I am trying to unlock an Android phone that has stopped taking the correct password after a auto-restart. I know the PIN, I have not changed it in a long while. The phone stopped accepting the PIN after the sudden auto-restart so I am just clueless what may work. Hard reset is not an option for this device without backing up the data so willing to try anything that may help.
Additional information:
1. The phone does not have USB debugging enabled.
2. It is recognized by ADB only in sideload mode.
3. When I try to get into Recovery mode pressing volume up and power button, it goes directly to the black screen that shows image of a phone and USB cable.
4. I have not been able to get to the stock recovery screen where different options like mounting can be chosen.
Any suggestion or guidance would be hugely appreciated. Thanks a ton for your time.
Thank you.
This is just brainstorming not a tutorial!
i don't know if it works like this, but you can try..
requirements
- stock ROM (in case you brick device)
- magisk manager (in case twrp does not work)
- AIK from osm0sis
- Qualcomm HS-USB QDLoader 9008 Driver
- fastboot_edl.7z
- twrp-3.3.1-0-mido.img (or ZCX TWRP from cofface)
- Appender-v4-rec.zip
- QSaharaServer.exe
- fh_loader.exe
- prog_emmc_firehose_8953_ddr.mbn
- splash.img from xaacnz
steps
- prepare twrp.img (you must patch twrp manually)
- prepare splash.img
- prepare hack_splash.xml (tricky/dangerous)
- prepare twrp.xml (tricky/dangerous)
- install qualcomm drivers
- boot in EDL mode from fastboot
- check com port
- initialize firehose connection with QSaharaServer.exe
- flash splash.img with fh_loader.exe
- flash twrp.img with fh_loader.exe
- reboot into recovery
- check if twrp is able to decrypt userdata
if decryption unsuccessful, you can't backup data. but you could still enable usb-debugging even with root permissions by patching default.prop
- patch boot.img with magisk manager (set advanced - keep force encryption)
- unpack boot.img with AIK
- enable usb-debugging in default.prop
- repack, rename to boot.emmc.win
- restore boot.emmc.win from twrp
- install Appender-v4.zip
- reboot
- adb root
- adb pull /dev/block/dm-0
you might find this confusing, it is! do not try anything above without knowing what you do! i don't own this device. nothing is tested. i can't write tutorial with exact steps, this is your task. You are the one who will figure out solution and write tutorial. we can just assist and answer questions (you can ask any question for each single step, one after one)
after all, there is no guarantee it works for your device. also please note @xaacnz is not available and won't help on this.
there might be easier methods i don't know, please do your own research how to temporary by-pass or unlock bootloader without permission from xiaomi, there are plenty much tutorials for QFIL / EDL mode for other devices, maybe one of this methods works
if you decide to continue, be aware this is last option only and there might no way back to recover your data..
please read
Exploiting Qualcomm EDL Programmers (1): Gaining Access & PBL Internals
Bypass bootloader lock of Redmi 5A(riva) without permission from xiaomi
the tricky/dangerous part is to find the right offsets and sizes for partitions. you might get some info from fastboot getvar all
Thank you for your reply! These steps are indeed a overwhelming for me but I can try one step at a time.
I was thinking of a basic solution like using Aroma File Manager to delete lock-information-storing files from the device.
However, when I reboot into recover mode it takes me directly to a screen that looks like this: https://i.ytimg.com/vi/AJICnDxnXEo/maxresdefault.jpg
I cant find a recovery page like this one which may allow me to install Aroma from SD card: https://i.ytimg.com/vi/0zntvnVEIYQ/hqdefault.jpg
I was wondering is flashing an OTA image from adb may solve this. The device is recognized by adb only in sideload mode.
If flashing a new OTA image can take me to recovery menu that allows installing Aroma from SD card perhaps that will work?
Sorry if these questions are too basic for you. I have no real technical knowledge on these stuff. Just trying to learn from scratch to save data on the device.
Thank you so much for your time.
aIecxs said:
This is just brainstorming not a tutorial!
i don't know if it works like this, but you can try..
requirements
- stock ROM (in case you brick device)
- magisk manager (in case twrp does not work)
- AIK from osm0sis
- Qualcomm HS-USB QDLoader 9008 Driver
- fastboot_edl.7z
- twrp-3.3.1-0-mido.img
- Appender-v4-rec.zip
- QSaharaServer.exe
- fh_loader.exe
- prog_emmc_firehose for your device
- splash.img from xaacnz
steps
- prepare twrp.img (you must patch twrp manually)
- prepare hack_splash.xml (tricky/dangerous)
- prepare twrp.xml (tricky/dangerous)
- install qualcomm drivers
- boot in EDL mode from fastboot
- check com port
- initialize firehose connection with QSaharaServer.exe
- flash splash.img with fh_loader.exe
- flash twrp.img with fh_loader.exe
- reboot into recovery
- check if twrp is able to decrypt userdata
if decryption unsuccessful, you can't backup data. but you could still enable usb-debugging even with root permissions by patching default.prop
- patch boot.img with magisk manager (set advanced - keep force encryption)
- unpack boot.img with AIK
- enable usb-debugging in default.prop
- repack, rename to boot.emmc.win
- restore boot.emmc.win from twrp
- install Appender-v4.zip
- reboot
- adb root
- adb pull /dev/block/dm-0
you might find this confusing, it is! do not try anything above without knowing what you do! i don't own this device. nothing is tested. i can't write tutorial with exact steps, this is your task. You are the one who will figure out solution and write tutorial. we can just assist and answer questions (you can ask any question for each single step, one after one)
after all, there is no guarantee it works for your device. also please note @xaacnz is not available and won't help on this.
there might be easier methods i don't know, please do your own research how to temporary by-pass or unlock bootloader without permission from xiaomi, there are plenty much turorials for QFIL / EDL mode for other devices, maybe one of this methods works
if you decide to continue, be aware this is last option only and there might no way back to recover your data..
please read
https://github.com/alephsecurity/firehorse
https://forum.xda-developers.com/xiaomi-redmi-5a/how-to/bypass-bootloader-lock-redmi-5ariva-t3772381
the tricky/dangerous part is to find the right offsets and sizes for partitions. you might get some info from fastboot getvar all
Click to expand...
Click to collapse
there is no usual recovery for xiaomi. even if, you can't install aromafm from stock recovery because only oem signed files accepted. you can try via sideload you will see it fails.
i don't think OTA will fix anything, but of course you can try. i will meanwhile prepare xml files for you, but give me time.. i am a newbie to this, too.. maybe on weekend i have time
i am not sure if this method does wipe data (i can not see the "erasing userdata" message on this fastboot screenshot)
@BushraXiaomi
Is your RN4 with Qcom SoC or MTK (mido or nikel)?
Did you enable device encryption (did you have to enter password before the lock screen would appear)?
@Alecxs Thanks a lot again! Let me try out the codes you provided screenshot of. I will give you an update on what I see.
And I tried editing out the original block quotation. The changes are not being saved after repeated attempts. Sorry about that.
@Alecxs Thanks a lot again! Let me try out the codes you provided screenshot of. I will give you an update on what I see.
And I tried editing out the original block quotation. The changes are not being saved after repeated attempts. Sorry about that.
Mine is on QCom. And I did have an old lock screen password. I didn't change it but the phone suddenly stopped taking the correct PIN after an auto-restart.
mirfatif said:
@BushraXiaomi
Is your RN4 with Qcom SoC or MTK (mido or nikel)?
Did you enable device encryption (did you have to enter password before the lock screen would appear)?
Click to expand...
Click to collapse
@Alecxs so based on the discussion here I am guessing unlocking bootloader will result in the data getting erased
link: https://forum.xda-developers.com/moto-x/moto-x-qa/unlocking-bootloader-wipe-data-t2739564
BushraXiaomi said:
Mine is on QCom. And I did have an old lock screen password. I didn't change it but the phone suddenly stopped taking the correct PIN after an auto-restart.
Click to expand...
Click to collapse
Encryption is different than lock screen. I'm asking this because if your device is encrypted and the password is changed/corrupted/not working, it's almost certain that your data is not recoverable, even if you manage somehow to flash TWRP and/or unlock bootloader without wiping data.
---------- Post added at 06:25 PM ---------- Previous post was at 06:17 PM ----------
BushraXiaomi said:
@Alecxs so based on the discussion here I am guessing unlocking bootloader will result in the data getting erased
link: https://forum.xda-developers.com/moto-x/moto-x-qa/unlocking-bootloader-wipe-data-t2739564
Click to expand...
Click to collapse
Data wipe on unlocking bootloader is the expected behavior and Google strongly recommends this behavior to OEMs. However bootloader is not a part of Android (AOSP), so not all OEMs fulfill all requirements. And therefore there are very rare chances that unlocking may not erase data.
Secondly, as mentioned earlier, many Qualcomm devices (including a long list from Xiaomi) have an exploit in Emergency Download mode. EDL is a bootloader mode which operates even below the usually called bootloader (ABOOT; the one which provides "fastboot" protocol). It can be hacked to get a dump of whole storage chip or flash a partition e.g. recovery (TWRP) without going through proper channel of bootloader unlocking. Note that a locked botloader won't boot a custom "boot" or "recovery" partition which is not signed by OEM's private key (like TWRP is). It's part of Chain of Trust on Android devices.
However (somehow achieved) access to "userdata" partition will be of no use if the partition is encrypted as I explained. TWRP won't be able to decrypt it without correct PIN/password (if it was set). However if it wasn't encrypted or "default_password" was used for encryption (and not the one you set), data recovery is very probable.
I hope it clarifies the basic scenario for you.
There are few things that must be known:
1. Which soc? qcom or mtk, if mtk go to service centre and don't waste time here.
2. Do you have permission to unlock bootloader? If you have permission to unlock then you can easily just unlock, note that unlocking itself doesn't wipe data, it is wiped after it. There are some tricks you can do so that data is not wiped after unlock and you must search them on your own.
3. Is your device encrypted? If it is then which encryption FBE or FDE? If it is encrypted then most likely data can't be recovered.
If you have qcom soc, don't have permission to unlock bootloader then you can do this...
From what you said it looks like recovery is corrupted, you could try flashing stock recovery from *edl but stock recoveries are useless but you can still backup your important data maybe, I am not sure because I have not been into recoveries for past 4 years.
The following method is not tested for your device but might work since the bootloader bug might be present in your device too. Improving alecxs answer you can do this:
1. Grab twrp for your device
2. Append 4k blocks using this command on any Linux based distro or termux (Android app) or BusyBox 1.31.
Code:
printf '\x30\x83\x19\x89\x64' | dd of=/path/to/twrp.img ibs=4096 oflag=append conv=sync,notrunc
3. Flash the recovery using edl
4. Directly boot into recovery and see if it boots.
5. If it boots then delete password file of Android and boot into OS.
6. Password should be removed now.
*edl: you must learn to use edl
@mirfatif @saurabh6377 thanks to both of you! I was reading up to understand the steps suggested by @Alecxs
let me try out the different options suggested by you and I will let you know how it goes.
@mirfatif no I did not use any extra encryption apart from setting the regular lock screen
@saurabh6377 1. qcom
2. I dont think I have the permission. Never needed to check it until now and never needed to ask for the permission so guessing I don't have it by default
3. I didn't have any extra layer of encryption apart from the lock screen
so your device is most likely encrypted with FDE and default_password as a lot of older xiaomi devices. lets hope the issue is just with screen lock - however there is not really a good explanation (why unlocking screen fails) other than broken encryption. in such case your data is not recoverable.
please note xiaomi removed the fastboot edl command since oreo 8.1 and there might be downgrade protections, so do not update to later version than 8.0
Please just try to boot your device in EDL mode and report back
Hi all, just wanted to update you that I don't have any result yet. Reading up on each of the steps so I can execute as suggested. I will get back to you when I have some results. Thanks again
follow the link behind fastboot_edl.7z and try to boot into EDL mode with modified fastboot.exe
@Alecxs Just to double check, I am directly following the steps mentioned here: https://forum.xda-developers.com/redmi-note-3/how-to/guide-reboot-to-edl-mode-fastboot-test-t3398718
Is that ok? Doing this first before anything else?
yes. if it works, you can proceed with installing Qualcomm HS-USB QDLoader 9008 Driver (and tell us the COM port from windows device manager)
if fastboot_edl not working, you must find another way to boot into EDL aka shortcircuiting data pins on usb-connector (deep flash cable) or find a test point on the physical motherboard on youtube
found offsets and sizes for partitions in rawprogram0.xml
i have copied all required files from Xiaomi_Redmi_Note_4_V9.0.5.0.NCFMIEI_20171113.0000.00_Global_7.0_XFT and tried to patch the files. in the modified splash.img string SPLASH!! is replaced with HACKED!! hopefully this works. also i have patched default.prop to make adb insecure in case twrp does not work.
there are differences in files when appending manually or with Appender-v4-rec.zip, so actually i have flashed twrp-3.3.1-0-mido.img to another device (Redmi 5), patched with Appender-v4-rec.zip and created a copy of recovery partition afterwards. the result you can find in twrp-hack.zip (this is the only zip file you need)
for debugging purposes i have uploaded boot-insecure.zip and twrp-3.3.1-0-mido.zip which contains all three files: original, manually patched, patched with appender (you don't need this)
@Alecxs I am trying. Sorry I don't have any result yet This is so out of my depth, league, width etc. etc.
Buttttt I am committed to save the data so I will keep going over the steps you suggested until I feel confident to execute them. Really sorry for how slow I am being about it.
I really, really, really appreciate all your help. THANK YOU SO MUCH!
Related
Huawei Y550 - looping "Fastboot & Rescue Mode - Phone Locked" - Data Recovery needed!
Hi @dimspace, @HB72K, @patrik.KT @hecaex @ EVERYONE!!!
Hi guys, I'm asking (BEGGING) on your VAST knowledge of this device, on behalf of my brother...
He has the Huawei Y550 L01 (everything STOCK, firmware/recovery) and it's just died in a very common way as seen all over the internet. We've tried many different tricks to try reboot it, but alas all do not work. IT IS VITAL WE DO NOT LOOSE ANY DATA, as it's required for a legal case.. His phone just booted into Fastboot & Rescue Mode - Phone Locked
We urgently need to get the data off there, ie: Text Messages, Call Logs and Pictures for a legal case coming up soon.
What I would like to know, is it possible to recovery this data via either Fastboot / ADB or TWRP whilst it's in this state??
Does the phones Bootloader need to be unlocked to begin with, if so... bit late for that now as can't boot the phone. As it appears to be in Fastboot mode now, can we run Fastboot Flash Recovery TWRP.img to install TWRP recovery, and will that have root access within itself? (as I know where the messages are stored) or will this trip the phone further...
Is there any ADB commands we can use to PULL the messages out, whilst it's in this Fastboot state, but everything is STOCK firmware.
Open to all methods to recover data, it's important the data is not lost... What happens to the phone after data is (hopefully) recovered is not of importance, just the data is....
I pray you knowledgeable people can and will help us with this...
** Any idea's what caused the phone to go into this mode also?? As my brother doesn't tamper with things (unlike me) and keeps everything stock. He said it happened about a month ago, but pulling the battery and replugging it back in fixed it... But this trick isn't working now.. **
Many thanks, Lister
Hello there. I'll just give a bit of information about your case. As far as I know, you need root permission to access /data/data/"packagenameoftheapp" (where app data is stored; app data on /sdcard/Android/data -where app data is also stored - does not need root access though) and this could be "pulled" via adb which apparently you can not access since the device is in fastboot. Also, to flash or boot a custom recovery, you'll need the bootloader to be unlocked: (a) in device > settings > allow oem unlocking, then (b) in terminal: fastboot oem unlock "unlock key". Note: unlocking the bootloader (fastboot oem unlock) restores the device to factory settings which means your data is cleared too.
If you can try to boot the device normally so that you can use adb, some data could be retrieved (but only on the /sdcard), then you can root (install supersu) the device via adb (if there are possible workaround - external app maybe (kingroot for windows, etc)).
edit: Can you boot into recovery (not fastboot)? i think adb is accessible from recovery (use the volume + button keys)
Hi !
I've attempted to deal with the devil by trying to root my Pioneer XDP-300R resulting in a bootloop problem (device is stuck on "Powered by Android" screen).
I attempted to flash a boot.img for a Onkyo DX-P1 (which is the same firmware), and still I haven't progressed.
No firmware, update or imgs are provided on Pioneer's website.
I still have access to fastboot (OEM is LOCKED, so I can't boot TWRP and such) in bootloader mode and adb push (no shell) in recovery mode.
Do you guys have any idea how to sort it out ?
Edit :
I managed to make my device go into Qualcomm's emergency download mode.
Here's how to :
1 - Make sure the device is completely off and unplugged from USB.
2 - Install QPST V2.7.474 (not enough posts to share url, but I can PM it).
3 - Install QDLoader Drivers (same as #2).
4 - Simply press and hold the "Play" button while connecting it to your computer, the device manager should see a "Qualcomm 9008 port" listed in Ports while the player's screen stays black.
5 - Do the Carlton (important step !)
Now, if anyone possessing a FUNCTIONAL AND ROOTED Pioneer XDP-300r is reading this and willing to help, can you get in touch with me ?
Together, we could manage to save all the other devices from soft-bricking.
All I would need from you is some time, hard disk space and patience to sort it out.
Please <insert_your_name_here>, you're my only hope !
Edit #2 :
Thanks to minotauri's great help, we managed to get a FULL rom backup, split the partitions to files and generate all the files needed for QFIL.
ErrOzz has been given access to this, hoping that he'll try it out soon.
If that works, I'll link you the files and write the walkthrough to bring you DAP back to life.
minotauri's contributions are not in rest tho, he managed to also successfuly patch TWRP for the device, so anyone can securely flash things from there now.
For anyone reading this thread : you're not the only one who screwed things up, we did too but we might have the cure. Hang in there !
grogcw said:
Hi !
I've attempted to deal with the devil by trying to root my Pioneer XDP-300R resulting in a bootloop problem (device is stuck on "Powered by Android" screen).
I attempted to flash a boot.img for a Onkyo DX-P1 (which is the same firmware), and still I haven't progressed.
No firmware, update or imgs are provided on Pioneer's website.
I still have access to fastboot (OEM is LOCKED, so I can't boot TWRP and such) in bootloader mode and adb push (no shell) in recovery mode.
Do you guys have any idea how to sort it out ?
Edit :
I managed to make my device go into Qualcomm's emergency download mode.
Here's how to :
1 - Make sure the device is completely off and unplugged from USB.
2 - Install QPST V2.7.474 (not enough posts to share url, but I can PM it).
3 - Install QDLoader Drivers (same as #2).
4 - Simply press and hold the "Play" button while connecting it to your computer, the device manager should see a "Qualcomm 9008 port" listed in Ports while the player's screen stays black.
5 - Do the Carlton (important step !)
Now, if anyone possessing a FUNCTIONAL AND ROOTED Pioneer XDP-300r is reading this and willing to help, can you get in touch with me ?
Together, we could manage to save all the other devices from soft-bricking.
All I would need from you is some time, hard disk space and patience to sort it out.
Please <insert_your_name_here>, you're my only hope !
Click to expand...
Click to collapse
Hi - I saw your post on Head-Fi (antdroid over there). Let me look into this!
Here is a bunch of system dump images and qcn files: https://drive.google.com/drive/folders/1diqQ8LE-yG4b-WZFB_OPcQp2rDUp9BbV?usp=drive_open
Hello.
How can I write boot from qdload 9008 state?
Hi !
From the edl / qdload 9008 state, you can't afaik.
Here's how I think you can :
1 - Unplug your device from USB and power it off from whatever state it is.
2 - Power it on pressing Power + Previous button (keep holding, you should be "stuck" on the penguin logo).
3 - Connect your USB.
4 - Check that you have a Android ADB Device in your device manager (install drivers manually if you have an Unknown device).
5 - Grab any fastboot from the internet if you don't already have it (I'll PM you my gdrive, it's there for exemple).
6 - From CMD, go to fastboot directory. (cd <my_folder_with_fastboot>).
7 - Type in : fastboot devices
If fastboot sees your device, you're on the good path, else, check your driver / connection / reboot to fastboot "penguin" state.
8 - Type in : fastboot oem device-info
If it replies
(bootloader) Device unlocked: true
among others, you're in a good, good way, else, you're screwed by now, but we are working on it.
9 - If all the precedent are fulfilled type :
fastboot flash boot <my_boot_image.img>
10 - Mandatory Carlton.
I hope you'll be in the right path all the way, if you're stuck somewhere or if your bootloader is locked, please let me know.
Cheers !
ErrOzz said:
Hello.
How can I write boot from qdload 9008 state?
Click to expand...
Click to collapse
I was successful in creating a recovery (twrp) for this device.
https://www.antdroid.net/2019/02/pioneer-xdp-300r-root-twrp-recovery.html?m=1
also created a XDA thread here: https://forum.xda-developers.com/android/development/pioneer-xdp-300r-digital-audio-player-t3902949
Feel free to PM me if you have questions or we can work it through here
Hi,
I have the same problem. I am able to get qdload 9008 state from here now. However, after unplug and followed grogcw's hints, the device is not recognized again. Also, the device hasn't ennobled debug mode before too. All the adb and fastboot commands return no device.
Hopefully can get more help here.
---------- Post added 28th February 2019 at 12:16 AM ---------- Previous post was 27th February 2019 at 11:58 PM ----------
minotauri said:
I was successful in creating a recovery (twrp) for this device.
https://www.antdroid.net/2019/02/pioneer-xdp-300r-root-twrp-recovery.html?m=1
also created a XDA thread here: https://forum.xda-developers.com/android/development/pioneer-xdp-300r-digital-audio-player-t3902949
Feel free to PM me if you have questions or we can work it through here
Click to expand...
Click to collapse
Is there anyway to flash TWRP and so with QDLoader?
I believe he is on vacation for another week and half. If you haven't enabled the bootloader unlock option within Android, then my recovery method may not work since it may not let you flash the recovery.
You can try to fastboot boot recovery.img though
Hi ! I'm back from vacation, but I still haven't my device around.
Any user willing to test are welcome to reply or PM me !
Let's have all the bricked units working, shall we
grogcw said:
Hi ! I'm back from vacation, but I still haven't my device around.
Any user willing to test are welcome to reply or PM me !
Let's have all the bricked units working, shall we
Click to expand...
Click to collapse
How can we get started?
We actually did start probing stuff around, and we are missing something in the "full restoration process", so we're stuck for now.
Sahara protocol still is a mystery for us, and we can't get pass an error.
I think we don't actually have the right programmer_firehose.mbn for our device, but if it's not this, I'm basically out of ideas. (we might need an "QFIL expert" on this)
I still don't have my device around and feeling dumb about this.
Anyway, all the files and tools required to try probing around are in my gdrive and I can PM the link (as I still can't post it right away) if anyone is interested.
Thanks for trying to help or actually help everyone !
Cheers !
Hello,
I try to root my xdp-300r,after reboot have bootloop result.
I don't know how to reflash systme.img.
can suggest any repair plan,thank you~
Was able to unbrick device. Here are the steps TO DO IT
grogcw said:
hi !
I've attempted to deal with the devil by trying to root my pioneer xdp-300r resulting in a bootloop problem (device is stuck on "powered by android" screen).
I attempted to flash a boot.img for a onkyo dx-p1 (which is the same firmware), and still i haven't progressed.
No firmware, update or imgs are provided on pioneer's website.
I still have access to fastboot (oem is locked, so i can't boot twrp and such) in bootloader mode and adb push (no shell) in recovery mode.
Do you guys have any idea how to sort it out ?
edit :
i managed to make my device go into qualcomm's emergency download mode.
Here's how to :
1 - make sure the device is completely off and unplugged from usb.
2 - install qpst v2.7.474 (not enough posts to share url, but i can pm it).
3 - install qdloader drivers (same as #2).
4 - simply press and hold the "play" button while connecting it to your computer, the device manager should see a "qualcomm 9008 port" listed in ports while the player's screen stays black.
5 - do the carlton (important step !)
now, if anyone possessing a functional and rooted pioneer xdp-300r is reading this and willing to help, can you get in touch with me ?
Together, we could manage to save all the other devices from soft-bricking.
All i would need from you is some time, hard disk space and patience to sort it out.
please <insert_your_name_here>, you're my only hope !
edit #2 :
thanks to minotauri's great help, we managed to get a full rom backup, split the partitions to files and generate all the files needed for qfil.
Errozz has been given access to this, hoping that he'll try it out soon.
If that works, i'll link you the files and write the walkthrough to bring you dap back to life.
Minotauri's contributions are not in rest tho, he managed to also successfuly patch twrp for the device, so anyone can securely flash things from there now.
For anyone reading this thread : You're not the only one who screwed things up, we did too but we might have the cure. Hang in there !
Click to expand...
Click to collapse
i was able to unbrick my device
dantuko said:
all credits go to anthony nguyen aka minotauri. Thank you!
requirements:
samsung drivers installed
windows 10 (i have the windows 10 pro installed)
oem unlock
usb debbuging selected prior to brick
install the latest samsung drivers
install fastboot/adb drivers
stock-boot.img provided by minotauri
the steps are as follows:
the device must be in recovery mode an plugged to the computer. I was on stock recovery
open device manager in windows, look for anything android and delete it and choose to delete the drivers
refresh device manager for new devices (keep only the xdp-300 android connected)
right click on the android device and click on update drivers
select browse my computer for driver software
click on let me pick from a list of available drivers
unselect show compatible drivers (if you see a samsumg driver here, select it. If not try generic windows adb drivers)
seletct google adb drivers (this is the one that worked and it's under samsung drivers)
i performed the steps 1 through 8 a few times until the computer categorized the device as adb
open a command prompt, navigate to the directory where fastboot is installed and type: Fastboot devices (you should have a device listed here)
type: Fastboot oem unlock (this unlocks the bootloader)
after copying stock-boot.img to the root of the your fastboot directory, type: Fastboot flash boot stock-boot.img (reboot)
after the reboot you should see normal boot
if you want twrp and root follow the instructions here: https://forum.xda-developers.com/android/development/pioneer-xdp-300r-digital-audio-player-t3902949 all credits go to anthony nguyen.
i installed twrp the latest supersu pro, viper4android, root browser, busy box pro and everything works perfectly.
:fingers-crossed::fingers-crossed::fingers-crossed:good luck to you e n j o y ! ! !:fingers-crossed::fingers-crossed::fingers-crossed:
i am not an android programmer so i won't be able to help you from that perspective, but i a software engineer so i maybe able to answer some questions.
There is no guarantee this method will work for you but it did work for me
I can provide a TWRP backup file for you to restore your device
Click to expand...
Click to collapse
I have a rooted xdp300r rooted
ralf05 said:
Hello,
I try to root my xdp-300r,after reboot have bootloop result.
I don't know how to reflash systme.img.
can suggest any repair plan,thank you~
Click to expand...
Click to collapse
It was bricked and I was able to fix it and root it
Help !!!
Hello
Gentlemen, help me! I've broken my device
I hit the whole system on my xdp300r. What can I do in this case ??? Only I can turn on TWRP and nothing more.
[email protected]
---------- Post added at 05:55 PM ---------- Previous post was at 05:51 PM ----------
dantuko said:
i was able to unbrick my device
Click to expand...
Click to collapse
Help !!!
dantuko said:
i was able to unbrick my device
Click to expand...
Click to collapse
Hello
Could I ask you for a backup file? Unfortunately, I lost the systemThank you very much.
Greetings.
[email protected]
stefan999 said:
Hello
Could I ask you for a backup file? Unfortunately, I lost the systemThank you very much.
Greetings.
[email protected]
Click to expand...
Click to collapse
I UPLOADED THE BACKUP FILE TO MY GOOGLE DRIVE
https://drive.google.com/drive/folders/1vM7Z12w3CsbutSr54lY4tTdzyN1jurpp?usp=sharing
dantuko said:
I UPLOADED THE BACKUP FILE TO MY GOOGLE DRIVE
https://drive.google.com/drive/folders/1vM7Z12w3CsbutSr54lY4tTdzyN1jurpp?usp=sharing
Click to expand...
Click to collapse
Here is a few items to note about the image:
You must have twrp installed and accessible in order to restore this image.
First time booting after the restore will take a long time, so have a cup of coffee and let it do it's thing.
Every time you boot the OS will perform application optimization, it doesn't bother me so I have not even looked into it.
After you boot connect to your WIFI and open Google Play to set up your account
If you want to use Viper4Android, download and install busybox, then open settings, go to apps and disable Musicfx, then reboot and turn Viper4Android on.
Good luck
dantuko said:
Here is a few items to note about the image:
You must have twrp installed and accessible in order to restore this image.
First time booting after the restore will take a long time, so have a cup of coffee and let it do it's thing.
Every time you boot the OS will perform application optimization, it doesn't bother me so I have not even looked into it.
After you boot connect to your WIFI and open Google Play to set up your account
If you want to use Viper4Android, download and install busybox, then open settings, go to apps and disable Musicfx, then reboot and turn Viper4Android on.
Good luck
Click to expand...
Click to collapse
Thanks for answer and sharing your files. Unfortunately, there is some error when trying to restore in TWRP.
I packed all the items from your disk in ZIP and downloaded to the SD card .
I'm getting an error about the content: no MD5 file found Failed to map file'/external_sdxxxxxx-Full BACKUP.zip'
Error instaling zip file
. Do you have an idea why this is happening?
twrp settings
stefan999 said:
Thanks for answer and sharing your files. Unfortunately, there is some error when trying to restore in TWRP.
I packed all the items from your disk in ZIP and downloaded to the SD card .
I'm getting an error about the content: no MD5 file found Failed to map file'/external_sdxxxxxx-Full BACKUP.zip'
Error instaling zip file
. Do you have an idea why this is happening?
Click to expand...
Click to collapse
You need to change settings in twrp not to check md5 checksum, if it doesn't work then i'll create one with checksum.
Same steps as previous Xiaomi models
1- First officially apply to unlock bl
2 Download and flash twrp as needed
Be cautious when brushing the machine, at your own risk
RECOVERY information:
Name version: Redmi Note 9 Special Edition TWRP Chinese and English modified optimized version
File package name: TWRP-3.4.1B-Redmi Note 9.7z
Introduction:
The author synchronizes the latest source code of TWRP. In the omni environment, the official kernel file is used to write the device code.
Some bugs were fixed by modifying the source code, some functions were added and improved, and finally compiled.
Thanks for the enthusiastic engine oil test.
This RECOVERY is stable and practical, with various functions. The author has measured many times and recommended to use it when flashing. No major bugs have been found.
I haven't tested it comprehensively. I hope that if you find any bugs, please give me feedback in time. Thanks~~~~
Brushing is risky and requires careful operation. Brushing is a personal voluntary act, and the author does not bear any problems caused by brushing into this rec.
important:
1. This rec supports automatic decryption of data partitions, and encrypted data can be used normally under rec without formatting.
Please don't flash the unknown rec randomly, it may cause the data to be unable to be decrypted, and the data will be lost.
The official default is to encrypt the data for the lock screen password, and you need to enter the lock screen password to enter twrp.
2. Theoretically, this rec supports swiping into the official original full amount of cards, but will cover twrp.
3. Bootloader must be unlocked to flash into the third-party rec, please unlock BL.
4. Built-in root system / remove root function, through the root system, you can enable the system to obtain root permissions.
5. Function to prevent being overwritten by official rec (any one is enough): prevent overwriting of TWRP, root system, etc.
6. It is recommended to turn off the avb2.0 verification after the official package of the card is swiped, otherwise it may cause the system to be damaged due to the root boot.
7. If the boot prompt system is damaged due to root, etc., you can flash the boot.img on the fastboot line or flash the closed vbmeta to restore normal.
Please use my own one-click flashing tool to flash in, otherwise, there is a mess, don’t ask me
[Known bugs]:
1. There is a certain probability of entering the first screen of twrp card, forced restart, re-swipe or re-enter twrp should be able to solve.
Update on 2020.06.09:
1. Some optimizations
2. There is a certain probability of entering the first screen of twrp card, forced restart, re-swipe or re-enter twrp should be able to solve.
Content of the first edition of 2020.06.06:
1. Based on the twrp source code, I modified and adapted the Android 10 compilation system and named the version number as [3.4.1b] to show the difference, indicating the unofficial version number
2. Support dynamic partitioning of Android 10 system
3. Support Android 10 system data decryption (password is the lock screen password)
4. Adapt user space fastboot of Android 10 system,
5. Support card swipe official complete package
6. Support the card swipe magisk official card swipe package, you can also use twrp's built-in root system (magisk20.3)
7. Support FBE multi-user decryption, such as mobile phone avatar, application avatar and the like are multiple users. Data can be backed up normally by other users without decryption, solving the problem that some oils cannot be backed up
8. It is recommended to turn off the avb2.0 verification after the official package of the card is swiped, otherwise it may cause the system to be booted due to root and prompt system damage.
9. If the boot prompt system is damaged due to root, etc., you can flash boot.img on the fastboot line or flash vbmeta to turn off the verification to restore normal.
10. There is a certain probability that the first screen of the card will be swiped in after a certain probability, and it will be forced to restart and re-swipe it again.
The download file will be updated on the second floor
:fingers-crossed::fingers-crossed::fingers-crossed::fingers-crossed::fingers-crossed::fingers-crossed::fingers-crossed::fingers-crossed::fingers-crossed:
Download link update
[MOD EDIT: URL REMOVED]
If you ROOT, you must turn off avb2.0 verification in TWRP, otherwise it is not the system
Unpacking your file does not work for me, I always get a "not supported compression method" error with 7 zip
MeinsEins said:
Unpacking your file does not work for me, I always get a "not supported compression method" error with 7 zip
Click to expand...
Click to collapse
Your decompression software is too old, I have uploaded a decompression compatible with the old version, please download again
czghzh said:
Your decompression software is too old, I have uploaded a decompression compatible with the old version, please download again
Click to expand...
Click to collapse
Thanks for updating, it worked now, but I don't think that my software was too old as I use the current (19.00) version of 7ip
is this ok to use it in redmi note 9s or pro sd variant series?
jhun3xx said:
is this ok to use it in redmi note 9s or pro sd variant series?
Click to expand...
Click to collapse
Impossible, please do not do this
MI Unlock doesn't see my phone when in fastboot mode.
Doesn't matter if I do it manually (power + vol down) or through "adb reboot fastboot".
Any solution?
Akitake said:
MI Unlock doesn't see my phone when in fastboot mode.
Doesn't matter if I do it manually (power + vol down) or through "adb reboot fastboot".
Any solution?
Click to expand...
Click to collapse
Have you tried to enable OEM unlocking, USB Debugging and add account to Mi Unlock Status on Developer Options?
awahok said:
Have you tried to enable OEM unlocking, USB Debugging and add account to Mi Unlock Status on Developer Options?
Click to expand...
Click to collapse
Yes I do, but I figured it out.
I had an unknown device in my device manager "Other Devices > Android", and it couldn't find drivers because I was using a slimmed down version of Windows 10, which also blocked Windows update & driver updates through windows servers.
Used another device which has stock Windows installed and works fine. I now just need to wait about 150 hours to be able to unlock c:
Thread closed due to GPL non-compliance. When ready to upload kernel source, PM me.
Hello everyone! This is my first post, I'm very very new here If I somehow missed a rule or two and shouldn't have posted here or etc DO TELL ME, Im open to anything and I appreciate it! To the point, I won't stretch the topic, I'll tell you how I rooted my Gionee x1 device, and the problems I faced and their solutions. You may ask yourselves or just come reply here, Who even owns that device, Well I own one and I wasn't able to root this device it was hard, so for the other mates out their having bought this piece of brick.
and, there's a reason to why Im writing this topic, do read to the end.
So, to start I first of all researched alot both on google and xda forums for any way of doing it, most of which either didn't work or were not supporting my device(f.e. One Click Root Methods didn't work at all).
1. This post has a reply by ZedLens, which is awesome but to my surprise it didn't work for me.
2. This post BusinessKid is a great tutorial for any MTK Device, but the 3rd step of "The Download Stuff:" I couldn't find the scatter for my device.
3. I've a strict download limit for my internet, so I couldn't download the Stock ROM, so I somehow had to extract it from my device, which I failed why? MTK Droid Tool wasn't able to recognize my device. I diagnosed for all possible reasons for this, bad USB check, bad device port check, wrong process check nothing worked, so at the end of the day I somehow managed to download the Stock ROM of Gionee X1 and EVERYONE HAS TO DO IT IN THE END, you'll really need it anyhow.
Now the rooting process,
Tools/Stuff I used:
1. SP Flash Tool(This thing here, is like your hand during examination)
2. MTK Drivers(Important)
3. Stock Gionee X1 ROM
4. Magisk Manager App
I'll attach the Magisk Patched boot.img here along with the scatter so that you can directly flash the boot img instead of wasting time to download the stock rom and etc etc. also you can reply down here if you need any other file, I'll send it to you somehow :3
NOTE: All the images, links, tools, programs and everything belong to their respective owners!! Everything you are doing with the steps above are STIRCTLY your responsibility, if you do it wrong and brick your device you can't charge me for bricking your device, only you and you will be held responsible for any damage/sucess/etc to your device.
Steps to install:
1. Get Stock boot img
2. Install Magisk Manager (DON'T DOWNLOAD IT FROM ANYWHERE use TopJohnWu's Github)
3. Somehow get the Stock boot img into your Internal Storage or anywhere, where Magisk Manager can find and Patch it, Use adb push, connect usb and copy it to the Internal Storage, ANYHOW.
4. After copying, Open Magisk Manager, you'll find two things on the main screen, one is Magisk which has status infos such as (Installed: ), (SAR: ), (A/B: ) and (RAMDISK: ). Within the same square which contains those status info you'll find a Install click on it.
4.1. After clicking on install you'll get a new menu, select next in the Options Square ignoring the choices there(Preserve AVB 2.0 blah blah) and click Next. Now you'll be in the Methods Square here, you select "Select and Patch a File", now locate to the Image and after successfully locating and selecting it click on Let's Go on the right cornor.
4.2. If your image is patched successfully your log in front of you will look something like this:
- Device platform: armeabi-v7a
- Installing: 23.0 (23000)
- Copying image to cache
- Boot image is signed with AVB 1.0
- Unpacking boot image
- Checking ramdisk status
- Stock boot image detected
- Patching ramdisk
- Repacking boot image
- Signing boot image with verity keys
****************************
Output file is written to
/storage/emulated/0/Download/magisk_patched-buildno_abcde.img
****************************
- All done!
Click to expand...
Click to collapse
4.3. You have your patched boot image!!
5. Now get the patched image back to your pc -.-
6. Prepare yourself to focus, Im not responsible for your bricked device!
7. Goto This XDA Post for Tutorial and Information about SP Flash Tool, MTK Drivers ADB Drivers, etc etc.
8. Download and Install MTK Drivers(Link Credit: Bovirus' this post)
1. You'll find a exe, just execute it and it'll be installed automatically.
Click to expand...
Click to collapse
9. Download and open SP Flash Tool and select Scatter-loading file.
10. Now After you've selected the scatter loading file you'll find there are various selections in front of you, Preloader, lk, boot, recovery and etc etc
10.1. DESELECT or UNSELECT (OR WHATEVER YOU CALL IT) every selection other than boot.
10.2. In the row of boot/bootimg, (remember the patched boot image?) click on LOCATION you'll get a explorer window to locate to the patched boot image, locate and select it. In the last it should look something like this:
https://imgur.com/a/WMbTTAC
10.3. Click on Download in SP Flash Tool and connect the device, see next step.
11. Power Off the device and Remove the battery(See 3. in Issues I faced).
12. Now while pressing the Volume UP and Down Button together, connect the M-USB to your device port. I can't explain this but, firstly connect the USB cable to your pc then to your device haha.
13. You'll hear the device connected sound of Windows(If windows user) and the flashing will start
14. Reboot to OS and Voila! Check your Magisk Manager, your device is now rooted! Do remember to install the Magisk App just below the Magisk Root Check!
Now, issues I faced:
1. Device wasn't connecting to the SP Flash Tool, I reinstalled the MTK Drivers but it didn't do any change.
2. FastBoot flashing didn't work, I opted for SP Flash Tool later.
3. Device was starting into Factory mode and/or Recovery mode whenever I pressed Volume UP/Down and then connecting the device through USB, removable battery came to my rescue. Removed the battery, pressed both volume Up and Down button and then connected the USB.
NOTE: Again, all the images, links, tools, programs and everything belong to their respective owners!! Everything you are doing with the steps above are STIRCTLY your responsibility, if you do it wrong and brick your device you can't charge me for bricking your device, only you and you will be held responsible for any damage/success/etc to your device.
Links for boot.img and scatter file: Here is the MediaFire link, I've scanned the files with my Quick Heal Total Security I'm not those multidadoffspring who likes to spread virus/malware etc. and Here is the VirusTotal Link.
Feel free to tell me my errors and mark how can I improve, I appreciate it
And also, if you need any other file from the Stock ROM of the same device, do tell me here or DM at my insta: heartwastaken
Sorry for my bad English.
Thank you!!
Have a great Day
-Vish
I just received an LG K40 and wanted to root it or potentially install a custom OS.
Unfortunately, it forced me to update upon resetting the device, which locked me out of being able to use mtk-su, the most viable root method. I regained hope upon seeing that I was able to tick "Enable OEM Unlocking" from the developer options, so it would be easy to unlock the bootloader.
For some reason, it seems like LG has completely disabled fastboot mode on this phone. If I hold down volume down and power at boot, I get LG's horrible stripped down recovery which is only a factory reset dialog. If I do the same but with volume up, the phone boots normally. If I hold down volume up with the phone off then plug in USB, I get to LG's download mode which can only be used to flash stock ROMs with their proprietary Windows-only software. With volume down, I get the "low power" screen that I would get if the phone's battery was dead.
These combinations are not documented anywhere and I have compiled them from various random sites and people from all across the web. I have tried many drivers, running adb reboot bootloader (which just reboots back to Android), and every possible combination of keys, but I cannot get to an environment where fastboot can be run.
Does anybody know of a method by which I can unlock the bootloader without using fastboot (OEM unlocking is enabled)? Or at least an alternative root method for this device not involving recovery or fastboot? This is a very tough issue to tackle.
there is a long outdated method to force (hidden) fastboot by erasing LAF partition, but I guess fastboot is meanwhile removed entirely so this would most likely just brick.
however you could try to unlock from mtkclient (should able to by-pass MediaTek Secure Boot)
Code:
python3 mtk da seccfg unlock
Perfect, I was able to unlock the bootloader from download mode with that application and install Magisk from there. Thank you for this!
BenTheTechGuy said:
Perfect, I was able to unlock the bootloader from download mode with that application and install Magisk from there. Thank you for this!
Click to expand...
Click to collapse
Hi!
Can you please explain the steps, as i can't use magisk successfully.
Thanks
Gian-Fr said:
Hi!
Can you please explain the steps, as i can't use magisk successfully.
Thanks
Click to expand...
Click to collapse
The steps are outlined in this section of the README. The only difference is you should use stock Magisk instead of the outdated Chinese fork they used (the changes in that fork have been in upstream Magisk for a while now).
BenTheTechGuy said:
The steps are outlined in this section of the README. The only difference is you should use stock Magisk instead of the outdated Chinese fork they used (the changes in that fork have been in upstream Magisk for a while now).
Click to expand...
Click to collapse
thanks, it works, but when i lock bootloader, it goes bootloop, do you encounter the same problem?