Better Mobile App

[REF] xperia 2011 internals, boot process, testpoint

I'd like to clarify few technical internals of xperia 2011 phones.
What is the sequence of sw components that are executed on power on?
Where are they stored? I guess that there is not only the one big flash chip which we have the firmware on, right?
What does grounding of testpoint do - what's the internal logical function when testpoint is grounded while xperia gets connected via usb?
Please correct/extend/clarify my following assumptions (that might be completely wrong) about the boot process:
- the very first sw component that gets started on power on, a primary boot code, is stored in a small rom, which cannot ever be changed and contains also signature verification public key
- the primary boot rom verifies integrity and signature of s1boot, which is stored somewhere in the big flash and starts s1boot if signature check of it was valid
- s1boot checks integrity of other fw components stored in the big flash, like the kernel and baseband fw images
- if all signatures/integrity are ok, baseband fw is passed to radio controller cpu and radio is started, linux kernel is loaded into ram and started
- linux kernel uses it's initernal initramfs as root filesystem and executes init scripts stored there
- mtd partitions (like for /system and /data) are mounted (from the big flash mapped as mtd devices), android core processes are started, phone starts...
Now about s1boot - is this component handling all of following functions?
- flash mode usb interface (i.e. S1 protocol for loading/flashing images?)
- fastboot mode usb interface
- booting from flash as described above
I assume that signature verification is done also in any flashing or image usb loading mode provided by s1boot, right?
Is it right that if testpoint is grounded, s1boot temporarily disables signature verification for code image that may be loaded via usb?
Or does it provide kind of jtag interface via usb?
Does the "boot loader unlock via testpoint without loosing drm" method uses the testpoint in order to flash patched s1boot, that returns always valid verification results?
But how that could be possible - I mean, if s1boot is patched, it's integrity would fail the check done by the primary boot code started from the small rom that can't ever be changed?
Please share your knowledge, I am curious and I'd like to know how it works. Already searched a lot regarding this topic. My assumptions are based on possible similarity with older xperia models that bootloader lock bypass was discussed here (but where the testpoint was not used).
Thanks.

boot (kernel) mtd partition
Is there any reason why access to kernel flash area is not mapped as mtd partition in custom kernels?
I see some bits concerning nand setup for boot area implemented in FXP kernel, but the configs are not used in final nand devices setup.
Is there any hardware reason that causes mapping of kernel flash area as mtd device with write access in linux not to work?

boot process description
I've found quite good boot process description, unfortunately not able to post external links, so google for "Qualcomm MSM Snapdragon 7x30 boot process", it's the first link found (points to tjworld net).
The description is for Qualcomm Mobile Station Modem (MSM) Snapdragon 7x30 system-on-chip platforms, so it should be also valid for Xperia 2011 phones as they use MSM8255, which is a 1GHz variant of MSM7x30 (running at 800MHz) - these chipsets belong to Snapdragon S2 generation chipset.
Most probably the main difference in order to apply the googled boot process description to xperia 2011 devices would be that all references to eMMC (mmcblk) should be considered as mtd flash present in xperia devices instead.
What do you think?

j4nn said:
I've found quite good boot process description, unfortunately not able to post external links, so google for "Qualcomm MSM Snapdragon 7x30 boot process", it's the first link found (points to tjworld net).
The description is for Qualcomm Mobile Station Modem (MSM) Snapdragon 7x30 system-on-chip platforms, so it should be also valid for Xperia 2011 phones as they use MSM8255, which is a 1GHz variant of MSM7x30 (running at 800MHz) - these chipsets belong to Snapdragon S2 generation chipset.
Most probably the main difference in order to apply the googled boot process description to xperia 2011 devices would be that all references to eMMC (mmcblk) should be considered as mtd flash present in xperia devices instead.
What do you think?
Click to expand...
Click to collapse
I think you'll have more luck (if any) in the Dev section. Maybe some mod will have the consideration to move your thread that way.
It may also be a good idea (if you're interested in general Android phone booting as apposed to Xperia specific) to look around in the general Android sections of the forums.
However, don't hesitate to centralize your findings in this thread... I'd be thrilled to read whatever you find out (don't have the time to go looking for it, though).

yes, I guess it would be better in dev section, but it's unfortunate that I cannot post replies (nor start thread) there yet...
my 10 posts minimum in the rules not reached yet:-/

j4nn said:
yes, I guess it would be better in dev section, but it's unfortunate that I cannot post replies (nor start thread) there yet...
my 10 posts minimum in the rules not reached yet:-/
Click to expand...
Click to collapse
You're getting close, though

http://www.anyclub.org/2012/02/android-board-bring-up.html
the link above is quite good in explaining what happens in our msm7x30 chipset

[Help] ARM Trusted Firmware bricked my unlocked honor 4x!

Dear Esteemed XDA members,
I have spent literally days of testing and researching to try and unbrick my phone. Friends and family have seen my obsession with trying to fix this, some even offering to buy me a new phone!!!! But this ain't about money - this is about having control of my damn device!!! I'm usually pretty good with trying to solve this kind of stuff, but this time I'm truly stumped (and desperate, and obsessed!). I have come to the conclusion that it's directly related to ARM Trusted Firmware. Here are the details of my "journey" to date... please read it, and if you know how to fix it, please share!!! then I can get my life back!!!! Before I go any further, I am certain that my problem was initially triggered by doing an official update on a rooted phone. So to avoid experiencing the same problem I'm about to describe, it's best to unroot and relock your device before loading new official firmware.
I have a Huawei Honor 4x (Che2-UL00, with Kirin 620 chipset) with an unlocked bootloader. Recently, I tried to manually upgrade from Kitkat (emui3.0) to Lollipop (emui3.1), using the official update.app from huawei's website (image was good - I checked the hash). To load the update.app, I used the official huawei recovery. The progress bar went to roughly 90% and then hung. Upon restarting my phone, it went into rescue mode with the following error: Func NO : 15 (bl31 image) Error NO : 1 (security verify failed).
Interestingly, I looked closely at the fastboot.img files for kitkat Vs lollipop (I got the image files by using HuaweiUpdateExtractor). I noticed that only the lollipop fastboot image contains this error message text. Also, bl31 is related to ARM trusted firmware, for more info search for BL31 (Secure Monitor) on google, or see bl31_main.c in the Trusted Firmware source code. So it seems that the lollipop image is using the full ARM trusted firmware, an extra layer of security which is preventing the (unlocked) bootloader from allowing me to load into recovery. I think this is the core problem, and I think there is a way to solve it but I just don't have a deep enough understanding to get there. Below I'll explain each step I went though and provide some additional diagnostic info:
1. First step was to access recovery mode (Vol UP + power). This failed and resulted in same bl31 error message.
2. Second step was to try and update again using the three-button force update (Vol Up + Vol Down + Power). It vibrates once after a few seconds, and freezes with the logo screen with the red light flashing. As an experiment, I tried this without the SDCARD and noticed it vibrated almost instantly, which suggests that it does try to load something from the SDCARD when inserted. I didn't get any further in this mode.
3. Final step I tried was to load into fastboot (Vol Down + Power). This worked and I got into a special "Rescue&Fastboot" mode. First thing I tried was to manually downgrade to kitkat by flashing the kitkat images using the fastboot flash command. The images boot.img, system.img, recovery.img flashed successfully. cust.img simply failed. I desperately wanted to flash the kitkat fastboot.img which doesn't contain the trusted firmware bl31 image stuff, but fastboot replied: FAILED (remote: Command not allowed). In fact, many of the fastboot commands fail with this same error message, even though there is the "PHONE unlocked" writing in red on my phone screen. With the limited command set available (even fastboot oem device-info is not allowed!), here is the diagnostic info I was able to get:
a) fastboot oem check-rootinfo
(bootloader) old_stat: RISK
(bootloader) now_stat: SAFE
(bootloader) change_time: 1452356543
I think this change from RISK to SAFE is the core of my problem. the change_time is from several days ago when I attempted to update. I think it reflects the trusted firmware state (I'm guessing here, as I can't find documentation for these commands).
b) fastboot oem backdoor info
(bootloader) FB LockState: LOCKED
(bootloader) USER LockState: UNLOCKED
I think that FB LockState: LOCKED means that fastboot is locked (guessing again, can't find documentation!), which explains why many of the commands fail.
c) fastboot oem check-image
(bootloader) secure image verify successfully
I think this checks the recovery image, because when I flash a different recovery, this signature check fails
d) fastboot getvar rescue_phoneinfo
rescue_phoneinfo: Che2-UL00 V100R001CHNC00B365
This appears to be the ROM version at the time of purchase.
e) fastboot oem get-build-number
(bootloader): Che2-UL00 V100R001CHNC00B384
This actually corresponds to the build number of kitkat I was using just before the failed upgrade to lollipop.
f) fastboot oem relock mycode
FAILED (remote: root type not allowed).
I tried this just to see if it wold relock. I'm not sure what the error means, but I do not that this command failed with signature verify fail if i change the recovery image.
Here are the questions I want to ask:
1. Can I force the device to flash a new image? I can't get into recovery or have full access to fastboot commands due to the trusted firmware stuff. And as I mentioned earlier the three button trick fails with a freeze at the logo screen. It appears that I need to do this using a means other than fastboot. The only interface I have is Android Sooner ADB Interface. adb devices renders nothing. Only fastboot finds a device.
2. Can I somehow make the "security verify check" pass so that I don't get that bl31 error? I'm not sure exactly which images this bl31 thing is trying to verify! Perhaps some combination of images from the new lollipop stuff I tried to flash and the kitkat build I had running previously?
3. Can somehow disable all this Trusted Firmware stuff??
4. Any other suggestions???
This is driving me to the brink on insanity!!! Gotta figure it out!! Thanks for reading and trying to help!

Hi,
Did anyone solve this problem?
I'm facing the exact same situation.
Che2-UL00 too.
Thanks in advance!

prezident36 said:
Hi,
Did anyone solve this problem?
I'm facing the exact same situation.
Che2-UL00 too.
Thanks in advance!
Click to expand...
Click to collapse
I still find it hard to believe this problem absolutely cannot be solved. However, I took it to a Huawei service center and they weren't able to unbrick it either. They had to replace the mainboard, which seems like a complete waste. Cost around $50, so not the end of the world but still annoying.
Anyway, screw this whole "trusted firmware" rubbish. I'm the owner of the device, yet I'm not "trusted".

hello, i have exactly the same problem!
---------- Post added at 10:58 PM ---------- Previous post was at 10:41 PM ----------
Where do i get the replacement mainboard from?

Me too, upgrading kitkat to lollipop. Now facing that rescue error.
My Honor 4X is unlock bootloader and root before upgrading lollipop,

[Q] Root/CWM/TWRP - Klipad V355 (7.0, MT6737)

I have in my research not found any way to root this phone using any One Click Root type of thing, I am currently stuck because of my lack of knowledge using MTK Droid Tools (I can see the "root" button when I plug in the device, I know it reads "temporary root" but it is of any use since I can't even make a proper scatter file? (I have the "unknown rom" error))
I need someone to brighten me up on the subject!
Also does installing a custom recovery requires me to unlock my bootloader?
EDIT: I tried the root button and after failing to get temporary root MTK Droid Tools says that I should be able to root the phone using CWM
EDIT2: So I read a bit this evening and I now know that MT67xx chips can't get their scatter file dumped by MTK Droid, so now I am currently looking for a way to get that scatter file...

I am clueless as of now, I really need someone to help me!

I just unlocked my bootloader, I also discovered that in the stock recovery there was an option called "mount /system", what does it do?

I have been looking for more than 8 hours today and I'm kind of feeling hopeless...
So, for anyone who might get any info out of it here are the info of the device straight out of MTK Droid:
Hardware : MT6737
Model : KLIPAD_V355
Build number : Y376C12.DM.HN.V355.KLIPAD.V2.EU.CTS.8+1.7.0.V01.01.2017.07.22
Build date UTC : 20170722-122206
Android v : 7.0
Baseband v: MOLY.LR9.W1444.MD.LWTG.MP.V110.5.P3, 2017/06/06 15:58
Kernel v : 3.18.35 ([email protected]) (gcc version 4.8 (GCC) ) #2 SMP Sat Jul 22 20:23:02 CST 2017

If there's no stock ROM you're gonna need to make your own.
Get a scatter from another device with same chip platform, run 'cat /proc/partitions' and compare.
Dump/read back recovery [and ideally full ROM]
Modify recovery [create twrp]
Flash twrp
Unlocking boorloader might be needed for the above - OEM unlock in dev settings and fastboot

Hardbricked mate 10 pro please help!

Hi, I have a Huawei Mate 10 pro BLA-L29 C432 with unlocked bootloader frp unlocked that is hard bricked.
Reason why it was hard bricked was using HWota and flashing the wrong files
The device shows up in device manager as USB COM 1.0 (COM4) along with COMMUNICATIONS PORT (COM 1).
I have purchased the DC Phoneix + HCU timed license for 3 days ending on 3/4/2019 at 9 AM.
I have downloaded the "BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT.dgtks" board firmware directly from DC Phoenix
I have also downloaded the "BLA-L29C_8.0.0.115(C432)_Firmware_Lithuania_Latvia_Norway_Romania_Hungary_Greece_Austria_Czech_Republic_Bulgaria_Poland_Slovenia_Croatia_Serbia_Nonspecific.app" appfile directly from DC Phoenix
I begin by selecting the "BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT" file in the update file selection. Then i select the "BLA-L29C_8.0.0.115(C432)_Firmware_Lithuania_Latvia_Norway_Romania_Hungary_Greece_Austria_Czech_Republic_Bulgaria_Poland_Slovenia_Croatia_Serbia_Nonspecific.app" file in the update app file selection.
I click update and am provided with the following error message to the left of the screen
File to update: BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT.dgtks
Device detected:
COM4: HUAWEI USB COM 1.0 (COM4)
Writing bootloader...
Writing BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT_3.dtwork...
Error writing Bootloader
3/1/2019 1:09:05 PM Writing device finished - INCOMPLETE
I then proceeded to try the "use bootloader" option under the udpate oeminfo tab and chosen the Kiring970_T2_A8.0_V3
and i have successfully gotten my device to be recognized as follows
Looking for a device in fastboot mode
Device found: AQH7N17B29009368
SN:AQ********************* <- i have censored the following information intentionally
IMEI:866******************* <- i have censored the following information intentionally
IMEI1:86******************* <- i have censored the following information intentionally
MEID:A******************** <- i have censored the following information intentionally
Build number: :BLA-L29 8.0.0.158(C432)
Model: BLA-L29
Battery state: 0
When writing the board file, I get the following
Erasing nvme partition
ERASE partition nvme : FAIL failed to erase partition
Device with unsupported security patch
3/2/2019 11:47:18 AM Writing device finished OK
when writing the update.app file directly from dc-phoenix i get the following error
Extracting partition XLOADER...
Writing XLOADER partition
XLOADER partition UPDATE :FAIL download elf_xloader image verification error
Device with unsupported security patch
3/2/2019 12:02:09 PM Writing device finished - INCOMPLETE
i then though, okay let me try another more rescent .app file, so i downloaded the 8.0.0.158 BLA-L29 c432 "update.zip" file from the internet. I extracted the "UPDATE.APP" file and then selected it in DC-Phoneix and now i get the following message
Attention, this is OTA type file and can't be written via software. Writing it via fastboot may damage the phone. Please use files from our support area.
so I select no, because of this error. I chose to download more "update.zip" files from the internet, and they all give me this attention message.
i then proceeded to use huawei extractor tool to extract kernel,ramdisk,recovery_ramdisk, recovery_vbmeta, and recovery_vendor. I flashed them through fastboot successfully, but no life from the device. As a matter of fact, when i disconnect the device, I have to start from scratch again.
I am really running out of ideas here. =(

Chito307 said:
Hi, I have a Huawei Mate 10 pro BLA-L29 C432 with unlocked bootloader frp unlocked that is hard bricked.
Reason why it was hard bricked was using HWota and flashing the wrong files
The device shows up in device manager as USB COM 1.0 (COM4) along with COMMUNICATIONS PORT (COM 1).
I have purchased the DC Phoneix + HCU timed license for 3 days ending on 3/4/2019 at 9 AM.
I have downloaded the "BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT.dgtks" board firmware directly from DC Phoenix
I have also downloaded the "BLA-L29C_8.0.0.115(C432)_Firmware_Lithuania_Latvia_Norway_Romania_Hungary_Greece_Austria_Czech_Republic_Bulgaria_Poland_Slovenia_Croatia_Serbia_Nonspecific.app" appfile directly from DC Phoenix
I begin by selecting the "BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT" file in the update file selection. Then i select the "BLA-L29C_8.0.0.115(C432)_Firmware_Lithuania_Latvia_Norway_Romania_Hungary_Greece_Austria_Czech_Republic_Bulgaria_Poland_Slovenia_Croatia_Serbia_Nonspecific.app" file in the update app file selection.
I click update and am provided with the following error message to the left of the screen
File to update: BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT.dgtks
Device detected:
COM4: HUAWEI USB COM 1.0 (COM4)
Writing bootloader...
Writing BLA-AL00B_1.0.0.35_Board_Software_China_Nonspecific_An droid_8.0.0_EMUI_8.0.0_05022FPT_3.dtwork...
Error writing Bootloader
3/1/2019 1:09:05 PM Writing device finished - INCOMPLETE
I then proceeded to try the "use bootloader" option under the udpate oeminfo tab and chosen the Kiring970_T2_A8.0_V3
and i have successfully gotten my device to be recognized as follows
Looking for a device in fastboot mode
Device found: AQH7N17B29009368
SN:AQ********************* <- i have censored the following information intentionally
IMEI:866******************* <- i have censored the following information intentionally
IMEI1:86******************* <- i have censored the following information intentionally
MEID:A******************** <- i have censored the following information intentionally
Build number: :BLA-L29 8.0.0.158(C432)
Model: BLA-L29
Battery state: 0
When writing the board file, I get the following
Erasing nvme partition
ERASE partition nvme : FAIL failed to erase partition
Device with unsupported security patch
3/2/2019 11:47:18 AM Writing device finished OK
when writing the update.app file directly from dc-phoenix i get the following error
Extracting partition XLOADER...
Writing XLOADER partition
XLOADER partition UPDATE :FAIL download elf_xloader image verification error
Device with unsupported security patch
3/2/2019 12:02:09 PM Writing device finished - INCOMPLETE
i then though, okay let me try another more rescent .app file, so i downloaded the 8.0.0.158 BLA-L29 c432 "update.zip" file from the internet. I extracted the "UPDATE.APP" file and then selected it in DC-Phoneix and now i get the following message
Attention, this is OTA type file and can't be written via software. Writing it via fastboot may damage the phone. Please use files from our support area.
so I select no, because of this error. I chose to download more "update.zip" files from the internet, and they all give me this attention message.
i then proceeded to use huawei extractor tool to extract kernel,ramdisk,recovery_ramdisk, recovery_vbmeta, and recovery_vendor. I flashed them through fastboot successfully, but no life from the device. As a matter of fact, when i disconnect the device, I have to start from scratch again.
I am really running out of ideas here. =(
Click to expand...
Click to collapse
sorry bro i never ran into situation like this
only pray for you

Anyone? =(

Chito307 said:
Anyone? =(
Click to expand...
Click to collapse
you already done what may be possible to recover
huawei can do it if it is in warranty

It's seems that the error is right there , the security patch isn't supported so it won't finish writing the files, it is stated in DC locker that some devices like mate 10 pro and newer devices are not supported the same reason why there are no new unlocked codes for bootloader on DC unlock and no new unlocked codes for sim also, have your tried flashing those files yourself through fastboot method ? With out the hcu from DC
?

I had same problème
Now phone is OK but IMEI 000000000000

This worked for me, it requires IDT and unencrypted board firmware (these are usually paid). dtgks might work if you only flash board firmware, but you have to be careful so it doesn't wipe oeminfo (if you still want to unlock after. You can still get unlock code through HCU on board firmware so it doesn't really matter).
Edit xml that comes with unencrypted board so it doesn't erase oeminfo.
Flash bootloader files with DC, phone is put in fastboot mode.
Open up IDT.
Select xml in both settings of IDT and in settings of USBMAP. In USBMAP, select com port in the list and click on Skip.
Now start flashing using IDT.
When flashing is done phone will boot to board firmware.
When on board firmware, follow this guide to get your imeis and that stuff back:
1)Flash board (already done)
2)Flash oeminfo from fastboot (own backup if available, if you edited xml you will still have your own oeminfo flashed)
3) Dump modemnvm_system, modemnvm_factory and modemnvm_backup partitions using dd and adb shell ('dd if=/dev/block/bootdevice/by-name/modemnvm_system of=/sdcard/modemnvm_system.img' and so on), board firmware has global root so you don't need to flash Magisk or anything like that (which is impossible anyway, board fw will only accept board or stock images)
4)Flash dumped modemnvm_system, modemnvm_factory and modemnvm_backup using fastboot
5)Modify and brand with HCU (check all checkboxes except the last 2, fill in any missing info)
6)Unlock Sim network with HCU
7)If you previously used HCU to get unlock code you need to generate it again (HCU patches oeminfo so their unlock code works). Also if you forgot to edit xml you'd have to generate a new code, your old code will not work if oeminfo was wiped.
8)Use dload with Service Firmware from androidhost.ru, regular update.zip does not work in dload mode.
And make sure the firmware you dload is newer than GPU Turbo firmware. (XLOADER needs to be 02, else you brick again)
Please note that you only have one shot at this... If you, for example, flash dload but forget to generate unlock code and don't have your own oeminfo flashed you will not be able to repair device without opening it up to get testpoint.

ante0 said:
it requires IDT
Click to expand...
Click to collapse
What is IDT ?

badmania98 said:
What is IDT ?
Click to expand...
Click to collapse
Image Download Tool, some leaked tool (like Odin for Samsung).
It's available on androidhost.ru iirc

I need dload with Service Firmware please
I flashed with many firmware no seccess

ante0 said:
This worked for me, it requires IDT and unencrypted board firmware (these are usually paid). dtgks might work if you only flash board firmware, but you have to be careful so it doesn't wipe oeminfo (if you still want to unlock after. You can still get unlock code through HCU on board firmware so it doesn't really matter).
Edit xml that comes with unencrypted board so it doesn't erase oeminfo.
Flash bootloader files with DC, phone is put in fastboot mode.
Open up IDT.
Select xml in both settings of IDT and in settings of USBMAP. In USBMAP, select com port in the list and click on Skip.
Now start flashing using IDT.
When flashing is done phone will boot to board firmware.
When on board firmware, follow this guide to get your imeis and that stuff back:
1)Flash board (already done)
2)Flash oeminfo from fastboot (own backup if available, if you edited xml you will still have your own oeminfo flashed)
3) Dump modemnvm_system, modemnvm_factory and modemnvm_backup partitions using dd and adb shell ('dd if=/dev/block/bootdevice/by-name/modemnvm_system of=/sdcard/modemnvm_system.img' and so on), board firmware has global root so you don't need to flash Magisk or anything like that (which is impossible anyway, board fw will only accept board or stock images)
4)Flash dumped modemnvm_system, modemnvm_factory and modemnvm_backup using fastboot
5)Modify and brand with HCU (check all checkboxes except the last 2, fill in any missing info)
6)Unlock Sim network with HCU
7)If you previously used HCU to get unlock code you need to generate it again (HCU patches oeminfo so their unlock code works). Also if you forgot to edit xml you'd have to generate a new code, your old code will not work if oeminfo was wiped.
8)Use dload with Service Firmware from androidhost.ru, regular update.zip does not work in dload mode.
And make sure the firmware you dload is newer than GPU Turbo firmware. (XLOADER needs to be 02, else you brick again)
Please note that you only have one shot at this... If you, for example, flash dload but forget to generate unlock code and don't have your own oeminfo flashed you will not be able to repair device without opening it up to get testpoint.
Click to expand...
Click to collapse
Hello
I do every thing on the tuto but i have 1 problem
I have no network it still no service

Are there custom roms for Galaxy A14 that you can flash through ODIN?

Tale as old as time. Have a phone given, factory reset with a Google account that wasn't properly removed.
So FRP lock is in play.
Seems like all the old tricks & tips I knew years ago don't seem to work on this device. Seems like the A14 on Android 13 is lock tight.
What I can do is use ODIN to flash back to stock rom, but that didn't really help.
And what I can also do is go through User License agreements, and somehow fumble my way through Learn More links that I can eventually lead to Google Search
But this method doesn't have Java Script enabled, so I can't login to Google account and add my own account that way.
I'm looking towards roms for the previous model since they're so similar but this feels like a dead end before I even think of a download since incompatible roms can't be flashed.
All I really need is Bootable Android 11 or 12 regardless of how functional or broken it is so I can try exploits for those versions. Just enough to activate OEM unlocking and USB debugging is the end goal
Any tips y'all have?

According to this list
LineageOS 20 Supported Phones: All Models For 2023 [UPDATED]
Here's a quick breakdown of ALL the Android phones that can run LineageOS 20...
www.knowyourmobile.com
the popular Lineage OS isn't available for the Galaxy A14

Rottytops said:
Tale as old as time. Have a phone given, factory reset with a Google account that wasn't properly removed.
So FRP lock is in play.
Seems like all the old tricks & tips I knew years ago don't seem to work on this device. Seems like the A14 on Android 13 is lock tight.
What I can do is use ODIN to flash back to stock rom, but that didn't really help.
And what I can also do is go through User License agreements, and somehow fumble my way through Learn More links that I can eventually lead to Google Search
But this method doesn't have Java Script enabled, so I can't login to Google account and add my own account that way.
I'm looking towards roms for the previous model since they're so similar but this feels like a dead end before I even think of a download since incompatible roms can't be flashed.
All I really need is Bootable Android 11 or 12 regardless of how functional or broken it is so I can try exploits for those versions. Just enough to activate OEM unlocking and USB debugging is the end goal
Any tips y'all have?
Click to expand...
Click to collapse
You can't do anything because the bootloader lock is on.
I bypassed frp with sp flash tool but a14 has exynos processor so sp flash tool will not work.
There is no offical previous android, So downgrade will not work too.

Was able to bypass FRP unlock using one of those paid tools, but it may have been unnecessary to pay. (SamFW to be specific)
I'll explain for future googlers dealing with the same issue.
So I had the ATT model of the device. Specifically model SM-A146U. It comes with an Exynos or Mediatek SoC.
Mine was specifically the MT variant.
I used Odin3 to revert to the stock build. Build dated November 29/Dec 1 2022; despite the official release date of the device being Jan 2023.
The emergency code *#0*# does not work, but *#*#88#*#* does.
Obviously you needed Samsung USB, ADB, drivers installed. Additional troubleshooting has me download Microsoft Visual C++ 2015 ; and MT65XX Preload Drivers.
The SamFW tool claims it's free to remove the FRP lock on security patches pre-dating December 2022.
The SamFW tool only suggests you needed Samsung driver's and Visual C++. So I tried several times using the SamFW tool to push it's exploit, and it kept failing.
So in a moment of weakness, I bought the $15 credit pack because it promised "All models", ran the tool again, and still it failed. It required a credit card number for a service called coffee break or something, which is exactly the shady **** I have a cash app card for. I was not going to use my real bank account.
Because it runs a ADB exploit, I reboot into Recovery. Then in recovery menu, I select to Reboot into Bootloader, which puts the device into fastboot.
This is where I discover that I had no ADB drivers.
So I install ADB, and open Terminal/shell, whatever you call it. (Hold Shift and right click in ADB folder to shortcut ADB terminal)
I type:
Fastboot Devices
Didn't get a serial. I reboot Fastboot again, this time with Device Manager open on Windows, and notice for 5 seconds, a device called MT65xx preloader was lacking driver, and unloaded to reload ADB drivers. This is where I find out I'm using a MediaTek SoC
So I finally googled and install MT65xx Preload. Reboot to Fastboot 1 more time. I type
Fastboot Devices
I get a serial.
So not I reboot to system, then on phone in emergency dial type *#*#88#*#* then do another device check. Looks good.
Because I already paid $15 for the premium unlock, that's the first option I pick it finally unlocks. But because all this time I was missing critical mediatek drivers, the free option still could have worked. So I can't confirm if being free would have sufficed, or if I needed that paid service.
But what's done was done, and I was able to get into the phone.
So to recap I used:
SM-A146U ATT stock Rom (5.5GB), earliest build Nov-Dec 2022 (Google it)
Odin v3 Flash Tool (Hold Vol+ Vol- & Power to access)
Samsung USB Drivers (Latest and official)
Google ADB Drivers (Mini installer)
Microsoft Visual C++ 2015
MT65xx preloader Drivers (Google it)
And SamFW 4.6 FRP Tool
Emergency Dial code : *#*#88#*#*
To bypass FRP Lock on Galaxy A14 ATT version, Model SM-A146U ; MediaTek variant.
and to reiterate, Recovery and Fast Boot are not necessary in any part of the process.
I use Recovery to boot into Fastboot, and I only use FastBoot + ADB to personally confirm that my computer recognizes the device connected in several boot modes