Related
Hi!
It was a bad idea to flash 356510B0982Axon M RU image (available on Russian zte website) to my ATT ZTE Z999.
Phone bricked and only visible by my PC as QUSB_BULK. Looks like there is a way to restore it, but i need full original working stock ATT image (any version). Does someone can share it?
Found at many places, but all of them wants money I would pay, if it will be 5 but not 25euro
I flashed mine using this[Leakite]ROM_AXON_M_VDF_SDCARD_SOFTWARE_PACKAGE_MR00a and it's not turning on anymore. We need help :crying:
Looks like we need 348010B3014Z999V1.0.0B30.zip
But i can't find it in free access, only payment sites like easy-firmware and grt-dongle
Any idea how we can flash a rom on edl mode?
No ideas for now. But friend of mine works in cellphone service center, he helped me many times to unbrick some devices. For now he is found firmware to restore Chinese axonM, can't find at&t
Ok, i got image... 10$ wasted It really looks like correct AT&T image, but QFIL, MiFlash, QPST, QComDownloadTool (ZTE util) can't flash it
https://drive.google.com/file/d/1n0qjH1vaTQVwckFPizSAMDHrBh6uA8b6/view?usp=sharing
BRuTe007 said:
Ok, i got image... 10$ wasted It really looks like correct AT&T image, but QFIL, MiFlash, QPST, QComDownloadTool (ZTE util) can't flash it
https://drive.google.com/file/d/1n0qjH1vaTQVwckFPizSAMDHrBh6uA8b6/view?usp=sharing
Click to expand...
Click to collapse
You need the firehose programmer and use parts of that firmware to flash with it
BRuTe007 said:
Ok, i got image... 10$ wasted It really looks like correct AT&T image, but QFIL, MiFlash, QPST, QComDownloadTool (ZTE util) can't flash it
https://drive.google.com/file/d/1n0qjH1vaTQVwckFPizSAMDHrBh6uA8b6/view?usp=sharing
Click to expand...
Click to collapse
... If you can get to edl mode, try those Axon 7 firehose programmers. Since they are the same platform. QFIL should flash this image zip with no problem.
Honami754 said:
... If you can get to edl mode, try those Axon 7 firehose programmers. Since they are the same platform. QFIL should flash this image zip with no problem.
Click to expand...
Click to collapse
Are you sure because im under the impression you can only use the exact specific firehose even if its the same chip i think its hard encoded into the shara protocol it will only except the same firehose but mabye im wrong thats just what ive known
Tried Axon 7 EDL Tool and it's won't work
stopped futher research and replaced MB from broken one that bought on ebay
Anyone attempted to flash this? I just got a new one and I'm scared flashing again. I'm thinking of just buying an At&t prepaid sim just to get the latest update.
tidus1ph said:
Anyone attempted to flash this? I just got a new one and I'm scared flashing again. I'm thinking of just buying an At&t prepaid sim just to get the latest update.
Click to expand...
Click to collapse
No reason to flash it if your axon not bricked. I's a stok ATT version.
BRuTe007 said:
No reason to flash it if your axon not bricked. I's a stok ATT version.
Click to expand...
Click to collapse
The one my phone got is the october 1, 2017 patch with build number Z999V1.0.0B21. So the download file is the newer-ish right? Because on the website the latest is sept 18, 2018 patch with build number Z999V1.0.0B35.
tidus1ph said:
The one my phone got is the october 1, 2017 patch with build number Z999V1.0.0B21. So the download file is the newer-ish right? Because on the website the latest is sept 18, 2018 patch with build number Z999V1.0.0B35.
Click to expand...
Click to collapse
This one was named 348010B3014Z999V1.0.0B30.zip and i think B35 newer then this one.
Here are the Z999 and Z-01K firehose files, extracted from an Internal ZTE tool I have. Hope it helps people out
Z-01K (Japanese Axon M)
https://www.androidfilehost.com/?fid=1395089523397896977
Z999
https://www.androidfilehost.com/?fid=1395089523397896976
All I ask is if you use these files in a guide or anything that you credit me for providing them because i needed to pay to grab these.
deadman96385 said:
Here are the Z999 and Z-01K firehose files, extracted from an Internal ZTE tool I have. Hope it helps people out
Z-01K (Japanese Axon M)
https://www.androidfilehost.com/?fid=1395089523397896977
Z999
https://www.androidfilehost.com/?fid=1395089523397896976
All I ask is if you use these files in a guide or anything that you credit me for providing them because i needed to pay to grab these.
Click to expand...
Click to collapse
Forgive my ignorance. But what does these files do? z999 is the at&t's version right?
tidus1ph said:
Forgive my ignorance. But what does these files do? z999 is the at&t's version right?
Click to expand...
Click to collapse
The firehose is needed to flash the device with QFIL, miflash, etc so a device can be unbricked.
deadman96385 said:
The firehose is needed to flash the device with QFIL, miflash, etc so a device can be unbricked.
Click to expand...
Click to collapse
Tried to flash with Miflash but that failed starts flashing but then says : Cannot Read Port and stops flashing.
Also tried QFIL But also fails with this message : Download Fail:Sahara Fail:QSaharaServer Failrocess fail
hope somone can clarify if its even possible to recover.
this brick happend after update.
Reverender said:
Tried to flash with Miflash but that failed starts flashing but then says : Cannot Read Port and stops flashing.
Also tried QFIL But also fails with this message : Download Fail:Sahara Fail:QSaharaServer Failrocess fail
hope somone can clarify if its even possible to recover.
this brick happend after update.
Click to expand...
Click to collapse
Sounds like you have a driver issue make sure you install the Qualcomm drivers
deadman96385 said:
Sounds like you have a driver issue make sure you install the Qualcomm drivers
Click to expand...
Click to collapse
UPDATE:
figured out what is wrong with QFIL
the Firehose File you send reads only 0 bytes this is why qfil stoped working. might also be the problem with the rest of the flashers i tried.
anycase the elf file in the zip is broken ?
any case you have a .MBN version instat of a .ELF maybe that works ?
Seems im making progress.
im using ToolStudio right now.
the only thing i guess is holding me back is im missing 2 files: RAM and Boot image.
these are not present in the firmware file.
is there anyway i could get them ?
Hey guys,
Some guy posted a way to unlock any g8 bootloader via v50s engineering bootloader on sone chinese website. I dont know if im allowed to link it but its via qfil. I dont own a g8 right now but if anyone wants to try it i guess you could message me. Again this is via 9008 mode via qfil and flashing the abl partitions as well as the xbl partitions.
Awesomeslayerg said:
Hey guys,
Some guy posted a way to unlock any g8 bootloader via v50s engineering bootloader on sone chinese website. I dont know if im allowed to link it but its via qfil. I dont own a g8 right now but if anyone wants to try it i guess you could message me. Again this is via 9008 mode via qfil and flashing the abl partitions as well as the xbl partitions.
Click to expand...
Click to collapse
Can you post the link? I have done a lot of research on this and talked to the guy from China who sells all the hardware modded phones on taobao, and he and others have all confirmed that the bbs.gfan guides only work on this hw modded phones. I am fairly confident that the firehose used in this guide will be the xiamo 855 one which will not work on a normal g8
antintin said:
Can you post the link? I have done a lot of research on this and talked to the guy from China who sells all the hardware modded phones on taobao, and he and others have all confirmed that the bbs.gfan guides only work on this hw modded phones. I am fairly confident that the firehose used in this guide will be the xiamo 855 one which will not work on a normal g8
Click to expand...
Click to collapse
If youre willing to test and try it
https://bbs.lge.fun/thread-110.htm
That wouldnt make any sense. They all just want to make money thats what people will tell you thats itd impossible. Xsavi for the g7 also confirmed for the firehose for that g7 with that chipset would work.
Awesomeslayerg said:
If youre willing to test and try it
https://bbs.lge.fun/thread-110.htm
That wouldnt make any sense. They all just want to make money thats what people will tell you thats itd impossible. Xsavi for the g7 also confirmed for the firehose for that g7 with that chipset would work.
Click to expand...
Click to collapse
It does make a lot of sense... LG put soc protections while xiamo not as much, and the xiaomi firehose will work with a "stock" sdm 855 soc. The 845 firehose for the g7 has been leaked, so that works. I've personally made accounts and gotten the firehose from a number of posts and it's the xiaomi one
antintin said:
It does make a lot of sense... LG put soc protections while xiamo not as much, and the xiaomi firehose will work with a "stock" sdm 855 soc. The 845 firehose for the g7 has been leaked, so that works. I've personally made accounts and gotten the firehose from a number of posts and it's the xiaomi one
Click to expand...
Click to collapse
You could at least try putting it in qfil mode and try opening the partition mamager with it to check and maybe read the data from it.
antintin said:
It does make a lot of sense... LG put soc protections while xiamo not as much, and the xiaomi firehose will work with a "stock" sdm 855 soc. The 845 firehose for the g7 has been leaked, so that works. I've personally made accounts and gotten the firehose from a number of posts and it's the xiaomi one
Click to expand...
Click to collapse
Xiaomi has the same protection
The HW modded ones are just changed SoCs, switching from LG one to a Xiaomi one. Xiaomi releases their firehose for every phone they release.
Firehose/9008 mode are manufacturer dependant (could even me made model dependant). The code for the 9008 is in the SoC directly (not on some flash memory around...), and every manufacturer basically gets an encryption code for a certain SoC, and that one is used for the Sahara Procotol (9008 mode), and the corresponding firehose has the same code in it, so they can communicate.
Switch SoC with a different manufacturer -> Use their firehose.
Xiaomi ones are just easily available i guess in china (as they sit at the source), and freely available firehose -> even better.
Awesomeslayerg said:
If youre willing to test and try it
https://bbs.lge.fun/thread-110.htm
That wouldnt make any sense. They all just want to make money thats what people will tell you thats itd impossible. Xsavi for the g7 also confirmed for the firehose for that g7 with that chipset would work.
Click to expand...
Click to collapse
The "firehose for the g7" is a firehose for ALL LG (and only LG) SD845 devices, G7, V35 and V40. It wont work for a Oneplus, or a Xiaomi or so.
But yeah, they all want to make money, thats why firehoses usually arent freely available, otherwise they couldnt sell their services
There exists a firehose for LG SD855 devices... and a few people have it already, but why give it out for free, when you can make tons of money with it (especially when they very likely had to pay a ton of money to get it in the first place).
SGCMarkus said:
Xiaomi has the same protection
The HW modded ones are just changed SoCs, switching from LG one to a Xiaomi one. Xiaomi releases their firehose for every phone they release.
Firehose/9008 mode are manufacturer dependant (could even me made model dependant). The code for the 9008 is in the SoC directly (not on some flash memory around...), and every manufacturer basically gets an encryption code for a certain SoC, and that one is used for the Sahara Procotol (9008 mode), and the corresponding firehose has the same code in it, so they can communicate.
Switch SoC with a different manufacturer -> Use their firehose.
Xiaomi ones are just easily available i guess in china (as they sit at the source), and freely available firehose -> even better.
The "firehose for the g7" is a firehose for ALL LG (and only LG) SD845 devices, G7, V35 and V40. It wont work for a Oneplus, or a Xiaomi or so.
But yeah, they all want to make money, thats why firehoses usually arent freely available, otherwise they couldnt sell their services
There exists a firehose for LG SD855 devices... and a few people have it already, but why give it out for free, when you can make tons of money with it (especially when they very likely had to pay a ton of money to get it in the first place).
Click to expand...
Click to collapse
I googled aroumd for hw modded lg g8 and i couldnt find them. Im gonna buy a us model soon to try it out.
Awesomeslayerg said:
I googled aroumd for hw modded lg g8 and i couldnt find them. Im gonna buy a us model soon to try it out.
Click to expand...
Click to collapse
Yeah because they are only on taobao and Chinese sites. Also Google translate calls it "hard solution" instead of hardware modded btw. You can just look up LG g8 root taobao and you'll find them
Awesomeslayerg said:
I googled aroumd for hw modded lg g8 and i couldnt find them. Im gonna buy a us model soon to try it out.
Click to expand...
Click to collapse
Dude look... See the screenshot? That is the firehose link from that website and its this same link we've seen before, and it's THE XIAOMI FIREHOSE
I tried that firehose a few weeks ago with G8. Does not connect with qfil or octopus jtag.
zeek6228 said:
I tried that firehose a few weeks ago with G8. Does not connect with qfil or octopus jtag.
Click to expand...
Click to collapse
Were you the one who tried to cross flash with octoplus box? Has anything else happened with that
antintin said:
Were you the one who tried to cross flash with octoplus box? Has anything else happened with that
Click to expand...
Click to collapse
Yes I tried to crossflash G8 with octopus. It gives IMPL error. You still have download mode but no kdz for Sprint/AT&T. All of these can be sent back to LG for warranty, it is no big deal.
zeek6228 said:
Yes I tried to crossflash G8 with octopus. It gives IMPL error. You still have download mode but no kdz for Sprint/AT&T. All of these can be sent back to LG for warranty, it is no big deal.
Click to expand...
Click to collapse
Do you have any info about when the firehose will be added to octopus
@antintin
https://mega.nz/file/k4p0VSxQ#ejn3vqW12ivdLhLuT8DjfWRLE4KiUc6AAPc7_QlMFt0
Reuploaded SDM 855 firehose file from the LGE fun thread, managed to create a baidu account last night and get it downloaded.
edit:
Reuploaded the QPST file linked on the LGE.fun thread as well here:
https://mega.nz/file/Uw5SwChQ#g7jz3ma2vxVDZQ_UcFN59vycFvukpOfq_dCFUiGYVR4
ABL and XBL files as well: https://mega.nz/file/plYglChY#-DRLO0ZouCxtOP2ZanRrnE2R7pMjmANgYMheRk3BEHc
VOLTE files: https://mega.nz/file/BkxzELaD#kILReW8bPuYb17bSDn29TewQCa93YzNiQtK0au3S2Xg
jazir said:
@antintin
https://mega.nz/file/k4p0VSxQ#ejn3vqW12ivdLhLuT8DjfWRLE4KiUc6AAPc7_QlMFt0
Reuploaded SDM 855 firehose file from the LGE fun thread, managed to create a baidu account last night and get it downloaded.
edit:
Reuploaded the QPST file linked on the LGE.fun thread as well here:
https://mega.nz/file/Uw5SwChQ#g7jz3ma2vxVDZQ_UcFN59vycFvukpOfq_dCFUiGYVR4
ABL and XBL files as well: https://mega.nz/file/plYglChY#-DRLO0ZouCxtOP2ZanRrnE2R7pMjmANgYMheRk3BEHc
VOLTE files: https://mega.nz/file/BkxzELaD#kILReW8bPuYb17bSDn29TewQCa93YzNiQtK0au3S2Xg
Click to expand...
Click to collapse
We've had those files for a while they aren't really of use to us
For those not following the other threads, I'm cross posting , its not directly for bootloader unlocking but if the exploit is transferable, it's a promising first step.
If there was ever a time to stop OTA updating, now is it!
For those not already following, check out:
https://forum.xda-developers.com/v50-thinq/development/lg-v50-temp-root-exploit-via-cve-2020-t4098077
Basically they've figured out a way to get temp root on the Lg V50 which may lead to bootloader unlocking and permanent root.
One caveat, this exploit is likely patched in newer OTA updates of Android 10 (need March or older) and the exploit has to be changed for each firmware version. Not a big deal for those that have public KDZs but for Sprint devices hopefully the images are similar enough that the required addresses are the same across the variants. Here's hoping (I've got two Sprint devices).
Thanks to antintin as their rollback guide will become crucial for many:
https://forum.xda-developers.com/lg-g8/how-to/people-trying-beta-want-to-revert-t4011925
kevin_bouchard said:
For those not following the other threads, I'm cross posting , its not directly for bootloader unlocking but if the exploit is transferable, it's a promising first step.
If there was ever a time to stop OTA updating, now is it!
For those not already following, check out:
https://forum.xda-developers.com/v5...g-v50-temp-root-exploit-via-cve-2020-t4098077
Basically they've figured out a way to get temp root on the Lg V50 which may lead to bootloader unlocking and permanent root.
One caveat, this exploit is likely patched in newer OTA updates of Android 10 (need March or older) and the exploit has to be changed for each firmware version. Not a big deal for those that have public KDZs but for Sprint devices hopefully the images are similar enough that the required addresses are the same across the variants. Here's hoping (I've got two Sprint devices).
Thanks to antintin as their rollback guide will become crucial for many:
https://forum.xda-developers.com/lg-g8/how-to/people-trying-beta-want-to-revert-t4011925
Click to expand...
Click to collapse
We're not sure about bl unlock yet because one user with the Korean v50 tried to dd flash the abl, xbl, and xbl config, and the command went through successfully, but the files didn't stay after reboot. Maybe there's a way around this, but who knows.
antintin said:
We're not sure about bl unlock yet because one user with the Korean v50 tried to dd flash the abl, xbl, and xbl config, and the command went through successfully, but the files didn't stay after reboot. Maybe there's a way around this, but who knows.
Click to expand...
Click to collapse
I have some insight on the issue of the files not staying. It has to do with the partition size differences of the engineering abl bootloader and the phone's original bootloader. The original abl partition on the actual UFS chip is about 1-2 MB in size, when the engineering image is only about 300 KB. When writing the partition through dd or Octoplus Box, it is only written to the start of the partition. The issue is that it is not written properly and the system believes it is corrupt due to a size mismatch (the disk tells us the partition is 300 KB, while the GPT table tells us it's 2 MB). For instance, this is an issue also encountered when flashing a system image in TWRP (uses dd method) that is not exactly the size of the target partition (writing a 5 GB image to a 64 GB disk). The solution is to write the disk partitions from fastboot, since it automatically resizes the disk image to fit onto a larger disk partition. Unfortunately in this case, we do not have fastboot to do this. A workaround is to write the abl partition onto the laf partition (download mode), and then enter download mode which will enter into fastboot mode as normal. Another solution could be to resize the abl partition to fit before writing it, but I am unaware of how to do this. Also, using an alternative Linux utility instead of dd could solve this issue...
I've already know the method uses flash tools which need to pay. But how dose it works? From the previous devices we can know that official roms added a auth process in firehose. And SDM845 and older devices can flash without a authorized EDL account by replacing firehose files. So is there a similar way to for k20p?
Hello, noob here following the instructions in this this article to debug my hardbricked Moto One Power. I downloaded the stock firmware from this site. Step 5.1 of the article requires us to select the firehose programmer file (.elf or .mbn format) to proceed. This was supposed to be in the firmware package itself however I cannot find it. Can someone tell me if I installed the wrong firmware package? If not, where can I find the programmer file? Thanks.
Help!
After making a few experiments, I am stuck in EDL mode because XBL partition was erased.
So I need to reflash the original ROM using EDL.
I downloaded MiFlash20210226 and it connects to my account but the it says I'm not authorized.
How can I ask for authorization and unbrick it?
I know that firehose on "sweet" is authenticated by xiaomi... and there is no way to use a modded firehose, becouse it is also signed.
Any help?
If anyone has an autorized account, I would only neeed it to reflash the stock rom.
(Or if you know how to get an even momentary authorization)
That's not xiaomi... but the usual people using a single authorized account and reselling it's use. I was asking how to be officially authorized by xiaomi. and who to contact...
have you tried XiaoMiTool ?, Its able to bypass account authentication to unbrick, flash and lock or unlock bootloader, google it and have a read so you know how to use it, id say its your last hope without going for a repair.
im in the same boat bud.... I've tried everything i can throw at it... nothing yet.. I have a guy trying to help me, but I'm not super tecchnicaly talented..
@Zibri have you ever fixed that phone or still a brick?
fixed it the same day.
can you share the firehose please? did you patch it your own?
Zibri said:
fixed it the same day.
Click to expand...
Click to collapse
How you fix it I been on edl mode for the longest n I need a authorized account!!!
jglm4u said:
How you fix it I been on edl mode for the longest n I need a authorized account!!!
Click to expand...
Click to collapse
Contact russians or asians on telegram.. google for authorized xiaomi account... and they will solve it for a few dollars.
... so still no patched firehose programmer available as of today.
aIecxs said:
... so still no patched firehose programmer available as of today.
Click to expand...
Click to collapse
Theirs a firehose for note 10 pro n tools n steps at hiunlock com but got to register n pay a small fee
we have a collection thread here, feel free to submit.