Related
Dear Esteemed XDA members,
I have spent literally days of testing and researching to try and unbrick my phone. Friends and family have seen my obsession with trying to fix this, some even offering to buy me a new phone!!!! But this ain't about money - this is about having control of my damn device!!! I'm usually pretty good with trying to solve this kind of stuff, but this time I'm truly stumped (and desperate, and obsessed!). I have come to the conclusion that it's directly related to ARM Trusted Firmware. Here are the details of my "journey" to date... please read it, and if you know how to fix it, please share!!! then I can get my life back!!!! Before I go any further, I am certain that my problem was initially triggered by doing an official update on a rooted phone. So to avoid experiencing the same problem I'm about to describe, it's best to unroot and relock your device before loading new official firmware.
I have a Huawei Honor 4x (Che2-UL00, with Kirin 620 chipset) with an unlocked bootloader. Recently, I tried to manually upgrade from Kitkat (emui3.0) to Lollipop (emui3.1), using the official update.app from huawei's website (image was good - I checked the hash). To load the update.app, I used the official huawei recovery. The progress bar went to roughly 90% and then hung. Upon restarting my phone, it went into rescue mode with the following error: Func NO : 15 (bl31 image) Error NO : 1 (security verify failed).
Interestingly, I looked closely at the fastboot.img files for kitkat Vs lollipop (I got the image files by using HuaweiUpdateExtractor). I noticed that only the lollipop fastboot image contains this error message text. Also, bl31 is related to ARM trusted firmware, for more info search for BL31 (Secure Monitor) on google, or see bl31_main.c in the Trusted Firmware source code. So it seems that the lollipop image is using the full ARM trusted firmware, an extra layer of security which is preventing the (unlocked) bootloader from allowing me to load into recovery. I think this is the core problem, and I think there is a way to solve it but I just don't have a deep enough understanding to get there. Below I'll explain each step I went though and provide some additional diagnostic info:
1. First step was to access recovery mode (Vol UP + power). This failed and resulted in same bl31 error message.
2. Second step was to try and update again using the three-button force update (Vol Up + Vol Down + Power). It vibrates once after a few seconds, and freezes with the logo screen with the red light flashing. As an experiment, I tried this without the SDCARD and noticed it vibrated almost instantly, which suggests that it does try to load something from the SDCARD when inserted. I didn't get any further in this mode.
3. Final step I tried was to load into fastboot (Vol Down + Power). This worked and I got into a special "Rescue&Fastboot" mode. First thing I tried was to manually downgrade to kitkat by flashing the kitkat images using the fastboot flash command. The images boot.img, system.img, recovery.img flashed successfully. cust.img simply failed. I desperately wanted to flash the kitkat fastboot.img which doesn't contain the trusted firmware bl31 image stuff, but fastboot replied: FAILED (remote: Command not allowed). In fact, many of the fastboot commands fail with this same error message, even though there is the "PHONE unlocked" writing in red on my phone screen. With the limited command set available (even fastboot oem device-info is not allowed!), here is the diagnostic info I was able to get:
a) fastboot oem check-rootinfo
(bootloader) old_stat: RISK
(bootloader) now_stat: SAFE
(bootloader) change_time: 1452356543
I think this change from RISK to SAFE is the core of my problem. the change_time is from several days ago when I attempted to update. I think it reflects the trusted firmware state (I'm guessing here, as I can't find documentation for these commands).
b) fastboot oem backdoor info
(bootloader) FB LockState: LOCKED
(bootloader) USER LockState: UNLOCKED
I think that FB LockState: LOCKED means that fastboot is locked (guessing again, can't find documentation!), which explains why many of the commands fail.
c) fastboot oem check-image
(bootloader) secure image verify successfully
I think this checks the recovery image, because when I flash a different recovery, this signature check fails
d) fastboot getvar rescue_phoneinfo
rescue_phoneinfo: Che2-UL00 V100R001CHNC00B365
This appears to be the ROM version at the time of purchase.
e) fastboot oem get-build-number
(bootloader): Che2-UL00 V100R001CHNC00B384
This actually corresponds to the build number of kitkat I was using just before the failed upgrade to lollipop.
f) fastboot oem relock mycode
FAILED (remote: root type not allowed).
I tried this just to see if it wold relock. I'm not sure what the error means, but I do not that this command failed with signature verify fail if i change the recovery image.
Here are the questions I want to ask:
1. Can I force the device to flash a new image? I can't get into recovery or have full access to fastboot commands due to the trusted firmware stuff. And as I mentioned earlier the three button trick fails with a freeze at the logo screen. It appears that I need to do this using a means other than fastboot. The only interface I have is Android Sooner ADB Interface. adb devices renders nothing. Only fastboot finds a device.
2. Can I somehow make the "security verify check" pass so that I don't get that bl31 error? I'm not sure exactly which images this bl31 thing is trying to verify! Perhaps some combination of images from the new lollipop stuff I tried to flash and the kitkat build I had running previously?
3. Can somehow disable all this Trusted Firmware stuff??
4. Any other suggestions???
This is driving me to the brink on insanity!!! Gotta figure it out!! Thanks for reading and trying to help!
Hi,
Did anyone solve this problem?
I'm facing the exact same situation.
Che2-UL00 too.
Thanks in advance!
prezident36 said:
Hi,
Did anyone solve this problem?
I'm facing the exact same situation.
Che2-UL00 too.
Thanks in advance!
Click to expand...
Click to collapse
I still find it hard to believe this problem absolutely cannot be solved. However, I took it to a Huawei service center and they weren't able to unbrick it either. They had to replace the mainboard, which seems like a complete waste. Cost around $50, so not the end of the world but still annoying.
Anyway, screw this whole "trusted firmware" rubbish. I'm the owner of the device, yet I'm not "trusted".
hello, i have exactly the same problem!
---------- Post added at 10:58 PM ---------- Previous post was at 10:41 PM ----------
Where do i get the replacement mainboard from?
Me too, upgrading kitkat to lollipop. Now facing that rescue error.
My Honor 4X is unlock bootloader and root before upgrading lollipop,
Hi Everyone,
Well I have an OBI SJ-1-5 SmartPhone which is not working now as I was trying to Flash a Stock ROM via SP Flash Tool.
I was trying to unlock the bootloader via "fastboot oem unlock" command in fastboot mode. The result was "ok". This device also has "allow bootloader to be unlocked" feature in developer options which was set to "on" while I was doing it. During the process of unlocking it shows some warning message that whole device would be reset, I agree and continue. After which it got stuck and I've to use "fastboot reboot" command, which result in continuous boot loop. Then i was not able to go into recovery or do anything.
I then do some google fu and found Stock ROM which aren't compatible to the device as it was showing the error "PMT has changed for the ROM". Which i sort out somehow. In the mean time I forget to unchecked the "Preloader" option, and unfortunately the new Stock ROM* has incompatible preloader with my Device. Resulting in a Complete Brick of my SmartPhone giving me "BROM ERROR: S_FT_ENABLE_DRAM_FAIL (0xFC0)" error both while doing "Format whole Flash" and "Format whole flash except Bootloader", even "Download" option gives me the same error.
Fortunately I have another pair of same Model so I thought to Dump the Stock ROM including the preloader files and Update my brick cellphone with it. I know the procedure of "Readback", so to grab the "scatter" file I used "MTKdroidTools" which again unfortunately unable to create the "root shell" for my device neither I was able to save the scatter file(the save button was disabled) because my device is MediaTek 6580 which is unsupported to use with "MTKdroidTools". My other cellphone is not Rooted and Rooting is the whole reason I now have a Brick Cellphone so I am not gonna take risk again doing something with that new device .
Which leave me the last option of Using a Hardware Device like "Magic Box" or "Volcano Box" to DUMP firmware. And that I don't have and neither I can somehow get my hands onto it.
But I "think" I can get my cellphone back to life if I would find a ROM of a device with Similar board id and Flash its ROM using (Format+Download). After that it would allow me to use "Auto Format except Bootloader". After which I could flash the ROM that was giving me (0xFC0) error (without ticking the preloader).
Details of SJ1-5
Chipset: MediaTek 6580
Root : No
Build Number : Obi_SJ1-5_B1B8_Ver3.6
Kernal Version : 3.10.72
Android Version : 5.1
Android Security Patch Level : 2016-01-01
*The ROM I tried : Obi_SJ1.5_MT6580_5.1_v1.7.1_151014_144940
I hope someone can provide me the DUMPed Stock ROM from a working Device. I would really appreciate that. And please let me know if there is any other Method that I missed. Sorry for my bad English.
Thank you all in Advance.
Same problem here. As always with mtk phones it is problematic and very risky to find working/compatable scatter and rom. Same story, flashed wrong preloader and now the phone in boot loop. Thinking to connect directly to a serial but i need a correct rom for a start. If anyone has a dumb of this phone please contact me at [email protected]
Hello friends of XDA, I have a big problem between hands, I have a MOTO Z and I had it in android 7.0 since last year the update to andorid 7.1.1 did not arrive and I felt that with android 7 the battery was consumed very quickly, so I tried to find the update to flash it and just about 3 days ago I found it, I proceeded to download it and flash it in fastboot and adb.
The thing is that a few months ago, browsing through my phone (I had already rotated it, and unlocked the bottloader, I decided to re-block the bootloader, and remove the root, which never worked at 100) I got into the developer options, and I saw an option that until then I didn't know about its "OEM Unlock"function, as it was turned on and deactivated because I thought it didn't work.
Returning to the update flashing I proceeded as usual, with the commands, I proceed to restart the device and show the image of the boot of motrola but then it shows me a message in red letters.
"Startup Failed"
"failed to pass validation, backup to fastboot.
I thought it was a compatibility problem with the downloaded version of 7.1.1 so again I decided to flash the stock rom 7.0 but when I finished and restart the same message appeared.
I started to investigate and it seems that the OEM blockade is responsible for not being able to install any Stock Rom, or anything, and now I have a nice brick with Moto mods and I can't use it.
I wanted to unlock OEM in fastboot but nothing. sends message from "ALLOW OEM UNLOCK IN SETTINGS"
There is way to unlock the OEM from pc or fastboot without needing to be unlocked from the android settings, as in my case it is impossible for me,
I'd be very grateful for your help friends, I know it's a bit tedious to read but it's the only phone I have and I feel weird without it on the street.:bueno::bueno::llorando:
I'm with same problem here!
Suckmymfdick17 said:
Hello friends of XDA, I have a big problem between hands, I have a MOTO Z and I had it in android 7.0 since last year the update to andorid 7.1.1 did not arrive and I felt that with android 7 the battery was consumed very quickly, so I tried to find the update to flash it and just about 3 days ago I found it, I proceeded to download it and flash it in fastboot and adb.
The thing is that a few months ago, browsing through my phone (I had already rotated it, and unlocked the bottloader, I decided to re-block the bootloader, and remove the root, which never worked at 100) I got into the developer options, and I saw an option that until then I didn't know about its "OEM Unlock"function, as it was turned on and deactivated because I thought it didn't work.
Returning to the update flashing I proceeded as usual, with the commands, I proceed to restart the device and show the image of the boot of motrola but then it shows me a message in red letters.
"Startup Failed"
"failed to pass validation, backup to fastboot.
I thought it was a compatibility problem with the downloaded version of 7.1.1 so again I decided to flash the stock rom 7.0 but when I finished and restart the same message appeared.
I started to investigate and it seems that the OEM blockade is responsible for not being able to install any Stock Rom, or anything, and now I have a nice brick with Moto mods and I can't use it.
I wanted to unlock OEM in fastboot but nothing. sends message from "ALLOW OEM UNLOCK IN SETTINGS"
There is way to unlock the OEM from pc or fastboot without needing to be unlocked from the android settings, as in my case it is impossible for me,
I'd be very grateful for your help friends, I know it's a bit tedious to read but it's the only phone I have and I feel weird without it on the street.:bueno::bueno::llorando:
Click to expand...
Click to collapse
Try to boot in Fastboot flash twrp and flash ressurection remix rom. It's great rom. Forget about locking. I had the same problem like you as I was trying to flash stock ROM and lock bootloader.
I gave up on this.
knjigo said:
Try to boot in Fastboot flash twrp and flash ressurection remix rom. It's great rom. Forget about locking. I had the same problem like you as I was trying to flash stock ROM and lock bootloader.
I gave up on this.
Click to expand...
Click to collapse
Well, when the root didn't work properly, I flashed the phone again and blocked the bootloader. Will I still be able to install TWPR or should I lose my phone?
Suckmymfdick17 said:
Well, when the root didn't work properly, I flashed the phone again and blocked the bootloader. Will I still be able to install TWPR or should I lose my phone?
Click to expand...
Click to collapse
What do you mean with "I blocked my bootloader"?
Twrp is easy to flash. Root is integrated in ressurection remix rom. And this rom is great. Just try to flash twrp in Fastboot and than ressurection remix with twrp.
Can you boot in Fastboot?
Do you remember what build of 7.1.1 you had on your device before downgrading to 7.0?
If so, I would suggest finding that firmware (the full stock firmware, not OTA updates) or newer if you can, and try to flash that. Since your bootloader is still likely from the 7.1.1 build, a locked bootloader will only permit files matching the same patch level (i.e. from the exact same stock ROM as that bootloader patch) to boot.
If not, then unfortunately there's not a lot we can do. You could wait for a newer firmware to get leaked, but as your device is unable to boot (due to failing the bootloader checks) and you cannot toggle OEM unlocking because you cannot boot, it's a nasty vicious circle that is difficult to get out of. You may have to consider sending your device for service and pay for an expensive motherboard replacement otherwise, since Motorola have a record of your device being unlocked. Your service centre experience may vary.
Only lock a bootloader after ensuring you've flashed all the stock firmware and it is all the same patch level as your bootloader. Hopefully you'll find newer firmware that you can repair with.
tjgibri said:
I'm with same problem here!
Click to expand...
Click to collapse
I solved it, I finally flashed the stock rom to my phone and it works.
Apparently my pc was not flashing the stock rom in adb, and the phone turned off when loading the software. I did it 3 times until I load correctly and start well.
if you have the same problem apparently then OEM Blocking is not responsible. You have to flash the most current rom or the one that you had by default when the brick happened to you, you flash it in a normal way with commands of adb and ready, I would have to come back to life.
download from firmware center MotoZ Griffin the most current rom stock at 7.1.1
echo92 said:
Do you remember what build of 7.1.1 you had on your device before downgrading to 7.0?
If so, I would suggest finding that firmware (the full stock firmware, not OTA updates) or newer if you can, and try to flash that. Since your bootloader is still likely from the 7.1.1 build, a locked bootloader will only permit files matching the same patch level (i.e. from the exact same stock ROM as that bootloader patch) to boot.
If not, then unfortunately there's not a lot we can do. You could wait for a newer firmware to get leaked, but as your device is unable to boot (due to failing the bootloader checks) and you cannot toggle OEM unlocking because you cannot boot, it's a nasty vicious circle that is difficult to get out of. You may have to consider sending your device for service and pay for an expensive motherboard replacement otherwise, since Motorola have a record of your device being unlocked. Your service centre experience may vary.
Only lock a bootloader after ensuring you've flashed all the stock firmware and it is all the same patch level as your bootloader. Hopefully you'll find newer firmware that you can repair with.
Click to expand...
Click to collapse
Thanks for your help friend, I finally flashed it with a recent android 7.1.1 update. Apparently the OEM lockout was not the culprit, but it was an interrupted flash of android 7.1.1 at some point when loading the software to the phone, it would shut down on its own and not complete the installation, which showed me the mentioned message. I didn't realize that and thought it was the OEM blockade.
I finally did it on another pc and it worked. the phone came back to life.
I have one Moto Z2 Force (XT1789-05), bought from coolicool.com, I didn't know device came Unlocked Bootloader, Device rom had problem with many apps, I googled and found one topic in XDA developer to Install Stock Rom, I downloaded and Installed India Rom, it's worked somehow fine, but still had problem, I downloaded Verizon Rom, Android 8, after Installed Android 8 Verizon Rom, Locked device bootloader immediately, now device stuck at Welcome Wizard in Android 8, after select language I got this message: (Please wait, this may take a few minutes) this is proof video (http://ahmn.co/Upload/IMG_0161.MOV), after this issue, device already locked, I can't unlock, because need to go to the Developer Option in Setting, I stucked in Welcome Wizard, there isn't any bypass, So, I start to search in Google, XDA-Forum, Android Central and more, I created many threads, many requests, no one can't help me, I tried to reach google developer support to the tell to me how can I bypass Android 8 Welcome Wizard, there is must be a way, but I can't find it, now I can access to Android Recovery and Bootloader
1. if you help me to FORCE UNLOCK device without need Developer Option in setting my problem will solve
2. If you help me to Bypass Android Welcome Wizard, access setting and enable OEM Unlock
3. If you help me to update the device from Android 8 to Android 9 Verizon ROM via ADB Sideload or Update from SD card in Recovery mode
4. If you have any idea to how can I fix it
Extra Information: I bought Belkin and Uni USB-C to Ethernet Adaptor to help me bypass Android 8 Welcome Wizard, I bought WSKY WIFI Adaptor because device Wifi can't find any network (I found QR setup by tap several times in Language Selection), after this section need to download google device policy apk, my device can't find any Wifi Network and my Ethernet Adaptor can't help me either, So, I just remained with my phone, and I can't do anything,
Please, someone, help me
My Device SKU: XT1789-05
Hello, I was recently given a Tab S3 (Verizon) by a friend, and it was FRP locked. When asked, the friend said that she had no Idea which account might have been on it, and none that she tried worked, so I was stuck. So far I have tried a lot, and most recently, I have been trying to use Odin to flash a Combo file that I found for this model, but it fails to flash, and the tablet states:
Code:
SW REV CHECK FAIL : [aboot]Fused 2 > Binary 0
A couple of questions:
1) What does this mean?
2) Is this because it is FRP locked?
3) If it is, am I SOL?
4) If not, am I SOL anyway with the FRP lock?
I have had some experience with android modding, so I'm not a total noob, but don't take that for granted, I may have missed something very stupid/obvious.
The current firmware is: Oreo/T827VVRS2BRJ1
The combo firmware is: Oreo (I think)/T827VVRU0AQB9
Odin reports FRP Lock is on
Well, I managed to get firmware to flash by getting the same version that is on the tablet currently, but the flashing did not help, because FRP lock is still on. I even went as far as to get a partition table file and completely nuke the nand, which was probably a stupid idea, but nevertheless, even that didn't work to remove the FRP lock. Any ideas?
Thanks, SciFI101
P.S. Also note that the firmware that flashed was not a combo file, I have no idea what the difference is, do I need a combo file to remove FRP?
Flash combination firmware and then remove the google account and delete the Google account on device administration. Flash back original firmware all done.
Which combo firmware should I flash? Any that I have tried have failed with the SW REV CHECK FAIL error.
Also, the stock recovery seems to be shagged, after the blue "Installing updates"/"No Command" screen, the screen goes almost entirely dark, but it is still the same blue screen with Andy in the middle. It still boots into the OS and download mode otherwise. flashing BL and/or AP doesn't seem to fix it
Hi folks,
my trusty S3 (SM-T825) got broke unexpectedly. It showed "100% battery" in the morning but was unresponsive. A forced shutdown did reboot the device up to the logo-screen - from where it rebooted again. So obviously it's stuck in a boot loop.
Unfortunately, it does not enter "recovery" either (home) (up) (power). However, it DOES enter "ODIN mode" (home) (down) (power). There it shows me that FRP Lock and OEM lock both are still active. This is no wonder as it caught me unprepared. FRP lock wouldn't be a problem, as I'm the owner of the account and can supply credentials once it boots up again.
Everywhere it is STRONGLY advised to turn off OEM lock before flashing anything to not make it even worse. This renders the device essentially dead, right?
The device is still as original as it can be.
Any chance I can revive it or does that more look like a mainboard problem?
I already have ODIN and I even have an actual 4-part "Original ROM" for my region (Samfw.com_SM-T825_ATO_T825XXU3CTD1_fac.zip), but maybe TWRP and Lineage would be the better options.
Before I just go and make things worse, I'd like to ask for a qualified advice ;-)
smallfreak said:
...... There it shows me that FRP Lock and OEM lock both are still active. This is no wonder as it caught me unprepared. FRP lock wouldn't be a problem, as I'm the owner of the account and can supply credentials once it boots up again.
Everywhere it is STRONGLY advised to turn off OEM lock before flashing anything to not make it even worse. This renders the device essentially dead, right?
Click to expand...
Click to collapse
Afaik you should be able to flash stock with OEM lock active BUT idk if FRP will block flashing process.
If that happens it's imo afterwards in the same state as before so at least it won't worsen it.
Gonna loose all your data anyhow.
Got Smartswitch? This might help as well.
smallfreak said:
....... I already have ODIN and I even have an actual 4-part "Original ROM" for my region (Samfw.com_SM-T825_ATO_T825XXU3CTD1_fac.zip), but maybe TWRP and Lineage would be the better options.
Click to expand...
Click to collapse
You can't replace recovery without OEM unlock.
smallfreak said:
Before I just go and make things worse, I'd like to ask for a qualified advice ;-)
Click to expand...
Click to collapse
Dunno if I'm qualified enough
Next turn ...
I tried flashing TWRP into the AP slot with SamFW FRP-Tool (ODIN). This worked so far but got me a note on the tablet "custom recovery blocked due to FRP lock".
Checking boot on the tablet - as before. Boot loop.
Next turn ...
Code:
Select file AP_T825XXU3CTD1_CL17011592_QB30231355_REV00_user_low_ship_MULTI_CERT_meta_OS9.tar.md5
Select file CP_T825XXU3CTA1_CP14962504_CL17011592_QB28791445_REV00_user_low_ship_MULTI_CERT.tar.md5
Select file CSC_ATO_T825ATO3CTD1_CL18361310_QB30233690_REV00_user_low_ship_MULTI_CERT.tar.md5
Reading... OK
Detect mode: Download mode
Model : SM-T825
Bit : 4
Unique number : CBJ100915EAF124
Storage : 32
Vendor : SAMSUNG
Disk : BJNB4R
Firmware : https://samfw.com/firmware/SM-T825/
Analyze files...
Flashing with SAMSUNG Mobile USB Modem (COM5)
Flash failed
Flash time: 00:47
Reading... FAIL
unchecking CP and CSC, leaving only AP.
Code:
Analyze files...
Flashing with SAMSUNG Mobile USB Modem (COM5)
Flash failed
Flash time: 10:00
Reading... FAIL
Reboot tablet in download-mode, next turn: Try BL + AP:
Code:
Select file BL_T825XXU3CTD1_CL17011592_QB30231355_REV00_user_low_ship_MULTI_CERT.tar.md5
Reading... OK
Detect mode: Download mode
Model : SM-T825
Bit : 4
Unique number : CBJ100915EAF124
Storage : 32
Vendor : SAMSUNG
Disk : BJNB4R
Firmware : https://samfw.com/firmware/SM-T825/
Analyze files...
Flashing with SAMSUNG Mobile USB Modem (COM5)
Checking file BL_T825XXU3CTD1_CL17011592_QB30231355_REV00_user_low_ship_MULTI_CERT.tar.md5
Checking file AP_T825XXU3CTD1_CL17011592_QB30231355_REV00_user_low_ship_MULTI_CERT_meta_OS9.tar.md5
Flashing (1/20) emmc_appsboot.mbn.lz4 OK
Flashing (2/20) lksecapp.mbn.lz4 OK
Flashing (3/20) xbl.elf.lz4Flash failed
Flash time: 01:26
Tablet moans about
SW REV CHECK FAIL : [lksecapp] Fused -1 > Binary 0
Click to expand...
Click to collapse
So maybe the firmware revision is different to the currently installed one? The latest file is from 2020 and since I did the usual OTA updates, this should be the version installed. But even if not, it sould not matter to upload a newer one, right?
Anything I can check?
So then obviously "Game Over"
Another piece of expensive waste that otherwise could have served well for years to come. Yes I know, selling something just once is an inferior business model to repeatedly draining my account for the same service.