Better Mobile App

LG D325 - boot error, boot certification verify, DBI Err fatal

Device: LG-D325
I tried rooting, unlocking bootloader, and installing custom rom (this link).
I successfully gained root & unlocked bootloader. Than it all went down.
I flashed recovery and booted into it, using "fastboot boot recovery.img" command.
I flashed cm12.1 and after that I got the "purple screen" error.
When phone is off and I try to normally turn it on:
1st screen:
Code:
Secure booting error!
Cause: boot certification verify
2nd screen:
Code:
DemiGod Crash Handler : DBI Err Fatal!
Board Rev.: 1.0
Ram dump mode.
Option : SD card ram dump mode.
Push below files to sd card before test.
rdcookie.txt, rtcookie.txt
Please do following action.
1) Ram dump Mode. Please connect USB.
2) Get the ram dump image using QPST Configuration.
3) If sdcard ram dump enabled just wait for reboot.
4) Collect ramdump files from your pc or sdcard.
5) Send e-mail to [email protected]
The same happens when I plug in the USB cable when phone shut off.
Also, I cannot enter the fastboot menu (previously I could - before flashing CM12.1 via recovery) using volume UP + power buttons. Therefore, I cannot enter recovery.
Any info on this situation?

You need to short the test point of your phone and force the phone to qhsusb dload mode after that boot repair
it will repair your phone's download mode
And flash the phone
Br
Shahzaib Jahangir

Is there any way to fix this problem bro with out jtak
Thanks.

The test point method is not the JTAG method
razeen said:
Is there any way to fix this problem bro with out jtak
Thanks.
Click to expand...
Click to collapse
Use the test point method. It works very well and it's quite easy. But first I recommend you try "LG Flash Tool 2014" . If that works, no need to open up the phone for test point method. If you are already seeing pink screen demigod error DBI fatal error, no need to go for JTAG I think.
Feel free to ask if you need assistance for testpoint method. I have already published the method for few other people here on XDA. A little search will bring you there

my Lg325 also violet and dump mode cant flash i go to celpon repair but they cant fix my pon pls help me tnx

gilliane.08 said:
my Lg325 also violet and dump mode cant flash i go to celpon repair but they cant fix my pon pls help me tnx
Click to expand...
Click to collapse
May be I can help you. But first you need a PC, a good internet connection and patience.. If you're interested, reply me.. I will guide you how to unbrick or come out from that pink screen/demi-god screen

honeybun.1986 said:
May be I can help you. But first you need a PC, a good internet connection and patience.. If you're interested, reply me.. I will guide you how to unbrick or come out from that pink screen/demi-god screen
Click to expand...
Click to collapse
same problem here
can you help, please?

LG D325f L70
UPDATE
Now i have QDLoader 9008 (i've installed driver manually without signature). I don't know why my computer did not recognise automatically installed drivers
Else i trieb Board diag
I,ve tried QFIL QPST and recieved
/*invalid image type recieved*/
is_ack_succesfull : 1031 SAHARA_NAK_INVALID_IMAGE_TYPE
sahara protocol error
uploading image using sahara protocol failed
Before that
BoardDiag 3.99c I have an error
AP CHECK START
FAILED during loading flash programmer
There were already messages about this trouble,but there are no solution, so i am asking for it.
LGE AndroidNet USB
qhsusb_bulk
Previously i had Pink screen and Lg Pc Suite could recognize my phone
I,ve tried Format to Fat32 my inner phone emmc(i did not insert in my phone microSD card) DiskImageRev2.zip and LoaderD325.img. After format to fat32 it was 4gb.When i,ve installed loader.img it became 64mb with 2 folders in it. Device monitor showed the phone as qhsusb_bulk (i already had istalled Qualcomm drivers) After installation of LGMobileDriver_WHQL_Ver_4.0.4.exe ( 12,39 МБ )
It was recognised as LGE AndroidNet USB. (com port 3) After that i tried LgFlash tool (tot and kdz firmware,it showed error on 50%) 2014 and BoardDiag also showed error .
I can not convert it to Qualcomm HS-USB QDLoader 9008 (I saw many articles where people with qhsusb_bulk converted it to Qualcomm 9006 after installation of qualcomm drivers,but it did not works for me. Please help
Any ideas? I heared about SRK tool 2.1 Does it works for my Lg L70 D325? Or maybe QPST, or ADP

honeybun.1986 said:
May be I can help you. But first you need a PC, a good internet connection and patience.. If you're interested, reply me.. I will guide you how to unbrick or come out from that pink screen/demi-god screen
Click to expand...
Click to collapse
Please help me

My lG D325 cant on recovery and download mode. Fatal error. Who can help me

Gayan360 said:
My lG D325 cant on recovery and download mode. Fatal error. Who can help me
Click to expand...
Click to collapse
I think you are referring to the famous "purple screen" mode. Relax, that is not hard to get pass.
Follow the steps below.
But, be warned, I am not responsible for any damage caused by following these methods.
Your phone's battery has to be charged at least 50%.
You'll need a USB "data" cable.The one came with your phone is the best. Some third party cables have only power lines connected in and they will not work. So, make sure you have the "data" cable.
1. First, we have to install the necessary drivers(I am assuming that you're using a Windows PC) .
Here are the drivers. Download, install and give your PC a restart.
2. Download LG flash tool 2014 from here and extract it to your root directory(For example, drive "C " in your PC )
3. Download the firmware file for your specific phone model. In your case, as you have mentioned, it is LG D325. This is a link to a matching firmware for LG L70 D325. This file is big and its around 920MB. After download, extract the zip file to the folder where you copied the LG Flash tool 2014.
4. I hope the above mentioned steps were followed correctly and you're ready now. Remove your battery, press the power button for 5-10 seconds and then re insert the battery. press the volume up button and plug the USB cable(The other end has to be plugged in first to PC. Refer to this video if you are unclear.
5. Now launch "LG Flash tool 2014.3.exe" (right click on it and select "run as administrator" for best results).
6. Once the program is open, and click on 1 and select your kdz file which you got from the step 3. Then click either "Normal Flash(2)" of "CSE Flash".
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
7. Now another window will appear and click "Start" as in this picture.
wait until the program finishes and once done, you'll get the initial setup screen on your phone with a greeting message.
If you're still unclear, please pass a comment. Happy communicating..

[Howtos] Debrick Nexus 6p stuck in EDL (9008) mode.

there are too many people have bricked their device. so here is the guide on how to debrick your device.
1. download the factory firmware ,uncompresss to your local disk. links : http://pan.baidu.com/s/1bC1tJw ; direct link from my server: https://tenfar.com/usr/uploads/nexus6p_fix_bricked.zip .use baidu disk .if you can. bandwidth limited.
2. download the EDL mode drivers ,and install to your pc. links: https://pan.baidu.com/s/1bpHPXE3
3. download miflash http://api.bbs.miui.com/url/MiFlash and install in your pc
4. run the miflash program and select the firmware ,plug in your phone to usb cable. in pc's device manager it will show the 9008 com port.
5.in miflash will show the com port,click flash,wait for it to finished
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Edited:
How to enter EDL mode:
1 your device is bricked ,stuck in edl mode.try reset your device before flashing with miflash
2 flash a customize boot from cyanogemod or lineage.
Code:
adb reboot edl
3 unlocked phone with fastboot commands ,try this https://forum.xda-developers.com/ne...l-bootloader-extra-commands-nexus-6p-t3564086
4 unlocked phone using fastboot commands to erase sbl1
Code:
fastboot erase sbl1
not recommended
5 erase your sbl1 with dd commoand not recommended
Code:
dd if=/dev/zero of=/dev/block/platform/soc.0/f9824900.sdhci/by-name/sbl1 bs=16384

can you upload to androidfilehost links, not able to download from there.
also is that a normal firmware or special one?

Same here, first link is not working. Is it the standarg Google Factory Image or is it something different?

The Bootloader must be unloked?

I see the following under Device Manager when I connect my Nexus 6P to a Windows 10 Desktop via USB C:
Qualcomm HS-USB QDLoader 9008 (COM3)
I have installed the Mi Flash Tool as above along with USB drivers and Qualcomm drivers. I am not able to flash any factory firmware, however. I receive an error stating that the "hello packet" could not be received followed my an object reference error. I have tried many versions of the Mi Flash Tool to no avail.
Any other suggestions are much appreciated.
Thanks.

catalase said:
I see the following under Device Manager when I connect my Nexus 6P to a Windows 10 Desktop via USB C:
Qualcomm HS-USB QDLoader 9008 (COM3)
I have installed the Mi Flash Tool as above along with USB drivers and Qualcomm drivers. I am not able to flash any factory firmware, however. I receive an error stating that the "hello packet" could not be received followed my an object reference error. I have tried many versions of the Mi Flash Tool to no avail.
Any other suggestions are much appreciated.
Thanks.
Click to expand...
Click to collapse
power off your device with pressed the power key for 30 seconds. if the EDL mode is not in the right state .it will said send hello packet errors.
this firmware is flashed with qcom's firehose protocol. it needs the device in the right firehose state.

@tenfar Can u update to the another host so we can easily download? That's will be great.

@tjchuot287 you can download "nexus6p_fix_bricked" firmware using "Advanced Download Manager" ADM on PlayStore using its built-in browser with "desktop mode" enabled...
Worked for me...
Hope that helps...

@5.1 I mean that i cannot download "USBdriver_8916.zip", but i think i will find it on google and download it instead. Hope it works.

@tjchuot287
I used advanced download manager and both downloaded fine... Since then far already shared the firmware from his server, It's likely he'll provide an alternative link for the driver as well... :good:

@5.1 does it unbricked your phone? Im kind of desperate

Well, I didn't use it... Since my phone is working. :angel:
I guess tenfar wouldn't have posted it if it didn't work. :good:

anyway, how to enter to EDL mode?

tenfar said:
power off your device with pressed the power key for 30 seconds. if the EDL mode is not in the right state .it will said send hello packet errors.
this firmware is flashed with qcom's firehose protocol. it needs the device in the right firehose state.
Click to expand...
Click to collapse
I press the power key for 30 seconds with the USB C cable attached to the computer and the computer does emit a tone as if the phone has been disconnected and the device manager continues to show the Qualcomm HS-USB QDLoader 9008 (COM3). However, I still receive read packet error.
Do you have any other suggestions on how to get it into the correct EDL mode or the correct firehose state?
UPDATE:
[0.00 COM3]:[COM3]:start flash.
[0.00 COM3]:received hello packet
[0.00 COM3]:can not found programmer file.
Hello packet is recevied. However "can not found programmer file" is returned. Programmer file prog_emmc_firehose.mbn is in the extracted contents nexus6p_fix_bricked.zip, however the Mi Flash Tool does not recognize.

tjchuot287 said:
anyway, how to enter to EDL mode?
Click to expand...
Click to collapse
A few posts above yours...:
tenfar said:
power off your device with pressed the power key for 30 seconds. if the EDL mode is not in the right state .it will said send hello packet errors.
this firmware is flashed with qcom's firehose protocol. it needs the device in the right firehose state.
Click to expand...
Click to collapse

@5.1 thank you, I really appreciate your helps, but i think my phone is dead now. I didnt unlock bootloader before so now i cant do anything. Poor me

I'm having the same "cannot receive hello packet" error. I tried to old down the power until the device is re detected in device manager, but it still does the same.

catalase said:
I press the power key for 30 seconds with the USB C cable attached to the computer and the computer does emit a tone as if the phone has been disconnected and the device manager continues to show the Qualcomm HS-USB QDLoader 9008 (COM3). However, I still receive read packet error.
Do you have any other suggestions on how to get it into the correct EDL mode or the correct firehose state?
UPDATE:
[0.00 COM3]:[COM3]:start flash.
[0.00 COM3]:received hello packet
[0.00 COM3]:can not found programmer file.
Hello packet is recevied. However "can not found programmer file" is returned. Programmer file prog_emmc_firehose.mbn is in the extracted contents nexus6p_fix_bricked.zip, however the Mi Flash Tool does not recognize.
Click to expand...
Click to collapse
select the file in advance settings in miflash
从我的 iPhone 发送，使用 Tapatalk

tjchuot287 said:
@5.1 thank you, I really appreciate your helps, but i think my phone is dead now. I didnt unlock bootloader before so now i cant do anything. Poor me
Click to expand...
Click to collapse
I'm not sure this procedure require an unlocked bootloader. However @tenfar may certainly shed some light on this matter...
Hoping you get it sorted though...

Still getting "cannot receive hello packet" error. @tenfar a couple of questions:
- If the phone is detected in Device Manager as "Qualcomm HS-USB QDLoader 9008 (COMx)" do I still need to install the drivers from step 2?
- Do I need a particular combination of power, vol +/- in order to put the phone in the right EDL mode?
When I hold the power button for few seconds, the PC it is connected to makes the standard tone when a USB device is plugged/unplugged, but device manager still show the same device and Miflash still gives me the error when I flash.
Thanks for all the help BTW

[GUIDE] How to unlock the bootloader of Nokia 4.2

WARNING!
THIS GUIDE REQUIRES DISASSEMBLY, SO YOU WILL DEFINITELY LOSE THE WARRANTY!
DO IT AT YOUR OWN RISK!
If you want to repost this guide to other websites, please let me know before you repost.
For Chinese users: 中文版教程将会在dospy发布。
Click to expand...
Click to collapse
UPDATE: I've updated the new tool for unlocking the phone without understanding how to utilize such long commands.
You can watch the demonstration here: https://youtu.be/whrFsn8h7A4
Click to expand...
Click to collapse
So after I got a Nokia 4.2 prototype by opportunity, I just found the theory of bootloader unlocking.
Tricking development options for allowing "OEM unlocking" no longer works on latest security update.
What you need to have:
- a Nokia 4.2 unit that you finished back cover and upper plastic shell removal
- tweezers, and probably a standard philips screwdriver
- QPST (use at least 2.7.474) or any other app that could access the EDL, and Qualcomm USB port drivers are installed
- Latest Google Platform Tools
- Full backup of your userdata
Step 1: Trigger the phone to EDL mode, then change the driver to "Qualcomm HS-USB QDLoader 9008"
Please take a look at the attachment below, about the location you need to use tweezers.
For Windows users:
If the driver is already indicated as "Qualcomm HS-USB QDLoader 9008", get to Step 2.
If the driver is indicated as either "QHSUSB__BULK" (For users who have installed Windows Device Recovery Tool before) or "Qualcomm HS-USB Diagnostics 9008", you must change the driver to "Qualcomm HS-USB QDLoader 9008".
After driver changed, you need to disconnect the phone, disconnect and reconnect the battery ribbon cable, then trigger the phone to EDL again.
I assume the COM port number is 8 (COM8).
Click to expand...
Click to collapse
Step 2: Write config partition
As we already know, config partition is also the frp partition.
You need to create a config partition image that has "OEM Unlocking" function enabled, which need to alter the last byte, then change the overall checksum to make the config file valid.
For your convenience, I've created one.
Now download and extract the attachment below.
Use QFIL included in QPST to load the firehose file. Choose "Flat Build" and choose the "prog_emmc_firehose_8937_ddr.mbn" you extracted from the attachment.
Choose "Tools" - "Partition Manager", then wait for the partition list appear.
As "Load Image" seems not reliable, we have to use command to write it manually.
For 64-bit Windows users, the command is:
Code:
"C:\Program Files (x86)\Qualcomm\QPST\bin\fh_loader.exe" --port=\\.\COM8 --search_path=D:\path\to\where\you\extracted\N32_N42_unlock --sendimage=config.img --start_sector=16583680 --lun=0 --noprompt --showpercentagecomplete --zlpawarehost=1 --memoryname=emmc
If you use 32-bit Windows, you need to remove the " (x86)" (within space, without quotes) in the command above.
Step 3: Trigger the phone back to fastboot mode
Now hold the Volume down key, keep the phone connected, close the partition manager, then your phone will exit EDL mode and enter Fastboot mode directly.
Now check the unlock ability:
Code:
fastboot flashing get_unlock_ability
Expected output:
Code:
get_unlock_ability: 1
Step 4: Unlock the bootloader!
And you can unlock the bootloader with familiar commands.
Code:
fastboot flashing unlock_critical
Confirm unlock on the phone, then keep the volume down key pressed while the phone is erasing userdata.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Your phone will boot to fastboot mode again, and then:
Code:
fastboot flashing unlock
Confirm unlock on the phone again.
All done, that's how the bootloader is unlocked. You can reassemble the phone.
But strange enough, you can't see any unlock warning.
I will release boot image dumping guide and root guide very soon.
Special thanks:
Wingtech for leaking prototype units

why must Nokia insist on locking their devices down so hard ??
great discovery, will definitely be useful once TWRP is released. just curious, but SafetyNet is tripped with this, right?

Great!
Damn Nokia

I don't even own this phone but I kinda want to weigh in, are we seriously at this point? No honestly, Android as a whole was basically were dev focused iOS is locked down to hell and back here's freedom. Google has the Nexus line made for developers companies embraced it I remember there being multiple Google play editions of phones that ran stock Android. I'm happy we as a community can keep this alive but damn are companies trying to make it difficult to do something I want to do to a device I paid for and own. Samsung you can't root (save for sampwn and samfail) LG locked down bootloaders and gimped fastboot on some models (fastboot seriously?) Nokia now requiring you to take apart the freaking phone to achieve this, I'm half asleep and can't think of any other major brands at the moment. It's a joke. (Above root methods were mainly for US variants and TMobile variants of LG) something has to change I know it won't and I understand the reasoning behind it security and such but still. Sorry for the rant congrats OP on what you did I consider it magic but it's more you accomplished something I could only wish I could do.

Will it be possible to do without disassembly? Just in theory, not now

kir23rus said:
Will it be possible to do without disassembly? Just in theory, not now
Click to expand...
Click to collapse
Unwise to say no with absolute certainly, but doubtful

kir23rus said:
Will it be possible to do without disassembly? Just in theory, not now
Click to expand...
Click to collapse
I think it will be possible.
There's a hidden command in aboot "fastboot reboot-emergency" but unusable, unless some sort of authentication is done or bootloader unlocked.
I still don't know how the authentication is done yet, but it's definitely not something that average developers can access to.
That's why disassembly is required for now.

Very interesting breakthrough. Great work
I'm facing the same bootloader unlock in my infinix hot s 3. I believe I can use your procedure to unlock my device. And if necessary how to make changes to the config file? I will be expecting your reply soon. Thanks

Is it possible to explain how the config.img file is altered ? It might not be difficult to alter the last byte , but what does it mean to Change the overall checksum ? I have been trying to do something similar for a while , it would be great if you answered here or via PM , thank you

awab228 said:
Is it possible to explain how the config.img file is altered ? It might not be difficult to alter the last byte , but what does it mean to Change the overall checksum ? I have been trying to do something similar for a while , it would be great if you answered here or via PM , thank you
Click to expand...
Click to collapse
Fill first 32 bytes with 0x00, then calculate SHA256 checksum and paste the new checksum as hex value at the first 32 bytes.

hikari_calyx said:
Fill first 32 bytes with 0x00, then calculate SHA256 checksum and paste the new checksum as hex value at the first 32 bytes.
Click to expand...
Click to collapse
Thank you for taking the time to explain, great help and great effort, the last byte should be altered to 1 ? Or 0 ?

awab228 said:
Thank you for taking the time to explain, great help and great effort, the last byte should be altered to 1 ? Or 0 ?
Click to expand...
Click to collapse
1 for allow, 0 for disallow

do you have any fastboot rom or rawxml rom for this device ??
mine always reboot in bootloader mode.

malkabhai said:
do you have any fastboot rom or rawxml rom for this device ??
mine always reboot in bootloader mode.
Click to expand...
Click to collapse
We have full OTA zip of it.
You can use payload dumper + img2simg to convert it to fastboot images. If recovery mode working (including unofficial TWRP), you can also reboot your phone to recovery mode to sideload it.
PAN-141B-0-00WW-B03-update.zip

I was able to use "OEM Unlocking" from developer options and after starting at step 3, to obtain a full unlock. After I was also able to fully root my phone using the normal guide. I am running the latest security update (October 5 2019). No idea why this worked for me...

Hello,
I've got the Nokia 3.2 16gb variant. I can get it into edl mode but it seems to be in Sahara mode. How can I put it into firehose mode? Because I can't load anything using qfil.
Any help?

Missing pads
Any idea where these pads could be now? That does not seem to be there anymore?

Missing testpoint pads
piteer1 said:
Any idea where these pads could be now? That does not seem to be there anymore?
Click to expand...
Click to collapse
I has the same problem. Thanks in advance.

I don't see those test point in my mobile

Hi, does this work for Nokia 6.1 plus TA-1083? or do you have any trick for this too?
I am able to load phone in EDL Mode by making EDL Points short.
Just in case you read my comment, I have a emmc problem post, if you can help -
https://forum.xda-developers.com/nokia-6-1-plus/help/nokia-6-1-plus-edl-mode-emmc-failure-t4114507

[GUIDE] How to dump boot image and root Nokia 3.2 / 4.2

If you want to repost this guide to other websites, please let me know before you repost.
For Chinese users: 中文版教程将会在dospy发布。
Click to expand...
Click to collapse
So after you unlock the bootloader successfully, you definitely want to install custom ROM, or at least root the phone, right?
Here's the guide about rooting Nokia 3.2 / 4.2.
This guide could probably work on Nokia 6.2 / 7.2 in the future.
Step 1: Unlock the bootloader
https://forum.xda-developers.com/nokia-4-2/how-to/guide-how-to-unlock-bootloader-nokia-4-2-t3962402
For Nokia 3.2, you'll need to read this as well: https://forum.xda-developers.com/nokia-3-2/how-to/guide-how-to-trigger-nokia-3-2-to-edl-t3962841
Step 2: Acknowledge current slot
You have two methods.
Method 1: After USB debugging enabled, execute this command:
Code:
adb shell getprop ro.boot.slot_suffix
Method 2: Under fastboot mode, execute this command:
Code:
fastboot getvar current-slot
We assume the current slot is b.
Step 3: Trigger the phone to EDL mode again
There's a hidden command in aboot known as "fastboot reboot-emergency".
However, normal fastboot binary doesn't have that command at all, so we need to compile a binary or hack the binary.
For Windows users, I've provided the fastboot binary that can use this command, and I renamed it to edl-fastboot.exe. You can download it on the attachment below.
For macOS/Linux distro users, I'm afraid you have to fork the source code, edit related content and compile yourself.
So with this special version of fastboot binary, we can boot the phone to EDL mode directly:
Code:
edl-fastboot.exe reboot-emergency
But wait, why didn't you mention this command when you released bootloader unlock guide?
That's because, if you attempt to use this command under locked bootloader, bootloader will response "Permission denied, auth needed. " and refuse to proceed the command.
I don't know how the authentication is done yet, but it's definitely not something that average developers can access to.
Click to expand...
Click to collapse
Step 4: Use partition manager to dump the partition
If you've came so far when unlocking the bootloader, you have already know the great partition manager.
Still, we assume the COM port number is 8 (COM8).
When the partition list appears, find "boot_b" (or boot_a if the current slot is a), right click on it, choose "Manage Partition Data" and click "Read Data". Then fh_loader binary will dump the boot image to your PC.
For Windows users, it's located at
Code:
%AppData%\Qualcomm\QFIL\COMPORT_8
Where %AppData% is actually C:\Users\your_user_name\AppData\Roaming .
The filename looks like this: ReadData_emmc_Lun0_0x3a000_Len65536_DT_07_09_2019_13_55_54.bin
Now close the partition manager, your phone will exit EDL mode and boot normally.
If you're interested in dumping full eMMC storage, you may want to read this: https://forum.xda-developers.com/android/general/guide-how-to-dump-write-storage-t3949588
Step 5: Install Magisk Manager and patch the boot image you dumped
I think everyone who reading this guide knows where to download Magisk Manager.
Copy the boot image you dumped with QFIL to Download directory in your phone's internal storage, and rename it to boot.img for your convenience.
In case you don't know how to patch, read this guide: https://topjohnwu.github.io/Magisk/install.html#boot-image-patching
Step 6: Flash patched boot image and reinstall Magisk for ensurance
After you pulled patched boot image from your phone, reboot your phone to fastboot mode, then execute these commands:
Code:
fastboot flash boot magisk_patched.img
fastboot reboot
Note, temporarily boot method introduced back for old A/B devices like Nokia 7 Plus no longer works on Nokia 3.2 / 4.2 - it will boot your phone to Qualcomm 900E mode.
Once your phone booted to normal OS, open Magisk Manager, and reinstall Magisk and required runtime to make the root much more effective.
You may want to read this guide if you want to inherit root along with OTA update: https://topjohnwu.github.io/Magisk/tutorials.html#ota-installation
Extra info about custom rom:
I've tested PHH-Treble GSI on Nokia 4.2 and it made me disappointed.
The vendor compatibility is worse than FIH made Android Phones.
You may want to read this for more details: https://github.com/phhusson/treble_experimentations/wiki/Nokia-4.2
Next preview: Stock firmware reinstallation guide. Note, Nokia 3.2 / 4.2 are not made by FIH, so OST LA no longer works on both devices.
Special thanks:
@topjohnwu for Magisk
Wingtech for leaking prototype units

Reserved

not detected
my pc doesn't detect the phone when its in edl mode. before people start asking I unlocked the bootloader by enabling oem unlock in the phone settings.

I have a TA-1156 (a 3.2 variant) that has a different mainboard layout. For quite a while, I tried in vain to bring it into EDL mode - until I just tried the fastboot command "flash unlock" which worked.
I guess I should have tried that right away as I did have the OEM unlocking option in the developer setup.
Anyway, now I'm unlocked but can't access the partitions with the QFIL partition manager. I suspect the phone expects a different programmer than prog_emmc_firehose_8937_ddr.
I can enter EDL mode easily now with the patched fastboot exe. The correct driver is active and QFIL detects the phone. However, as soon as I follow the instructions by setting the programmer, and then try to start the partition manager, the phone stops responding.
After a while, I get a "sahara" error about no reply from the phone.
I wonder if someone has a stock boot.img of the Nokia 3.2 (build 00EEA) lying around ...
Here is someone else's photo of the mainboard (I just realized that it's actually from hikari_calyx!) but on mine, the right one of the test points you marked in your 3.2 variant does not exist, so I edited it out in the photo:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

JFDee said:
Anyway, now I'm unlocked but can't access the partitions with the QFIL partition manager. I suspect the phone expects a different programmer than prog_emmc_firehose_8937_ddr.
Click to expand...
Click to collapse
My guess was right. Now I'm able to reply to myself with a solution.
I tried a different prog_emmc_firehose_8937_ddr than the one provided by @hikari_calyx in the unlock thread
There is a programmer with the same name in this firmware:
sprout-015B-0-00WW-B01 .rar
It's provided by @bouyhy01 in his rooting thread.
The size of the programmer file is slightly different:
Code:
hikari_calyx: 428,936 bytes
Firmware: 428,944 bytes
Long story short: the different programmer worked in QFIL, so the partition manager worked as well, I got my own boot image, patched, flashed and had root - finally ... Thanks for all the research work, hikari_calyx and bouyhy01 !
Attached is the working programmer file, in case anyone else stumbles upon the same problem. By the way, my phone has the October security patch installed which is currently the latest available.
View attachment prog_emmc_firehose_8937_ddr_from_fw.zip
.

JFDee said:
Here is someone else's photo of the mainboard (I just realized that it's actually from hikari_calyx!) but on mine, the right one of the test points you marked in your 3.2 variant does not exist, so I edited it out in the photo:
View attachment 4867461
Click to expand...
Click to collapse
I guess the only point can be connected to the ground, for example, the RF shield is grounded.
JFDee said:
Attached is the working programmer file, in case anyone else stumbles upon the same problem. By the way, my phone has the October security patch installed which is currently the latest available.
View attachment 4869373
.
Click to expand...
Click to collapse
Thanks for info. Mine Nokia 3.2 is a prototype unit, so I don't know the situation of other versions of Nokia 3.2.

Hello, I have tried this manual for rooting Nokia 4.2 with last security update of 5th of November. After 5 step (flashing patched boot image) my phone try to reboot and then asked for factory reset (Can't load android system - Your data may be corrupt). After making factory reset there were no root at all.
What can i do next ?
PS. It's strange enough when i download boot_b image it was 63.4 Mb snd when i have patched it by Magisk manager - the size od magisk_patched.img became 10.2 Mb

How To Guide [ROM][STOCK][FASTBOOT][OP9R] Stock OxygenOS Fastboot ROMs

Ever wanted to unbrick your device or switch to stock ROM from a custom ROM without using MSM Unbrick tool and keeping your bootloader unlocked after that well fastboot ROMs are here to help you . I have extracted all images from the stock zip and i have made a new zip with the Fastboot ROM with a flash-all.bat included. This will work only if your bootloader is unlocked. This will erase all your data and will wipe your internal storage.
HOW TO FLASH
1). Download the zip
2). Unpack the zip in a folder
3). Reboot the OnePlus 9R in fastboot-bootloader mode (Power and volume + and volume-)
4). Connect the OnePlus 9R to PC
5). Run flash-all.bat flasher
6). Wait until the process end
7). Voila! your OnePlus 9R will now boot into OxygenOS
POINTS TO REMEMBER
* "Invalid sparce file format at header magic" is not an error, you need to wait a bit when you see that string, just wait.
* These ROMs can't be used to update or downgrade your phone but just to restore your phone. Downgrade from OOS 12 works now.
* This can’t be used to switch from ColorOS to OxygenOS you can use MSM unbrick tool to do that.
DOWNLOAD:-
https://sourceforge.net/projects/op8t-9r-fastboot-roms/files/OnePlus_9R/

Nice

Hi OP, I changed the tag from Development to How To Guide, because we only use Development for original work like you build the ROM from kernel/device tree etc... Thanks.

HELLBOY017 said:
Ever wanted to unbrick your device or switch to stock ROM from a custom ROM without using MSM Unbrick tool and keeping your bootloader unlocked after that well fastboot ROMs are here to help you . I have extracted all images from the stock zip and i have made a new zip with the Fastboot ROM with a flash-all.bat included. This will work only if your bootloader is unlocked. This will erase all your data and will wipe your internal storage.
HOW TO FLASH
1). Download the zip
2). Unpack the zip in a folder
3). Reboot the OnePlus 9R in fastboot-bootloader mode (Power and volume + and volume-)
4). Connect the OnePlus 9R to PC
5). Run flash-all.bat flasher
6). Wait until the process end
7). Voila! your OnePlus 9R will now boot into OxygenOS
POINTS TO REMEMBER
* "Invalid sparce file format at header magic" is not an error, you need to wait a bit when you see that string, just wait.
* These ROMs can't be used to update or downgrade your phone but just to restore your phone.
* This can’t be used to switch from ColorOS to OxygenOS you can use MSM unbrick tool to do that.
* !!! IMPORTANT !!!
Before flashing make sure you know about which type of ram your device supports i.e LPDDR4X/LPDDR5 as flashing wrong xbl config will hardbrick your device.
Here’s how you can check what type of ram your device has:-
Now, as to exactly find out which variant that you have, turn on USB debugging and enter this command:-
Code:
adb shell getprop ro.boot.ddr_type
If the value is 0, that means you have LPDDR4X. If the value is 1, that means you have LPDDR5.
This command is more reliable than the Devcheck and other apps.
DOWNLOAD:- https://drive.google.com/file/d/1LTknGhfR2JTtXhN0rGMCS4OwmUdqt3PF/view?usp=sharing
Click to expand...
Click to collapse
Errr sorry I can make sure that I have the DDR5,but it seems that when I complete the flash using the DDR5 profile config,my phone hard bricked, so how can I get it back? Now it can not even enter 9008 mode

zwk22160 said:
Errr sorry I can make sure that I have the DDR5,but it seems that when I complete the flash using the DDR5 profile config,my phone hard bricked, so how can I get it back? Now it can not even enter 9008 mode
Click to expand...
Click to collapse
You will most likely need to visit the service center and get your phone repaired.
Are you sure that your device had DDR5?

theincognito said:
You will most likely need to visit the service center and get your phone repaired.
Are you sure that your device had DDR5?
Click to expand...
Click to collapse
Actually，I checked my DDR type via devcheck instead of the adb command. Seems that the dev check is no so reliable. Anyway, I have already sent my phone to the service center to repair, I have a OnePlus 7 pro as the backup phone, so it doesn't affect me too much.

Created a Tutorial based on your firmware/instructions. Hoping you will like it.
https://androidmtk.com/install-firmware-oneplus-9r

zwk22160 said:
Actually，I checked my DDR type via devcheck instead of the adb command. Seems that the dev check is no so reliable. Anyway, I have already sent my phone to the service center to repair, I have a OnePlus 7 pro as the backup phone, so it doesn't affect me too much.
Click to expand...
Click to collapse
Yeah. The apps aren't reliable at this. Always use the adb command. 100% reliable. And since it's harbricked for you, I am pretty sure that you have a DDR4X variant.

zwk22160 said:
Errr sorry I can make sure that I have the DDR5,but it seems that when I complete the flash using the DDR5 profile config,my phone hard bricked, so how can I get it back? Now it can not even enter 9008 mode
Click to expand...
Click to collapse
It’s clearly written to not trust devcheck and other apps that prop is the only trusted source of finding which type of ram ur device has. It has also come to my attention that DDR5 devices can boot to EDL if we flash wrong xbl configs on them but the DDR4 ones can’t boot to EDL if wrong xbl config is flashed. (Means ddr4 users would have to get phone repaired by service center if wrong xbl config is flashed on their device)

PetiaWarzel said:
Created a Tutorial based on your firmware/instructions. Hoping you will like it.
https://androidmtk.com/install-firmware-oneplus-9r
Click to expand...
Click to collapse
Appreciate it a lot! Thanks

I faced the same problem
Service center says they can't flash it back
They ended up replaced a new motherboard for me

hmm for me the
Code:
adb shell getprop ro.boot.ddr_type
returns empty.
I guess that infers I'm using LPDDR4X?
Edit:
Code:
adb shell getprop
This would return a complete list of all the properties you can query with this command. For me, this list doesn't seem to have any field called "ro.boot.ddr_type"
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I'm using the Chinese variant of OP9R, not so sure if it matters.
Also, DevCheck would not report RAM variants under the hardware tab as well.

Leohearts said:
I faced the same problem
Service center says they can't flash it back
They ended up replaced a new motherboard for me
Click to expand...
Click to collapse
I checked it again and
OnePlus9R:/ $ getprop | grep ddr
[ro.boot.ddr_type]: [1]
[vendor.boot.ddr_type]: [1]
OnePlus9R:/ $
I'm sure flashed the ddr5 version, but it hard-bricked and even cant boot into 9008

*UPDATED*
* Added OxygenOS 11.2.6.6 Fastboot ROM
* Removed xbl configs so that now no more hardbricks happen
* Reduced partition sizes for inactive slot so that ROMs can be flashed properly through fastboot

will this work on Chinese variant 12gb/256gb ddr4 ? LE2100 bl is already unlocked

Mkkt Bkkt said:
will this work on Chinese variant 12gb/256gb ddr4 ? LE2100 bl is already unlocked
Click to expand...
Click to collapse
If ur using oxygenos then yes

HELLBOY017 said:
If ur using oxygenos then yes
Click to expand...
Click to collapse
yes , for some reason it came with oxygenos preinstalled

HELLBOY017 said:
Ever wanted to unbrick your device or switch to stock ROM from a custom ROM without using MSM Unbrick tool and keeping your bootloader unlocked after that well fastboot ROMs are here to help you . I have extracted all images from the stock zip and i have made a new zip with the Fastboot ROM with a flash-all.bat included. This will work only if your bootloader is unlocked. This will erase all your data and will wipe your internal storage.
HOW TO FLASH
1). Download the zip
2). Unpack the zip in a folder
3). Reboot the OnePlus 9R in fastboot-bootloader mode (Power and volume + and volume-)
4). Connect the OnePlus 9R to PC
5). Run flash-all.bat flasher
6). Wait until the process end
7). Voila! your OnePlus 9R will now boot into OxygenOS
POINTS TO REMEMBER
* "Invalid sparce file format at header magic" is not an error, you need to wait a bit when you see that string, just wait.
* These ROMs can't be used to update or downgrade your phone but just to restore your phone.
* This can’t be used to switch from ColorOS to OxygenOS you can use MSM unbrick tool to do that.
DOWNLOAD:-
https://mega.nz/folder/ePIETB4D#sU8cJ54l4UI7JCXGwc7Nog
Click to expand...
Click to collapse
Download link in Mega can't download with standard account, requires premium. could you please upload in other hosting website if possible? Thanks!

logeshwywan said:
Download link in Mega can't download with standard account, requires premium. could you please upload in other hosting website if possible? Thanks!
Click to expand...
Click to collapse
Will do

Link updated.
*Apologies for updating it late as I had fever so didn't have time for mirror it somewhere else