Database Develop

How To Unbricked A Hard Bricked Phone [ Moto X ]

How To UnBrick A Hard Bricked Moto X​
Hii , First of all I wanna thanks to this awesome scrpit by @s5610 who brought my phone from dead to alive , I think i am the first guy to unbricked the hardbricked phone using this script lol , My phone was hardbricked because i was testing my kernel and entered wrong path in partition due to which i got hard bricked i was worried for my phone , Service Center was asking for 7k in Indian Rupees , i was hopeless then i gave a try to this method , followed all steps written here and then finally i entered to fastboot menu of 30.B7 Kitkat As i was using 30.B7 Bootloader earlier and then i flashed My gpt.bin and S-partition and flashed my stock rom voilla !! and my phone booted the aim was to share this post was this method was on page 42 and only less guys have seen this post , so i created a new thread regarding this
All Credits Goes to - @s5610​
s5610 said:
Unbricking Guide for any Moto X Gen 1 (wire trick)​
Download, and unpack supplied zip to any disk, C: or D:, in root folder. Install driver by launching Qusb.drv.inst.msi, then open Windows' Device Manager, and see if you got "Qualcomm HS-USB QDLoader 9008" device (it is "QHSUSB_DLOAD" without driver installed) located in "COM & LPT ports" section.
If yes, you see it, go to software part below. If it's not there, a full disassemble of the phone is needed to get close to back side of motherboard (google for "iFixit Teardown Moto X Guide" for step-by-step instruction).
So, when you are inside, disconnect the battery first. No need to pull it out, it's glued. Now get to back side of motherboard, and very very gently gain access to the lower left corner of ARM+DRAM shield (see picture). I've done it with Stanley knife. Also you can use miniature nippers - but very carefuly! Once you get access to inner space of shield, use tiny wire to short special pin to the ground (see picture), then connect USB cable, and in the moment when you see "QHSUSB_DLOAD" device (or "Qualcomm HS-USB QDLoader 9008" if driver is installed) pop out in Windows' Device Manager, quickly remove the wire. The goal is to have "Qualcomm HS-USB QDLoader 9008" in "COM & LPT ports" section of Device Manager. If it is achieved, we are done with hardware, and move on to soft part.
Now software part. Go to unzipped C:\Python27 folder, launch bat-file, and wait until finish:
RUN_blank_bootloader_flash.bat
(if you got error like "No data read from USB..." etc, just skip to next step)
Next launch either
- .Boot_KK_4.4.2_B4.exe,
or .Boot_KK_4.4.4_B7.exe,
or .Boot_LP_5.0.2_BC.exe,
or .Boot_LP_5.1.0_BD.exe,
or .Boot_LP_5.1.0_BE.exe
- depends on Android version your phone has last time. If you don't know what you need, begin with first one.
Wait 10 seconds, then launch next bat-file, and wait until finish:
RUN_moto_x_bootloader_flash.bat
Phone should go into fastboot mode! If it doesn't, repeat previous step trying higher version. But don't try to flash BC, BD, and BE, if you didn't install Lollipop on this phone!
OK. Disconnect the USB cable, connect the battery, connect again USB cable (fastboot don't work, if don't see battery). Launch next bat-file:
RUN_gpt.bin_flash.bat
The phone will get in fastboot, ready to be flashed by appropriate firmware. If it is official RSD (SBF), delete from xml strings consisting gpt.bin and motoboot.img for safe flashing.
...
Download link: http://www.mediafire.com/download/3e38rr3wy28s071/Moto.X.Unbrick.zip
This guide was brought to you by s5610
Links that this guide is based on (where I took files and general idea):
http://forum.xda-developers.com/droid-ultra/general/droid-ultra-maxx-brick-recovery-t2830806
http://forum.xda-developers.com/mot...-moto-x-t2629057[/url[/QUOTE][/QUOTE][/QUOTE]
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Click to expand...
Click to collapse

Not sure if additional thread is necessary )
UPDATED
The best resurrection method for Moto X is here.

Can Someone re-upload that file? Thanx!

Please upload the mediafire link...
Plz plz.. I have bricked my phone. It seems that this procedure will work for me. Please upload and save my life.

even i have bricked my moto x...need a working download link..please.

https://drive.google.com/file/d/0B3EDzuzDCakzdWxHa2RWVDJhRXc/view?usp=sharing

Cannot install qsub.drv.inst.msi on my windows 10...says failed to attribute and failed to delete qcusbser.sys.

Thanks

Can we write the full firmware through Qload 9008 mode ???

HI I have a question. I bricked my gf's phone while trying to unlock the bootloader and I am not able to turn the phone on. Only positive feedback is that when I plug it in to the computer, I can hear a notification on my computer. I followed your guide. I can see the "Qualcomm HS-USB QDLoader 9008" device (it is "QHSUSB_DLOAD" without driver installed) located in "COM & LPT ports" section.
Then I followed your software instructions. When I run the RUN_blank_bootloader_flash.bat, I get the following
Code:
Starting qflash!
Executing command qflash.exe -com3 -ramload MPRG8960.hex -mbn 33 MSM8960_bootloa
der_singleimage.bin -v -o
Motorola qflash Utility version 1.3
qflash - com3 is an invalid port
Invalid COM port enteredBlank flashing successful
Device will now enumerate in fastboot mode
Then, I followed the rest of the instructions by trying each .Boot .exe and waitng 10 seconds and finally with RUN_moto_x_bootloader_flash
but I am getting the following error.
Code:
C:\Users\cxx\Desktop\Python27>python qdload.py MPRG8960.bin -ptf _boot\partiti
ons.txt -pt
QDLoad utility version 1.2 (c) VBlack 2014
Found TTY port: com3
Traceback (most recent call last):
File "qdload.py", line 815, in <module>
main()
File "qdload.py", line 762, in main
tty = openTTY(args.ttyPort)
File "qdload.py", line 174, in openTTY
tty = serial.Serial(port=tty_path, baudrate=115200)
File "C:\Python27\lib\site-packages\serial\serialwin32.py", line 38, in __init
__
SerialBase.__init__(self, *args, **kwargs)
File "C:\Python27\lib\site-packages\serial\serialutil.py", line 282, in __init
__
self.open()
File "C:\Python27\lib\site-packages\serial\serialwin32.py", line 66, in open
raise SerialException("could not open port %r: %r" % (self.portstr, ctypes.W
inError()))
serial.serialutil.SerialException: could not open port 'com3': WindowsError(2, '
The system cannot find the file specified.')
C:\Users\cxx\Desktop\Python27>pause
Press any key to continue . . .
please help.
Thanks.

Device Shows As USB Input
Hey all,
I'm having trouble getting my Windows 7 machine to recognize my XT862 as a QHSUSB device. Windows does recognize it, just as a "USB Input Device" -- very generic, I know -- so I don't think I have to do any motherboard hacks (and I sure hope not!). However, as it won't let me update the driver either, so I can't do anything. Also, when I plug it into my Mac, it does pop up as a Qualcomm Composite Device. Since something's obviously still ticking, where did I go wrong?
Thanks

shengslogar said:
Hey all,
I'm having trouble getting my Windows 7 machine to recognize my XT862 as a QHSUSB device. Windows does recognize it, just as a "USB Input Device" -- very generic, I know -- so I don't think I have to do any motherboard hacks (and I sure hope not!). However, as it won't let me update the driver either, so I can't do anything. Also, when I plug it into my Mac, it does pop up as a Qualcomm Composite Device. Since something's obviously still ticking, where did I go wrong?
Thanks
Click to expand...
Click to collapse
Put it on a charger for 5-6 hrs and see if that will help.I had this same problem but on a Moto G and charging it up helped.

liveroy said:
Put it on a charger for 5-6 hrs and see if that will help.I had this same problem but on a Moto G and charging it up helped.
Click to expand...
Click to collapse
Will do! I think I did try charging it awhile ago, but I'll give it another shot.

can my phone be unbricked?? here is the error log:
RAMLOADER VERSION: PBL_DloadVER2.0
------------------------------------------------------
DEVICE INFORMATION:
------------------------------------------------------
Version : 0x8
Min Version : 0x1
Max Write Size: 0x600
Model : 0x90
Device Size : 0
Description : Intel 28F400BX-TL or Intel 28F400BV-TL
------------------------------------------------------
Using passed in packet size, changing from 0x600 -> 0x600
EXTENDED_LINEAR_ADDRESS_REC @ 0x2a000000
Write 65536 bytes @ 0x2a000000
100EXTENDED_LINEAR_ADDRESS_REC @ 0x2a010000
Write 11840 bytes @ 0x2a010000
100START_LINEAR_ADDRESS_REC @ 0x2a000000
EOF_REC
Sleeping for 3s
sdl_hello() - Invalid response: 7e030003331b7e
sdl_hello() - This is a NAK response from ROM code, which means the device has
een reset back to blank flash mode. Usually this is caused by power supply issu
s. Please try again with battery eliminator if it persists
Unexpected target reset, bailing out after 2 retries

I am trying to install the drivers and it will show up as qhsusb_dload for about 5 seconds then reverts back to Relink HS USB QDloader 9008. Should i try the wire trick? It will say that the Qhsusb drivers are installed but always changes.

[HOW TO] Root Remix Mini

Hi all,
I have been going on xdadevelopers a lot and have received so much helpful information. Now, I decided to give in my contribution to the forum. This is my first tutorial so there might be some mistakes...please be easy on me.
The reason I write this tutorial is because I have not found a good one yet on the internet. Although this thread "Just rooted my remix mini" provided some information, but I feel like a more detailed tutorial would be appropriate. So here we go!
Success screenshot:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Credits: all credits goes to these two links and authors:
http://forum.xda-developers.com/remix/remix-mini/rooted-remix-mini-t3311736
http://23pin.logdown.com/posts/435610-root-remix-mini
Requirements:
- Difficult level: Medium
- Tools:
+ Small screw driver
+ Scissors
+ A USB flash drive.
+ Thin metal wire.
+ Serial Converter (I bought on Amazon.com)
- Software:
+ Appropriate driver for the serial converter. Mine is CP2102 driver. Download here. If your serial converter use PL2303 then download this driver. You can google for your specific driver as well.
+ CoolTerm. Download here
+ SuperSU. Download here
- A lot of patience.
Steps:
1. As you can see, I stripped the wire and cut it in small pieces. As long as it is metal wire, that's okay.
2. Open up the Remix Mini with a screw driver.
2a. Flip it up side down, and rip the rubber ring out. It's okay, it will still adhere to the case afterward. Once you ripped it out, you will see two screws holding the remix mini. Proceed unscrew them and gently take the case apart.
2b. Gently take the case apart:
3. Connecting the serial converter to the board.
3a. Plug the 3 metal wires into RX, TX, and GND cable endings of the serial converter.
3b. Connect the other ends of 3 mental wires into RX, TX, and GND of the board.
3c. Make sure connection as such: RX to TX, TX to RX, and GND to GND. This part took me a lot of patience because the wires kept falling off. So please try to keep them in place.
4. Install appropriate serial converter driver.
5. Plug the serial converter into PC.
6. Extract and open CoolTerm.
6a. Click Options -> Serial Port -> Hit "Re-Scan Serial Ports" so it detects the appropriate port for serial converter. Mine is COM3.
- To find out, go to Device Manager -> Ports
6b. Select the right port. Then change the setting as in the picture:
Baudrate: 115200
Data Bits: 8
Parity: None
Stop Bits: 1
Click to expand...
Click to collapse
6c. Go to tab Terminal -> Select Line Mode.
6d. Hit OK.
7. Power Remix mini up (make sure this happens or you will get serial 103 or 104 error code)
8. Hit Connect button in CoolTerm.
8a. If you have done everything correctly until here, texts will appear in CoolTerm as your Remix Mini booting up.
8b. The texts will keep flowing up. Wait until you only see CPU readings. Then proceed to next step.
9. Download the UPDATE-SuperSU-v2.46.zip file. (Please double check the zip's file name. In my case, I am using SuperSU version 2.46)
9a. Copy UPDATE-SuperSU-v2.46.zip file onto flash drive.
9b. Extract the downloaded "UPDATE-SuperSU-v2.46.zip", from the extracted, go to META-INF/com/google/android/update-binary, copy "update-binary" file onto flash drive.
9c. Make sure you have 2 files, UPDATE-SuperSU-v2.46.zip AND update-binary, on the flash drive.
9d. Plug the flash drive to Remix Mini.
10. Commands: (copy each line and paste into CoolTerm)
Code:
/dev/tty.usbserial 115200
mount -o rw,remount /
mount -o rw,remount /system
mkdir /tmp
cd /system/bin
ln -s busybox-smp unzip
cd /data/local/tmp
cp /mnt/usbhost/Storage01/UPDATE-SuperSU-v2.46.zip /data/local/tmp [COLOR="Red"]<- Double check zip's file name and try Storage02 if Storage01 does not work because it depends on which usb port you plug the flash drive in. [/COLOR]
cp /mnt/usbhost/Storage01/update-binary /data/local/tmp
cd /data/local/tmp
sh update-binary 0 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip
reboot
11. Success. :victory::good:
11a. Wait for Remix Mini booting up, optimizing app..and DONE! CONGRATS! You have now voided your Remix Mini's warranty and cannot receive OTA system update anymore.
I have not figured out how to update manually but please hit me up if anyone knows how.
11b. Download Root checker to verify.
GOOD LUCK!!!!!! :good:

I'm gonna wait for an easier way..

This has got to be a joke.

Bro, have you tried kingroot, I'm not crazy about it but it works 99℅of the time
Sent from my LG-D415 using Tapatalk

No it is not a joke, no it will not get easier. Jide made it clear they will not support rooting. The amount of support available is minimal so this is the way. Difficult not if you have done stuff like this before ( FTA satellite. Etc.) kingoroot and all other software has been proven NOT to work. Hardware hacking is the only way so far.
Note: first boot takes longer than factory. Be patient. Jide will know it has been hacked so no support for updates but the opportunity to customize was worth it for me.

robot_head said:
Bro, have you tried kingroot, I'm not crazy about it but it works 99℅of the time
Sent from my LG-D415 using Tapatalk
Click to expand...
Click to collapse
I tried everything..even Baidu Root...nothing works...I am happy that I can do so many things with the Remix Mini now...rooting it was a genius decision lol

Major kudos, this is a true root method for all the hardware hackers out there. You've never truly "hacked" until you've tapped into a UART console. Very exciting!

So when I try this the remix mini just sits at the splash screen and coolterm just keeps saysing
Code:
/dev/block/mmcblk0p12fs_mgr: exec: pid 1667 exited with return code 1: Unknown error 256fs_mgr: begin to format ext4 buffer : /dev/block/mmcblk0p12fs_mgr: finish format to ext4:
while counting up on the pid number. Any idea why that might be?

bullet25 said:
So when I try this the remix mini just sits at the splash screen and coolterm just keeps saysing
Code:
/dev/block/mmcblk0p12fs_mgr: exec: pid 1667 exited with return code 1: Unknown error 256fs_mgr: begin to format ext4 buffer : /dev/block/mmcblk0p12fs_mgr: finish format to ext4:
while counting up on the pid number. Any idea why that might be?
Click to expand...
Click to collapse
I have not seen that before. May I ask at which step that this occurred? This looked like the device was formatting ext4 itself...it's weird.. can you double check and try everything again carefully?

unloseking2500 said:
I have not seen that before. May I ask at which step that this occurred? This looked like the device was formatting ext4 itself...it's weird.. can you double check and try everything again carefully?
Click to expand...
Click to collapse
I happens at step 8. I think the mini might actually be dead because even closed up it doesn't boot.

Sounds like a software issue. Someone else had a recovery partitionfrom Jide search maybe they could upload it.

bullet25 said:
I happens at step 8. I think the mini might actually be dead because even closed up it doesn't boot.
Click to expand...
Click to collapse
Interesting...yeah, try oncouch1's method..try to recover from a partition..see if it helps?!

oncouch1 said:
No it is not a joke, no it will not get easier. Jide made it clear they will not support rooting. The amount of support available is minimal so this is the way. Difficult not if you have done stuff like this before ( FTA satellite. Etc.) kingoroot and all other software has been proven NOT to work. Hardware hacking is the only way so far..
Click to expand...
Click to collapse
I also believe so. Grats on your success tho.
I have a question:-
I have a Tronsmart Vega S95 Telos with Remix OS firmware (Amlogic S905/Mali-450mp5/2 Gb Samsung DDR3/16 Gb Samsung KLMAG2WEMB-B031 eMMC/Realtek RTL8211F Ethernet/Ampak AP6335 Wifi+BT 4.0/Genesis GL850G USB 2.0 hub/JMicron JM20329 USB 2.0 to SATA bridge).
I opened up the TV box and saw the pin holes for PL2303 interface. I tried connect my PL2303 cable with its driver on Mac OS. The connection was succesful, I saw the response in my terminal in the form of message feed. But, I can't go any further. I'm still new to PL2303 use and I don't know how to go from the message feed to issue some commands. Then I see your thread and I think now I got some hope.
My question (again) is:- Do you think I can use your method to root my Tronsmart S95 Telos (with Remix OS flashed and working)?
Many thanks in advance.
PS. Here is the link to a photo of the S95 Telos board showing the PL2303 interface. The photo is not mine. I linked it from a guy tutoring the teardown, but my board looks exactly the same.
(I'm a new XDA user so I can't attach a photo from outside link, sorry for inconvenience)
www,cnx-software.com/wp-content/uploads/2015/12/Tronsmart_Vega_S95_Telos_Board_Large,jpg

Yoswin said:
I also believe so. Grats on your success tho.
I have a question:-
I have a Tronsmart Vega S95 Telos with Remix OS firmware (Amlogic S905/Mali-450mp5/2 Gb Samsung DDR3/16 Gb Samsung KLMAG2WEMB-B031 eMMC/Realtek RTL8211F Ethernet/Ampak AP6335 Wifi+BT 4.0/Genesis GL850G USB 2.0 hub/JMicron JM20329 USB 2.0 to SATA bridge).
I opened up the TV box and saw the pin holes for PL2303 interface. I tried connect my PL2303 cable with its driver on Mac OS. The connection was succesful, I saw the response in my terminal in the form of message feed. But, I can't go any further. I'm still new to PL2303 use and I don't know how to go from the message feed to issue some commands. Then I see your thread and I think now I got some hope.
My question (again) is:- Do you think I can use your method to root my Tronsmart S95 Telos (with Remix OS flashed and working)?
Many thanks in advance.
PS. Here is the link to a photo of the S95 Telos board showing the PL2303 interface. The photo is not mine. I linked it from a guy tutoring the teardown, but my board looks exactly the same.
(I'm a new XDA user so I can't attach a photo from outside link, sorry for inconvenience)
www,cnx-software.com/wp-content/uploads/2015/12/Tronsmart_Vega_S95_Telos_Board_Large,jpg
Click to expand...
Click to collapse
Hi honestly I had never heard of your box. I am not sure if you can use the same software etc. If you could communicate with the box you should be able to hack it. That being said depending on cost you may want to leave it to someone with experience! Remix was 50 bucks so no big risk for me.

...
oncouch1 said:
Hi honestly I had never heard of your box. I am not sure if you can use the same software etc. If you could communicate with the box you should be able to hack it. That being said depending on cost you may want to leave it to someone with experience! Remix was 50 bucks so no big risk for me.
Click to expand...
Click to collapse
Thanks for reply. I don't think the method can hard brick my device any way. The box itself can be flashed via a PC program made by CPU manufacturer (Amlogic here) and I have both stock firmware and Remix OS firmware images. So I think it's gonna worth a try. Thanks any way for your comment.

Keep us posted, may need one of those!?

Okay got my remix replaced. New remix updated to latest update then did root. It started boot looping. Had to run these commands in coolterm turing a boot loop.
Code:
mount -o rw,remount /system
dd of=/dev/block/by-name/system if=/data/local/tmp/system_image
Don't know if that was the latest update to cause that or what but its all working now. Also was able to easily install the google play services again and get playstore.
Of course I once again broke the power button because that wire is hanging on by a thread.

Apologies for the noob question but what does a root on the Remix Mini allow someone to do with regards to OS options and what are the other advantages?

vinicioh23 said:
I'm gonna wait for an easier way..
Click to expand...
Click to collapse
Please see this: https://secure.avaaz.org/en/petitio...tters_Users_need_root_access_to_remix_mini_1/

Just wanted to give a thanks it worked perfect for me...Just want to add that if you happen to use a built in serial port on an older pc or laptop don't forget to put a ttl converter on your port, or your console screen will be garbage printing out

Mi 9T Pro - Hardbricked & Needing Help

Hello XDA Community,
As a preface, I'm an idiot. I figured I could dabble around with different ROM's and through all of my insightful wisdom appear to have hard-bricked my phone in the process. As seen via the attached photos I at one point was able to boot my phone into Fastboot > TWRP > Flash Rom > Off to the races.
Now the phone will not boot period. When plugged into an outlet the blue indicator atop the camera doesn't even blink a blue color. Moreover, when plugged into my PC it is not found via my PC "Devices & Drives" folder. However, when I open the MiFlash tool the phone reflects as "COM3" whereas before it would show what I assume to be the unique ID for the phone.
I came across another thread titled "[EDL Flash] How to fix your hard brick [Mi 9T Pro/K20 Pro]" but even here it mentions the phone booting and displaying some type of error message.
Anyhow, this is a long shot but figured I'd give it a go and see what comes of it.
Thanks for any insight and for simply taking the time to read my post.
Image of MiFlash reflect COM3:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Update 1 - I've tried to flash a ROM and get error message: "Object reference not set to an instance of an object". Here:

RealSykes said:
Hello XDA Community,
As a preface, I'm an idiot. I figured I could dabble around with different ROM's and through all of my insightful wisdom appear to have hard-bricked my phone in the process. As seen via the attached photos I at one point was able to boot my phone into Fastboot > TWRP > Flash Rom > Off to the races.
Now the phone will not boot period. When plugged into an outlet the blue indicator atop the camera doesn't even blink a blue color. Moreover, when plugged into my PC it is not found via my PC "Devices & Drives" folder. However, when I open the MiFlash tool the phone reflects as "COM3" whereas before it would show what I assume to be the unique ID for the phone.
I came across another thread titled "[EDL Flash] How to fix your hard brick [Mi 9T Pro/K20 Pro]" but even here it mentions the phone booting and displaying some type of error message.
Anyhow, this is a long shot but figured I'd give it a go and see what comes of it.
Thanks for any insight and for simply taking the time to read my post.
Image of MiFlash reflect COM3:
Update 1 - I've tried to flash a ROM and get error message: "Object reference not set to an instance of an object". Here:
Click to expand...
Click to collapse
That error message is some sort of program error:
https://stackify.com/nullreferenceexception-object-reference-not-set/
I'm no expert on c# programming so cannot say why that error occurred.
You could try to use adb commands, see if adb picks the device up, when you say it does not power on at all, does the phone go into bootloader mode? (, power and volume down)

MOD EDIT: QUOTE REMOVED
try it under windows 7 computer, preferably laptop with usb 2.0 port. It can recognize the device, if not, and standart unbrick method doesnt work even under w7, then you have to use test points on motherboard, edl account is needed for that, idk how to get it as i tried to get it several times but received only mails in chinese so i gave up, not paid too much to bother so much time on fixing one phone.
There is even modified version of flash tool that is believed to authorize any account logged in bypassin the authorize account error i can provide a link for you but not tested if its actually working.

MOD EDIT: QUOTE REMOVED
i actually did research about this while ago and it might help the guy unless he is willing to pay some russian scammer 60 bucks via teamspeak that is doing this stuff from either stolen or modified authorized account which i can provide link to @RealSykes pm me if u wanna try and give it a go, u can pay russian scammers few bucks in the end if all tries fails there is even command for adb if you have unlocked bootloader that will enter edl without test pin points, but u need to enter fastboot mode first which im assuming u cant from what i have understand.

Kind of important question, what did you do to screw up your phone? So others know what not to do.

https://c.mi.com/thread-2173190-1-0.html follow steps on this site if you already didnt find this by yourself, maybe it can give you and permission to flash, as it appears for some people it actually gave it. tried it myself for you now, and it appears my account is somehow ready to flash (authorized) now, but, i applied some time ago for actually get it, so, it can be different for you.

RealSykes said:
"Object reference not set to an instance of an object"
Click to expand...
Click to collapse
An Object is an instance of a Class , it is stored some where in memory. A reference is what is used to describe the pointer to the memory location where the Object resides. The message "object reference not set to an instance of an object" means that you are referring to an object the does not exist or was deleted or cleaned up. It's usually better to avoid a NullReferenceException than to handle it after it occurs. To prevent the error, objects that could be null should be tested for null before being used.
if (mClass != null)
{
// Go ahead and use mClass
mClass.property = ...
}
else
{
// Attempting to use mClass here will result in NullReferenceException
}

hardbrick and button not press
Need Guideline stepbystep pls.....

Device not detected in Fastbootmode.

SOLVED:
The reason Device was not detected in Fastbootmode was due to my new ryzen 3000 system, I tried it on my much older quad core 46XXk(?) Intel system and it gave me no problems whatsoever finding the device in fastboot mode in my first try! wtf amd!
The second Set of problems came with flashing 16.0631.1910.64. It gave me a ton of errors and it was on an infinite boot loop, nothing I tried fixed it, my device was a worthless brick in that state, but fastboot Power+Volume up > 16.0631.1910.64 worked perfectly.
I decided to instead try 16.0631.1910.35, but once I flashed it everything worked perfectly! I am in the latest version of android 10 atm and can acess banks, play nintendo games, etc with the rooted device.
Hi, I bought this phone (Rog 2) mostly Intended as a donation for a friend that was complaining on facebook that he's probably going to be homeless due to covid and didnt even have his phone since he cracked the screen. While I cant help with housing I can help with a measly phone and I heard for gaming this is one of the best.
I got the tencent version not knowing what the heck I was getting myself into ( I thought all ROG 2 were the same and didn't even think to look it up). Been googling for days, I am trying to make this a full WW variant and basically as hassle free as possible for him, it seems that it has an obscure version of "pkq1.190414.001.ww_phone-16.0622.1906.19-0 " Rom, but according to HWInfo the fingerprint is CN.
Problem is I tried following this guide, I unlocked the bootloader with the ROG phone unlock tool, but on step 2 I load into fastboot, click flashall_AFT but all I see is a cmd with the message [command] : fastboot.exe flash all WW_ZS660KL_16.0631.1910.35_M3.13.33.30-ASUS_1.1.207_Phone-user.raw and nothing happens.
I noticed that on the cmd of the minimal adb devices and fastboot folder, the "adb devices" gives my device , the "adb reboot bootloader" works by taking me to the bootloader, but the "fastboot devices" does not give me anything at all once im in bootloader. In fact when using adb reboot bootloader I hear the windows beep as if the cellphone is disconecting. Any ideas what is going on?

TeknoViking- said:
Hi, I bought this phone (Rog 2) mostly Intended as a donation for a friend that was complaining on facebook that he's probably going to be homeless due to covid and didnt even have his phone since he cracked the screen. While I cant help with housing I can help with a measly phone and I heard for gaming this is one of the best.
I got the tencent version not knowing what the heck I was getting myself into ( I thought all ROG 2 were the same and didn't even think to look it up). Been googling for days, I am trying to make this a full WW variant and basically as hassle free as possible for him, it seems that it has an obscure version of "pkq1.190414.001.ww_phone-16.0622.1906.19-0 " Rom, but according to HWInfo the fingerprint is CN.
Problem is I tried following this guide, I unlocked the bootloader with the ROG phone unlock tool, but on step 2 I load into fastboot, click flashall_AFT but all I see is a cmd with the message [command] : fastboot.exe flash all WW_ZS660KL_16.0631.1910.35_M3.13.33.30-ASUS_1.1.207_Phone-user.raw and nothing happens.
I noticed that on the cmd of the minimal adb devices and fastboot folder, the "adb devices" gives my device , the "adb reboot bootloader" works by taking me to the bootloader, but the "fastboot devices" does not give me anything at all once im in bootloader. In fact when using adb reboot bootloader I hear the windows beep as if the cellphone is disconecting. Any ideas what is going on?
Click to expand...
Click to collapse
Have you installed adb drivers https://github.com/koush/UniversalAdbDriver
Also, just checking the obvious, you are using the side port of the phone, not the bottom, right?

reg66 said:
Have you installed adb drivers https://github.com/koush/UniversalAdbDriver
Also, just checking the obvious, you are using the side port of the phone, not the bottom, right?
Click to expand...
Click to collapse
Hi! Yeah, I have the exact same driver you mentioned as well as Minimal ADB and Fastboot and using the black sideport.
It seems when I connect it during the fastboot(Green arrow menu) I do hear the "USB Device plugged" sound so there's that.
flashall_AFT still just gives me a black page with: [command] : fastboot.exe flash all WW_ZS660KL_16.0631.1910.35_M3.13.33.30-ASUS_1.1.207_Phone-user.raw

TeknoViking- said:
Hi! Yeah, I have the exact same driver you mentioned as well as Minimal ADB and Fastboot and using the black sideport.
It seems when I connect it during the fastboot(Green arrow menu) I do hear the "USB Device plugged" sound so there's that.
flashall_AFT still just gives me a black page with: [command] : fastboot.exe flash all WW_ZS660KL_16.0631.1910.35_M3.13.33.30-ASUS_1.1.207_Phone-user.raw
Click to expand...
Click to collapse
Before running flashall_AFT.cmd, when you hear the device connect, have you tried entering 'fastboot devices' before doing anything else? See if it gives you a serial. If it does.
Then have you removed the original zip file from the extracted folder that contains the raw img? Once you click flashall_AFT.cmd, the cmd window should stay open for around 5 minutes while the flash takes place, then the phone will reboot once done

reg66 said:
Before running flashall_AFT.cmd, when you hear the device connect, have you tried entering 'fastboot devices' before doing anything else? See if it gives you a serial. If it does.
Then have you removed the original zip file from the extracted folder that contains the raw img? Once you click flashall_AFT.cmd, the cmd window should stay open for around 5 minutes while the flash takes place, then the phone will reboot once done
Click to expand...
Click to collapse
Top left image is from using the "fastboot devices" command, as you can see I type it it doesn't show or seem to do anything really. The right image is from clicking flashall_AFT, both inside bootloader on my rog 2 and outside give the same result.
The Zip file? As in the 2.7 one I downloaded? Yeah that content of that is in a folder in root of C drive, the zip is in a completely different drive so they are not sharing a directory . I did not modify anything inside the extracted file though.
For reference I am following the steps here: https://forum.xda-developers.com/t/...rom-cn-to-ww-with-latest-1910-35-raw.4002279/
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

TeknoViking- said:
Top left image is from using the "fastboot devices" command, as you can see I type it it doesn't show or seem to do anything really. The right image is from clicking flashall_AFT, both inside bootloader on my rog 2 and outside give the same result.
The Zip file? As in the 2.7 one I downloaded? Yeah that content of that is in a folder in root of C drive, the zip is in a completely different drive so they are not sharing a directory . I did not modify anything inside the extracted file though.
For reference I am following the steps here: https://forum.xda-developers.com/t/...rom-cn-to-ww-with-latest-1910-35-raw.4002279/
View attachment 5173971
Click to expand...
Click to collapse
Ok, try unpacking the attached zip to root of C, like the other adb folder. Then click on 'cmd-here.exe' to launch cmd window and then try 'fastboot devices'. (that's assuming the drivers of the original install are working). Let me know if you get a serial response.

reg66 said:
Ok, try unpacking the attached zip to root of C, like the other adb folder. Then click on 'cmd-here.exe' to launch cmd window and then try 'fastboot devices'. (that's assuming the drivers of the original install are working). Let me know if you get a serial response.
Click to expand...
Click to collapse
Done, nothing happens, did it multiple times here's what I get:

TeknoViking- said:
Done, nothing happens, did it multiple times here's what I get:
Click to expand...
Click to collapse
Ok, what a pain! Try uninstall minimal adb drivers and I'll see if I can find ano version for you....

reg66 said:
Ok, what a pain! Try uninstall minimal adb drivers and I'll see if I can find ano version for you....
Click to expand...
Click to collapse
Will do! ty

TeknoViking- said:
Will do! ty
Click to expand...
Click to collapse
try this version, after installing the drivers you could also try that folder with the cmd-here file in combination. Also, try booting into android os and enable developer options (click on 'build' 7 or so times in settings/system/about phone/software information/build number), then go to developer options and enable USB debugging - might make a difference...

Also, check your pm, I sent you modified instructions for using the other guide that'll take you straight to last Android 9 version before you can update to Android 10 (1910.64). You could always be downloading that newer RAW + root img while tinkering with getting the damn thing recognised by your pc!!

Tried the 1910.64 you sent me and its the same problem unfortunately, still stuck on step 2. I already had USB debugging with the "USB debugging" option ticked on when I created the topic.
I take it doing number 4 Is a bad idea if can't get past 2? "4) Download the root&bootstockww191035.zip "rootww191064" and extract it to the Minimal ADB and Fastboot Folder (C:\Program Files (x86)\Minimal ADB and Fastboot) from here "

TeknoViking- said:
Tried the 1910.64 you sent me and its the same problem unfortunately, still stuck on step 2. I already had USB debugging with the "USB debugging" option ticked on when I created the topic.
I take it doing number 4 Is a bad idea if can't get past 2? "4) Download the root&bootstockww191035.zip "rootww191064" and extract it to the Minimal ADB and Fastboot Folder (C:\Program Files (x86)\Minimal ADB and Fastboot) from here "
Click to expand...
Click to collapse
Yeah, there's no point continuing until you can get fastboot devices to at least show your device. Do you have another pc/laptop you could try on? Are you using an AMD based system, pretty sure I read somewhere that can give issues, along with the system used! Sorry that's a bit vague...

TeknoViking- said:
Tried the 1910.64 you sent me and its the same problem unfortunately, still stuck on step 2. I already had USB debugging with the "USB debugging" option ticked on when I created the topic.
I take it doing number 4 Is a bad idea if can't get past 2? "4) Download the root&bootstockww191035.zip "rootww191064" and extract it to the Minimal ADB and Fastboot Folder (C:\Program Files (x86)\Minimal ADB and Fastboot) from here "
Click to expand...
Click to collapse
Oh sorry, you meant try flashing the root img, NO, definitely not. The root img MUST only flashed after successful flashing of RAW - both rom and boot/root boot img's must match. (But either way, if your device isn't recognised by fastboot it just won't flash, just an FYI)

See this thread for info on Ryzen issues, if that is what you're running. The OP says he used an external USB hub as a solution

reg66 said:
Yeah, there's no point continuing until you can get fastboot devices to at least show your device. Do you have another pc/laptop you could try on? Are you using an AMD based system, pretty sure I read somewhere that can give issues, along with the system used! Sorry that's a bit vague...
Click to expand...
Click to collapse
Ok I tried this on my intel system and it detected it!! "fastboot devices" gave me the serial. So when I tried to do step 2 and I used ADB_FASTBOOT to run flashall_AFT from the 1910.64 it failed and it it seems to be on a loop in bootloader "The boot loader is unlocked and software integrity cannot be guaranteed..) etc screen.
I attached the image. This is with the 1910.64 on step two.

Also I got this from continually trying to boot:

TeknoViking- said:
Ok I tried this on my intel system and it detected it!! "fastboot devices" gave me the serial. So when I tried to do step 2 and I used ADB_FASTBOOT to run flashall_AFT from the 1910.64 it failed and it it seems to be on a loop in bootloader "The boot loader is unlocked and software integrity cannot be guaranteed..) etc screen.
I attached the image. This is with the 1910.64 on step two.
Click to expand...
Click to collapse
Hmm, this phone is troublesome. Sorry dude, I've not seen that before. The bootloader unlock tool definitely worked, right? What about if you try using the original 1910.35 RAW - same error?

TeknoViking- said:
Also I got this from continually trying to boot:
Click to expand...
Click to collapse
Do you have above 50% charge? If not, definitely make sure to have enough charge for the whole process. I was always of the understanding, as a rule of thumb, to have devices above 50% before performing flashing of custom roms etc

reg66 said:
Do you have above 50% charge? If not, definitely make sure to have enough charge for the whole process. I was always of the understanding, as a rule of thumb, to have devices above 50% before performing flashing of custom roms etc
Click to expand...
Click to collapse
Yeah the charge is over 90 percent, anything I can do for that error? when I connect to the intel pc it doesn't even beep any more. I still can access the boot screen though.
EDIT: OOPS, noticed I had it plugged on the bottom, nvm intel system still detects the device. I did perform everything on the side port usb but I took it out to try and check back on the ryzen system.

General Unbrick OP10 Pro (NE2210)

Hello everyone, I found a recovery tool on the open spaces of the Chinese Internet. This tool is for NE2210 only. It's in Chinese, but I don't think there should be any problems using it. Write who used.
Unbrick

The Msm tool is missing the FTLibBase.dll file it wont work. Just to let you know.

Canuck Knarf said:
The Msm tool is missing the FTLibBase.dll file it wont work. Just to let you know.
Click to expand...
Click to collapse
what is the file responsible for FTLibBase.dll ??

For me. I'm using win 11 and the Msm tools will not open .??? Maybe it a win 11 thing. It starts to open but then errors pop up missing the dill file . Did you install it by an exe file.

I want to try it ...lol...I have one more boot loop / dead battery 10 plus pro

I have been trying this fast boot command to get battery up enough to load boot file, vender_boot and vbmeta file. But after it dose a factory wipe ...kills battery wont reboot.
Using this command i started out with 6708 volts of battery took running command in fastboot 30 minutes to get to 6762 volts. So command dose work .
@Echo off
:start
fastboot getvar battery-voltage
fastboot reboot-bootloader
ping /n 6 localhost >nul
goto start

I need the command to just keep repeating by itself...i can leave it sit there for hours...Can you help ?

Canuck Knarf said:
For me. I'm using win 11 and the Msm tools will not open .??? Maybe it a win 11 thing. It starts to open but then errors pop up missing the dill file . Did you install it by an exe file.
Click to expand...
Click to collapse
I have w11, program starts normal, but not connected server.(((

VovaHouse said:
what is the file responsible for FTLibBase.dll ??
Click to expand...
Click to collapse
Can't you replace this file with OnePlus 9 pro msm tool i don't know where it's for but as long you get the msm tool work then it shouldn't be a problem ain't it ?

bir çözüm buldun mu? Aynı hata bende de var

Did you find a solution? i have the same error

Buyukturk said:
Did you find a solution? i have the same error
Click to expand...
Click to collapse
yeah....MSM and pay

Canuck Knarf said:
yeah....MSM and pay
Click to expand...
Click to collapse
unfortunately i couldn't find it

Canuck Knarf said:
evet.... MSM ve ödeme
Click to expand...
Click to collapse
nasıl çözdün bana yardımcı olurmusun

Buyukturk said:
unfortunately i couldn't find it
Click to expand...
Click to collapse
You can find it in the www
Prob is the msm Tool need a auth. (Acc)

DO NOT BUY ONEPLUS 10 PRO THEY DO NOT PROVIDE ANY TOOLS FROM UNBRICK

DO NOT BUY ONEPLUS 10 PRO THEY DO NOT PROVIDE ANY TOOLS FROM UNBRICK

Sorry for the delayed absence .... lol.. its been a trivial one. But I have been working DILIGENTLY on Oneplus Tools, and ONLY Oneplus Tools... (CanuckKnarf can verify this...)
Ok without breaking "responsible disclosure" guidelines... I can hopefully either clear up some of the chatter ive read up til now, as well as provide some important info which may inspire someone here with a new avenue as to how to attack this thing head on.
Let me start with the most recent statements about the missing files first.
If you have Windows (doesnt matter which version) and you have been running ANY of the official builds of the MSM Tool... (Official releases show an icon like pictured here
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
#1
unofficial (repacked for whatever reason) look like this:
#2
Now while there is no inherent threat to either version... the ones of the LATTER style, MAY OR MAY NOT run, when attempting to execute them. This is because the person who packaged it, MIGHT NOT have been doing so from the actual applications data folder in windows. Allow me to explain:
When you run #1 , that file unpacks itself and generates a folder inside your "/users/appdata/local/" folder and its usually along the lines of "OPPO Flash Tool Series 4.1" .... or a variant of that. IN THIS FOLDER is the actual files for which your MSMTOOL loads all of its config, dll, and other run codes from.
--Now this folder might not be generated if you are already running from a complete msmtool build. a complete build should have several dll's, several folders, and the actual program that is being called, 'FTGUIDev.exe" <-- This is your flash loader! .. This is the Alpha and the Omega so to speak of the MSM TOOL... #2, is the MSM equivalent of a Windows Installer REPACK. I have seen these range from 4mb all the way up to 9gb ... this is because some authors choose to repack the EXACT FW build that is to be used with it! (*** Important note!*** The version of the MSM Tool you are using plays a definitive roll as to whether you have a successful flash, or a fail!. OPPO HAS PLAYED THE SNEAKY ROLE AGAIN, AND IN CERTAIN RELEASES OF THE OTA FW FILES THAT ARE DISTRIBUTED, THEY MAKE A SMALL CHANGE TO ONE OR MORE FILES, WHICH WILL THROW OFF THE FIRMWARE INTEGRITY CHECK!.... BUT INSTEAD OF THE ERROR READING "INTEGRITY FAIL", YOU WILL GET .... PHONE MISMATCH... INVALID HANDLE.... VALIDATION FAIL... OR MAYBE FAIL INTEGRITY.... <----- These errors USED to have individual meaning, but OPPO choose to use them to provide misdirection as to what actually occurred. (( I have found a way to FORGE a passing INTEGRITY CHECK... but i cant disclose that yet, sry)) So now they do not want you to actually have the identifier as to what exactly went wrong that blocked your flash... the validation check is INSTANT... the whole 15 second pause is purely for dramatical effect. The very moment your phone connects in the msmtool and it hits 3%, it has already either PASSED or FAILED the AUTH SIGN requirement... which is LIGHT YEARS down the line from the Integrity Check.
Anyways my point is: If you go to you "appdata/local" msm folder, you shouold be able to pull ANY DLL that is being requested by your programs. The entire library is is locked exclusively to the GENERATION of flash tool available... ie version 4.1 folder will have DLL's for any 4.1.x.x msmtool ... same with version 5.1 => 5.1.x.x. While this is not a perfect science... it is a start, so if you run into any MSM tools that you download and are not able to run, it is because you dont have a full build from that series already installed on your machine. When these guys repack, they might not understand that by NOT packing up all the files DIRECTLY from that Appdata folder, and including ALL of the other folders, they are handicapping those who download them. Easier explanation to offer is this: Beatbreakee has been running Flash Tool v 4.1.7.2 on his machine, and it is the full build being launched from the APPDATA folder... CHRIS has been running 4.1.5.1 and its from an alternate location that DOES have the proper dll files, but they are already registered in his system from usage, and he does not realize that the alternate location is merely a shadow copy and that actual file is linking to his appdata folder.: A new HACKED msm tool comes out, but its a repack and lets say 4.2.0.1 (this is all fake... dont go looking for this hacked version , it dont exist) .... Now the repack is missing some vital DLL files, much like some of you are experiencing. The reason SOME can load and SOME cannot, is because they may have ran a FULL tool from the generation that the repack comes from.... if you have, then windows has already registered the correct DLL files, so it will load like normal.... if you HAVE NOT, you will get missing DLL errors. BUT BEWARE... There is a HIDDEN verification that is of the actual msmtool itself. It will cause you to fail , if the check does not pass, and when altering any portion of the msmtool, i have seen EVERY mod fail this check.
Oppo is smart... they placed PLAIN TEXT files that give the exact FILENAME, CRC, and SIG data for EVERY file that MSM will interact with INCLUDING ITSELF. But these plain text files are backdoor checked by encrypted SIGNED verification files, that check for any modifications to the plain text or xml files. If you alter one of the files or replace it... IT FAILS INSTANTLY... sha doesnt match... if you touch one of the SIG checker files it fails... MSMTool knows the SIG checkers, SIG... kinda a DOUBLE check... but they did this on purpose because they knew ppl would take the bait, and by doing so, thinking they will circumvent the CHECKS... they are actually making the checks work PERFECTLY. The ONLY way around this is through SOMEONE , who is great with DLL and EXE files... and can physically REMOVE or PATCH OUT the 2 checks for the application, as well as the fw integrity. Both validations work to ensure the OTHERS security as well... so if you bypass one validation, the other will fail you for "No validation" of the other file! (make any sense?) They watch each other when getting validated to see if any funny business is going on... any "Malarkey" and they will fail themselves to protect the package. You need to Remove, or patch out BOTH of these checks, which is slightly above my pay grade. If you can remove both of those, and it works, you will be able to have an MSM Tool that can have its config altered to remove model match, project id, and much more, as well as a tool that will accept ANY fw package as long as its in the correct structure. (That is where my info stops because saying more will put me in violation for now) ....
The SECOND bit of info is this:
The 'AUTH SIGN' is not a file generated from any server.... the connection to the server is simply to have it send a PING response back to the application from your phone. That is literally ALL the AUTH SIGN is... now its far more complex than im making it sound because i have yet to generate a valid AUTH but i am working on it. IT COMES from an APK Intent on your phone.... ( a hint is its one of the hidden QTI apk's) .... this apk responds to the PING request, with all of the info that is required as the AUTH .... Now dont get this confused with the MSM AUTH from the application.... The AUTH i am discussing is the one that says "YES" or "NO" when you ask the app to flash your fw.. An invalid response will trigger a NO... because the PING is an IRL stamp that cant be captured and replayed, as its literally specific to the millisecond... But again it is YOUR PHONE that is generating it.... so the MSM TOOL requires an AUTHENTICATED login, before it will communicate to the OPPO server, and tell it to send a PING request to your phone, which then gets sent via USB to your computer. What we have to do is figure out HOW to generate that PING request ourselves.... If we can somehow open a secondary command window, and freeze the process as soon as it requests the AUTH SIGN... then have the command to request the PING, already typed and ready to go in that second window.... and UNFREEZE at the exact same time as we send the command... we should be able to generate the request before the MSM Tool can revalidate itself, which it does before it makes the request. As long as the request is completed BEFORE the OFFICIAL request is made by the server, then it should ignore any other response.... 1st come 1st served.
Thats really all i can say... but sorry to all of you who have wondered if OPPO has made me disappear , or sent a wetwork agent after me... lol
I am just working round the clock on this as well as my normal life.... so i will be sporadic, but as i make breakthroughs i will update... so i hope SOME of that clears SOME things up.. but i leave you with this:
{ "d:193] [E2DBA579] [COM5] <COMMAND> <?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<data>\n<getsigndata value=\"ping\" />\n</data>\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> INFO: Calling handler for getsigndata\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> WARN: format error, i=0\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> ERROR: cannot get oplusreserve1/opporeserve1. i" }
Its the actual full data from the application attempting to get the AUTH SIGN.... maybe looking over it you might find some insight.
***back to the caves.... see yall in a bit!****
(and btw.. if you attempt to bypass the LOGIN, you will automatically fail the SW integrity check... you need to find a way to REMOVE this completely, and not with a hex editor... the actual instruction must be removed, and then the subsequent request must be removed again from the actual FLASH function called during the AUTH SIGN request, because IT checks for the valid login again. Remove both and you will have an MSM TOOL with a blank slate. The tools themselves are NOT bundled with the individual FW digest data... they simply follow the instructions given in the packages. If you know what files you can and cannot alter, plus you replace the CRC in the checker file, with the NEW valid crc for the edited file, and you make sure to change the metadata of the files you altered , so that they match again with the other files besides them, you can FOOL the Package validation... <--- a key point in being able to flash altered firmware!... Package Validation Fail = Flash Fail!... Stay Vigilant"

beatbreakee said:
Sorry for the delayed absence .... lol.. its been a trivial one. But I have been working DILIGENTLY on Oneplus Tools, and ONLY Oneplus Tools... (CanuckKnarf can verify this...)
Ok without breaking "responsible disclosure" guidelines... I can hopefully either clear up some of the chatter ive read up til now, as well as provide some important info which may inspire someone here with a new avenue as to how to attack this thing head on.
Let me start with the most recent statements about the missing files first.
If you have Windows (doesnt matter which version) and you have been running ANY of the official builds of the MSM Tool... (Official releases show an icon like pictured here View attachment 5855327 #1
unofficial (repacked for whatever reason) look like this: View attachment 5855329 #2
Now while there is no inherent threat to either version... the ones of the LATTER style, MAY OR MAY NOT run, when attempting to execute them. This is because the person who packaged it, MIGHT NOT have been doing so from the actual applications data folder in windows. Allow me to explain:
When you run #1 , that file unpacks itself and generates a folder inside your "/users/appdata/local/" folder and its usually along the lines of "OPPO Flash Tool Series 4.1" .... or a variant of that. IN THIS FOLDER is the actual files for which your MSMTOOL loads all of its config, dll, and other run codes from.
--Now this folder might not be generated if you are already running from a complete msmtool build. a complete build should have several dll's, several folders, and the actual program that is being called, 'FTGUIDev.exe" <-- This is your flash loader! .. This is the Alpha and the Omega so to speak of the MSM TOOL... #2, is the MSM equivalent of a Windows Installer REPACK. I have seen these range from 4mb all the way up to 9gb ... this is because some authors choose to repack the EXACT FW build that is to be used with it! (*** Important note!*** The version of the MSM Tool you are using plays a definitive roll as to whether you have a successful flash, or a fail!. OPPO HAS PLAYED THE SNEAKY ROLE AGAIN, AND IN CERTAIN RELEASES OF THE OTA FW FILES THAT ARE DISTRIBUTED, THEY MAKE A SMALL CHANGE TO ONE OR MORE FILES, WHICH WILL THROW OFF THE FIRMWARE INTEGRITY CHECK!.... BUT INSTEAD OF THE ERROR READING "INTEGRITY FAIL", YOU WILL GET .... PHONE MISMATCH... INVALID HANDLE.... VALIDATION FAIL... OR MAYBE FAIL INTEGRITY.... <----- These errors USED to have individual meaning, but OPPO choose to use them to provide misdirection as to what actually occurred. (( I have found a way to FORGE a passing INTEGRITY CHECK... but i cant disclose that yet, sry)) So now they do not want you to actually have the identifier as to what exactly went wrong that blocked your flash... the validation check is INSTANT... the whole 15 second pause is purely for dramatical effect. The very moment your phone connects in the msmtool and it hits 3%, it has already either PASSED or FAILED the AUTH SIGN requirement... which is LIGHT YEARS down the line from the Integrity Check.
Anyways my point is: If you go to you "appdata/local" msm folder, you shouold be able to pull ANY DLL that is being requested by your programs. The entire library is is locked exclusively to the GENERATION of flash tool available... ie version 4.1 folder will have DLL's for any 4.1.x.x msmtool ... same with version 5.1 => 5.1.x.x. While this is not a perfect science... it is a start, so if you run into any MSM tools that you download and are not able to run, it is because you dont have a full build from that series already installed on your machine. When these guys repack, they might not understand that by NOT packing up all the files DIRECTLY from that Appdata folder, and including ALL of the other folders, they are handicapping those who download them. Easier explanation to offer is this: Beatbreakee has been running Flash Tool v 4.1.7.2 on his machine, and it is the full build being launched from the APPDATA folder... CHRIS has been running 4.1.5.1 and its from an alternate location that DOES have the proper dll files, but they are already registered in his system from usage, and he does not realize that the alternate location is merely a shadow copy and that actual file is linking to his appdata folder.: A new HACKED msm tool comes out, but its a repack and lets say 4.2.0.1 (this is all fake... dont go looking for this hacked version , it dont exist) .... Now the repack is missing some vital DLL files, much like some of you are experiencing. The reason SOME can load and SOME cannot, is because they may have ran a FULL tool from the generation that the repack comes from.... if you have, then windows has already registered the correct DLL files, so it will load like normal.... if you HAVE NOT, you will get missing DLL errors. BUT BEWARE... There is a HIDDEN verification that is of the actual msmtool itself. It will cause you to fail , if the check does not pass, and when altering any portion of the msmtool, i have seen EVERY mod fail this check.
Oppo is smart... they placed PLAIN TEXT files that give the exact FILENAME, CRC, and SIG data for EVERY file that MSM will interact with INCLUDING ITSELF. But these plain text files are backdoor checked by encrypted SIGNED verification files, that check for any modifications to the plain text or xml files. If you alter one of the files or replace it... IT FAILS INSTANTLY... sha doesnt match... if you touch one of the SIG checker files it fails... MSMTool knows the SIG checkers, SIG... kinda a DOUBLE check... but they did this on purpose because they knew ppl would take the bait, and by doing so, thinking they will circumvent the CHECKS... they are actually making the checks work PERFECTLY. The ONLY way around this is through SOMEONE , who is great with DLL and EXE files... and can physically REMOVE or PATCH OUT the 2 checks for the application, as well as the fw integrity. Both validations work to ensure the OTHERS security as well... so if you bypass one validation, the other will fail you for "No validation" of the other file! (make any sense?) They watch each other when getting validated to see if any funny business is going on... any "Malarkey" and they will fail themselves to protect the package. You need to Remove, or patch out BOTH of these checks, which is slightly above my pay grade. If you can remove both of those, and it works, you will be able to have an MSM Tool that can have its config altered to remove model match, project id, and much more, as well as a tool that will accept ANY fw package as long as its in the correct structure. (That is where my info stops because saying more will put me in violation for now) ....
The SECOND bit of info is this:
The 'AUTH SIGN' is not a file generated from any server.... the connection to the server is simply to have it send a PING response back to the application from your phone. That is literally ALL the AUTH SIGN is... now its far more complex than im making it sound because i have yet to generate a valid AUTH but i am working on it. IT COMES from an APK Intent on your phone.... ( a hint is its one of the hidden QTI apk's) .... this apk responds to the PING request, with all of the info that is required as the AUTH .... Now dont get this confused with the MSM AUTH from the application.... The AUTH i am discussing is the one that says "YES" or "NO" when you ask the app to flash your fw.. An invalid response will trigger a NO... because the PING is an IRL stamp that cant be captured and replayed, as its literally specific to the millisecond... But again it is YOUR PHONE that is generating it.... so the MSM TOOL requires an AUTHENTICATED login, before it will communicate to the OPPO server, and tell it to send a PING request to your phone, which then gets sent via USB to your computer. What we have to do is figure out HOW to generate that PING request ourselves.... If we can somehow open a secondary command window, and freeze the process as soon as it requests the AUTH SIGN... then have the command to request the PING, already typed and ready to go in that second window.... and UNFREEZE at the exact same time as we send the command... we should be able to generate the request before the MSM Tool can revalidate itself, which it does before it makes the request. As long as the request is completed BEFORE the OFFICIAL request is made by the server, then it should ignore any other response.... 1st come 1st served.
Thats really all i can say... but sorry to all of you who have wondered if OPPO has made me disappear , or sent a wetwork agent after me... lol
I am just working round the clock on this as well as my normal life.... so i will be sporadic, but as i make breakthroughs i will update... so i hope SOME of that clears SOME things up.. but i leave you with this:
{ "d:193] [E2DBA579] [COM5] <COMMAND> <?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<data>\n<getsigndata value=\"ping\" />\n</data>\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> INFO: Calling handler for getsigndata\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> WARN: format error, i=0\n[2023/03/06 07:24:12][0x34c4][QCFirehose::resolveLogs:55] [E2DBA579] [COM5] <DEVICE LOG> ERROR: cannot get oplusreserve1/opporeserve1. i" }
Its the actual full data from the application attempting to get the AUTH SIGN.... maybe looking over it you might find some insight.
***back to the caves.... see yall in a bit!****
(and btw.. if you attempt to bypass the LOGIN, you will automatically fail the SW integrity check... you need to find a way to REMOVE this completely, and not with a hex editor... the actual instruction must be removed, and then the subsequent request must be removed again from the actual FLASH function called during the AUTH SIGN request, because IT checks for the valid login again. Remove both and you will have an MSM TOOL with a blank slate. The tools themselves are NOT bundled with the individual FW digest data... they simply follow the instructions given in the packages. If you know what files you can and cannot alter, plus you replace the CRC in the checker file, with the NEW valid crc for the edited file, and you make sure to change the metadata of the files you altered , so that they match again with the other files besides them, you can FOOL the Package validation... <--- a key point in being able to flash altered firmware!... Package Validation Fail = Flash Fail!... Stay Vigilant"
Click to expand...
Click to collapse
Thanks for all of the work you have been putting in! I will not give up hope lol, sorry I'm not a dev smart enough to help but I wish everyone luck...

beatbreakee said:
-snip-
Click to expand...
Click to collapse
Glad to see you still around, I was definitely in the boat of thinking someone shut ya down for good. Keep it up man, I'm sure as we rally we'll get there eventually.