I have bricked my phone. It's stucked in a boot loop.
I had an up-to-date, non-rooted, locked XT1524. Since 3G and 4G didn't work on my country, first I tried flashing the modem and baseband from a retail XT1527 stock ROM. The flashing went OK, but 3G and 4G still didn't work (as happened to pablo_cba in this thread).
Then I turned my common sense off and tried flashing the whole XT1527 ROM. I though that since they were stock ROMs I didn't have any need to root the phone (or install TWRP). And since I was flashing the same version I had, I didn't need to unlock the bootloader either. Wrong! The ROM I flashed was version 5.1 (23.29-15), and my current ROM at the moment was 5.0 (22.50-X). Since I haven't unlocked the bootloader, I can't go back to the retail XT1524 stock ROM published here.
I was able to flash gpt.bin and bootloader.img, but things went south on boot.img. Now the bootloader is stuck with the following error:
Code:
version downgraded for boot
failed to validate boot image
Trying to flash boot.img (or system) fails with error:
Code:
hab check failed for boot
Failed to verify hab image boot
Trying to go back to XT1524 ROM fails with:
Code:
version downgraded for aboot
Trying to unlock the bootloader fails with:
Code:
Enable OEM Unlock
Which is obvious because I haven't enabled it on the phone, but it sucks because I can't boot and enable it.
So, here goes my questions:
- What does the "hab check failed" means? Is there any way to bypass it and finish flashing the XT1527 ROM?
- Is there any way to unlock the bootloader without enabling it first on developer settings?
- Is there anything I can do other than waiting that 5.1 gets rolled to XT1524 phones, and that a stock ROM for it gets leaked?
Thanks a lot for your kindly help!
Ah, I know exactly what happened. The good news is that your device is not bricked. The bad news is that you will need to wait a few weeks for the XT1524 5.1 stock images to be released.
The CID is a one byte Motorola specific value that indicates which region your device is for. Boot and system images are signed by Motorola tools that sign for a specific CID. The bootloaders for Motorola phones are signed with qualcomm tools that do not care about CIDs. As a result, you can flash a bootloader meant for a device with a different CID, but you can't flash a boot or system image for a different CID (while bootloader locked).
Since the bootloader is not CID specific, you were able to flash the new bootloader. The new bootloader blows fuses to increment the security version and prevent rollback. It will not allow you to flash an older boot and system image, since they may contain vulnerabilities. Now, the bootloader won't allow you to flash anything except a new 5.1 ROM signed for your CID.
I'd recommend just waiting a few weeks for the signed official 5.1 images for XT1524 to be released.
If you can't wait and are willing to take your phone apart and void the warranty and solder onto stuff, you can circumvent the Factory Reset Protection feature to unlock your bootloader. I don't recommend doing this, but it can be done. You will need to solder onto test points for the flash (that will be located underneath shielding cans). Writing 0x01 to the last byte of the frp partition will enable bootloader unlocking. Once again, I don't recommend doing this, I'm just stating what is possible.
EDIT: It might be worth a try seeing if Motorola will do something under warranty. The challenge will be to explain your problem in a manner that will not make them consider it to have been damaged by you. I don't know what they will think of your issue.
The exact thing happened to me. I think that the 5.1 firmware will arrive soon to your device. I took to my carrier, and they gave a new one in 2 weeks. I think that Motorola won't help you, as you requested the bootloader code.
Related
I have a XT1527 Moto E, and I wanted to flash the 5.1 rom I found (can't link it, but it's the one called surnia retus in motofirmware.centerit), it is stock firmware and my bootloader is locked so I tried flashing by extracting and flashing the contents one per one. It gave me an error saying preflashing validation error. My phone now won't go further past the fastboot, with the logs saying "version downgraded for boot / failed to validate boot image". To me, it sounds like the phone knows that it's not the official firmware for my specific phone or something.
I'm thinking about unlocking the bootloader and then reflashing the rom, maybe even flashing TWRP, formatting everything and then flashing the rom. I don't know if any of this is possible, and I'm nervous about the phone. What should I do?
Puertasamuel said:
I have a XT1527 Moto E, and I wanted to flash the 5.1 rom I found (can't link it, but it's the one called surnia retus in motofirmware.centerit), it is stock firmware and my bootloader is locked so I tried flashing by extracting and flashing the contents one per one. It gave me an error saying preflashing validation error. My phone now won't go further past the fastboot, with the logs saying "version downgraded for boot / failed to validate boot image". To me, it sounds like the phone knows that it's not the official firmware for my specific phone or something.
I'm thinking about unlocking the bootloader and then reflashing the rom, maybe even flashing TWRP, formatting everything and then flashing the rom. I don't know if any of this is possible, and I'm nervous about the phone. What should I do?
Click to expand...
Click to collapse
You most likely will not be able to unlock the bootloader now, as it relies on a setting in the system itself (which will not boot for you.) You are in a tight spot right now, and you have my sympathies! First off, is your phone carrier branded? Secondly, did you get the error message right away, or did you successfully flash some of the firmware before hitting the error?
brotherswing said:
You most likely will not be able to unlock the bootloader now, as it relies on a setting in the system itself (which will not boot for you.) You are in a tight spot right now, and you have my sympathies! First off, is your phone carrier branded? Secondly, did you get the error message right away, or did you successfully flash some of the firmware before hitting the error?
Click to expand...
Click to collapse
I live in Colombia, and every carrier here unlocks their phones, so mine is unlocked and probably uses a generic firmware. The error appeared after I tried flashing one per one, I guess it wrote something, but then the verification failed or something. I had flashed the first file, I think. Please help me, man, I don't know what to do.
Puertasamuel said:
I have a XT1527 Moto E, and I wanted to flash the 5.1 rom I found (can't link it, but it's the one called surnia retus in motofirmware.centerit), it is stock firmware and my bootloader is locked so I tried flashing by extracting and flashing the contents one per one. It gave me an error saying preflashing validation error. My phone now won't go further past the fastboot, with the logs saying "version downgraded for boot / failed to validate boot image". To me, it sounds like the phone knows that it's not the official firmware for my specific phone or something.
I'm thinking about unlocking the bootloader and then reflashing the rom, maybe even flashing TWRP, formatting everything and then flashing the rom. I don't know if any of this is possible, and I'm nervous about the phone. What should I do?
Click to expand...
Click to collapse
I have the same problem in my xt1527 chile
It appears trying to flash the 5.1 to a phone that is bootloader locked and is running the wrong rom for it is an insta-brick. I have yet to see a fix for it. I tried it on a cricket version and it ended up successfully flashing the bootloader and a few other things, but not otheres. That then prevented me from going back to stock because it would require downgrading the bootloader. I sold it online (full disclosure of course) and am buying another one.
Hi all! I tried to flash 5.1 retus on a 5.0.2 retla variant (as the tutorial said it would work on all variants, and both are for XT1527) without unlocking the bootloader.
Sadly it won't boot (boots directly to bootloader) and can't go back to stock.
It says: 'version downgraded for boot' 'failed to validate boot image'
This is a problem because everything I find about it says that I should either unlock the bootloader or find a newer retla ROM to flash over. Sad part is that this version is not coming any soon.
I tried to unlock bootloader afterwards but since I've never checked the option inside Dev Options this is like a no-go.
Any ideas?
just wanted to say i had been running my verizon note 3 (non-dev edition) like everyone else here
with the bl unlocked to dev edition and rooted most likely with either kingo or supersu through teamyemin or proyemin and i think there is another one too.
basically if you want to go back 100% original (including your original cid) its not as easy as you might think.
first thing i did was wipe everything that was possible to wipe from within twrp recovery.
next i booted to odin download mode
from there i flashed the OB6 official firmware
then i rooted using the kingo method as this seemed the most likely not to infect my computer and possibly only stole info from my phone. (this used the 2 files 1.tar and 2.tar flashed with odin for pc)
i then verified my root and installed terminal emulator end es file explorer root
i copied samsung_cid to phone sd card and used es file explorer root to move to ./data/local/tmp
changed my cid back to original and rebooted phone
booted to stock recovery and wiped everything i could and booted into odin download mode
flashed OF1 official
there is a very important part that could get alot of ppl phones into brick mode.
when you goto change the cid back to original you better already have the stock BL on and running and >>>NOT<<< the DEV-BL
that is why i chose to flash an official OB6 rom first
if you try to change the cid to original non-dev edition and reboot your phone this could have problems since you would have the dev bl flashed with a non dev bl cid
when the cid for the dev edition became available you could change the cid first and boot into the bl and it would say something like developer mode enabled or someting like that even if you had the stock bl flashed (not the dev bl)
this is fine
only problem is if you change that cid back to stock/original non-dev while you are running the dev bl
i dont know what would happen but i bet it wouldnt be good.
ok next part i think is important is getting rid of kingo root as much as possible and that is why i flashed the OB6 firmware first and then OF1 for my very last step.
ok thanks.
i know alot of ppl are probably gonna say why would you want to go back to stock original cid and my answer is this.
phone is really stable and also if i want to sell it which im thinking about.
hope it helped some ppl.
Where do we get our original Cid?
The method used to do the unlocking runs the tool in two passes, like this:
pass1: change the CID.
pass2: (create debrick image &) alter the aboot partition sig to the DevEd sig.
There is no reason this can not be reversed (assuming you have root on ANY ROM) e.g. :
pass_negative_2: flash stock aboot to aboot partition.**
pass_negative_1: revert the CID by altering the original code to write your CID (minor code change and recompile).
** must be from the exact same version of boot firmware you have on the phone; you could use "dd" for this.
There's no reports of people trying this explicitly, but OTOH note this: there were owners of DevEd devices that accidentally flashed stock bootloaders. They didn't change their CID, and they didn't brick. They just couldn't go back to an unlocked bootloader any longer, or boot custom kernels: they converted their phones to retail without ever changing their CID.
Anyhow, it appears that you went through a ton of effort, when all you needed to do was flash the stock "aboot" back into place.
It probably isn't even necessary to revert the CID back.
ExpialZLD said:
Where do we get our original Cid?
Click to expand...
Click to collapse
You recorded it - as a precaution - when you went through the unlocking process. Didn't you?
As I mentioned above, it probably doesn't matter anyway.
@OP: did your "Custom" boot logo disappear eventually?
PS even after doing this the phone will still have a blown knox warranty flag and certain TZ/qseecom functionality will no longer work, even with 100% pure stock on the phone.
bftb0 said:
The method used to do the unlocking runs the tool in two passes, like this:
pass1: change the CID.
pass2: (create debrick image &) alter the aboot partition sig to the DevEd sig.
There is no reason this can not be reversed (assuming you have root on ANY ROM) e.g. :
pass_negative_2: flash stock aboot to aboot partition.**
pass_negative_1: revert the CID by altering the original code to write your CID (minor code change and recompile).
** must be from the exact same version of boot firmware you have on the phone; you could use "dd" for this.
There's no reports of people trying this explicitly, but OTOH note this: there were owners of DevEd devices that accidentally flashed stock bootloaders. They didn't change their CID, and they didn't brick. They just couldn't go back to an unlocked bootloader any longer, or boot custom kernels: they converted their phones to retail without ever changing their CID.
Anyhow, it appears that you went through a ton of effort, when all you needed to do was flash the stock "aboot" back into place.
It probably isn't even necessary to revert the CID back.
You recorded it - as a precaution - when you went through the unlocking process. Didn't you?
As I mentioned above, it probably doesn't matter anyway.
@OP: did your "Custom" boot logo disappear eventually?
PS even after doing this the phone will still have a blown knox warranty flag and certain TZ/qseecom functionality will no longer work, even with 100% pure stock on the phone.
Click to expand...
Click to collapse
Does by record do you mean by using a tool or like taking a picture of the cid
ExpialZLD said:
Does by record do you mean by using a tool or like taking a picture of the cid
Click to expand...
Click to collapse
Cut-n-paste to a text file.
The tool spews out onto the screen the device's CID before it goes about changing it.
That assumes you followed the directions in the OP and used ADB. Or, didn't follow those instructions and used a terminal emulator. (I don't know whether or not the app shows you the output from the binary).
As I mentioned, folks that had DevEd devices (that is, "factory unlocked" bootloaders) that made the mistake of flashing stock firmware turned their DevEd phones into retail phones - without ever changing the CID to some other value. So it may not even matter - you end up with a "retail" phone with the same CID that you currently have.
In any event, if you didn't record the previous CID, there's nothing to do about it.
The OP mentions something called "samsung_cid". I presume he is talking about a mod of the original code that allows you to re-write the CID to an arbitrary value.
I've done a good bit of scouring here but cannot seem to get a definitive reason or fix to my current issue.
Here's the order of events:
Bought a new N200 unlocked version.
Unlocked bootloader - no issues.
Put TWRP on it - still a WIP so the issues with it were expected. It's minimal and is not fully working. I was aware of this and succeeded at this step as well.
Put Magisk on it. Once again, minimal issues.
Decided to return to stock because it's difficult to update the device.
Removed root. Complete uninstall of magisk.
Used payload dumper to extract the factory boot image. Used the same method to reinstall this to the device.
Booted back to stock recovery. Completely wiped device keeping system intact. Then booted up.
Booted back to fastboot to relock bootloader. ERROR - DEVICE CORRUPT.
Hardware booted back to fastboot and unlocked bootloader. Device works.
New partial update rolls out. Cannot update.
So here's the issue. I cannot relock the bootloader or the device will read as corrupt and not boot up. I also cannot update the device because it states the device is either "busy" or has an "installation problem". I also cannot sideload from recovery because it states the device is unauthorized (weird since the bootloader is still unlocked) and sideload doesn't really seem to work via fastboot either.
Any tips or help that can get me completely back to stock on this unlocked variant would be greatly appreciated.
You'll have to just redo everything msm your device back to factory. Then update to the partial patch. Afterwards you can do the root process.
Winnower Amber said:
You'll have to just redo everything msm your device back to factory. Then update to the partial patch. Afterwards you can do the root process.
Click to expand...
Click to collapse
The problem lies in the MSM part of your reply Winnower. I have the unlocked variant. The tool for that is not available. Not yet, anyways. But I am hopeful I will be getting my hands on that today for the community.
You could use Android studio to piggy back on the update file.
When you relock the bootloader, you have to have correct vbmetas. (Verified boot metadata). When you unlocked, OnePlus automatically disabled them. They may have been cleared (This is the usual way to disable verified boot, by blanking the hashes from the vbmetas.) or they may just not match the current version installed.
You restored to the "full" OTA version from the website, but if you previously took a "patch" OTA update over the network, your existing vbmetas would not match the full OTA version.
Also, keep in mind there are two slots to deal with. The sideload update mechanism checks both copies for modification, and you probably only reverted one.
I've read comments by others that relocking the bootloader is not a requirement for the sideloader to update, but reverting the software is.
I have tried for multiple hours to get fastboot and ADB to work with my S6 Edge but it is not working. I suspect I might need to try older Samsung drivers (I only tried the latest ones as far as I remember). I wanted these tools in order to check if my bootloader was unlocked so that I wouldn't brick my device if I tried to install a custom ROM and TWRP. Anyway I followed a video and installed TWRP on my phone and installed Lineage OS Android 10 without checking the bootloader since the guy in the video did not mention doing so and still installed the custom ROM and TWRP. It is working fine. I know it is most likely that since this was possible, the bootloader should probably be unlocked but I just wanted to confirm with more experienced smartphone modders if this is indeed the case. Is it then safe to root my phone without checking bootloader?
Sub-question: If a person were to theoretically attmept to install custom ROM or TWRP or root the phone while the bootloader is locked, would that result in the root failing but the device still being usable or would the attempt result in the device being bricked? IE if the bootloader is locked is it dangerous to attempt to flash software to the phone or will it result in a harmless "failed" message, etc.?
Thank you.