I did something silly and now my phone is in Qualcom dowoad mode.
I believe this is called a hard brick.
I believe I can flash firmware using the QPST tool ... does anybody have any images in hex that can be used in the tool?
Thanks
Carl.
No. You need JTAG ..
SaHiLzZ said:
No. You need JTAG ..
Click to expand...
Click to collapse
Do you know this for a FACT (experience) or are you speaking with read knowledge from the forum?
I don't mean to offend you BUT it has to be possible to rip the images required from the phone itself.
Qualcomm is used in lot of newer Samsung HTC and other devices. Look up any other device to find your answer.
SaHiLzZ said:
Qualcomm is used in lot of newer Samsung HTC and other devices. Look up any other device to find your answer.
Click to expand...
Click to collapse
I did look around the other forums, it seems to me that it can be done. It hasn't yet been done, that doesn't mean it can't.
I posted here to see if somebody had the images.
carlsanderson1986 said:
I believe I can flash firmware using the QPST tool ... does anybody have any images in hex that can be used in the tool?
Click to expand...
Click to collapse
Are you s-off? I don't think qpst will help if s-on, although I see an SB3.0 tab in latest qpst which may be of interest.
Here is latest QPST (2.7.402) I could find: http://forum.xda-developers.com/showthread.php?t=2020275
I would like to figure this out as well. I suspect it must be possible, since I don't think HTC would have planned to open the One for JTAG.
Here is some info on the xml formatting: http://forum.xda-developers.com/showthread.php?t=2208289
Still need to figure out which data/partitions to extract from healthy htc one to create mbn files (bin files).
Here is a thread with some qpst discussion related to htc one: http://forum.xda-developers.com/showthread.php?t=2467960
Research...
I've been researching... If there's a dev who already knows this stuff and can help out, would be much appreciated.
Here are my findings so far:
http://forum.xda-developers.com/showthread.php?t=1914359 <-- very interesting journey by dev, trying to unbrick galaxy note one with qpst
http://forum.xda-developers.com/showthread.php?t=2208289
http://forum.xda-developers.com/showthread.php?t=2136738
#Tool called MiFlash, taiwanese "brush" method for low level resetting devices
#uses qualcomm serial drivers/apis, looks similar to what qpst does
#the files provided for use with MiFlash can be used as examples for qpst
#perhaps the tool itself can be repurposed?
http://tw.miui.com/thread-3230-1-1.html <--translate with google
http://en.miui.com/thread-1885-1-1.html
http://en.miui.com/thread-1689-1-1.html
http://en.miui.com/download-111.html
http://xiaomi.eu/community/threads/guide-flashing-rom-using-miflash.19287/
#Random QPST usage information
http://www.anyclub.org/2012/05/how-to-generate-8660msimagembn.html
http://www.anyclub.org/2012/04/how-to-build-emmc-flash-programmer.html
http://blog.csdn.net/su_ky/article/details/7773273
https://github.com/jcsullins/qdloader/blob/master/qdload.pl
Been reading a few things about unbricking S3 and qualcomm based devices.. Some interesting read here: http://forum.xda-developers.com/showthread.php?t=2345860
HTC One Bootloader: http://forum.xda-developers.com/showthread.php?p=45402164#post45402164
HTC EVO Unbricking project: http://forum.xda-developers.com/showthread.php?t=1948485
These are just morsels of information I have collected but in theory: If you can get a working Hboot (or ENG Hboot?) on an sdcard and get the phone to read it your phone should boot back up. Assuming your device was S-OFF before any of this happened.
Let me know if any of this makes sense..
Dears
My phone have bricked and just is in qdloader 9008.the nexus 6 unbrick project does not work on it.
Phone model is MOTO X PRO XT1115
Also I find a working one of this phone.it is for my friend.is there any solution to backup from it and restore to this one in qdloader mode?Also I have its rom and all files just i don`t know how to use them.
p.m.6 said:
Dears
My phone have bricked and just is in qdloader 9008.the nexus 6 unbrick project does not work on it.
Phone model is MOTO X PRO XT1115
Also I find a working one of this phone.it is for my friend.is there any solution to backup from it and restore to this one in qdloader mode?Also I have its rom and all files just i don`t know how to use them.
Click to expand...
Click to collapse
Maybe there is some usefull info here for you http://forum.xda-developers.com/nexus-6/general/img-retcn-xt1115-motoxpro-lxg22-67-7-t3076881/page3. BTW why did you buy a Chinese device anyway?
I have checked all threads but did not help.I need many files to unbrick(programmer**.mbn and singleimage.bin or rawprogram0.xml patch0.xml)or any solution to how taking these files backup from another phone and restore bricked one.
p.m.6 said:
I have checked all threads but did not help.I need many files to unbrick(programmer**.mbn and singleimage.bin or rawprogram0.xml patch0.xml)or any solution to how taking these files backup from another phone and restore bricked one.
Click to expand...
Click to collapse
Don`t use Nexus 6 files (any variant) or you`ll brick your phone, i suggest looking on Chinese forums for more info/help.
I am here because I did not use them yet and trying to find a solution.
I am not chinese how can i search??
p.m.6 said:
I am here because I did not use them yet and trying to find a solution.
I am not chinese how can i search??
Click to expand...
Click to collapse
Use Google Translate and searching on baidu.com may get you more info.
Nothing found. just this that I can not understand it (m.blog.csdn.net/blog/ziyouwa/16331545) If someone have more information about this please help me.
p.m.6 said:
Nothing found. just this that I can not understand it (m.blog.csdn.net/blog/ziyouwa/16331545) If someone have more information about this please help me.
Click to expand...
Click to collapse
I think I can help. Can you take a screenshot of the device in Device Manager?
Thank you very much ,,Yes I can but not now,,,tommorow i will send the pic.it is qdloader 9008 in device manager.no bootloader no screen just qdloader 9008
Can you make a bootable USB Ubuntu stick? We can try flashing the partitions (I have them for the XT1115) there.
You could also hold off on that for a bit and I'll see if I can compile MotoFlasher for you.
yes I have already ubuntu bootable disc,will be greatfull if you could tell me what to do
@p.m.6 Can we use a different communication system? XDA is not the place for this type of walkthrough (I will post a complete one once we're done). I have sent you a PM.
That is ok my friend,waiting for your reply.(in private)
unbrick motorola moto x pro (xt1115)
p.m.6 said:
That is ok my friend,waiting for your reply.(in private)
Click to expand...
Click to collapse
i have the same problem, please any help would be appreciated
Hi,
My wife bought a Desire 626 from a shady looking shop (dual sim, 2 gb ram, imie search returns the model OPLQ110, possibly qualcomm chipset because I have tried the solve for mediatek chipset, and the flash tool said wrong chipset); it had android 4.4. My wife promptly rooted it using kingroot and despite my warning, went on to update it over wifi (that's how she rolls ) . Now the phone is stuck on the htc welcome screen and entering the recovery (version 3.x) shows a 'no command' error. No hardware info, model no, chipset, processor info can be found (not on the box, or on the phone).
I have searched in the threads and find brick solutions for 626g & 626s, but they didn't work on this one.
Any idea what am I suppose to do. Any solve is appreciated.
i think ur phone is using mediatek
alvi.mahmud said:
Hi,
My wife bought a Desire 626 from a shady looking shop (dual sim, 2 gb ram, imie search returns the model OPLQ110, possibly qualcomm chipset because I have tried the solve for mediatek chipset, and the flash tool said wrong chipset); it had android 4.4. My wife promptly rooted it using kingroot and despite my warning, went on to update it over wifi (that's how she rolls ) . Now the phone is stuck on the htc welcome screen and entering the recovery (version 3.x) shows a 'no command' error. No hardware info, model no, chipset, processor info can be found (not on the box, or on the phone).
I have searched in the threads and find brick solutions for 626g & 626s, but they didn't work on this one.
Any idea what am I suppose to do. Any solve is appreciated.
Click to expand...
Click to collapse
Just try download firmware from http://easy-firmware. com/index.php?a=browse&b=category&id=690 and flash vai sp flash tool, hope this will work but it may delete ur imei, backup if possible
Safayetul said:
Just try download firmware from http://easy-firmware. com/index.php?a=browse&b=category&id=690 and flash vai sp flash tool, hope this will work but it may delete ur imei, backup if possible
Click to expand...
Click to collapse
Tried a few, nothing worked.
Hey guys,
Some guy posted a way to unlock any g8 bootloader via v50s engineering bootloader on sone chinese website. I dont know if im allowed to link it but its via qfil. I dont own a g8 right now but if anyone wants to try it i guess you could message me. Again this is via 9008 mode via qfil and flashing the abl partitions as well as the xbl partitions.
Awesomeslayerg said:
Hey guys,
Some guy posted a way to unlock any g8 bootloader via v50s engineering bootloader on sone chinese website. I dont know if im allowed to link it but its via qfil. I dont own a g8 right now but if anyone wants to try it i guess you could message me. Again this is via 9008 mode via qfil and flashing the abl partitions as well as the xbl partitions.
Click to expand...
Click to collapse
Can you post the link? I have done a lot of research on this and talked to the guy from China who sells all the hardware modded phones on taobao, and he and others have all confirmed that the bbs.gfan guides only work on this hw modded phones. I am fairly confident that the firehose used in this guide will be the xiamo 855 one which will not work on a normal g8
antintin said:
Can you post the link? I have done a lot of research on this and talked to the guy from China who sells all the hardware modded phones on taobao, and he and others have all confirmed that the bbs.gfan guides only work on this hw modded phones. I am fairly confident that the firehose used in this guide will be the xiamo 855 one which will not work on a normal g8
Click to expand...
Click to collapse
If youre willing to test and try it
https://bbs.lge.fun/thread-110.htm
That wouldnt make any sense. They all just want to make money thats what people will tell you thats itd impossible. Xsavi for the g7 also confirmed for the firehose for that g7 with that chipset would work.
Awesomeslayerg said:
If youre willing to test and try it
https://bbs.lge.fun/thread-110.htm
That wouldnt make any sense. They all just want to make money thats what people will tell you thats itd impossible. Xsavi for the g7 also confirmed for the firehose for that g7 with that chipset would work.
Click to expand...
Click to collapse
It does make a lot of sense... LG put soc protections while xiamo not as much, and the xiaomi firehose will work with a "stock" sdm 855 soc. The 845 firehose for the g7 has been leaked, so that works. I've personally made accounts and gotten the firehose from a number of posts and it's the xiaomi one
antintin said:
It does make a lot of sense... LG put soc protections while xiamo not as much, and the xiaomi firehose will work with a "stock" sdm 855 soc. The 845 firehose for the g7 has been leaked, so that works. I've personally made accounts and gotten the firehose from a number of posts and it's the xiaomi one
Click to expand...
Click to collapse
You could at least try putting it in qfil mode and try opening the partition mamager with it to check and maybe read the data from it.
antintin said:
It does make a lot of sense... LG put soc protections while xiamo not as much, and the xiaomi firehose will work with a "stock" sdm 855 soc. The 845 firehose for the g7 has been leaked, so that works. I've personally made accounts and gotten the firehose from a number of posts and it's the xiaomi one
Click to expand...
Click to collapse
Xiaomi has the same protection
The HW modded ones are just changed SoCs, switching from LG one to a Xiaomi one. Xiaomi releases their firehose for every phone they release.
Firehose/9008 mode are manufacturer dependant (could even me made model dependant). The code for the 9008 is in the SoC directly (not on some flash memory around...), and every manufacturer basically gets an encryption code for a certain SoC, and that one is used for the Sahara Procotol (9008 mode), and the corresponding firehose has the same code in it, so they can communicate.
Switch SoC with a different manufacturer -> Use their firehose.
Xiaomi ones are just easily available i guess in china (as they sit at the source), and freely available firehose -> even better.
Awesomeslayerg said:
If youre willing to test and try it
https://bbs.lge.fun/thread-110.htm
That wouldnt make any sense. They all just want to make money thats what people will tell you thats itd impossible. Xsavi for the g7 also confirmed for the firehose for that g7 with that chipset would work.
Click to expand...
Click to collapse
The "firehose for the g7" is a firehose for ALL LG (and only LG) SD845 devices, G7, V35 and V40. It wont work for a Oneplus, or a Xiaomi or so.
But yeah, they all want to make money, thats why firehoses usually arent freely available, otherwise they couldnt sell their services
There exists a firehose for LG SD855 devices... and a few people have it already, but why give it out for free, when you can make tons of money with it (especially when they very likely had to pay a ton of money to get it in the first place).
SGCMarkus said:
Xiaomi has the same protection
The HW modded ones are just changed SoCs, switching from LG one to a Xiaomi one. Xiaomi releases their firehose for every phone they release.
Firehose/9008 mode are manufacturer dependant (could even me made model dependant). The code for the 9008 is in the SoC directly (not on some flash memory around...), and every manufacturer basically gets an encryption code for a certain SoC, and that one is used for the Sahara Procotol (9008 mode), and the corresponding firehose has the same code in it, so they can communicate.
Switch SoC with a different manufacturer -> Use their firehose.
Xiaomi ones are just easily available i guess in china (as they sit at the source), and freely available firehose -> even better.
The "firehose for the g7" is a firehose for ALL LG (and only LG) SD845 devices, G7, V35 and V40. It wont work for a Oneplus, or a Xiaomi or so.
But yeah, they all want to make money, thats why firehoses usually arent freely available, otherwise they couldnt sell their services
There exists a firehose for LG SD855 devices... and a few people have it already, but why give it out for free, when you can make tons of money with it (especially when they very likely had to pay a ton of money to get it in the first place).
Click to expand...
Click to collapse
I googled aroumd for hw modded lg g8 and i couldnt find them. Im gonna buy a us model soon to try it out.
Awesomeslayerg said:
I googled aroumd for hw modded lg g8 and i couldnt find them. Im gonna buy a us model soon to try it out.
Click to expand...
Click to collapse
Yeah because they are only on taobao and Chinese sites. Also Google translate calls it "hard solution" instead of hardware modded btw. You can just look up LG g8 root taobao and you'll find them
Awesomeslayerg said:
I googled aroumd for hw modded lg g8 and i couldnt find them. Im gonna buy a us model soon to try it out.
Click to expand...
Click to collapse
Dude look... See the screenshot? That is the firehose link from that website and its this same link we've seen before, and it's THE XIAOMI FIREHOSE
I tried that firehose a few weeks ago with G8. Does not connect with qfil or octopus jtag.
zeek6228 said:
I tried that firehose a few weeks ago with G8. Does not connect with qfil or octopus jtag.
Click to expand...
Click to collapse
Were you the one who tried to cross flash with octoplus box? Has anything else happened with that
antintin said:
Were you the one who tried to cross flash with octoplus box? Has anything else happened with that
Click to expand...
Click to collapse
Yes I tried to crossflash G8 with octopus. It gives IMPL error. You still have download mode but no kdz for Sprint/AT&T. All of these can be sent back to LG for warranty, it is no big deal.
zeek6228 said:
Yes I tried to crossflash G8 with octopus. It gives IMPL error. You still have download mode but no kdz for Sprint/AT&T. All of these can be sent back to LG for warranty, it is no big deal.
Click to expand...
Click to collapse
Do you have any info about when the firehose will be added to octopus
@antintin
https://mega.nz/file/k4p0VSxQ#ejn3vqW12ivdLhLuT8DjfWRLE4KiUc6AAPc7_QlMFt0
Reuploaded SDM 855 firehose file from the LGE fun thread, managed to create a baidu account last night and get it downloaded.
edit:
Reuploaded the QPST file linked on the LGE.fun thread as well here:
https://mega.nz/file/Uw5SwChQ#g7jz3ma2vxVDZQ_UcFN59vycFvukpOfq_dCFUiGYVR4
ABL and XBL files as well: https://mega.nz/file/plYglChY#-DRLO0ZouCxtOP2ZanRrnE2R7pMjmANgYMheRk3BEHc
VOLTE files: https://mega.nz/file/BkxzELaD#kILReW8bPuYb17bSDn29TewQCa93YzNiQtK0au3S2Xg
jazir said:
@antintin
https://mega.nz/file/k4p0VSxQ#ejn3vqW12ivdLhLuT8DjfWRLE4KiUc6AAPc7_QlMFt0
Reuploaded SDM 855 firehose file from the LGE fun thread, managed to create a baidu account last night and get it downloaded.
edit:
Reuploaded the QPST file linked on the LGE.fun thread as well here:
https://mega.nz/file/Uw5SwChQ#g7jz3ma2vxVDZQ_UcFN59vycFvukpOfq_dCFUiGYVR4
ABL and XBL files as well: https://mega.nz/file/plYglChY#-DRLO0ZouCxtOP2ZanRrnE2R7pMjmANgYMheRk3BEHc
VOLTE files: https://mega.nz/file/BkxzELaD#kILReW8bPuYb17bSDn29TewQCa93YzNiQtK0au3S2Xg
Click to expand...
Click to collapse
We've had those files for a while they aren't really of use to us
For those not following the other threads, I'm cross posting , its not directly for bootloader unlocking but if the exploit is transferable, it's a promising first step.
If there was ever a time to stop OTA updating, now is it!
For those not already following, check out:
https://forum.xda-developers.com/v50-thinq/development/lg-v50-temp-root-exploit-via-cve-2020-t4098077
Basically they've figured out a way to get temp root on the Lg V50 which may lead to bootloader unlocking and permanent root.
One caveat, this exploit is likely patched in newer OTA updates of Android 10 (need March or older) and the exploit has to be changed for each firmware version. Not a big deal for those that have public KDZs but for Sprint devices hopefully the images are similar enough that the required addresses are the same across the variants. Here's hoping (I've got two Sprint devices).
Thanks to antintin as their rollback guide will become crucial for many:
https://forum.xda-developers.com/lg-g8/how-to/people-trying-beta-want-to-revert-t4011925
kevin_bouchard said:
For those not following the other threads, I'm cross posting , its not directly for bootloader unlocking but if the exploit is transferable, it's a promising first step.
If there was ever a time to stop OTA updating, now is it!
For those not already following, check out:
https://forum.xda-developers.com/v5...g-v50-temp-root-exploit-via-cve-2020-t4098077
Basically they've figured out a way to get temp root on the Lg V50 which may lead to bootloader unlocking and permanent root.
One caveat, this exploit is likely patched in newer OTA updates of Android 10 (need March or older) and the exploit has to be changed for each firmware version. Not a big deal for those that have public KDZs but for Sprint devices hopefully the images are similar enough that the required addresses are the same across the variants. Here's hoping (I've got two Sprint devices).
Thanks to antintin as their rollback guide will become crucial for many:
https://forum.xda-developers.com/lg-g8/how-to/people-trying-beta-want-to-revert-t4011925
Click to expand...
Click to collapse
We're not sure about bl unlock yet because one user with the Korean v50 tried to dd flash the abl, xbl, and xbl config, and the command went through successfully, but the files didn't stay after reboot. Maybe there's a way around this, but who knows.
antintin said:
We're not sure about bl unlock yet because one user with the Korean v50 tried to dd flash the abl, xbl, and xbl config, and the command went through successfully, but the files didn't stay after reboot. Maybe there's a way around this, but who knows.
Click to expand...
Click to collapse
I have some insight on the issue of the files not staying. It has to do with the partition size differences of the engineering abl bootloader and the phone's original bootloader. The original abl partition on the actual UFS chip is about 1-2 MB in size, when the engineering image is only about 300 KB. When writing the partition through dd or Octoplus Box, it is only written to the start of the partition. The issue is that it is not written properly and the system believes it is corrupt due to a size mismatch (the disk tells us the partition is 300 KB, while the GPT table tells us it's 2 MB). For instance, this is an issue also encountered when flashing a system image in TWRP (uses dd method) that is not exactly the size of the target partition (writing a 5 GB image to a 64 GB disk). The solution is to write the disk partitions from fastboot, since it automatically resizes the disk image to fit onto a larger disk partition. Unfortunately in this case, we do not have fastboot to do this. A workaround is to write the abl partition onto the laf partition (download mode), and then enter download mode which will enter into fastboot mode as normal. Another solution could be to resize the abl partition to fit before writing it, but I am unaware of how to do this. Also, using an alternative Linux utility instead of dd could solve this issue...