Related
As far as i know, someone in a china forum said that he had unlocked the F600S' bootloader successfully.
He first flashed a pre-rooted 5.0 TOT and change the build.prop to h901. Then, he flashed h901 6.0 kdz to his phone and the bootloader became h901 version.
Therefore, he could unlock the bootloader simply by entering "fastboot oem unlock", flashing H901's recovery and rooted the phone.
Some users said this method works but some said didn't and even bricked their phones into "Qualcomm HS-USB QDLoader 9008" mode.
I open this thread for raising attention and investigate whether this method really works or not, but please, DO NOT intend to perform this method unless it was proved to be safe.
If you can read Chinese, here is the source (please remove this link if it violates xda's rules):
http://bbs.gfan.com/android-8325666-1-1.html
i recommend, don't... unless u needed to do that then go
I was attempting something like this awhile back. But I wasn't using the normal build.prop. There is one hiding in /cust/open_com_ds/cust_open_hk.prop that I assumed was what the LGUP program used to check vs the one in /system but apparently I was mistaken. Theoretically there isn't anything hardware wise different between the H901 and the H961N besides the dual sim. Those that don't use dual sim might try this. Otherwise I would wait. If there are any people out there that can make kdz's then all it takes is one person to do it right then everyone else can benefit. I might go ahead and try for shizas and googles.
DarkestSpawn said:
I was attempting something like this awhile back. But I wasn't using the normal build.prop. There is one hiding in /cust/open_com_ds/cust_open_hk.prop that I assumed was what the LGUP program used to check vs the one in /system but apparently I was mistaken. Theoretically there isn't anything hardware wise different between the H901 and the H961N besides the dual sim. Those that don't use dual sim might try this. Otherwise I would wait. If there are any people out there that can make kdz's then all it takes is one person to do it right then everyone else can benefit. I might go ahead and try for shizas and googles.
Click to expand...
Click to collapse
Thanks for your reply. According to the source, those people changed their build.prop as below in order to flash h901's kdz:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
By the way, as a H961N user, I also wonder that whether it works on dual sim model. Can we flash the modem and related apps separately in order to make dual sim working if bootloader has unlocked?
If memory serves correctly, Yes with an unlocked bootloader you could adb flash modem *BLAHBLAHBLAH* but idk how that works with dual sim phones.
I honestly get aggravated when I see certain users that say they make TOT or KDZ files when really they took it from other sites that aren't English and say they made it. If that was the case they would make a KDZ with stock everything for the device its for but replace the bootloader to the version from H901 and every LG v10 would be bootloader unlockable but somehow they are too busy or working on other TOTs and kdzs... Assinine lies. Sorry had to throw my two cents out there.
I'm so glad I didn't do this attempt yet. Just remembered I gave my backup phone away so I have nothing to fall back on if this fails. If no one tries this before I get it back I will try.
DarkestSpawn said:
I was attempting something like this awhile back. But I wasn't using the normal build.prop. There is one hiding in /cust/open_com_ds/cust_open_hk.prop that I assumed was what the LGUP program used to check vs the one in /system but apparently I was mistaken. Theoretically there isn't anything hardware wise different between the H901 and the H961N besides the dual sim. Those that don't use dual sim might try this. Otherwise I would wait. If there are any people out there that can make kdz's then all it takes is one person to do it right then everyone else can benefit. I might go ahead and try for shizas and googles.
Click to expand...
Click to collapse
Even though many of the pieces are the same, there could well be some fairly significant differences hardware-wise between the H901 and H961N. The two that I know are really close are the H961N (Hong Kong) and H962, if the kernel sources are identical then there isn't much difference between the two.
On the flip side though, there could be enough similarity to flash the H901's bootloader onto another device. The bootloader wouldn't need to worry about how any of the radio bits work, just avoid touching them.
DarkestSpawn said:
I'm so glad I didn't do this attempt yet. Just remembered I gave my backup phone away so I have nothing to fall back on if this fails. If no one tries this before I get it back I will try.
Click to expand...
Click to collapse
Please do report if you do this. Anyone else out there who is reading, we'd love to hear from you if you try this. While I hope you succeed, failure could well occur. Could you report what device you're thinking of trying this on?
There is a tool from Qualcomm which can allow you to write to the flash before the device boots. If your try fails, that tool could be used to write back what is "supposed" to be there and hopefully you won't have a complete brick. A simpler solution might be to use that tool to simply overwrite your device's bootloader with the H901 bootloader. Note there are 2 copies of the bootloader on the H962 and likely other devices and you'd need to get both. I imagine there are several, but here is one tool for extracting the KDZ files (my goal is to be able to construct modified KDZ files, but I haven't analyzed things enough yet, will likely take some time).
EDIT: What look to be the bootloader areas in the H901, H961N and H962 KDZ files appear to be at the same offsets and the same sizes. I cannot be certain, but this might very well be a workable strategy.
EDIT2: If someone does this, it may be helpful to know which H901BK firmware version you use. The known KDZ file is for 20c, so it may be handy to keep links to that. Once you've done the process, it would be helpful for you to dump copies of all the block devices on the phone. Knowing which one(s) have changed could lead us to how LG's bootloader marks a device as unlocked, leading to easier methods of unlocking (hmm, really need a binary diff utility).
emdroidle said:
Even though many of the pieces are the same, there could well be some fairly significant differences hardware-wise between the H901 and H961N. The two that I know are really close are the H961N (Hong Kong) and H962, if the kernel sources are identical then there isn't much difference between the two.
On the flip side though, there could be enough similarity to flash the H901's bootloader onto another device. The bootloader wouldn't need to worry about how any of the radio bits work, just avoid touching them.
Please do report if you do this. Anyone else out there who is reading, we'd love to hear from you if you try this. While I hope you succeed, failure could well occur. Could you report what device you're thinking of trying this on?
There is a tool from Qualcomm which can allow you to write to the flash before the device boots. If your try fails, that tool could be used to write back what is "supposed" to be there and hopefully you won't have a complete brick. A simpler solution might be to use that tool to simply overwrite your device's bootloader with the H901 bootloader. Note there are 2 copies of the bootloader on the H962 and likely other devices and you'd need to get both. I imagine there are several, but here is one tool for extracting the KDZ files (my goal is to be able to construct modified KDZ files, but I haven't analyzed things enough yet, will likely take some time).
EDIT: What look to be the bootloader areas in the H901, H961N and H962 KDZ files appear to be at the same offsets and the same sizes. I cannot be certain, but this might very well be a workable strategy.
EDIT2: If someone does this, it may be helpful to know which H901BK firmware version you use. The known KDZ file is for 20c, so it may be handy to keep links to that. Once you've done the process, it would be helpful for you to dump copies of all the block devices on the phone. Knowing which one(s) have changed could lead us to how LG's bootloader marks a device as unlocked, leading to easier methods of unlocking (hmm, really need a binary diff utility).
Click to expand...
Click to collapse
I think the only worry of trying this method is a complete hard brick. As you have mentioned, any qualcomm phone has a recovery mode and i guess it should be the "Qualcomm HS-USB QDLoader 9008" mode.
I have searched some information and turn out there are two 9008 mode. It depends on whether the phone messed with Qualcomm’s stuffs, if not, then the phone will enter the "new 9008 mode" and it can let you recover the phone easily by a backup emmc image. If it is, then the phone will enter the "old 9008 mode" and it required specific files and "programmer", however, file suitable for msm8992 hasn't been discovered. Therefore, if this method brick the phone into old 9008 mode, no solution at all.
The information i have refered to, don't know if it is correct:
http://www.droidsavvy.com/unbrick-qualcomm-mobiles/
EDIT: The ro.expect.recovery_id should be "0x9260d50f08bef4a761309001fe20e5ab59508e78000000000000000000000000" (if you try it, double check by yourself)
some people said that they bricked the phone because of typing it incorrectly, but i don't know whether it is true or not
I have asked the people who bricked their phones from trying this method. It seems that they really made a typo on ro.expect.recovery_id and cause brick.
Also, i am pretty sure that those phones have gotten into the "old 9008 mode", therefore, "rawprogram0.xml, patch0.xml and prog_emmc_firehose_8992.mbn" are required for using QPST the fix the hard brick.
However, no suitable prog_emmc_firehose_8992.mbn for V10 has been discovered on the internet (even for the G4).
Personally, I injected the H901 aboot into an H962 DZ and flashed it onto my device a few months ago.
Long story made short, it was completely bricked, even without 9008 mode. I recommend you guys to be cautious with this method.
Edit: As I can understand Chinese, I'm currently looking into the tutorial.
ivangundampc said:
I think the only worry of trying this method is a complete hard brick. As you have mentioned, any qualcomm phone has a recovery mode and i guess it should be the "Qualcomm HS-USB QDLoader 9008" mode.
I have searched some information and turn out there are two 9008 mode. It depends on whether the phone messed with Qualcomm’s stuffs, if not, then the phone will enter the "new 9008 mode" and it can let you recover the phone easily by a backup emmc image. If it is, then the phone will enter the "old 9008 mode" and it required specific files and "programmer", however, file suitable for msm8992 hasn't been discovered. Therefore, if this method brick the phone into old 9008 mode, no solution at all.
The information i have refered to, don't know if it is correct:
http://www.droidsavvy.com/unbrick-qualcomm-mobiles/
Click to expand...
Click to collapse
Useful, though I cannot speak to the reliability of that information. A different source has a tool they say comes from Qualcomm, which may be more reliable with newer devices. Please note, this is a source of claims, I don't know how reliable they are (they also don't provide much detail on the limits of the tool).
WillyPillow said:
Personally, I injected the H901 aboot into an H962 DZ and flashed it onto my device a few months ago.
Long story made short, it was completely bricked, even without 9008 mode. I recommend you guys to be cautious with this method.
Edit: As I can understand Chinese, I'm currently looking into the tutorial.
Click to expand...
Click to collapse
I look forward to more detail/reports from that tutorial. Exact details would be invaluable.
I hoped that would work, but I feared the above possibility. The problem is which portions of the flash image sign which other portions of the image, and how many different keys does LG use? Your observation seems to suggest either the key used for signing the H901 aboot was not honored by the rest of the H962 firmware, or the key used for signing the H962 kernel wasn't honored by the non-unlocked H901 aboot (or both).
If the former case, then which are the pieces prior to aboot and can only those pieces be transplanted from a H901 while still preserving the dual-SIM functionality of the H962 (and H961N)? If the latter case, then I suspect you merely need to run a H901 kernel long enough to unlock the bootloader, then you can put back the H962 kernel and run that with the unlocked bootloader.
The other question is, which portions of the data unlock the bootloader? Is it a small change to the aboot portion? Is it changes elsewhere? Can those changes be isolated from the rest of the H901 firmware?
Just in case you didn't notice, I've got lots of questions. I hope I can figure out answers to some, but others I may not be able to answer. I'm currently targeting the kdztools portion.
@emdroidle
TBH I don't see anything not mentioned already. Basically the process is just
Flash 5.1 rooted -> modify build.prop -> flash H901 KDZ
Personally, I'm not going to do more risky experiments since I already RMA'd my last hard brick
Also, you might want to use IDA to take a look at aboot, which is basically an ELF binary. I had been doing that, but stopped after the brick.
WillyPillow said:
@emdroidle
TBH I don't see anything not mentioned already. Basically the process is just
Flash 5.1 rooted -> modify build.prop -> flash H901 KDZ
Personally, I'm not going to do more risky experiments since I already RMA'd my last hard brick
Also, you might want to use IDA to take a look at aboot, which is basically an ELF binary. I had been doing that, but stopped after the brick.
Click to expand...
Click to collapse
I understand. You're in a better position since LG will honor the warranty on your H962. They're a bit tougher if you get one outside Taiwan.
I was fearing we would have to take that approach. Worse, it looks like the firmware updates change aboot, which suggests settling on one version and trying to crack that is best. I wanted to try Plasma, but IDA is likely far enough ahead to beat Plasma. I'm just glad IDA has a Linux version.
WillyPillow said:
Personally, I injected the H901 aboot into an H962 DZ and flashed it onto my device a few months ago.
Long story made short, it was completely bricked, even without 9008 mode. I recommend you guys to be cautious with this method.
Click to expand...
Click to collapse
After some thought, I realized I should ask for some detail about the failed process you used for this. Did you flash both the aboot and abootbak slices? (/dev/mmcblock0p9 and /dev/mmcblock0p15 if I recall correctly)
If you flashed only aboot and ended up bricked, this seems to suggest it did in fact successfully execute the H901BK aboot, but the aboot decided the signature on boot was incorrect and halted. In this scenario if the portion before aboot had decided aboot had a bad signature, then it should have restored abootbak, which likely would have successfully booted the H962 kernel.
If you flashed both aboot and abootbak, this suggests the portion before aboot decided aboot's signature was wrong and it halted there. This doesn't rule out it successfully executing aboot and aboot deciding boot had the wrong signature, but it makes that less likely.
Hate to say it, but flashing only aboot doesn't really give us much information on the likelihood of flashing a full H901BK image onto a H962 being successful or not. The problem is there could be signatures in many places and any one of those could fail yet reproducing the original scenario would work perfectly.
emdroidle said:
After some thought, I realized I should ask for some detail about the failed process you used for this. Did you flash both the aboot and abootbak slices? (/dev/mmcblock0p9 and /dev/mmcblock0p15 if I recall correctly)
If you flashed only aboot and ended up bricked, this seems to suggest it did in fact successfully execute the H901BK aboot, but the aboot decided the signature on boot was incorrect and halted. In this scenario if the portion before aboot had decided aboot had a bad signature, then it should have restored abootbak, which likely would have successfully booted the H962 kernel.
If you flashed both aboot and abootbak, this suggests the portion before aboot decided aboot's signature was wrong and it halted there. This doesn't rule out it successfully executing aboot and aboot deciding boot had the wrong signature, but it makes that less likely.
Hate to say it, but flashing only aboot doesn't really give us much information on the likelihood of flashing a full H901BK image onto a H962 being successful or not. The problem is there could be signatures in many places and any one of those could fail yet reproducing the original scenario would work perfectly.
Click to expand...
Click to collapse
Hmm, I've never thought this deep. I was just like "Sxxt, my phone bricked! Must be a bad signature somwhere..." and stopped messing around with it
To answer your question, I only flashed aboot, without anything else. And for the details of the brick, you can't even see the "powered by Android" bootloader screen. The device just viberates if you want to turn it on. The only way to make the screen display something is remove the battery and connect it to a computer, for which a "no battery" icon is showed. So my guess then was the aboot signature was invalidated. But now you reminded me the existance of abootbak...
I'll do some research and thinking right now
WillyPillow said:
Hmm, I've never thought this deep. I was just like "Sxxt, my phone bricked! Must be a bad signature somwhere..." and stopped messing around with it
To answer your question, I only flashed aboot, without anything else. And for the details of the brick, you can't even see the "powered by Android" bootloader screen. The device just viberates if you want to turn it on. The only way to make the screen display something is remove the battery and connect it to a computer, for which a "no battery" icon is showed. So my guess then was the aboot signature was invalidated. But now you reminded me the existance of abootbak...
I'll do some research and thinking right now
Click to expand...
Click to collapse
Well, i think that you have bricked your phone into the "Qualcomm HS-USB QDLoader 9008" mode
The phone should be able to fix if you can see "Qualcomm MMC Storage USB Device" in "Devices Manager" when the phone is connecting to the computer.
WillyPillow said:
Hmm, I've never thought this deep. I was just like "Sxxt, my phone bricked! Must be a bad signature somwhere..." and stopped messing around with it
Click to expand...
Click to collapse
I was thinking about it, since I would very much like to somehow unlock the bootloader. While this way may or may not be tweaked to work, it does sound plausible. Analyzing failures can be very valuable.
WillyPillow said:
To answer your question, I only flashed aboot, without anything else. And for the details of the brick, you can't even see the "powered by Android" bootloader screen. The device just viberates if you want to turn it on. The only way to make the screen display something is remove the battery and connect it to a computer, for which a "no battery" icon is showed. So my guess then was the aboot signature was invalidated. But now you reminded me the existance of abootbak...
Click to expand...
Click to collapse
So this may suggest aboot successfully executed, but found a mismatched signature and halted. At which point, flashing the H901BK aboot and boot may be enough to make this work. This may though also require the H901BK recovery image. I do not know where the unlock process actually does its magic, so part of it could be in recovery.
I'd love to hear if you can get it to be successful.
Two threads relevant to this topic have shown up.
First, apparently someone somehow managed to accidentally flash a H901 firmware onto a H960A. That person was looking for help with restoring their device, but it leaves me hopeful this method could in fact work on other devices. Most likely you'd end up with a mix of some portions of the flash being copied from a H901 and some from whatever your phone is normally supposed to run, but this does confirm it is possible to run H901 firmware on other devices.
Second, a method has been found to recover devices from Qualcomm 9008 mode. This is big news since it greatly lessens the danger of a bad flash. Problem is it requires root on the phone to generate the initial image, though I suspect the images produced by my kdztools may well work for the job too.
I very much want to unlock the bootloader of my device, so I'm still doing research trying to estimate how plausible this method is. At this point there are enough reports of wrong V10 device images not being fatal to other V10-type devices for me to consider this method "likely".
Examining KDZ files for several devices, there is quite a bit of overlap between device images. There are 9 slices though which seem to warrant special attention based upon them having backup copies. These are named "sbl1", "pmic", "hyp", "tz", "rpm", "aboot", "sdi", and "raw_resources".
My guess is install a H901 image, do `fastboot oem unlock` and then you can copy everything aside these slices from your original device. My concern is these may need to remain the H901 versions in order to remain unlocked (unless all V10 devices share the unlock method, which may or may not be the case).
It may also work to use my KDZ Tools to copy the PrimaryGPT and BackupGPT areas from the target device onto a H901 image, at which point the process could be done without even needing a factory reset!
I'm pretty sure "sbl1"/"sbl1bak" are the first-stage bootloader. All the others aside from "raw_resources" look to be ELF executables.
Open request to Qualcomm here, could you please make your chips either alternate between trying to boot off of "sbl1" and "sbl1bak" (a single MRAM or PCRAM cell should take too much space, should it?), or else make them randomly choose between booting off them upon power-on? Too often one or the other gets corrupted in such a way that booting fails, but either isn't so corrupt to trigger them to try the backup, or else the primary is so badly damaged it is unable to try the backup. Alternating (and passing to the Linux kernel which one it successfully booted off of!) would greatly increase the chances of successful recovery without specialized tools.
Wiki + Likelyhood evaluation
Having examined the situation enough, I'm pretty sure this method should work. Experimentation though is risky.
I'm now working on creating 2 software tools for this project. One is a simple tool to remark the device a KDZ is for. This is pretty simple and the reports are, once this is done LGUP will happily flash a KDZ onto other devices. The second goal is a tool for modifying the GPT afterwords. While the H901 has a GPT similar to other V10s, it isn't quite identical. Of major note, many other devices have a /cust partition which has some extra software.
These two tools may actually be unnecessary. My KDZ Tools expose all of the data in an inconvenient, but workable format. The KDZ Tools can also be used to replace the GPT for the H901 with a GPT from another device, and they also expose the areas which mark which device a KDZ is for. Problem with using the KDZ Tools for this is there is what looks to be an extra checksum, and I've got no idea whether it covers the GPT (I hope not, but...).
I'm now looking to create the above two tools on GitHub, the LGE Tools. Alas, what may be more valuable is the Wiki on GitHub. I've got speculative instructions a little ways from the top. Towards the bottom I've got a list of which areas you'd need to restore from your original device. I guess I'm a bit unsure of "persist", the content is identical for my device, but the differing timestamps might trigger a flag that something has happened.
Hopefully we can get some testers who can risk needing to RMA their devices (I hope they don't need to, but this IS risky).
emdroidle said:
Having examined the situation enough, I'm pretty sure this method should work. Experimentation though is risky.
I'm now working on creating 2 software tools for this project. One is a simple tool to remark the device a KDZ is for. This is pretty simple and the reports are, once this is done LGUP will happily flash a KDZ onto other devices. The second goal is a tool for modifying the GPT afterwords. While the H901 has a GPT similar to other V10s, it isn't quite identical. Of major note, many other devices have a /cust partition which has some extra software.
These two tools may actually be unnecessary. My KDZ Tools expose all of the data in an inconvenient, but workable format. The KDZ Tools can also be used to replace the GPT for the H901 with a GPT from another device, and they also expose the areas which mark which device a KDZ is for. Problem with using the KDZ Tools for this is there is what looks to be an extra checksum, and I've got no idea whether it covers the GPT (I hope not, but...).
I'm now looking to create the above two tools on GitHub, the LGE Tools. Alas, what may be more valuable is the Wiki on GitHub. I've got speculative instructions a little ways from the top. Towards the bottom I've got a list of which areas you'd need to restore from your original device. I guess I'm a bit unsure of "persist", the content is identical for my device, but the differing timestamps might trigger a flag that something has happened.
Hopefully we can get some testers who can risk needing to RMA their devices (I hope they don't need to, but this IS risky).
Click to expand...
Click to collapse
Wow, i am very surprised that you are still working on this method! You have really paid a lot of effort on it!
After taking a look on your works, i really think that this method may really works to help us to unlock the bootloader.
In fact, the T-Mobile variant of both G5 and V20 have bootloader unlocked and so other version of G5 and V20 may also be able to unlock their booloader through a method like this, therefore, I think we should be able to draw more attention (more devs?) on studying this method.
Disclaimer: By attempting any of the processes listed in this thread you accept full responsibility for your actions. I will not be held responsible if your device stops working, catches fire, or turns into a hipster and claims to have been modified before it was cool.
Hi everyone, similar to the previous threads for
OP3, OP3T, OP5, OP5T, OP6, OP6T, OP7, OP7PRO, regular OP7T, T-Mobile OP7T and regular OP7TPRO here are the EDL packages (also known as MSM tools or unbrick tools) that can revive a bricked OnePlus 7T Pro 5G McLaren bought from T-Mobile.
They can also be used to rollback your phone to a previous release of OOS if for some reason you want to go back to an older firmware
It will only work with 5G T-Mobile variant HD1925
You can download the following versions:
ANDROID 10:
10.0.13 HD61CB
10.0.16 HD61CB
10.0.19 HD61CB
10.0.27 HD61CB
10.0.34 HD61CB
10.0.35 HD61CB
10.0.36 HD61CB
10.0.39 HD61CB
10.0.40 HD61CB
10.0.41 HD61CB
10.0.42 HD61CB
Mirror for first and last MSMs: https://onepluscommunityserver.com/
ANDROID 11:
11.0.1.5 HD61CB
Mirror for first and last MSMs: https://onepluscommunityserver.com/
Instructions:
Launch MsmDownloadTool V4.0.exe.
Specific to 10.0.27 and up
On the login prompt select "Other" in the dropdown menu and click on Next.
Wait a few seconds until main window shows up.
Click on Target button and select T-MO if it hasn't been automatically.
Power your device off.
Maintain volume up and volume down keys to get into Qualcomm EDL mode.
Plug your device to your computer using stock OnePlus cable.
Click on Enum to be sure your device is detected and press Start.
Wait ~300 seconds.
Enjoy your brand new device.
FAQ:
Will this fix OTAs I couldn't receive after unlocking bootloader?
Yes. Mind it will however wipe all of your internal storage and relock bootloader automatically (but you shouldn't have to reapply for an unlock token if your bootloader was unlocked previously).
Does this work on Mac or on Linux?
Unfortunately no, tool is Windows only. You should need at least Windows 7.
Why is my antivirus freaking out when unzipping the archive or running the tool?
In an effort to protect reverse engineering from being done (and by extension prevent conversion process like it was done on 6T and 7Pro), OnePlus now use VM Protect V3 in their MSM tools. As this tries to detect debug environment, this is seen as malicious behaviour by some antivirus.
My device isn't detected when I click on "Enum" button
Go to device manager and make sure your phone shows up as QDLOADER 9008.
If it shows up as QHUSB_BULK, it means Qualcomm driver wasn't installed automatically by Windows Update. Download the latest one from Microsoft website at http://download.windowsupdate.com/c..._fba473728483260906ba044af3c063e309e6259d.cab (source https://www.catalog.update.microsof...updateid=8ee52ba0-bdef-4009-88cf-335a678dd67a ) and install it manually by right clicking on QHUSB_BULK and selecting "Update driver software" and "Browse my computer for driver software" to where you downloaded CAB file.
MSM tool is stuck on "Param pre-processing"
Ensure you're using the Qualcomm drivers linked above.
MSM tool is stuck on "Sahara communication failed"
Unplug your phone, get in fastboot mode, turn off phone, wait 15 secondes and get back in Qualcomm EDL mode. You can also try using a USB 2.0 port instead of a 3.0 one.
What is SMT Download mode?
Just don't try to unlock that mode, it will wipe your IMEI and your Widevine certificate if you use it.
How can I fix "SMT config not found" error?
Please refer to https://forum.xda-developers.com/showpost.php?p=83448961&postcount=61, all credits to @Shadow12347 for finding it out.
Credits:
@omariscal1019 for getting 10.0.27 version from OnePlus
@a63548 for getting 10.0.19 version from OnePlus
An anonymous user for unblocking situation with OnePlus CS (they kept sending package meant for 7T T-Mobile)
@jhofseth for decryption of 10.0.19 tool
@xian1243 and @omariscal1019 for testing 10.0.13 version, @twinnfamous for testing 10.0.13 and 10.0.16 versions, @ntzrmtthihu777 for testing 10.0.13 , 10.0.16 and 10.0.19 versions, @DanDroidOS for testing 10.0.19 version, and @me2151 for testing 11.0.1.5 version.
@Titokhan for being a friend and providing inspiration in writing
@headsh0t95 for being a friend and suggesting me to request an access to upload files on AndroidFileHost now one year ago for my previous threads
@AndroidFileHost for the hosting
OnePlus for the device and OS
Related: [HD1925] [OP7TPROTMO] reserve.img dumps OTA fixer from @ntzrmtthihu777 for folks that want to get OTAs if they unlock their phone after using MSM tool
Woooooo!!! Let's hope it's the real deal. Downloading now so I can root in a bit
It's real and was tested extensively. We also used them to complete our reserve.img collection.
Nice work! I refuse to go any further than bootloader unlocking until I had a tested MSM recovery. Can't tell you how many times those saved my butt with previous 1+ phones.
I apologise in advance, but I do not see a link for the msm tool to flash zips in this post ? Can someone please link a copy of the correct msm tool so we can download it, please and thank you if there is a adb command that I'd have to run instead of msm tool please help me by listing a small guide of how to do it thanks
Excuse my lack of knowledge on the subject. Is this what we've been waiting for? I'm guessing no or very little experimenting was being done because nobody wanted to destroy their phone. But if I understanding correctly this will work like the one for the 6T only difference is we can't flash a global firmware (for the moment) if you royally f**k up this will save you. With this tool it should make experimenting with the device a lot less of an issue?
Justingaribay7 said:
I apologise in advance, but I do not see a link for the msm tool to flash zips in this post ? Can someone please link a copy of the correct msm tool so we can download it, please and thank you if there is a adb command that I'd have to run instead of msm tool please help me by listing a small guide of how to do it thanks
Click to expand...
Click to collapse
There's a button that has them all listed. There's three versions.
Joe199799 said:
Excuse my lack of knowledge on the subject. Is this what we've been waiting for? I'm guessing no or very little experimenting was being done because nobody wanted to destroy their phone. But if I understanding correctly this will work like the one for the 6T only difference is we can't flash a global firmware (for the moment) if you royally f**k up this will save you. With this tool it should make experimenting with the device a lot less of an issue?
Click to expand...
Click to collapse
More or less, but there simply is no global firmware for us to
convert to for this device (they could create one, I suppose).
This tool will fix just about any sort of brick we may encounter
during normal experimentation.
ntzrmtthihu777 said:
There's a button that has them all listed. There's three versions.
More or less, but there simply is no global firmware for us to
convert to for this device (they could create one, I suppose).
This tool will fix just about any sort of brick we may encounter
during normal experimentation.
Click to expand...
Click to collapse
I guessing there's a strong possibility of a global conversion hindering 5G?
I'm just glad there's a tool available to people that want to modify their phones and don't end up with a 900$ paperweight in the event something goes wrong.
Damn, I can't believe I didn't even think about unzipping the whole file lol figured it was just the phone firmware on those links , because there was only software versions listed haha thanks for your help guys! figured it out, download whatever version you want to flash, unzip file accordingly, all the proper files you'll need will be in the extracted folder install directions above, thanks again!!!
You sir are a lifesaver! I was having too many issues with my phone after some of the tweaks, and was stuck on the .16 software version. Now I'm updated to .19 and ready to break the phone again!
One plus 7T 5G Mclaren pro T-Mobile
OMG, I just used this tool and it worked. I can't believe it. Thank you so much. I thought my device was toasted.
Any chance of updating the post to include the latest update 10.0.25?
adit07 said:
Any chance of updating the post to include the latest update 10.0.25?
Click to expand...
Click to collapse
Might happen, might not.
If it doesn't happen this however won't be an issue as you can rollback anyway by using.
Mind that I don't make these tools so don't have any control on how they could be updated
What if you connect your phone and it does not even show up as the bulk driver in device manager. I have literally bricked it to the point that only edl mode shows up. Can anyone please show me the light?
djohnson1618 said:
What if you connect your phone and it does not even show up as the bulk driver in device manager. I have literally bricked it to the point that only edl mode shows up. Can anyone please show me the light?
Click to expand...
Click to collapse
While booting up the phone hold I believe volume up and plug it in while doing that it should just remain on a black screen after that open msmtool and see if it's connected if it is then do what you would normally do for msmtool. It took me a couple of tries to get it to recognize with this phone compared to my 6T
Lost
Does anyone know what it should say once I press Enum
djohnson1618 said:
Does anyone know what it should say once I press Enum
Click to expand...
Click to collapse
Read the OP carefully.
So My One Plus One 7t Pro Mclaren edition (TMO) is bricked beyond belief. It only reboots into Fastboot mode. From CMD when ADB devices command is typed in it says no devices found. When I look in device manager when connected it says Android Bootloader Interface it does not show any of the drivers to update. I tried using MSM. My phone does not make a connection. Can anyone offer any assistance to help me get this phone back and working? Or am I just stuck with an expensive paperweight.
djohnson1618 said:
So My One Plus One 7t Pro Mclaren edition (TMO) is bricked beyond belief. It only reboots into Fastboot mode. From CMD when ADB devices command is typed in it says no devices found. When I look in device manager when connected it says Android Bootloader Interface it does not show any of the drivers to update. I tried using MSM. My phone does not make a connection. Can anyone offer any assistance to help me get this phone back and working? Or am I just stuck with an expensive paperweight.
Click to expand...
Click to collapse
As said in the OP, you need to turn your device off and enter in Qualcomm EDL mode.
Maintain power button until your device screen goes off, wait 20 seconds, maintain volume up and down keys, plug your device to your computer using OnePlus original cable and use MSM tool.
Please upload this tool if you have it so i can fix my phone .. at this point t-mobile, metro pcs and god knows what they all were able not only to fix their phone but install the unlocked rom without the bloatware .. Honestly i don't get why OP refuses to release this .. or maybe they have but its not posted here ..
So if you bought your phone from oneplus.com and have the unbricking tool .. please upload it or tell me how you managed to fix your phone
Contact OnePlus support, and request a remote session to repair your phone.
If they set one up, they'll send you a link to download the MSMDownload Tools ahead of time.
So far everyone with unlocked version has been told to mail their phone in, rather than doing the remote session. Once someone gets the remote session, they'll be able to upload the MSMDownload Tools.
edale1 said:
Contact OnePlus support, and request a remote session to repair your phone.
If they set one up, they'll send you a link to download the MSMDownload Tools ahead of time.
So far everyone with unlocked version has been told to mail their phone in, rather than doing the remote session. Once someone gets the remote session, they'll be able to upload the MSMDownload Tools.
Click to expand...
Click to collapse
already went thru that and instead of sending my phone in chose to wait for the tool.. looks like i made a huge mistake and now is too late to send it in ... but thanks for suggesting
Also waiting for an ops for the unlocked variant - I have a theory that converts between variants without unlocking BL, but without the ops it can't be verified.
I believe One Plus is not releasing their MSM tool specifically because it could be used to convert variants to unlocked / retail. They have refused multiple board members, myself included, to utilize the tool to remotely fix broken devices.
Dimitrimem, check the unbrick thread for my instructions on how to fix phones using fastboot and a super.img or fastbootd and the OTA.
Un-bricking my Nord N200
Don't ask me why, but I tried to upload a GSI using fastboot to my N200. And that didn't work. So I then read online about other people getting the same error I had, and their fix was deleting the "product" partition and erasing the system...
forum.xda-developers.com
oCAPTCHA said:
I believe One Plus is not releasing their MSM tool specifically because it could be used to convert variants to unlocked / retail. They have refused multiple board members, myself included, to utilize the tool to remotely fix broken devices.
Dimitrimem, check the unbrick thread for my instructions on how to fix phones using fastboot and a super.img or fastbootd and the OTA.
Un-bricking my Nord N200
Don't ask me why, but I tried to upload a GSI using fastboot to my N200. And that didn't work. So I then read online about other people getting the same error I had, and their fix was deleting the "product" partition and erasing the system...
forum.xda-developers.com
Click to expand...
Click to collapse
Bootloader is locked so fastboot is not an option ..
Do you have the unlock code bin file?
If so do the following, because booting in fastboot itself will give you an error saying you cannot unlock the bootloader, you most boot into recovery, fastboot is not recovery it's considered the master recovery Incase if the Android recovery fails or you flashed the wrong file to the wrong partition.
Winnower Amber said:
Do you have the unlock code bin file?
Click to expand...
Click to collapse
I don't
You'll need to give that information. Check the box, your serial number should be on it.
Does Android recovery work?
Winnower Amber said:
You'll need to give that information. Check the box, your serial number should be on it.
Click to expand...
Click to collapse
I threw the box away .. let me see if I can find it in my mail with oneplus
Winnower Amber said:
You'll need to give that information. Check the box, your serial number should be on it.
Click to expand...
Click to collapse
The only thing I have from my mail with oneplus is the IMEI number from the form they made me fill in for the remote session only that later on they told me they don't have the files(msm) for my phone
If IMEI and serial number are the same let me know and I'll post thst here
The most you could do is get the unlock code bin. Then wait 7 days for a reply, flash your device with the TMobile msm, and then follow the TMobile to oem, that should do it.
If you need to reach me for stuff like this, I am available on discord via the xda,
Winnower Amber said:
Does Android recovery work?
Click to expand...
Click to collapse
From the screen itself. No it boots back to the error .. but I was able to get into recovery by pressing volume up and down
Winnower Amber said:
The most you could do is get the unlock code bin. Then wait 7 days for a reply, flash your device with the TMobile msm, and then follow the TMobile to oem, that should do it.
Click to expand...
Click to collapse
I have the fully paid variant.. so I don't need the unlock code... That's t-mobile.. my bootloader is locked or OEM is locked
Your phone comes preloaded with an emergency boot chip called Qualcomm download mode. Use the TMobile msm tool to flash your device back to factory, then you can essentially do what you need. To get back to oem.
I keep forgetting to quote reply I hate this lol.
Winnower Amber said:
Your phone comes preloaded with an emergency boot chip called Qualcomm download mode. Use the TMobile msm tool to flash your device back to factory, then you can essentially do what you need. To get back to oem.
Click to expand...
Click to collapse
My phone does not work with the MSM tool for TMobile... already tried that ( others already tried it so I'm not alone)
Someone please point me in the right direction. Been years and years sine my last rooting. Back in the cyanogen mod days.
Root N10 using Magisk
Warning: I'm not responsible for any damage or bricked phones! Mirror for all OxygenOS images General Info: You need adb and fastboot installed and should know how to use it TWRP is not needed You must do this process only once...
forum.xda-developers.com
the difficult part is I believe the 2028 is T mobile variant so you have to have the device paid off in full and network unlocked either by t mobile or through your own devices. ( Someone from xda was actually able to unlock my first n10 remotely. he eve did it for free but donations accepted) Not quite sure on how to go about the other methods. I honestly just called t mobile customer service and online its rough but on the phone they unlocked my device without even asking question aside from what the imei was. Didnt even ask about the phones payment status... . wow I made that really long..... Then after you get that unlocked you habve to go ahead and unlock the bootloader which is another grueling 7-10 day wait.... After that flash the unlock.bin and THEN you can root. So its a process... Easy but you may have to spend a week or so to get there
This is just a PSA for anyone currently with T-Mobile, looking to upgrade or purchase from the carrier.
The T-Mobile exclusive model of the 10T 5G is CPH-2419 ... This is a T-Mobile model ONLY. It can be SIM unlocked through regular methods, ie. paying the full contract off, but that is ALL!
There is absolutely NO WAY to unlock the bootloader of this model, because FASTBOOT is completely disabled, and unable to be re-enabled through any method which is currently available!
This is a software level block, which is specific to this model number.
AFAIK the chipset, board, and all internals are the exact same in respect to the 2413 (india) , 2415 (global) , and 2417 (EU) variants , so there is a SLIM possibility that if you stay BELOW the current A.11 build, you MIGHT be able to force a sideways shift to one of the other regions listed above via the Local Update, and Oxygen Updater combination, but i cannot confirm this due to my accidental mistake of not blocking updates! Mine is now on A.11 which is not available in any other region as of yet on the Oxygen Updater.
I really dont know whether changing regions will actually bring back FASTBOOT or not, except that when attempting to reach FASTBOOT via ADB or other methods, there is a brief, 1 second delay that does indeed make the "Fastboot Mode" screen appear, right before it automatically kicks out and reboots into normal mode. But even then with FASTBOOT running on my pc, and <waiting for devices>, it does not make the connection during the sequence. So this may just be remnants of the bootloader screen!
Also FASTBOOTD does work, and you can send commands regularly via command line, or Fastboot Enhance in that mode, but unlocking, and oem commands either fail or report unrecognized.
ANYONE proficient with probing ADB, Fastbootd, or EDL modes would be highly appreciated, in investigating any possibilities to exploit this restriction, because as with ALL android OS devices, I am almost 100% sure there is a way to mitigate this block, and flash a STOCK payload from one of the other variants. But EVERY cph2419 no matter what build, is shipped with FASTBOOT disabled at the factory level. It is an OPPO block, and has nothing to do with T-mobile other than the fact that they are the ONLY carrier listed in this model's designation.
I had a feeling that this was coming. First it starts with T-Mobile variants and then it starts trickling out to everything else. Keep in mind that Oppo disables fastboot on their devices too. The MSM Tool being locked down behind a technician login was the first hint of what's to come.
EtherealRemnant said:
I had a feeling that this was coming. First it starts with T-Mobile variants and then it starts trickling out to everything else. Keep in mind that Oppo disables fastboot on their devices too. The MSM Tool being locked down behind a technician login was the first hint of what's to come.
Click to expand...
Click to collapse
Yup man... see i never read much into the OPPO acquisition of OnePlus, or i would have researched affected devices further. But in all honesty i wouldn't have suspected that a phone such as the 10 series, which is reportedly going to be on all the major carriers in the next 3-4 months, would take such a drastic step BACKWARDS like this! One plus has ALWAYS been known as "Developer Friendly", and rivaled the Google Pixel series in ease of unlocking bootloader, and rooting! But even stranger is how for so long back in the early days of android, devices were model specific to each carrier, (samsung s2, 3, 4... Moto Z... etc.) then the manufacturers wised up and went to universal hardware that was only sim locked, and could be bought outright unlocked. THEN COMES THIS LEFT TURN, in OnePlus taking a flagship device, and going back to Carrier specific models!
Finally the MOST SHOCKING notion comes with the realization that (for a fee) you can get your Samsung devices bootloader unlocked, (s10 and newer, possibly others thru same service) but this OPPO/Oneplus trainwreck looks to be the possible path coming for even more models like you said!
I just dont understand the war on unlockable bootloaders?! Especially Oneplus... they had the PERFECT system in place. (US models) You had to PHYSICALLY submit a Bootloader Unlock request... Acknowledge that you are aware that you are giving up warranty... wait a week (buyers remorse)... Then if still committed, you have to flash the unlock token. Why go all DICTATOR on us and start moving the devices STILL BRANDED with OnePlus, to a locked down format? Maybe 3 in 10 customers unlock & mod their phones! It takes MORE effort to disable functions and remove them, while at the same time alienating those 3 in 10 thus ensuring LESS SALES!! I fail to understand the logic. I just pray someone always keeps probing these A-hole companies products, for vulnerabilities and exploits that circumvent all their overbearing attempts to control what we can do with OUR devices!
<rant... sorry, this crap just makes my blood boil. cuz i DID demo the 10T at a T-mobile store and they had CPH-2417 models as demo, which were fine. Come to find out that they always planned on only SHIPPING or SELLING these 2419 models to the public!>
beatbreakee said:
Yup man... see i never read much into the OPPO acquisition of OnePlus, or i would have researched affected devices further. But in all honesty i wouldn't have suspected that a phone such as the 10 series, which is reportedly going to be on all the major carriers in the next 3-4 months, would take such a drastic step BACKWARDS like this! One plus has ALWAYS been known as "Developer Friendly", and rivaled the Google Pixel series in ease of unlocking bootloader, and rooting! But even stranger is how for so long back in the early days of android, devices were model specific to each carrier, (samsung s2, 3, 4... Moto Z... etc.) then the manufacturers wised up and went to universal hardware that was only sim locked, and could be bought outright unlocked. THEN COMES THIS LEFT TURN, in OnePlus taking a flagship device, and going back to Carrier specific models!
Finally the MOST SHOCKING notion comes with the realization that (for a fee) you can get your Samsung devices bootloader unlocked, (s10 and newer, possibly others thru same service) but this OPPO/Oneplus trainwreck looks to be the possible path coming for even more models like you said!
I just dont understand the war on unlockable bootloaders?! Especially Oneplus... they had the PERFECT system in place. (US models) You had to PHYSICALLY submit a Bootloader Unlock request... Acknowledge that you are aware that you are giving up warranty... wait a week (buyers remorse)... Then if still committed, you have to flash the unlock token. Why go all DICTATOR on us and start moving the devices STILL BRANDED with OnePlus, to a locked down format? Maybe 3 in 10 customers unlock & mod their phones! It takes MORE effort to disable functions and remove them, while at the same time alienating those 3 in 10 thus ensuring LESS SALES!! I fail to understand the logic. I just pray someone always keeps probing these A-hole companies products, for vulnerabilities and exploits that circumvent all their overbearing attempts to control what we can do with OUR devices!
<rant... sorry, this crap just makes my blood boil. cuz i DID demo the 10T at a T-mobile store and they had CPH-2417 models as demo, which were fine. Come to find out that they always planned on only SHIPPING or SELLING these 2419 models to the public!>
Click to expand...
Click to collapse
I saw the writing on the wall after following the 10 Pro forum once I got my OnePlus 9 so I jumped ship to the Pixel 7 Pro. It's not a perfect device but man it's so much smoother than my 9 ever was. The only real complaint I have is the battery takes too long to charge and the fingerprint sensor is more finicky than the one on my OP9 but it's so nice not having lag everywhere and buggy software plus they're easy to root and keep rooted with the PixelFlasher tool.
As for the lockdown, it's probably T-Mobile that wanted it. People always bought the T-Mobile variants because they sell cheaper than the other ones and then they would convert them to global/EU firmware. What we really need is an end to carriers dictating what a phone manufacturer can and can't do with their product but Apple was the only one who ever successfully strong-armed a carrier (all of them basically in the end since they still don't allow bloatware on the phones). That said, Oppo probably doesn't have any complaints about being forced to disable this as it results in less technical support calls for them when people can't muck their devices up anymore. There were a ton of people bricking their OP9 and OP9P devices and those are just the ones that found their way to XDA to try to get help. I bet that a good chunk of their warranty repairs are from people modding their phones. In fact my OP9 almost became one of them until I got stubborn and sat down and figured out how to mod the MSM Tool myself.
Yeah, this is a bummer. Thanks for sharing! I almost never buy through a carrier anymore. My last oneplus was the 8T and it was a t-mobile variant, it was quite the mess to have to get it unlocked due to the person I bought it from not paying their bill...I got it all sorted out....my bad not double checking, but I got it for a sweet deal.
If Samsungs are easier to unlock the bootloader for their new phones, that changes my buying decisions.
I wonder if you could do the local update to the EU or India beta, then do the rollback to android 12 from a different region, India or EU. Does the local update across regions even work if your bootloader is locked?
maamdroid said:
Yeah, this is a bummer. Thanks for sharing! I almost never buy through a carrier anymore. My last oneplus was the 8T and it was a t-mobile variant, it was quite the mess to have to get it unlocked due to the person I bought it from not paying their bill...I got it all sorted out....my bad not double checking, but I got it for a sweet deal.
If Samsungs are easier to unlock the bootloader for their new phones, that changes my buying decisions.
I wonder if you could do the local update to the EU or India beta, then do the rollback to android 12 from a different region, India or EU. Does the local update across regions even work if your bootloader is locked?
Click to expand...
Click to collapse
ok, that i cannot confirm. YET... I screwed up and forgot to disable Auto Updates in the developer menu, and 1 reboot later, put me on the A.11 build for the OS. All the current OTA, and BETA in the Oxygen Updater, are A.10, and ive tried using the local update apk, but it fails stating something along the lines of, "The version you are trying to flash, is older than the current on im on, so to prevent boot problems, we wont allow you to continue"... I know those werent the actual words, but im sure you know what im talking about. So until the India, EU, or NA builds move up to A.11, I am in limbo! ... I have 3 days to request a RMA from Tmobile, if im gonna return it, and if i cannot circumvent this crap then i definitely aint about to get stuck with it for 2 years! Even if its only costing me $13 a month. I just cant accept a device that has actively removed THE VERY THING that i bought a OnePlus to do!
I am HOPING, i get lucky and an update drops, but my luck says it wont.
But to answer your question, YES... I would believe that you can do the Local update and shift sideways to Global or another region. MY plan was to try moving to ANY other region period, which will forcefully change the model number of the device as well... THEN use that regions Rollback Package, cuz it wipes everything and does a complete downgrade to reinstall. My logic is that IF i can update to say the India, or EU Android 13 Beta with the A.11 kernel, then the partitions are gonna change right? so in theory IT SHOULD flash all the CPH2413 or 2415 partitions, and files respectively. Now im sure that alone wont bring back FB because updates dont usually wipe all data! .... BUUUUUT .... once on that Model, then using the Rollback package WILL fully wipe the data and system so that it can format and place the partitions correctly for Android 12! And THAT is where i think my best opportunity to regain Fastboot will come from! Cuz my phone will be formatted as an Unlockable model number, and the rollback packages are supposed to be a Full Stock Rom, so naturally all the partitions and stock components would be installed as well, & the phone wont KNOW it was a 2419 so whatever was done (if only at software level) to disable FB wont be scripted to disable it on the new region.
Again this is only theory, but it sounds logical... unless someone familiar with OPPO can confirm that they use some hardware method of removing fastboot. But so far i have found a couple older OPPO discussions that at least cited exploits that were found in their respectively Locked devices, which they all had leveraged to get FULL ROOT, and subsequently flash different portions of other builds to their device. Personally, If I can have a full Magisk root, I am 100% content with JUST THAT! I lived with MANY a Samsung that had locked bootloaders, but had Root, and i can make that sacrifice!
Hopefully an update drops in time so i can try!
You would need to try the downgrade package.
https://oxygenos.oneplus.net/4248_sign_CPH2415_11_A_OTA_0080_all_44864f_10100111.zip
I would be surprised if it works but it is worth a shot with the APK.
That's the global/US package.
beatbreakee said:
ok, that i cannot confirm. YET... I screwed up and forgot to disable Auto Updates in the developer menu, and 1 reboot later, put me on the A.11 build for the OS. All the current OTA, and BETA in the Oxygen Updater, are A.10, and ive tried using the local update apk, but it fails stating something along the lines of, "The version you are trying to flash, is older than the current on im on, so to prevent boot problems, we wont allow you to continue"... I know those werent the actual words, but im sure you know what im talking about. So until the India, EU, or NA builds move up to A.11, I am in limbo! ... I have 3 days to request a RMA from Tmobile, if im gonna return it, and if i cannot circumvent
Click to expand...
Click to collapse
Yeah, give the beta a try and then rollback.
@beatbreakee Looks like India .12 full update is available in oxygen updater! Hopefully this works for yah.
EtherealRemnant said:
You would need to try the downgrade package.
https://oxygenos.oneplus.net/4248_sign_CPH2415_11_A_OTA_0080_all_44864f_10100111.zip
I would be surprised if it works but it is worth a shot with the APK.
That's the global/US package.
Click to expand...
Click to collapse
Global and US versions are different. That zip is for EU/Global, not US/NA, it says so right in the file name.
CPH2415 is EU/Global
CPH2417 is US/North America
That being said there is actually a member on the forums here that was able to flash that CPH2415 zip on a CPH2417 (US) phone without issue apparently. Flash at your own risk.
Edit:
This information I posted is not completely correct. Check the post after this one for more information regarding the versions.
Jager said:
Global and US versions are different. That zip is for EU/Global, not US/NA, it says so right in the file name.
CPH2415 is EU/Global
CPH2417 is US/North America
That being said there is actually a member on the forums here that was able to flash that CPH2415 zip on a CPH2417 (US) phone without issue apparently. Flash at your own risk.
Click to expand...
Click to collapse
OnePlus is ridiculous. Why the heck did they feel the need to change this? On the 9 series and 10 Pro, xxx0 was China, xxx1 was India, xxx3 was EU, xxx5 was global (which was US), xxx7 was T-Mobile.
Anyway, EU firmware has always worked fine on global variants, no doubt it's the same situation here.
Was about to post this and went to look but ummm... Actually, OnePlus themselves have listed it like this.
Want to go back to Android 12? Download the Rollback package from the links below:
OnePlus 10T (IN)
OnePlus 10T (EU)
OnePlus 10T (GLO)
OnePlus Community
Introducing our new OnePlus Community experience, with a completely revamped structure, built from the ground-up.
community.oneplus.com
GLO file name is 2415 as well. The one I linked was the same one llinked here, the difference on the EU one is the beginning and end of the file name are different.
EU - https://oxygenos.oneplus.net/4189_sign_CPH2415_11_A_OTA_0080_all_44864f_01000100.zip
GLO - https://oxygenos.oneplus.net/4248_sign_CPH2415_11_A_OTA_0080_all_44864f_10100111.zip
Looks like they're basically the same firmware.
EtherealRemnant said:
OnePlus is ridiculous. Why the heck did they feel the need to change this? On the 9 series and 10 Pro, xxx0 was China, xxx1 was India, xxx3 was EU, xxx5 was global (which was US), xxx7 was T-Mobile.
Anyway, EU firmware has always worked fine on global variants, no doubt it's the same situation here.
Was about to post this and went to look but ummm... Actually, OnePlus themselves have listed it like this.
Want to go back to Android 12? Download the Rollback package from the links below:
OnePlus 10T (IN)
OnePlus 10T (EU)
OnePlus 10T (GLO)
OnePlus Community
Introducing our new OnePlus Community experience, with a completely revamped structure, built from the ground-up.
community.oneplus.com
GLO file name is 2415 as well. The one I linked was the same one llinked here, the difference on the EU one is the beginning and end of the file name are different.
EU - https://oxygenos.oneplus.net/4189_sign_CPH2415_11_A_OTA_0080_all_44864f_01000100.zip
GLO - https://oxygenos.oneplus.net/4248_sign_CPH2415_11_A_OTA_0080_all_44864f_10100111.zip
Looks like they're basically the same firmware.
Click to expand...
Click to collapse
That's a lot more information than I had. Thank you for sharing! It's been confusing since I got the phone at the start of September coming from the 6T and 5T previously.
Thank you for the links as well, I have always been looking for this information regarding the difference in versions. I will be saving this for reference.
This definitely makes it clearer than what I was trying to explain in my previous post.
I'm one that flashed from Global to India. Then I flashed India to Android 13. Then I did rollback to India 12. And now I did India to EU android 12 .a10.
My bootloader is unlocked though.
I didn't know Global beta is out now. I'll flash to that now!!
So I was just in the 10 Pro section and I would be very cautious trying the downgrade package conversion. There have been a few bricks and a few successes converting T-Mobile to another variant and without an MSM Tool to use, I don't know that I would risk a $650 paperweight.
@beatbreakee This guy has the 2017 version and tried flashing the IN version. There aren't a whole lot of details, but whatever he did caused a softbrick. I posted for a little more details on it, but he might be able to provide some more info around this.
@jmayfield337
Full update from Global to EU?
I'm rooted and bootloader unlocked. There isn't a full update for . 08 yet. Could I use the EU full update and do local install or will that mess my current stuff up?
forum.xda-developers.com
EtherealRemnant said:
You would need to try the downgrade package.
https://oxygenos.oneplus.net/4248_sign_CPH2415_11_A_OTA_0080_all_44864f_10100111.zip
I would be surprised if it works but it is worth a shot with the APK.
That's the global/US package.
Click to expand...
Click to collapse
So sorry for the delay... But yes your rollback package worked in getting me off the T-Mobile 2419 , and now I'm on the 2415. A.08 (yay . KINDA...)
Unfortunately this did not have the intended outcome. I mean yes the phone works properly and all... But I'm sure you knew that fastboot did not come back. (Wouldn't be that easy huh?).
Now, here's the next phase.... After repeatedly beating on OP via their chat, and yelling at person after person, I got one of them to slip up and let a few MINOR things leak verbally.
(Bear with me cuz I might be stating something that might be slightly off from him... I could tell English wasn't his 1st language... Or even 2nd)
"Sir what you are requesting is a file authorization to unlock the bootloader on your device, correct" --- OP
"No, because even if I HAD a special file, I would not be able to flash it, because I have NO fastboot mode accessible on my phone. YOU removed or disabled it yourselves!" ---- Me
"Ok after reviewing your previous words sent, I think I know what it is you seek. There is a program called MSM, do you know of, yes?"-OP
"YES I know exactly of that, and you guys made it password restricted so I cannot log in to get what I need, so is it possible you can refer me to get an access account for the tool?"-Me
"Unfortunately sir that is department not of ours, but I will forward your request to them for email response by 24hrs."-OP
"Ok... So what then, you or them will get back to me with info on how to get an account?" -Me
"Well it yes, sir I do not know if that is how they resolve, or maybe they just give you factory fastboot ROM which can be use with the updater application, for local flash. It is my knowledge that other devices we have sold have had this ROM load special fastboot to allow unlock/lock/flash/wipe commands to be sent from your PC, but it was special tool for devices that not have it already!" - OP ...
BINGO!!
I'll spare you the rest of the chat, but of course no one has contacted me....
SOOO... here's my thoughts...
1. This phone is like Samsung in that there is NOT a permanent bootloader lock, and instead there's just a custom ROM (like the old "Combination FW" that restores permissions for higher level functions aka 'Fastboot ROM"
2. This ROM could TECHNICALLY be created or the fastboot portion extracted from another one that already is out for one of these older devices, and we swap it into one of these rollback packages, cuz I did edit the payload properties file to test if simple changes can be made and it still flash... (Answer : yes... It worked!)
3. One of you GURUs who have found TEMP ROOT access on so many other 'unrootable' devices, discover a way in to these, in which we can access the partition where the bootloader exists, and turn it back on with a hex edit, or flip it to UNLOCKED, then I can use Qfil or an EDL prog to flash custom recovery!?!
The reason I say turn it back on is because I am fairly confident it is still functional, primarily because it shows for a half a second, then reboots back into normal mode if 'adb reboot bootloader' is used. How can it be GONE, If the OS still recognizes it. (This suggests there's a script or init command being triggered once that command is sent, and it forces reboot before fastboot can connect to your PC! ... There is still a splash screen triggered from the command... AND all the updates and rollback packages are using something other than EDL to flash all the partitions as .img files, cuz EDL can't communicate with a device while running, but those packages loaded via local update are prepped while running, and processed only by a reboot, which almost confirms that it's fastboot being used. Fastbootd will not process ANY img files, but it does recognize every reg fastboot command!
(Sorry again for long post but I figured detail is needed to solve this.)
I have 48 hours to completely brick this device and still return it, so I am up for ANY actions that you all might suggest, with no regrets! If I get it AT LEAST rooted, I'll take it! Or if we get fastboot enabled again even better. I will monitor this thread for your replies.
Thanks for all input!
EtherealRemnant said:
So I was just in the 10 Pro section and I would be very cautious trying the downgrade package conversion. There have been a few bricks and a few successes converting T-Mobile to another variant and without an MSM Tool to use, I don't know that I would risk a $650 paperweight.
Click to expand...
Click to collapse
Ok... I KINDA followed part of what they did in the 10pro forums.. opening the zip 1st, I edited 1 line:. "Oplus_update_engine_verify_disable=1" it WAS 0 which I understand had something to do with it verifying something on either the device or in the package to be identical before allowing.
Using a 1 disabled that verification. Now whoever tries this MUST be patient! When you start this via local updater app, you need to be above 40% , AND it will look like it is frozen and not processing at 0% for close to 5 min ... Then it will just start ticking off about 1% every 15-30sec til it gets to 60-70... Then it is about 2 percent per 15 sec... Finally when it hits 99% it will again look like it's stuck, but just wait, cuz it will hit 100% about 3-4 min later.
Whole process went seamlessly smooth! I advise not doing ANYTHING on your device while running. But I successfully went from Android 12.1 A.11 to Android 12.0 A.08 2419 to 2015.
Don't know if it matters but I did enable OEM unlocking in dev options 1st. And it persisted thru the whole wipe/flash process.!
Don't know if this means anything...
Congrats on a successful conversion. Sucks that it's still walled off still but I can't say I'm surprised.
@beatbreakee
Dude I just want to thank you for all you hard work into this.
I have a T-Mobile OP10T and was so disappointed to find out there was no way to unlock bl/no root.
So when i found this thread, there is no hope. Now because of you, there's a chance.
Thanks
I would assume it's best not applying any updates if iv just got the phone? If my plan is somehow getting away from T-Mobile software. Right?