unlocked. That tells me that a fota uodate is screwing things up.
PROBLEM:::: ARB my fortune 2 will not let me install at all anything before ARB3.
ARB_location:::: bootloader
Solution:::: download and extract the stock .kdz for device with working features. Wipe parts bootloader and laf using qpst and reinstall. Solves two problems in one go. Allows fastboot and and bootloader unlock and future re-install of stock firmware
may work but remember your bootloader is locked and you need to by-pass this via testpoint (or at least previously enabled oem unlocking and don't lost these setting) otherwise sahara will fail
well it was an idea. I just did some fact checking and also looked at the files dumped from the .dz dump of the fortune 2 stock rom. PBL or primary bootloader cannot be removed or flashed according to a thread it is a pernanent installation.
But upon more reading i can flash my recovery and boot.img using qfil in qpst along witn every thing else. But i need to know wether qfil reads ARB info and if so where i can find it in the firmware so i dont flash that img but instead pull it from phone as is.
i would really like to know what the twitterpating deal is with these LMX210 phones. ok when i firsr got my fortune 2 i bought it for two reasons the rootability of the device and the fact that tje msm8937 board came pre-installed with otg software by default which in my eyes meant no more freaking computer to use adb.
Well it is all there the drivers the software. but guess what. it doesnt work. i have no idea whats stopping it all from working but even lsusb doesnt bring a twitch or hint of reading any thing over the usb.
does any one know how to fix this
Yo. There is definitely ways to flash on linux using virtual machines, wine etc to run windows apps but you got ahold of a windows box to use. IF it is in EDL mode (Qualcomm mode with a driver saying 9008 in it..) then there is still faith you can revive it. You will need the firmware dumped from someone then youll need to run a program creating XML files for the phones firmware parition files. Youll next need a firehose which is what they call the programmers for EDL that send through the commands and firmware in a low low level that these programs like LGUP just do not do yet (don't know why..... Im waiting for someone to program the LGUP dev version with an EDL mode using emmcdl along with a way to create XML files too. Who knows maybe it will happen if we bring it up enough. The hardest problem youll have is getting a proper emmc programmer for the phone. I can source a lot so if teknight doesnt have something to help with EDL just get ahold of me and ill see what I have and send you some stuff.
Man i have been trying to unbrick the LMX-210 CV1 devices since last year. Tek has nothing but supports the work in hope of finding a solution. I have a ton of fire hoses and saharas all of which have cost me nothing but frustration. I have almost every qpst made and have tried them all with my firehose and saharas. Thr only thing i havent done is pull the mbns off my phones and try them. Trust me system dumps are crap.
The only sign of life i came by was flashing an sd card with the gpt and then flashing each partition manually using ubuntu. In return i got the battery logo but thats it.
Would love to figure it out though
By the way I have been compiling kernels. I call it the jokerfish kernel. Its packed full of drivers and debugging features plus gpu idlers boosters and all those crazy fishy thIngs. Its got governors and wire guard. Otg support. Io schedulars and overclocks. Cpu hotplugging and fast charge.
Now i cant figure out how to get fast charge to work but its set up for msm-otg phy-msm-otg qpnp-smbcharger and smb135x.
All that and not a single panic to reboot in over a week and 1/2 which is how long its been compiled. I used tweaks from the dragonheart kernel source and ported them over and did a lil c++ magic.
It has kcal too but n0 app supports it. All kinds of media and sound codecs as well. You think it would be slow but my compiling and coding skills are as mad as me. Hahahaha.'
But dont Take my word for as the gentle over there on your couch. See that smile? Hes as happy as fish in a pond.
Just remember Duhjoker is in no way responsible for bricked devices so try it at the risk to yourself.
This particular fishy thingy works for msm8917 cv1 devices like aristo 2 and k8+ which have been tested by the madman himself.
If you like you could thank me but the permanent smiles on your faces will be just as loved.
lol so fast_charge is working on the kernel but you have to add a custom tunable to a kernel app to get it going. Just add the path
/sys/class/power_supply/usb/uevent
Then you will get a choice of values to manipulate
Hi!
I have a mediatek MT6765 device which has got its emmc corrupted probably because of my pc shutting down while I was trying to flash stock image. Now, I cannot flash images using MTKClient.
When I am using Mtkclient, I am getting this error while flashing (python mtk w boot boot.img --preloader <preloader_dumped_from_device>):
Code:
Traceback (most recent call last):
File "/home/me/.miui/mtkclient/mtk", line 814, in <module>
mtk = Main(args).run(parser)
File "/home/me/.miui/mtkclient/mtkclient/Library/mtk_main.py", line 617, in run
da_handler.handle_da_cmds(mtk, cmd, self.args)
File "/home/me/.miui/mtkclient/mtkclient/Library/mtk_da_cmd.py", line 683, in handle_da_cmds
self.da_erase(partitions=partitions, parttype=parttype)
File "/home/me/.miui/mtkclient/mtkclient/Library/mtk_da_cmd.py", line 414, in da_erase
res = self.mtk.daloader.detect_partition(partition, parttype)
File "/home/me/.miui/mtkclient/mtkclient/Library/mtk_daloader.py", line 169, in detect_partition
data, guid_gpt = self.da.partition.get_gpt(self.mtk.config.gpt_settings, parttype)
File "/home/me/.miui/mtkclient/mtkclient/Library/partition.py", line 60, in get_gpt
data = self.readflash(addr=0, length=sectors * self.config.pagesize, filename="",
File "/home/me/.miui/mtkclient/mtkclient/Library/mtk_daxflash.py", line 888, in readflash
if self.cmd_read_data(addr=addr, size=length, storage=storage, parttype=parttype):
File "/home/me/.miui/mtkclient/mtkclient/Library/mtk_daxflash.py", line 868, in cmd_read_data
param = pack("<IIQQ", storage, parttype, addr, size)
struct.error: argument out of range
(Getting the same error while getting the gpt table with python mtk printgpt --preloader <preloader_dumped_from_device>)
Using SPFlash tool, I am getting stuck at Download DA 100% then recieving BROM ERROR: STATUS_EXT_RAM_EXCEPTION (0xC0050005)
Is there a way to fix this error and bring, my device back to life?
Pls help this little noob
noob_developerdfd said:
Pls help this little noob
Click to expand...
Click to collapse
noob_developerdfd said:
Pls help this little noob
Click to expand...
Click to collapse
u need dongle like ufi or easy jtag plus for fixing ur device emmc
it probably have bad health issue
samsujjamanrifat said:
u need dongle like ufi or easy jtag plus for fixing ur device emmc
it probably have bad health issue
Click to expand...
Click to collapse
I did come across them but they are too expensive in India and I am not sure if I am gonna use them again. is it possible to rent for some time and then return back, like second handed, you know?
noob_developerdfd said:
I did come across them but they are too expensive in India and I am not sure if I am gonna use them again. is it possible to rent for some time and then return back, like second handed, you know?
Click to expand...
Click to collapse
no its not possible to rent
go to nearest technician and u must
samsujjamanrifat said:
no its not possible to rent
go to nearest technician and u must
Click to expand...
Click to collapse
Oh, okay welp ig thats the only option left
But still, lemme know if there is any other way to fix it at home, by that time imma gonna find any nearby technician
mediatek devices have two modes.
1) preloader mode is used for SP Flash tool. as long as preloader is detected, you can unbrick any time. it might require special DA.bin and auth_sv5.auth files in case you formatted emmc and lost permissions to flash (like STATUS_SEC_DL_FORBIDDEN or something).
it is also possible to flash without permission.
It's now easy to bypass MediaTek's SP Flash Tool authentication
A group of developers has created a Python utility to bypass the authentication routine of MediaTek SP Flash Tool. Check it out now!
www.xda-developers.com
2) in case preloader is corrupt, still there is bootrom mode. this requires to open back cover and find KCOL0 test point.
https://forum.hovatek.com/thread-11802.html
if you can't find test point maybe other methods work.
[INFO] How to Boot Mobile Phone to EDL and VCOM Mode
How to Boot Mobile Phone to EDL and VCOM Mode MTK and SPD CPU: Manual boot: (Vol-) or (Vol+) or (Vol-)+(Vol+)+(Power) Boot by Cable: Boot by Testpoint: KCOL0 + GND / CLK+GND ===================================================== Qualcomm...
forum.xda-developers.com
However, SP Flash Tool or mtkclient always come with highest risk to brick, it's your responsibility not to blindly trial or follow random people advice without knowing what you're actually doing. read golden rules
- do not flash preloader
- do not format whole eMMC
- do not use foreign scatter file
guess you did some or all wrong. it's always good idea to do a research what the error code actually means.
List of SP Flash Tool errors, their meanings and their and Resolution – Flash Stock Rom
flashstockrom.com
2) in case preloader is corrupt, still there is bootrom mode. this requires to open back cover and find KCOL0 test point.
https://forum.hovatek.com/thread-11802.html
Click to expand...
Click to collapse
I didnt know about the bootrom mode, I would have a look at that
However, SP Flash Tool or mtkclient always come with highest risk to brick, it's your responsibility not to blindly trial or follow random people advice without knowing what you're actually doing. read golden rules
- do not flash preloader
- do not format whole eMMC
- do not use foreign scatter file
Click to expand...
Click to collapse
Thanks for mentioning those rules, I will make sure to follow them in the future
guess you did some or all wrong. it's always good idea to do a research what the error code actually means.
Click to expand...
Click to collapse
The link that you provided, I already went through it and tried all possible solutions, but none of them worked T-T
noob_developerdfd said:
The link that you provided, I already went through it and tried all possible solutions, but none of them worked T-T
Click to expand...
Click to collapse
according to your error code just found this:
"Error 0xC0050005
Status of error: ERROR STATUS_EXT_RAM_EXCEPTION (0xC0050005)
Meaning: The firmware you're trying to flash is either not compatible with your device or you have selected the wrong flashing settings.
resolution:
Ensure that the file(s) you're trying to flash are actually for your exact phone model
Ensure you tick the boxes for only the files present in the ROM you're about to flash"
aIecxs said:
according to your error code just found this:
"Error 0xC0050005
Status of error: ERROR STATUS_EXT_RAM_EXCEPTION (0xC0050005)
Meaning: The firmware you're trying to flash is either not compatible with your device or you have selected the wrong flashing settings.
resolution:
Ensure that the file(s) you're trying to flash are actually for your exact phone model
Ensure you tick the boxes for only the files present in the ROM you're about to flash"
Click to expand...
Click to collapse
Yeah, I downloaded fastboot ROM from my device from https://xiaomifirmwareupdater.com/ and I selected the scatter file provided with the ROM, so imma pretty sure files are present in the ROM
there are different models 32/64/128GB
aIecxs said:
there are different models 32/64/128GB
Click to expand...
Click to collapse
Yeah, I got the one for my Redmi 9 Activ India (cattail)
there are different models 64/128GB for Redmi 9 Activ (cattail)
Wait wut, really?
Can you send me the link so that I can download the correct one? (I have been using this one: https://xiaomifirmwareupdater.com/miui/cattail/stable/V12.0.18.0.QCTINXM/)
I have the 64 gb one
the firmware is identical but guess there exist two different scatter inside?
see memory section of specifications
https://www.gsmarena.com/compare.php3?idPhone1=10398&idPhone2=11127
aIecxs said:
the firmware is identical but guess there exist two different scatter inside?
see memory section of specifications
https://www.gsmarena.com/compare.php3?idPhone1=10398&idPhone2=11127
Click to expand...
Click to collapse
One is with 4 GB ram and other 6GB
That might be the case, but I used the same firmware the last time (which I linked) my device got bricked and I did fix it by flashing the firmware with SP Flash tool
can you upload scatter file please
Yeah sure
it shows size of userdata 0xc0000000 (48G) so it looks like the right one for 64G storage model.