Better Mobile App

[Resolved][Q] How to modify default.prop in nAa Kernel

Hi All,
Due to specific APP requirement, I need to modify some settings in kernel.
Here are all the settings I need to modify in default.prop:
ro.secure=1
ro.debuggable=0
persist.service.adb.enable=0
Here are the methods I already try:
1. Android Kernel; Kitchen 0.3.1 (http://forum.xda-developers.com/showthread.php?t=1659584)
Fail at extract kernel.sin, cannot found RamDisk
2. dsixda's Android Kitchen 0.224 (http://forum.xda-developers.com/showthread.php?t=633246)
Fail at extract kernel.sin, cannot found RamDisk
3. kernel.sin unpacker by DooMLoRD (http://forum.xda-developers.com/showthread.php?t=1262656)
Fail at extract kernel.sin, cannot found RamDisk
4. Tools in Xperia FlashTool
Fail...
The kernel.sin was extract from 2.6.32.61-nAa-jb-06.ftf. (http://forum.xda-developers.com/showthread.php?t=2136471)
I already start studying how to compile nAa kernel...
Is there any easier way to apply this change?
Thanks!

Resolved.
It's because LZ4 compress format.
Here are the steps to Unpack nAa Kernel / Modify default.prop / Repack Kernel FTF
1. Decompress nAaKernel.ftf
You will got Kernel.sin
2. FlashTool => Tools -> Sin Editor => Select Kernel.sin => Extract data
You will got kernel.elf and kernel.partinfo
3. FlashTool => Tools -> Extrators => Elf => Select kernel.elf => Unpack
You will got kernel.elf.2 and kernel.elf.Image
kernel.elf.2 = ramdisk binary which compressed by LZ4!
kernel.elf.Image = zImage
4. Rename kernel.elf.Image to zImage
5. Rename kernel.elf.2 to ramdisk.lz4 and use LZ4 tools to decompress it
You will got a new ramdisk binary which was known as ramdisk.cpio
6. Rename ramdisk which extracted in step.5 to ramdisk.cpio
7. Copy ramdisk.cpio and zImage to ubuntu system.
8. Extract ramdisk.cpio and you will see default.prop
Make any modify you need.
9. Compress ramdisk folder to ramdisk.cpio
Here are the commands:
find . | cpio -o --format=newc > ramdisk.cpio
10. Compress ramdisk.cpio by GZip
Here is the command:
gzip ramdisk.cpio
11. Use Kernel Kitchen to create kernel.sin
Put ramdisk.cpio.gz and zImage in input folder under Kernel Kitchen.
Create kernel.sin by this tools.
12. FlashTool => Tools => Bundle Creation => select kernel.sin and loader.sin => Create your FTF
13. Flash into your device!
Although Puzzle & Dragons still cannot works on X10 mini with MiniCM10...
But I tried and learned something. :laugh:

thanks for explaining the process
it is very useful for me .

ramdisk.gpio decompress & compress
I tried to follow all steps, but isn´t work for me :'(
What I did:
1) decompress E15_2.6.32.60-nAa-05.ftf with 7z under windows: I get kernel.sin and loader.sin (OK)
2) extract data from kernel.sin with flashtool (0.9.16) under windows: I get kernel.elf and kernel.partinfo (OK)
3) extract elf from kernel.elf with flashtool (0.9.16) under windows: I get kernel.elf.2 & kernel.elf.Image (OK)
4) renamed kernel.elf.2 to ramdisk.lz4, and kernel.elf.Image to zImage; both under windows with f2 (OK)
5) decompress ramdisk.lz4 (3662KB) under windows (fastcompression . blogspot.com . es/p/lz4.html): I get ramdisk (4608KB) (it supposed to be renamed, so I expect it´s ok)
6) renamed ramdisk to ramdisk.cpio under windows with f2 (OK). Copy to ubuntu (QUESTION: zImage is used in ubuntu only in kernel kitchen???)
7) extract ramdisk.cpio (4718592- not command in the post): I used cpio -i -F ramdisk.cpio (9216 blocks); 4 new elements> default.prop init (files) android modules (directories)
8) I want to check I can extract & compress ramdisk (and make a "new" kernel), so I don´t do any modification
9) with only those 4 elements in the directory (default.prop init (files) android modules (directories)), I make ramdisk: find . | cpio -o --format=newc > ramdisk.cpio (PROBLEM: alert message "ramdisk.cpio has been increased, 4718080 new bytes has not been copied" other line "27647 blocks")
Original ramdisk.cpio was 4718582, but the new one is 14155264... 3 times more!!! I think the problemis here, but I don´t know how to resolve it
I have done the rest of the manual
10) kernel.sin created with kernel kitchen 0.2.3 under ubuntu (last kitchen version gives me an error, because in despite of choose create kernel.sin from zImage and ramdisk, it tries to do a ftf from kernel -not available- and ramdisk)
11) ftf creation under windows with X10 flashing tool 0.5.0.0 (flashtool 0.9.16 force me to write what device is for, but the cell is blocked, so I cann´t do it) OK
12) I tried to flash it, but it was aborted, so I expect ftf was incorrect
Sorry for wrote all: I thik the problem is extracting and compresing randisk.cpio, but I prefer to write everithing to be sure and be as clear as possible.
Any help will be great!

QPST/QFIL could be the answer to all of our issues

TL;DR - This program is essentially like sbf/odin/and other such tools. Almost..
QPST/QFIL is a flashing tool for qualcomm devices. It can be used to flash the eMMC of our device.
This means that it can fix any software brick.
The only thing is, I can't seem to find the necessary files to flash.
HERE @tenfar started to do a bit of research on the topic.
Let's get this ball rolling and use the tool that Huawei uses! No more RMA's! (Hopefully)
QPST
engineer radioDon't flash unless you know what you're doing. It will disable radio
How this could potentially be used
EDIT: According to the pdf, the angler is supported in this release of BoardDiag! http://www.mylgphones.com/download-boarddiag-v2-99a.html
http://www.modaco.com/forums/topic/348787-guide-how-to-modify-your-partitions/
Solder emmc

I'm attempting to do a full eMMC backup now with
Code:
adb shell
su
dd if=/dev/block/mmcblk0 of=/storage/emulated/0/backup.img bs=512 count=30535646

tr4nqui1i7y said:
I'm attempting to do a full eMMC backup now with
Code:
adb shell
su
dd if=/dev/block/mmcblk0 of=/storage/emulated/0/backup.img bs=512 count=30535646
Click to expand...
Click to collapse
I have the backup.img. Going to try to decompile and see if it's actually any help.

Anyone know where to find the version of this for our device? 'prog_emmc_firehose_8936.mbn'
Our flash programmer file won't be firehose, afaik. still figuring this all out.

I've got a long night ahead of me Going to try to get the necessary files another way. Running the adb command yeilded corrupt imgs twice. Since it took about an hour each time, I'll have to find another way.

@Jammol want to get in on this?

Maybe we can find something like this for our device?
EDIT: Maybe there is a way to run fsck.repair against a usb device?
EDIT: Maybe I'll just try to change the physical eMMC at this point Like This
EDIT: But then we'd need to repartition memory Similar to this

In the process of making this over
Code:
partition_entries=14
partition_name=PrimaryGPT
start_block=0x0
file_name=PrimaryGPT.mbn
file_size=524288
partition_name=sbl1
start_block=0x20400
file_name=sbl1.mbn
file_size=524288
partition_name=rpm
start_block=0x20C00
file_name=rpm.mbn
file_size=524288
partition_name=tz
start_block=0x21000
file_name=tz.mbn
file_size=524288
partition_name=sdi
start_block=0x21400
file_name=sdi.mbn
file_size=524288
partition_name=aboot
start_block=0x21800
file_name=aboot.mbn
file_size=524288
partition_name=sbl1b
start_block=0x22C00
file_name=sbl1b.mbn
file_size=524288
partition_name=tzb
start_block=0x23400
file_name=tzb.mbn
file_size=524288
partition_name=rpmb
start_block=0x23800
file_name=rpmb.mbn
file_size=524288
partition_name=abootb
start_block=0x23C00
file_name=abootb.mbn
file_size=524288
partition_name=imgdata
start_block=0x37400
file_name=imgdata.mbn
file_size=1572864
partition_name=laf
start_block=0x38C00
file_name=laf.mbn
file_size=13631488
partition_name=boot
start_block=0x43C00
file_name=boot.mbn
file_size=8912896
partition_name=BackupGPT
start_block=0x3A3DC00
file_name=BackupGPT.mbn
file_size=524288
Using this INFO

@bitdomo gave thorough instructions here
OP updated.
I want to make a little comment about this boarddiag tool, and how it works.
Emmc test:
Erase: erase the whole emmc. Even if you select a partition from the dropdown menu,
Read only: Only reads random blocks from the emmc. If you check DUMP it will read back the amount of blocks of a the chosen partition given in the partition.txt
Write only: writes dummy data to the emmc (55AA hex values and some other other random writes on the actual partition).
Read/Write: writes dummy data to the emmc (55AA hex values and some other other random writes on the actual partition) and then verify them by reading it back
SDRAM test:
I think this test the memory. There is a Level option for it. I dont know what is the differance between the two.
PIMC ON:
No idea, but in some LG documentations it is for only APQ8064 chipset.
Restore boot img:
Restores the images.
How it know which partitions have to be restored?
There is a rawprogram0.xml in model\Nexus5 (MSM8974_HammerHead)\boot_partition_info folder.
The partitions declared here will be flashed to the device if you select nothing in the partititon dropdown menu or in the restore boot img dropdown menu
Boarddiag only cares about the "label" value (have to be tha same as in partition.txt) from rawprogram0.xml. The rest info like startblock, files size and file name will be acquired from the partition.txt.
Partition.txt is a binary file:
0x00-0x03: start block
0x04-0x07: file size in block numbers ( 1 block = 512 byte)
0x08-0x0F: always zero
0x10-0x2F: partition name (must be the same as the label value in rawprogram0.xml)
0x30-0x4F: file name
and the pattern goes on.
I wrote a little program which converts this binary partition.txt to an actual txt. You can get it from here
Copy the partition.txt to the same folder where the bin2txt and txt2bin exes are. Run bin2txt then it will create a readable_partition.txt file. Edit it with notepad++. The start block is in HEX and the file size is in bytes (must be multiple of 512). Partition entries is the number of partition declared in the partition.txt. If you done with the editing then run txt2bin and it will create a new_partition.txt file.
Click to expand...
Click to collapse

tr4nqui1i7y said:
@Jammol want to get in on this?
Click to expand...
Click to collapse
What's the current setup of your device? Meaning locked stock or unlocked?
I haven't messed with partitions that deep since the Lg Pro I think that's the same as the Nexus 4 but blocky.
I'll get my desktop setup today after work. Been using my work work laptop for adb (probably shouldn't).
Sent from my LG G4 using Tapatalk

@jimbridgman you enjoy working this deep don't you?
Sent from my Nexus 6P using XDA-Developers mobile app

Jammol said:
What's the current setup of your device? Meaning locked stock or unlocked?
I haven't messed with partitions that deep since the Lg Pro I think that's the same as the Nexus 4 but blocky.
I'll get my desktop setup today after work. Been using my work work laptop for adb (probably shouldn't).
Sent from my LG G4 using Tapatalk
Click to expand...
Click to collapse
I have two:
unlocked/rooted/rom'd
unlocked/corrupt eMMC
I see you posted with a G4, is your 6P bootlooped again/still?

My device is currently stuck in RELINK HS-USB QDLoader 9008 according to device manager.
I've tried miflash, qfil, and boarddiag.
Unfortunately they all require a programmer file, which I have no clue as to where we can get that package of files (programmer file, build.xml, and patch.xml)

I won't be rolling up my sleeves on this, as I've already been down the rabbit hole on this one. But, I will lend a hand. You might have better luck using this version. Also, here's the latest qd loader driver. Good luck.

kibmikey1 said:
I won't be rolling up my sleeves on this, as I've already been down the rabbit hole on this one. But, I will lend a hand. You might have better luck using this version. Also, here's the latest qd loader driver. Good luck.
Click to expand...
Click to collapse
Would happen to have any clues on how to find the files necessary for qfil on our device?

tr4nqui1i7y said:
Would happen to have any clues on how to find the files necessary for qfil on our device?
Click to expand...
Click to collapse
Normally those are taken from a backup from the system you're modifying. But if you don't have one, you need to either extract the defaults from a master (like a factory image or unpackaged full ota) or someone can extract the necessary files you need from their own backup and send them to you.

kibmikey1 said:
Normally those are taken from a backup from the system you're modifying. But if you don't have one, you need to either extract the defaults from a master (like a factory image or unpackaged full ota) or someone can extract the necessary files you need from their own backup and send them to you.
Click to expand...
Click to collapse
When I checked out the factory images I didn't see any mbn or xml files. Any chance you'd lend a hand? Checked the ota and didn't seem to find the right files either.
Maybe I just overlooked them.
Both can be found on g.co/ABH

tr4nqui1i7y said:
When I checked out the factory images I didn't see any mbn or xml files. Any chance you'd lend a hand? Checked the ota and didn't seem to find the right files either.
Maybe I just overlooked them.
Both can be found on g.co/ABH
Click to expand...
Click to collapse
You could try using cygwin to decompile the images, but I'm not sure if they're encrypted or not. If they are (and they probably are...) that would be no help. Another option would be to compile Android through llvm using this. It would give you the advantage of having it decompiled to the levels you need before encryption (mbn and xml files). You'll have to make the programmer file yourself. I'll give an example, using an 8660 from a Nexus 5. 8660_msimage.mbn is released in SW by default, actually, it includes the all the boot images and partition table there. MPRG8660.hex would download this image and reset to mass-storage mode.
1. Have the QPST 2.7.366 or higher version installed.
2. Make a local folder, copy sbl1/sbl2/sbl3/rpm/tz images to this folder.
3. copy the emmcswdownload.exe from C:\Program Files\Qualcomm\QPST\bin to this folder.
4. Prepare the partition_boot.xml as below and copy the partition_boot.xml to the same folder as above.
<?xml version="1.0"?>
<image>
<physical_partition number="0">
<primary order="1" type="4d" bootable="true" label="SBL1" size="1000" readonly="false">
<file name="sbl1.mbn" offset="0"/>
</primary>
<primary order="2" type="51" bootable="false" label="SBL2" size="3000" readonly="false">
<file name="sbl2.mbn" offset="0"/>
</primary>
<primary order="3" type="45" bootable="false" label="SBL3" size="1500" readonly="false">
<file name="sbl3.mbn" offset="0"/>
</primary>
<primary order="4" type="5" bootable="false" label="EXT" size="1000000">
<extended order="1" type="47" label="RPM" size="1000" readonly="false">
<file name="rpm.mbn" offset="0"/>
</extended>
<extended order="2" type="46" label="TZ" size="1000" readonly="false">
<file name="tz.mbn" offset="0"/>
</extended>
</primary>
</physical_partition>
</image>
5. Run the emmcswdownload.exe tool to create OEM boot image with a command below.
emmcswdownload.exe -f 8660_msimage.mbn -x partition_boot.xml -s 1G -g 4M
6. The 8660_msimage.mbn will be generated in the folder.
Again, it's just an example of building one, and it's using an older model, but I think you get it. Aside from that, the only other thing I can think for you would be to use the files Qualcomm's board support package (Dragonboard 810), which would come with purchasing it with an entire new motherboard, which is the equivalent of rma'ing it anyway. This would be me rolling my sleeves back down for tonight. Let me know how it goes!

kibmikey1 said:
You could try using cygwin to decompile the images, but I'm not sure if they're encrypted or not. If they are (and they probably are...) that would be no help. Another option would be to compile Android through llvm using this. It would give you the advantage of having it decompiled to the levels you need before encryption (mbn and xml files). You'll have to make the programmer file yourself. I'll give an example, using an 8660 from a Nexus 5. 8660_msimage.mbn is released in SW by default, actually, it includes the all the boot images and partition table there. MPRG8660.hex would download this image and reset to mass-storage mode.
1. Have the QPST 2.7.366 or higher version installed.
2. Make a local folder, copy sbl1/sbl2/sbl3/rpm/tz images to this folder.
3. copy the emmcswdownload.exe from C:\Program Files\Qualcomm\QPST\bin to this folder.
4. Prepare the partition_boot.xml as below and copy the partition_boot.xml to the same folder as above.
<?xml version="1.0"?>
<image>
<physical_partition number="0">
<primary order="1" type="4d" bootable="true" label="SBL1" size="1000" readonly="false">
<file name="sbl1.mbn" offset="0"/>
</primary>
<primary order="2" type="51" bootable="false" label="SBL2" size="3000" readonly="false">
<file name="sbl2.mbn" offset="0"/>
</primary>
<primary order="3" type="45" bootable="false" label="SBL3" size="1500" readonly="false">
<file name="sbl3.mbn" offset="0"/>
</primary>
<primary order="4" type="5" bootable="false" label="EXT" size="1000000">
<extended order="1" type="47" label="RPM" size="1000" readonly="false">
<file name="rpm.mbn" offset="0"/>
</extended>
<extended order="2" type="46" label="TZ" size="1000" readonly="false">
<file name="tz.mbn" offset="0"/>
</extended>
</primary>
</physical_partition>
</image>
5. Run the emmcswdownload.exe tool to create OEM boot image with a command below.
emmcswdownload.exe -f 8660_msimage.mbn -x partition_boot.xml -s 1G -g 4M
6. The 8660_msimage.mbn will be generated in the folder.
Again, it's just an example of building one, and it's using an older model, but I think you get it. Aside from that, the only other thing I can think for you would be to use the files Qualcomm's board support package (Dragonboard 810), which would come with purchasing it with an entire new motherboard, which is the equivalent of rma'ing it anyway. This would be me rolling my sleeves back down for tonight. Let me know how it goes!
Click to expand...
Click to collapse
What about making the xml files?

tr4nqui1i7y said:
What about making the xml files?
Click to expand...
Click to collapse
You can build xml files in eclipse. The Android NDK/SDK provided should have the template there to use.

How to root only system and boot img files without custom recovery - add supersu

Hello
I have a question to better than me
Android MM or N
Can I add root permissions for rom without custom recovery (TWRP, CWM, ect.) - means only via edit system.img and boot.img files (row files).
Without custom recovery no sense to do zip files to flash so only way is (I think) add manually systemless supersu to the kernel and rom "img" files.
I mean copy all sh, rc, libs, ect. files to specific folders ....
This is for spreadtrum SC7731G and SC8830 chipsets.
..or I think maybe edit xml file for coping and install specifics files in "pac" - install files for this devices.
PAC file has inside : system.img, boot.img, recovery.img, BT, CP, CSC, ect. and xml file.
XML file has script for install those files - and maybe add to PAC file supersu.zip and add to xml file script for install (flash) super su?
Any dev can do it? or give some ideas for it?
example from xml file:
<?xml version="1.0" encoding="UTF-8"?>
<!-- FlashTypeID: 0, means Nor Flash;1, means Nand Flash -->
<!-- File-Flag: 0, means this file need not input file path -->
<!-- 1, means this file need input file path -->
<!-- File-CheckFlag: 0, this file is optional -->
<!-- 1, must select this file -->
<!-- 2, means not check this file in pack -->
<!-- Mode: 0, not uesed; 1, means nand page size and oob care -->
<!-- File-Type: MasterImage,means it will add BOOT_PARAM -->
<!-- and OS_INFO information to file -->
<!-- File-ID: Can not be changed,it is used by tools -->
<!-- File-IDAlias: This is for GUI display can be changed -->
<BMAConfig>
<ProductList>
<Product name="SC77xx">
<SchemeName>SC77xx</SchemeName>
<FlashTypeID>1</FlashTypeID>
<Mode>0</Mode>
<NVBackup backup="1">
<NVItem name="Calibration" backup="1">
<ID>0xFFFFFFFF</ID>
<BackupFlag use="1">
<NVFlag name ="Replace" check ="0"></NVFlag>
<NVFlag name ="Continue" check ="0"></NVFlag>
</BackupFlag>
</NVItem>
<NVItem name="IMEI" backup="1">
<ID>0xFFFFFFFF</ID>
<BackupFlag use="0"></BackupFlag>
</NVItem>
<NVItem name="W_Calibration" backup="1">
<ID>0x12D</ID>
<BackupFlag use="1">
<NVFlag name ="Continue" check ="0"></NVFlag>
</BackupFlag>
</NVItem>
<NVItem name="BlueTooth" backup="1">
<ID>0x191</ID>
<BackupFlag use="1">
<NVFlag name ="Continue" check ="0"></NVFlag>
</BackupFlag>
</NVItem>
<NVItem name="BandSelect" backup="1">
<ID>0xD</ID>
<BackupFlag use="1">
<NVFlag name ="Continue" check ="0"></NVFlag>
</BackupFlag>
</NVItem>
<NVItem name="WIFI" backup="1">
<ID>0x199</ID>
<BackupFlag use="1">
<NVFlag name ="Continue" check ="1"></NVFlag>
</BackupFlag>
</NVItem>
<NVItem name="MMITest" backup="1">
<ID>0x19A</ID>
<BackupFlag use="1">
<NVFlag name ="Continue" check ="1"></NVFlag>
</BackupFlag>
</NVItem>
<NVItem name="WIFICal1" backup="1">
<ID>0x19F</ID>
<BackupFlag use="1">
<NVFlag name ="Continue" check ="1"></NVFlag>
</BackupFlag>
</NVItem>
<NVItem name="WIFICal2" backup="1">
<ID>0x1A0</ID>
<BackupFlag use="1">
<NVFlag name ="Continue" check ="1"></NVFlag>
</BackupFlag>
</NVItem>
<NVItem name="WIFICal3" backup="1">
<ID>0x1A1</ID>
<BackupFlag use="1">
<NVFlag name ="Continue" check ="1"></NVFlag>
</BackupFlag>
</NVItem>
</NVBackup>
<Partitions>
<!-- size unit is MBytes -->
<!--
<Partition id="splloader" size="0"/>
<Partition id="ubootloader" size="0"/>
-->
<Partition id="prodnv" size="5"/>
<Partition id="miscdata" size="1"/>
<Partition id="wmodem" size="15"/>
<Partition id="wdsp" size="2"/>
<Partition id="wfixnv1" size="1"/>
<Partition id="wfixnv2" size="1"/>
<Partition id="wruntimenv1" size="1"/>
<Partition id="wruntimenv2" size="1"/>
<Partition id="wcnmodem" size="5"/>
<Partition id="wcnfixnv1" size="1"/>
<Partition id="wcnfixnv2" size="1"/>
<Partition id="wcnruntimenv1" size="1"/>
<Partition id="wcnruntimenv2" size="1"/>
<Partition id="logo" size="1"/>
<Partition id="fbootlogo" size="1"/>
<Partition id="boot" size="18"/>
<Partition id="system" size="2550"/>
<Partition id="persist" size="2"/>
<Partition id="sysinfo" size="6"/>
<Partition id="cache" size="150"/>
<Partition id="recovery" size="17"/>
<Partition id="misc" size="1"/>
<Partition id="userdata" size="0xFFFFFFFF"/>
Click to expand...
Click to collapse
Thank You

anyone can help?

Axon 10 Pro (Non-5G) EDL Tool - Flash / Backup / Restore/ Bootloader Unlock

Axon 10 EDL Tool
BAT-program for Flash / Backup / Restore/ Bootloader Unlock
Qualcomm HS-USB QDLoader 9008 (COM ...)​
!!! Whatever you do, you do at your own risk !!!"
!!! If you are not sure of yourself do not use this program !!!​
Special requirements (read first) !!!
1. The program must be unpacked
2. Before using the program, make sure that:
- It is desirable to copy the program to the root of the disc, for example: C:\Axon10_EDL_Tool\ or D:\Axon10_EDL_Tool
- You launched this program as administrator
- You have drivers installed, preferably original for Axon 10
3. Read carefully what the program displays on the screen (I specially wrote the tips, the information is very useful, many questions disappear)
Features of the program:
1. Automatically reboot the phone into EDL mode
2. Unlock the bootloader for supported variants only
3. Finds the connected phone and forces the COM-port speed to 115200
4. Can flash , backup, restore
5. Analyzes folders for missing required files
6. and others ...)))
Structure of program folders:
1. Folder flash - in this folder you need to copy the files you want to flash
Subfolders:
folder full - if you want to flash full firmware (official, adapted for EDL mode), then in this folder you need to put all the files from the firmware for EDL mode:
its name usually looks like this: A2020 _......._ FULL_EDL
folder boot - if you want to flash your kernel file, you need to put a file named: boot.img in this folder (the file name must be exactly that!)
folder modem - if you want to flash your modem file, you need to put a file named: NON-HLOS.bin in this folder (the file name must be exactly that!)
folder splash - if you want to flash your splash file, you need to put a file named: splash.img in this folder (the file name must be exactly that!)
2. Folder backup - the folder contains backup copies of the phone partitions created by the program
Subfolders:
folder all - this folder contains backups of all partitions, except userdata
folder full - this folder contains backup of all partitions included in the FULL EDL firmware
folder boot - this folder contains a backup of the boot partition
folder recovery - this folder contains a backup of the recovery partition
folder modem - this folder contains a backup of the modem partition
folder splash - this folder contains a backup of the splash partition
3. Folder logs - contains all the logs of the program
4. Folder tools - contains all the necessary files for the program (do not touch it!)
Screenshots
View attachment 4422222 View attachment 4422148 View attachment 4422149 View attachment 4422150
View attachment 4422151 View attachment 4422152 View attachment 4422153 View attachment 4422154
View attachment 4422155 View attachment 4422156 View attachment 4422157 View attachment 4422158
View attachment 4422159 View attachment 4422160 View attachment 4422163 View attachment 4422165
View attachment 4422161 View attachment 4422162
For those who still do not understand how to flash (FAQ):
Question: I want to flash the full firmware for EDL mode, how to do this ???
Answer: Download and unzip the full firmware for EDL mode, for example A2017_B17_NOUGAT_FULL_EDL and put all its files in the folder Axon10_EDL_Tool\flash\full\. Run the program Axon10_EDL_Tool.bat and select the Flash -> Flash FULL EDL
Question: I want to flash a patched or original boot, how to do this ???
Answer: Download the boot you need, rename it to boot.img and place it in the folder Axon10_EDL_Tool\flash\boot\. Run the program Axon10_EDL_Tool.bat and select Flash -> Flash Boot
Question: I want to flash the modem, how to do this ???
Answer: Download or take the NON-HLOS.bin file from firmware and put it in the folder Axon10_EDL_Tool\flash\modem\. Run the program Axon10_EDL_Tool.bat and select Flash -> Flash Modem
!!! Download !!!
Axon 10 EDL Tool 3.2.5​
Thanks !!!
[mention]djkuz[/mention] for his Axon7 EDL Tool​

Reserved

Update!! The latest version can now automate unlocking the bootloader

yes cool and mega performance there is the Axon 10 but still cracked before my birthday
Thx :good:

Little Progress, Running Android 10 GSI (ARM64+GMS gsi_gms_arm64-QP1A.190771.020-5800535.zip )

if i want change chinese rom to global rom, i just put eu firmware into flash folder?

undergram said:
if i want change chinese rom to global rom, i just put eu firmware into flash folder?
Click to expand...
Click to collapse
Make sure you keep your modem if that makes a difference for your region.
Sent from my G8142 using Tapatalk

@Unjustified Dev
So this tool will not work on the A2020N2 Chinese 5G phone? If not is there a manual unlock BL process?
Thanks
EMS

@Unjustified Dev
I have the problem that you can make backup all partitions with the edl tool.
but if I select all partitions with the edl tool Restore All partitions I get an error

@Unjustified Dev
I believe in the two files (all.xml and full.xml) are errors in it
in the all.xml
missing z.b at last_parti each of the sectore
(Num_partition_sectors = "0")
and the size
(= Size_in_KB "0")
<!--program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti1.bin" label="last_parti" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="1" readbackverify="false" size_in_KB="0" sparse="false" start_byte_hex="0x3a6000" start_sector="934"/ -->
<!--program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti2.bin" label="last_parti" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="2" readbackverify="false" size_in_KB="0" sparse="false" start_byte_hex="0x3a6000" start_sector="934"/ -->
<!--program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti3" label="last_parti" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="3" readbackverify="false" size_in_KB="0" sparse="false" start_byte_hex="0x140000" start_sector="320"/ -->
<!--program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti4.bin" label="last_parti" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="4" readbackverify="false" size_in_KB="0" sparse="false" start_byte_hex="0x295767000" start_sector="2709351"/ -->
<!--program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti5" label="last_parti" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="5" readbackverify="false" size_in_KB="0" sparse="false" start_byte_hex="0x6c0000" start_sector="1728"/ -->
I once looked at the all.xml from the a7
(<program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti5.bin" label="last_parti" num_partition_sectors="884" partofsingleimage="false" physical_partition_number="5" readbackverify="false" size_in_KB="3536.00" sparse="false" start_byte_hex="0x2487000" start_sector="9351"/>)

Chris axon 7 said:
@Unjustified Dev
I believe in the two files (all.xml and full.xml) are errors in it
in the all.xml
missing z.b at last_parti each of the sectore
(Num_partition_sectors = "0")
and the size
(= Size_in_KB "0")
<!--program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti1.bin" label="last_parti" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="1" readbackverify="false" size_in_KB="0" sparse="false" start_byte_hex="0x3a6000" start_sector="934"/ -->
<!--program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti2.bin" label="last_parti" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="2" readbackverify="false" size_in_KB="0" sparse="false" start_byte_hex="0x3a6000" start_sector="934"/ -->
<!--program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti3" label="last_parti" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="3" readbackverify="false" size_in_KB="0" sparse="false" start_byte_hex="0x140000" start_sector="320"/ -->
<!--program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti4.bin" label="last_parti" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="4" readbackverify="false" size_in_KB="0" sparse="false" start_byte_hex="0x295767000" start_sector="2709351"/ -->
<!--program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti5" label="last_parti" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="5" readbackverify="false" size_in_KB="0" sparse="false" start_byte_hex="0x6c0000" start_sector="1728"/ -->
I once looked at the all.xml from the a7
(<program SECTOR_SIZE_IN_BYTES="4096" file_sector_offset="0" filename="last_parti5.bin" label="last_parti" num_partition_sectors="884" partofsingleimage="false" physical_partition_number="5" readbackverify="false" size_in_KB="3536.00" sparse="false" start_byte_hex="0x2487000" start_sector="9351"/>)
Click to expand...
Click to collapse
It's commented out the allow the backup to complete but I don't support flashing all just yet. Just use full that's sufficient enough to fix any brick. If you need all, then you did something horribly wrong to the phone.

@Unjustified Dev
Hi,
Thanks for this tool. I need help with this error however
When I flashing full firmware, the program displaying on the screen:
!!! Not found important files, or detected SPARSE image !!!
The log file shows
ERROR: D:\Axon10_EDL_TOOL_v3.2.5\flash\full\userdata.img - SPARSE image!!!
ERROR: D:\Axon10_EDL_TOOL_v3.2.5\flash\full\vendor.img - SPARSE image!!!
ERROR: D:\Axon10_EDL_TOOL_v3.2.5\flash\full\system.img - SPARSE image!!!
ERROR: D:\Axon10_EDL_TOOL_v3.2.5\flash\full\system_other.img - SPARSE image!!!
The fireware downloaded here
https://forum.xda-developers.com/axon-10-pro/how-to/firmware-zte-axon-10-pro-ch-eu-edl-sd-t3934664
A2020G / Axon 10 Pro EU 1.3 EDL Software、P855A01V1.0.0B16_DL.zip
Many thanks

@Unjustified Dev
Hi,
Thanks for this tool. I need help with this error however
When I flashing full firmware, the program displaying on the screen:
!!! Not found important files, or detected SPARSE image !!!
The log file shows
ERROR: D:\Axon10_EDL_TOOL_v3.2.5\flash\full\userdata.img - SPARSE image!!!
ERROR: D:\Axon10_EDL_TOOL_v3.2.5\flash\full\vendor.img - SPARSE image!!!
ERROR: D:\Axon10_EDL_TOOL_v3.2.5\flash\full\system.img - SPARSE image!!!
ERROR: D:\Axon10_EDL_TOOL_v3.2.5\flash\full\system_other.img - SPARSE image!!!
The fireware downloaded here
https://forum.xda-developers.com/axon-10-pro/how-to/firmware-zte-axon-10-pro-ch-eu-edl-sd-t3934664
A2020G / Axon 10 Pro EU 1.3 EDL Software、P855A01V1.0.0B16_DL.zip
Many thanks

Did you read post 11?
you may try this version (russia) without any garanty:
https://4pda.ru/forum/index.php?showtopic=965431&view=findpost&p=88768840

@borisku
I have used the russia version 1.0,now my phone brick.What should I do :crying::crying::crying:

peter_0115 said:
@borisku
I have used the russia version 1.0,now my phone brick.What should I do :crying::crying::crying:
Click to expand...
Click to collapse
Download the correct firmware and use miflash
Sent from my G8142 using Tapatalk

Unjustified Dev said:
Download the correct firmware and use miflash
Sent from my G8142 using Tapatalk
Click to expand...
Click to collapse
Could you tell me more? What's the correct fw?Where can I download it? My phone is China version.
Thanks a lot!

peter_0115 said:
Could you tell me more? What's the correct fw?Where can I download it? My phone is China version.
Thanks a lot!
Click to expand...
Click to collapse
China version of Axon10 have another partition table. You need edl firmware for china and edl tool for china.
Try...
https://forum.xda-developers.com/showpost.php?p=80316365&postcount=41

@djkuz
How can I help with translation?
I can help with English / Spanish

DrakenFX said:
@djkuz
How can I help with translation?
I can help with English / Spanish
Click to expand...
Click to collapse
Thank you friend! don’t worry, I already have an almost complete translation. as soon as I do, I’ll upload it here right away!

How To Guide Pre-Rooted GSI for Samsung SM-T220 XAR A13 WA6

I recently finished installing a rooted GSI on my T220. I don't post very often so this format is going to be rough. While the steps are still fresh in my mind, I am providing what worked for me in case they can help someone else.
Prereq:
I have already upgraded my T220 to the latest release below, unlocked my bootloader (detailed steps are covered elsewhere in the forum), and installed Magisk.
I used Debian Linux for all steps except ODIN which was Win11. I mention this because I tried a couple steps below on my Windows box and they failed.
Both lz4 & simg2img can be installed using apt on debian.
Step 1:
Download latest Samsung release using Bifrost (https://github.com/zacharee/SamloaderKotlin):
PDA/CSC/CP/AP
T220XXS2CWA6/T220OXM2CWA6/T220XXS2CWA6/T220XXS2CWA6
Android 13
Security: 2023-01-01
Release: 2023-02-17
Step 2:
Extract AP file from downloaded zip.
Step 3:
Copy AP_T220XXS2CWA6_T220XXS2CWA6_MQB61601712_REV00_user_low_ship_MULTI_CERT_meta_RKEY_OS13.tar file to T220 and patch tar file using Magisk.
Magisk patches boot.img & vbmeta.img and spits out another tar file: magisk_patched-25200_XXXXX.tar. Copy this back to your linux machine.
Step 4:
Extract the super.img.lz4 file from the magisk_patched-25200_XXXXX.tar and decompress it:
Code:
tar -xvf magisk_patched-25200_rOeaE.tar
lz4 -d super.img.lz4 super.img
Step 5:
Convert Android sparse images to raw images & extract the image files from super.img:
lpunpack as referenced in multiple other posts didn't work for me. After some searching, I came across this post: https://forum.xda-developers.com/t/customap-2022.4473159/#post-87204333 which talks about an alternative tool to extract called imjtool.
I dl'd imjtool from http://newandroidbook.com/tools/imjtool.tgz as indicated in the post.
Save the super.raw file, we're going to need it again later.
Code:
sudo simg2img super.img super.raw
imjtool.ELF64 super.raw extract
The extraction gave me four image files in an extracted directory:
odm.img
product.img
system.img
vendor.img
Go ahead and delete the system.img, we're going to replace it.
Step 6:
Download your GSI file and extract system.img
I used Google's, but there are others:
There's a GSI list here for other options:
Generic System Image (GSI) list
Notes about tinkering with Android Project Treble. Contribute to phhusson/treble_experimentations development by creating an account on GitHub.
github.com
Generic System Image releases | Platform | Android Developers
developer.android.com
Android 13 QPR2 (Beta)
Date: February 1, 2023
Build: T2B3.230109.002
Build type: experimental
Security patch level: January 2023
Google Play Services: 22.46.17
ARM64 aosp_arm64-exp-T2B3.230109.002-9523436-98a648ca.zip
Extract system.img from the dl'd zip and copy system.img into the extracted directory with all the other images (step 5)
Steps 7 & 8 are from another post in the forum: https://forum.xda-developers.com/t/guide-t220-t225-flash-a-gsi-on-the-a7-lite-without-twrp.4456821/
Step 7:
Get the size of all partitions and the size of the original super.raw
Code:
stat -c '%n %s' *.img
odm.img 4349952
product.img 1234505728
system.img 1890627584
vendor.img 640036864
stat -c '%n %s' ../super.raw
../super.raw 6023020544
8. Repack super.img (this step is a copy/paste from https://forum.xda-developers.com/t/guide-t220-t225-flash-a-gsi-on-the-a7-lite-without-twrp.4456821/)
Code:
lpmake --metadata-size 65536 \
--super-name super \
--metadata-slots 2 \
--device super:ORIGINAL_SUPER_IMG_SIZE \
--group main:SUM_OF_ALL_PARTITIONS_SIZES \
--partition odm:readonly:ODM_PARTITION_SIZE:main \
--image odm=./odm.img \
--partition product:readonlyRODUCT_PARTITION_SIZE:main \
--image product=./product.img \
--partition system:readonly:SYSTEM_PARTITION_SIZE:main \
--image system=./system.img \
--partition vendor:readonly:VENDOR_PARTITION_SIZE:main \
--image vendor=./vendor.img \
--sparse \
--output ./super_new.img
Replace ORIGINAL_SUPER_IMG_SIZE, SUM_OF_ALL_PARTITIONS_SIZES, ODM_PARTITION_SIZE, PRODUCT_PARTITION_SIZE, SYSTEM_PARTITION_SIZE, VENDOR_PARTITION_SIZE with the values you obtained in step 7.
Read lpmake docs for a more detailed expalation of the args used above:
partition_tools - platform/system/extras - Git at Google
My actual command:
Code:
sudo ../otatools/bin/lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:6023020544 --group main:3769520128 --partition odm:readonly:4349952:main --image odm=./odm.img --partition product:readonly:1234505728:main --image product=./product.img --partition system:readonly:1890627584:main --image system=./system.img --partition vendor:readonly:640036864:main --image vendor=./vendor.img --sparse --output ./super_new.img
Step 9:
Compress super_new.img and rename:
Code:
lz4 -B6 --content-size super_new.img super.img.lz4
Step 10:
Replace the super.img.lz4 in the magisk_patched-25200_rOeaE.tar file and copy to the Win11 ODIN box.
Step 11:
Put your T220 into Download Mode
Flash the updated GSI_magisk_patched-25200_rOeaE.tar that contains the new super.img.lz4 file in the AP slot using ODIN.
A couple of notes:
I did get a warning in DL Mode while flashing, but it hasn't seem to impact anything so far.
sw rev check fail super fused 2 > binary 0
I had to do a factory reset on my first boot.
Hope this helps someone.

Thanks, i follow your tuto and have now my T220 on GSI too, Project Elixir. I'm on Debian too. Just another info, 'lpmake' was not in debian. Need to install a package who contain it.
Choose EUX version with Bifrost.
I 've get same message too during flashing.
The factory reset after the first boot seems needing, the tablet restart on recovery first.
It's certainly a method for newbies, you must understand what you do and why.
But tuto it's an help for others. So thanks again.

HEY please send the flashable files !><! i just know how to use odin and i really don't understand how to flash the GSI on my T220 ! it would be really helpful if you send me the AP file link !! I really want to flash a Gsi bored on the stock ui + sucks a lot !!