Better Mobile App

[GUIDE][FIX][DISCUSSION] LG G3 Hard Brick Recovery

UPDATE: I have updated this post with a file named "board diag v2.99.zip" This should now support more phones!!!
Several people have been having issues with hard bricks and there are several posts with a bit of info about how to fix them but no simple instructions so I'm posting a (hopefully) fool proof guide to fixing your hard brick. Tested on windows 7 and windows 10.
First what is a hard brick? A hard brick is a phone that does not boot, or is stuck in a boot loop, or has a security error AND cannot access recovery or download mode.
Disclaimer: Your warranty is now void etc. I am not responsible etc. You have to open your phone to do this so it is a last resort. Read the entire tutorial before beginning!
Required Materials:
Bricked LG G3
Stock USB cable <-- or at least one that you know is good
a short thin but stiff wire to short pins
Qualcomm high speed usb drivers
BoardDiag by willcracker <-- other versions don't seem to work
The tot file of the rom that you were running. (not older not newer same version) You can find these easily on XDA or google but it varies depending on your software version
First you need to install the Qualcomm high speed usb drivers. Your phone will be detected as Qualcomm 9008 (COM) later on in the tutorial but you need these drivers. I will include the drivers in this post. If you are on a 64 bit system you will need to disable driver signing. Here is how:
Step 1. Open the Windows command prompt as “Run as Administrator”.
Step 2. Run
Code:
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
Step 3. To finalize the process run
Code:
bcdedit -set TESTSIGNING ON
Step 4. Reboot and you’re done.
I have attached both the 32 bit version and the 64 bit version be sure to only use the 64bit one on 64bit and likewise only use the 32bit one on 32bit, you do not need both sets of drivers.
1. Open your phone and take out the battery. Remove the top half of the phone housing. You do not need to remove the bottom half by the usb. Also you don't need to remove the screw next to the camera. If you do remember that it is a different size so keep it separate.
2, You will see a big metal shield. You need to remove it. It is pretty easy just pry it off and it pops back into place when you are done.
3. Next you need to short the pins as shown in the following picture. While continuing to short the pins plug in your usb cable. You should hear windows detect the phone almost instantly. Keep shorting the pins for the count to 5 and then you can release the wire. See image below, ignore the ethernet connector.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4. Now open device manager in windows and it should show your phone under com ports as Qualcomm 9008 (COM #). If it doesn't try the process over again. When it does work remember this number. It is going to be used later.
5. Now fire up BoardDiag by willcracker be sure to run it as administrator. It is in this post named willcracker.rar There are some pictures on how to flash with this app but I will describe it as well. First we are going to need to extract your tot file. This can take some time. Like 10 mintues on a decent PC. The app may look like it froze up but it is just thinking. When it is complete move on to the next step.
6. You need to tell the program the com port that you are using that we found earlier and the folder where you extracted the firmware to.
7. once you have extracted the firmware and set up the program with the correct port you need to Check "AP" and "EMMC" then press start. Be sure not to select any partitions or change any other options than the firmware directory and comport.
It should come back as PASS. If it throws an error about not being in dload mode you need to restart the shorting process. Hold the short for a bit longer this time.
8. Flash all of the partitions except for Cache, System, Userdata, and Sbl1. Sbl1 will be flashed later and causes the phone to reboot.
You can flash System, Userdata, and cache but it takes a really long time so I don't recommend it. It is better to get your phone into download mode and use LG flash tool to do a full restore.
9. Once you have finished flashing all of the partitions one after the other put in the battery and flash Sbl1. Your phone will now reboot and try to boot into android. If your system is messed up it wont. You will still be in a boot loop. But you should now be able to enter download mode and recovery.
10. Open up LG Flash Tool and flash your tot using Board DL mode. Everything you need at this point is in the following thread http://forum.xda-developers.com/spr...de-how-to-restore-sprint-lg-g3-ls990-t2852042
Hope that this helps, also if you find any problems or need help please post so I can update this post.
NOTES: If you get an error about a dll missing you need to download and install the following http://www.microsoft.com/en-us/download/details.aspx?id=5555
Also make sure that you use "B2 (MSM8974AC)" as the AP Chipset for the LG G3.

thanks a lot brother.... just one Q...where can I get the TOT file?

paragxx said:
thanks a lot brother.... just one Q...where can I get the TOT file?
Click to expand...
Click to collapse
I assume that you are using sprint ls990 if so here is are the latest tot files. ZV8 and ZV6 can be found here http://downloads.codefi.re/autoprime/LG/LG_G3/LS990 thank autoprime. The files are zipped just extract the zip and then do the process above.
ZV4 can be found here direct link. http://downloads.codefi.re/wolfgart/LG_G3/LS990/ZV4/LS990ZV4_04.51101.zip

Any chance this works on ATT D850?

For myself and the benefit of others, I'm just clarifying something. I've always understood there to be the "hard brick" and the "soft brick". The soft brick is what you describe above where your phone lights up but doesn't boot. A hard brick is where nothing lights up, and your phone doesn't respond at all.
If someone were to describe what you describe above, I'd say that's not a hard brick. There's hope for a soft brick but not a hard brick. Am I wrong, or have the terms morphed a bit in the past several years?

mjjcb said:
For myself and the benefit of others, I'm just clarifying something. I've always understood there to be the "hard brick" and the "soft brick". The soft brick is what you describe above where your phone lights up but doesn't boot. A hard brick is where nothing lights up, and your phone doesn't respond at all.
If someone were to describe what you describe above, I'd say that's not a hard brick. There's hope for a soft brick but not a hard brick. Am I wrong, or have the terms morphed a bit in the past several years?
Click to expand...
Click to collapse
I was always told that a soft brick could be repaired with either recovery or fastboot and that a hard brick was anything that you needed more tools to fix. But I guess that everyone's definition is different. Also This method works on any kind of brick as long as there isn't a hardware issue. No screen on, no power on etc.

BlackSportD said:
Any chance this works on ATT D850?
Click to expand...
Click to collapse
Sorry that I missed your post.... but yes this should work on all variations of the LG G3 as long as it has the points on the motherboard posted in the picture. I do know that the international dual sim version has different pins and I don't know those pins but ATT, Sprint, Verizon, should all work.

l33tlinuxh4x0r said:
Sorry that I missed your post.... but yes this should work on all variations of the LG G3 as long as it has the points on the motherboard posted in the picture. I do know that the international dual sim version has different pins and I don't know those pins but ATT, Sprint, Verizon, should all work.
Click to expand...
Click to collapse
hey, mine is F460K (snapdragon 805) APQ8084 and not msm8974. My device shows as Qualcomm HS-USB QDLoader 9008 (COM6) . I assume i dont need to sort wire as its sole purpose is to show the device as Qualcomm in Device manager.
I think i need to create a file under model like B2 (MSM8974AC) with 2nd_loader.hex etc. Can you help me on this or is it unnecessary ?
currently i get the error
No response from the device. Check PMIC first and if still boot problem, replace AP

Pannam said:
hey, mine is F460K (snapdragon 805) APQ8084 and not msm8974. My device shows as Qualcomm HS-USB QDLoader 9008 (COM6) . I assume i dont need to sort wire as its sole purpose is to show the device as Qualcomm in Device manager.
I think i need to create a file under model like B2 (MSM8974AC) with 2nd_loader.hex etc. Can you help me on this or is it unnecessary ?
currently i get the error
No response from the device. Check PMIC first and if still boot problem, replace AP
Click to expand...
Click to collapse
You are right about not needing to short the wire and also about needing the correct 2nd_loader.hex etc. However I don't know how to make those. Attached are some more models that I found online. Hope that this helps.

l33tlinuxh4x0r said:
You are right about not needing to short the wire and also about needing the correct 2nd_loader.hex etc. However I don't know how to make those. Attached are some more models that I found online. Hope that this helps.
Click to expand...
Click to collapse
Thanx man, but they dont show my chipset.

Pannam said:
Thanx man, but they dont show my chipset.
Click to expand...
Click to collapse
What phone do you have? This tutorial is for the LG G3 from what I just googled the chipset that you are looking for is the Samsung Galaxy Note 4?

l33tlinuxh4x0r said:
What phone do you have? This tutorial is for the LG G3 from what I just googled the chipset that you are looking for is the Samsung Galaxy Note 4?
Click to expand...
Click to collapse
this is my phone it is lg g3 but upgraded version. http://www.gsmarena.com/lg_g3_lte_a-6520.php

Pannam said:
this is my phone it is lg g3 but upgraded version. http://www.gsmarena.com/lg_g3_lte_a-6520.php
Click to expand...
Click to collapse
I don't know then. I know that this method works on the carrier versions of the lg g3 but people have had issues with other versions.

l33tlinuxh4x0r said:
Several people have been having issues with hard bricks and there are several posts with a bit of info about how to fix them but no simple instructions so I'm posting a (hopefully) fool proof guide to fixing your hard brick. Tested on windows 7 and windows 10.
First what is a hard brick? A hard brick is a phone that does not boot, or is stuck in a boot loop, or has a security error AND cannot access recovery or download mode.
Disclaimer: Your warranty is now void etc. I am not responsible etc. You have to open your phone to do this so it is a last resort. Read the entire tutorial before beginning!
Required Materials:
Bricked LG G3
Stock USB cable <-- or at least one that you know is good
a short thin but stiff wire to short pins
Qualcomm high speed usb drivers
BoardDiag by willcracker <-- other versions don't seem to work
The tot file of the rom that you were running. (not older not newer same version) You can find these easily on XDA or google but it varies depending on your software version
First you need to install the Qualcomm high speed usb drivers. Your phone will be detected as Qualcomm 9008 (COM) later on in the tutorial but you need these drivers. I will include the drivers in this post. If you are on a 64 bit system you will need to disable driver signing. Here is how:
Step 1. Open the Windows command promt as “Run as Administrator”.
Step 2. Run
Code:
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
Step 3. To finalize the process run
Code:
bcdedit -set TESTSIGNING ON
Step 4. Reboot and you’re done.
I have attached both the 32 bit version and the 64 bit version be sure to only use the 64bit one on 64bit and likewise only use the 32bit one on 32bit, you do not need both sets of drivers.
1. Open your phone and take out the battery. Remove the top half of the phone housing. You do not need to remove the bottom half by the usb. Also you don't need to remove the screw next to the camera. If you do remember that it is a different size so keep it separate.
2, You will see a big metal shield. You need to remove it. It is pretty easy just pry it off and it pops back into place when you are done.
3. Next you need to short the pins as shown in the following picture. While continuing to short the pins plug in your usb cable. You should hear windows detect the phone almost instantly. Keep shorting the pins for the count to 5 and then you can release the wire. See image below, ignore the ethernet connector.
4. Now open device manager in windows and it should show your phone under com ports as Qualcomm 9008 (COM #). If it doesn't try the process over again. When it does work remember this number. It is going to be used later.
5. Now fire up BoardDiag by willcracker be sure to run it as administrator. It is in this post named willcracker.rar There are some pictures on how to flash with this app but I will describe it as well. First we are going to need to extract your tot file. This can take some time. Like 10 mintues on a decent PC. The app may look like it froze up but it is just thinking. When it is complete move on to the next step.
6. You need to tell the program the com port that you are using that we found earlier and the folder where you extracted the firmware to.
7. once you have extracted the firmware and set up the program with the correct port you need to Check "AP" and "EMMC" then press start. Be sure not to select any partitions or change any other options than the firmware directory and comport.
It should come back as PASS. If it throws an error about not being in dload mode you need to restart the shorting process. Hold the short for a bit longer this time.
8. Flash all of the partitions except for Cache, System, Userdata, and Sbl1. Sbl1 will be flashed later and causes the phone to reboot.
You can flash System, Userdata, and cache but it takes a really long time so I don't recommend it. It is better to get your phone into download mode and use LG flash tool to do a full restore.
9. Once you have finished flashing all of the partitions one after the other put in the battery and flash Sbl1. Your phone will now reboot and try to boot into android. If your system is messed up it wont. You will still be in a boot loop. But you should now be able to enter download mode and recovery.
10. Open up LG Flash Tool and flash your tot using Board DL mode. Everything you need at this point is in the following thread http://forum.xda-developers.com/spr...de-how-to-restore-sprint-lg-g3-ls990-t2852042
Hope that this helps, also if you find any problems or need help please post so I can update this post.
Click to expand...
Click to collapse
hi
i get the error
No response from the device. Check PMIC first and if still boot problem, replace AP
model ls740 volt
G2MLTE (MSM8926)
help

nemran said:
hi
i get the error
No response from the device. Check PMIC first and if still boot problem, replace AP
model ls740 volt
G2MLTE (MSM8926)
help
Click to expand...
Click to collapse
Sorry I don't have that device to test. This is confirmed on the carrier version of the LG G3 only.

Thank You
I found a post similar to this that no matter where I looked - I was always referred back to that post - which was written in poor english - no download links worked. I appreciate this post. Saved my ass.

EMMC test fail
using D855 16gb
any fix ??

zohaibkhan143 said:
EMMC test fail
using D855 16gb
any fix ??
Click to expand...
Click to collapse
I have never had that error myself but it means either that you are using the wrong firmware images or that you have a hardware issue.

l33tlinuxh4x0r said:
I have never had that error myself but it means either that you are using the wrong firmware images or that you have a hardware issue.
Click to expand...
Click to collapse
tot is correct. I think so its a hardware issue.. I need a medusa box for fix maybe its the last solution for my G3:crying:
LGD855AT-00-V10e-EUR-XX-JUL-08-2014-16G+0
using this tot. Is it fine ?

l33tlinuxh4x0r said:
Several people have been having issues with hard bricks and there are several posts with a bit of info about how to fix them but no simple instructions so I'm posting a (hopefully) fool proof guide to fixing your hard brick. Tested on windows 7 and windows 10.
First what is a hard brick? A hard brick is a phone that does not boot, or is stuck in a boot loop, or has a security error AND cannot access recovery or download mode.
Disclaimer: Your warranty is now void etc. I am not responsible etc. You have to open your phone to do this so it is a last resort. Read the entire tutorial before beginning!
Required Materials:
Bricked LG G3
Stock USB cable <-- or at least one that you know is good
a short thin but stiff wire to short pins
Qualcomm high speed usb drivers
BoardDiag by willcracker <-- other versions don't seem to work
The tot file of the rom that you were running. (not older not newer same version) You can find these easily on XDA or google but it varies depending on your software version
First you need to install the Qualcomm high speed usb drivers. Your phone will be detected as Qualcomm 9008 (COM) later on in the tutorial but you need these drivers. I will include the drivers in this post. If you are on a 64 bit system you will need to disable driver signing. Here is how:
Step 1. Open the Windows command promt as “Run as Administrator”.
Step 2. Run
Code:
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
Step 3. To finalize the process run
Code:
bcdedit -set TESTSIGNING ON
Step 4. Reboot and you’re done.
I have attached both the 32 bit version and the 64 bit version be sure to only use the 64bit one on 64bit and likewise only use the 32bit one on 32bit, you do not need both sets of drivers.
1. Open your phone and take out the battery. Remove the top half of the phone housing. You do not need to remove the bottom half by the usb. Also you don't need to remove the screw next to the camera. If you do remember that it is a different size so keep it separate.
2, You will see a big metal shield. You need to remove it. It is pretty easy just pry it off and it pops back into place when you are done.
3. Next you need to short the pins as shown in the following picture. While continuing to short the pins plug in your usb cable. You should hear windows detect the phone almost instantly. Keep shorting the pins for the count to 5 and then you can release the wire. See image below, ignore the ethernet connector.
4. Now open device manager in windows and it should show your phone under com ports as Qualcomm 9008 (COM #). If it doesn't try the process over again. When it does work remember this number. It is going to be used later.
5. Now fire up BoardDiag by willcracker be sure to run it as administrator. It is in this post named willcracker.rar There are some pictures on how to flash with this app but I will describe it as well. First we are going to need to extract your tot file. This can take some time. Like 10 mintues on a decent PC. The app may look like it froze up but it is just thinking. When it is complete move on to the next step.
6. You need to tell the program the com port that you are using that we found earlier and the folder where you extracted the firmware to.
7. once you have extracted the firmware and set up the program with the correct port you need to Check "AP" and "EMMC" then press start. Be sure not to select any partitions or change any other options than the firmware directory and comport.
It should come back as PASS. If it throws an error about not being in dload mode you need to restart the shorting process. Hold the short for a bit longer this time.
8. Flash all of the partitions except for Cache, System, Userdata, and Sbl1. Sbl1 will be flashed later and causes the phone to reboot.
You can flash System, Userdata, and cache but it takes a really long time so I don't recommend it. It is better to get your phone into download mode and use LG flash tool to do a full restore.
9. Once you have finished flashing all of the partitions one after the other put in the battery and flash Sbl1. Your phone will now reboot and try to boot into android. If your system is messed up it wont. You will still be in a boot loop. But you should now be able to enter download mode and recovery.
10. Open up LG Flash Tool and flash your tot using Board DL mode. Everything you need at this point is in the following thread http://forum.xda-developers.com/spr...de-how-to-restore-sprint-lg-g3-ls990-t2852042
Hope that this helps, also if you find any problems or need help please post so I can update this post.
Click to expand...
Click to collapse
I'm going to go insane. I'm stuck at doing the gnd and the capacitor. My laptop detects the device but it says devce not recognized. i installed the qualcomm high speed drivers you had in download on 32bit windows 7 and also tried on 64bit windows 8. Exact same thing, usb device not recognized. Also, I've installed the verizon lg g3 specific drivers and tried too but it doesnt work. Please HELP !

I am running in circles...help please

Hi,
as the title says: I am running in circles when it comes to my ZU and me trying to get things done and to run...like Viper4Android.
But first things first:
I bought my ZU nearly one year ago, KitKat 4.4 was installed and I unlockes the bootloader via Sonys Webpage for that.
But soon after it got bricked, as it wouldn't charge anymore. So I sent it to Sony and when I got it back, Lollipop 5.0.1 was installed *hurray*
I don't know it they locked the bootloader again, but it say, I'm still allowed to unloak it.
So first question: is there a way to check, if the bootloader is locked or not?
"fastboot devices" doesn't give any errors, but it also give absolutly no message back. So I'm not sure if the phone is correctly recognized.
Coming to root:
For now, only KingRoot (yeah, I know...) can get me root access, at least without flashing. Flashing is a procedure I have always the highest respect of, because for me it seems quite risky to turn the phone into a brick.
But anyway. Now I got root, but Viper4Android needs also BusyBox, but installing that fails because of Sony RIC. So second questins: There is really no way of disabling RIC without flashing?
So I tryed installing a Recovery, this is called "ZU-lockeddualrecovery2.8.26-RELEASE.combined" and it seems to be the most recent one. But when trying to install that, it says it wont run on 5.1.1. Yeah, I upgraded some days ago, damn...
You see, one single thing (wanting Viper) produces such a tail of problems and I have now absolutly no idea where I should start to get any further.
Now I'm at a point where I think about really flashing a new completly new ROM, perhaps even Android M, but as seems one of the ones avaible yet supports ZU's hardware completly, right?
So what am I doing to do?
Sony Xperia Z Ultra
C6833
Android 5.1.1
Build 14.6.A.1.236

CosmicBlue2000 said:
Hi,
as the title says: I am running in circles when it comes to my ZU and me trying to get things done and to run...like Viper4Android.
But first things first:
I bought my ZU nearly one year ago, KitKat 4.4 was installed and I unlockes the bootloader via Sonys Webpage for that.
But soon after it got bricked, as it wouldn't charge anymore. So I sent it to Sony and when I got it back, Lollipop 5.0.1 was installed *hurray*
I don't know it they locked the bootloader again, but it say, I'm still allowed to unloak it.
So first question: is there a way to check, if the bootloader is locked or not?
"fastboot devices" doesn't give any errors, but it also give absolutly no message back. So I'm not sure if the phone is correctly recognized.
Coming to root:
For now, only KingRoot (yeah, I know...) can get me root access, at least without flashing. Flashing is a procedure I have always the highest respect of, because for me it seems quite risky to turn the phone into a brick.
But anyway. Now I got root, but Viper4Android needs also BusyBox, but installing that fails because of Sony RIC. So second questins: There is really no way of disabling RIC without flashing?
So I tryed installing a Recovery, this is called "ZU-lockeddualrecovery2.8.26-RELEASE.combined" and it seems to be the most recent one. But when trying to install that, it says it wont run on 5.1.1. Yeah, I upgraded some days ago, damn...
You see, one single thing (wanting Viper) produces such a tail of problems and I have now absolutly no idea where I should start to get any further.
Now I'm at a point where I think about really flashing a new completly new ROM, perhaps even Android M, but as seems one of the ones avaible yet supports ZU's hardware completly, right?
So what am I doing to do?
Click to expand...
Click to collapse
ric is probably needed to disable... yep
Flash the zip in recovery: disable_ric_file.zip
And then install the app: SELinuxModeChanger.v.3.2.b.42.crk.Dependencies.Removed.apk
Set the app to permissive.
And Viper4Android will work.
Can't guarantee it will work on locked bootloader.

SÜPERUSER said:
ric is probably needed to disable... yep
Flash the zip in recovery: disable_ric_file.zip
Click to expand...
Click to collapse
Okay, thanks so far, but how do I get into recovery?
You see, I have no recovery installed and when I tryed to install DualRecovery, it failed...

CosmicBlue2000 said:
Okay, thanks so far, but how do I get into recovery?
You see, I have no recovery installed and when I tryed to install DualRecovery, it failed...
Click to expand...
Click to collapse
flash twrp:
http://forum.xda-developers.com/xperia-z-ultra/development/twrp-recovery-2-8-7-0-2016-02-03-t3307043

MusterMaxMueller said:
flash twrp:
http://forum.xda-developers.com/xperia-z-ultra/development/twrp-recovery-2-8-7-0-2016-02-03-t3307043
Click to expand...
Click to collapse
Tried, Screen remain black if I try to boot in recovery.
p.s.:
TWRP Manager App give me an error "something went wrong". Great.
https://twrp.me/devices/sonyxperiazultra.html
Doesn't work either.
I'm frustrated. Trying for over one week now to get it running. Half of my vacation. I didn't thought, I would spent so much time with it. 3 to 4 hours a day.
I think it starts the with the fact, that I can't tell if bootloader is unlocked or not.

CosmicBlue2000 said:
Tried, Screen remain black if I try to boot in recovery.
p.s.:
TWRP Manager App give me an error "something went wrong". Great.
https://twrp.me/devices/sonyxperiazultra.html
Doesn't work either.
I'm frustrated. Trying for over one week now to get it running. Half of my vacation. I didn't thought, I would spent so much time with it. 3 to 4 hours a day.
I think it starts the with the fact, that I can't tell if bootloader is unlocked or not.
Click to expand...
Click to collapse
To check if you bootloader is locked or unlocked. Try this below:
Dial *#*#7378423#*#* . Then go to -> "Service Info" -> "Configuration". If there is:
Bootloader unlock allowed - Yes << this means that your Bootloader is Locked
Bootloader Unlocked - Yes << this means that your bootloader is unlocked
Source: http://forum.xda-developers.com/showpost.php?p=22341848&postcount=4

SÜPERUSER said:
To check if you bootloader is locked or unlocked. Try this below:
Dial *#*#7378423#*#* . Then go to -> "Service Info" -> "Configuration". If there is:
Bootloader unlock allowed - Yes << this means that your Bootloader is Locked
Bootloader Unlocked - Yes << this means that your bootloader is unlocked
Source: http://forum.xda-developers.com/showpost.php?p=22341848&postcount=4
Click to expand...
Click to collapse
Okay, last time I unlocked it (under Kitkat), it didn't change.
If that behaviour has changed, then it is still locked.

CosmicBlue2000 said:
Okay, last time I unlocked it (under Kitkat), it didn't change.
If that behaviour has changed, then it is still locked.
Click to expand...
Click to collapse
"last time I unlocked it"?... You lost me there.
Have you unlocked bootloader before? Can you remember if you once have written the command: fastboot oem unlock 0x ?

SÜPERUSER said:
"last time I unlocked it"?... You lost me there.
Have you unlocked bootloader before? Can you remember if you once have written the command: fastboot oem unlock 0x ?
Click to expand...
Click to collapse
Let me quote my first post:
I bought my ZU nearly one year ago, KitKat 4.4 was installed and I unlocked the bootloader via Sonys Webpage for that.
But soon after it got bricked, as it wouldn't charge anymore. So I sent it to Sony and when I got it back, Lollipop 5.0.1 was installed *hurray*
I don't know it they locked the bootloader again, but it says, I'm still allowed to unloak it.
Click to expand...
Click to collapse
And here is, what the Sony webapage told me. Last time and now again:
Install the Android SDK and the device drivers
1. Download and install the Android SDK.
2. If you’re running Windows, you also need to download and install an updated Fastboot driver. This is the standard android_winusb.inf-file, with a few lines of code added to enable Fastboot to support Sony & Sony Ericsson devices. Replace the original android_winusb.inf-file with the downloaded file in the usb_driver folder, located in the Android SDK > extras > google folder on your computer. If you can’t find the usb_driver folder, make sure you are running Google USB Driver package revision 4 or higher in your Android SDK. If not, install the Google USB Driver Packager using the Android SDK manager.
Note! If you’re running OSX or Linux, you are not required to install any additional drivers.
3. On your device, turn on USB debugging by going to Settings > Developer options and click to enable USB debugging.
As of Android Jelly Bean 4.2 the Developer options are hidden by default. To enable them tap on Settings > About Phone > Build Version multiple times. Then you will be able to access the Settings > Developer options.
Connect to Fastboot
1. Turn off your Xperia™ Z Ultra.
2. Connect a USB-cable to your computer.
3. On your Xperia™ Z Ultra, press the Volume up button at the same time as you connect the other end of the USB-cable. For Windows users, when asked for a driver, point to the usb_driver folder where you placed the android_winusb.inf-file, and select the Android Boot loader Interface-file.
4. When your device is connected, open a command window on your computer and go to the platform-tools folder within the Android SDK folder.
5. Enter the following command:
fastboot devices
6. Verify that you get an answer back without any errors.
Enter unlock key
WARNING! The command below contains your unlock key. If you perform this step, you will unlock the boot loader. This may void your warranty and/or any warranty from your operator.
1. If you still want to unlock the boot loader of your device, enter the following command:
fastboot -i 0x0fce oem unlock 0x6C88871CBAABD41D
2. Verify that you get an answer back without any errors.
Done!
You have now unlocked the boot loader of your device. Return to Developer World for the latest developer news from Sony.
Click to expand...
Click to collapse
So yes, I remeber using the fastboot command then and now.
I did exactly a told, but the problem is #5 when trying to connect with fastboot for the first time. I enter
fastboot devices
Click to expand...
Click to collapse
and no message appears, no error or anything else. I'm just back at the prompt, nearly immediatly.
Trying
fastboot -i 0x0fce oem unlock 0x6C88871CBAABD41D
Click to expand...
Click to collapse
then will lead to nothing too, no error. But this time I don't get back to prompt. I waited about 2 Hours yesterday befor I gave up with CRTL+C.
So there must be a problem. The problem.

CosmicBlue2000 said:
Tried, Screen remain black if I try to boot in recovery.
p.s.:
TWRP Manager App give me an error "something went wrong". Great.
https://twrp.me/devices/sonyxperiazultra.html
Doesn't work either.
I'm frustrated. Trying for over one week now to get it running. Half of my vacation. I didn't thought, I would spent so much time with it. 3 to 4 hours a day.
I think it starts the with the fact, that I can't tell if bootloader is unlocked or not.
Click to expand...
Click to collapse
follow thread instructions....
read op carefully.
then it will work
---------- Post added at 06:14 PM ---------- Previous post was at 06:12 PM ----------
CosmicBlue2000 said:
Let me quote my first post:
And here is, what the Sony webapage told me. Last time and now again:
So yes, I remeber using the fastboot command then and now.
I did exactly a told, but the problem is #5 when trying to connect with fastboot for the first time. I enter
and no message appears, no error or anything else. I'm just back at the prompt, nearly immediatly.
Trying
then will lead to nothing too, no error. But this time I don't get back to prompt. I waited about 2 Hours yesterday befor I gave up with CRTL+C.
So there must be a problem. The problem.
Click to expand...
Click to collapse
seems like fastboot drivers arent installed correctly ( see device manager in windows)
so you didnt flash twrp?

MusterMaxMueller said:
follow thread instructions....
read op carefully.
then it will work
I will. Again.
---------- Post added at 06:14 PM ---------- Previous post was at 06:12 PM ----------
seems like fastboot drivers arent installed correctly ( see device manager in windows)
so you didnt flash twrp?
Click to expand...
Click to collapse
Well, at least I tried to flash twrp.
The way it is descripted in the Thread above didn't work, because the download link is broken for me.
So I went to the Play Store and installed TWRP Manger App - at least I have root thanks to KingRoot. But that app gave me an error when trying to install twrp recovery.
So I went here https://twrp.me/devices/sonyxperiazultra.html
I put the .img on sdcard, connected the phone, gave in the commands and there was no error message. No success either, there was just something like "has written x block in y seconds" or something like that. So I just thought I'll give it a try, but as written, when trying to ent recovery on boot, the screen remained black.
/edit:
Speaking of drivers, I forgot.
You were right, the wrong one was used. I don't know why, because since last time I haven't deleted the drivers or anything. Windows should have used the correct one again, but it didn't.
Damn, I'm so stupid, thanks a lot

CosmicBlue2000 said:
Well, at least I tried to flash twrp.
The way it is descripted in the Thread above didn't work, because the download link is broken for me.
So I went to the Play Store and installed TWRP Manger App - at least I have root thanks to KingRoot. But that app gave me an error when trying to install twrp recovery.
So I went here https://twrp.me/devices/sonyxperiazultra.html
I put the .img on sdcard, connected the phone, gave in the commands and there was no error message. No success either, there was just something like "has written x block in y seconds" or something like that. So I just thought I'll give it a try, but as written, when trying to ent recovery on boot, the screen remained black.
Click to expand...
Click to collapse
My apology. I was on my phone in direct sunlight and did not read the whole post.
Yes if you have sent it to SONY and gotten it back. It is for sure a new motherboard with locked bootloader.
Even if they used JTAG to fix your motherboard. Unlikely that staff would spend time doing this. Either way the bootloader would be locked.
Your bootloader is locked. This is why flashing any .img will not work.
First thing. Unlock your bootloader.
The universal tool to flash files from phone without a computer is this app:
https://play.google.com/store/apps/details?id=de.mkrtchyan.recoverytools
The link for for TWRP 3.x is here: http://forum.xda-developers.com/devdb/project/dl/?id=18690
NOTICE: Since TWRP V3. The procedure to enter recovery has changed.
New instructions is to power off the phone, hold volume down and power button until phone vibrates.
Let go of the buttons when the SONY logo appears.
A few seconds later the TWRP logo will appear.
But as MusterMaxMueller mentioned. You don't have the correct driver installed if you see an empty line if you type fastboot devices in cmd.
Try follow the post I wrote yesterday to get fastboot working:
Source: http://forum.xda-developers.com/showpost.php?p=67897097&postcount=12
Type these commands in cmd. Run CMD as Administrator:
bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON
Then "Disable driver signature enforcement" on boot:
Press windows key + R
Type: shutdown -o -r -t 0
Press enter
You will now be here:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Select "Troubleshoot"
Select “Advanced options” and “Startup Settings”.
Click "Restart":
When computer reboots and you see this screen: Press F7
Install systemwide ADB
http://forum.xda-developers.com/showthread.php?p=48915118
Direct link: www14.zippyshare.com/d/ufYG71o0/4863743/adb-setup-1.4.3.exe
Download Flashtool driver pack:
http://doomlord.xperia-files.com/download.php?dlid=Rmxhc2h0b29sLWRyaXZlcnMtMS41LTIwMTQwMzE4
Run the file
Scroll down the list until you se Xperia Z ultra C68xx whatever your model is.
Install the drivers
Done
On your desktop: Hold "shift" and right click. Choose Open Command Window here
In the CMD type: Fastboot.
IF you see a list of text describing what fastboot is. You are fine.
Boot the phone to fastboot: Power off, Hold Volume up and plugin the usb cable and blue LED should be constant on.

SÜPERUSER said:
My apology.
Click to expand...
Click to collapse
Nevermind.
The universal tool to flash files from phone without a computer is this app:
https://play.google.com/store/apps/details?id=de.mkrtchyan.recoverytools
Click to expand...
Click to collapse
Didn't know that, thanks . As I don't like flashhing, I love apps
The link for for TWRP 3.x is here: http://forum.xda-developers.com/devdb/project/dl/?id=18690
Click to expand...
Click to collapse
And again, this link seems broken. Nothing to download there. Just an empty page.
NOTICE: Since TWRP V3. The procedure to enter recovery has changed.
New instructions is to power off the phone, hold volume down and power button until phone vibrates.
Let go of the buttons when the SONY logo appears.
Click to expand...
Click to collapse
I know that and have done that, but
A few seconds later the TWRP logo will appear.
Click to expand...
Click to collapse
didn't happen.
But as MusterMaxMueller mentioned. You don't have the correct driver installed if you see an empty line if you type fastboot devices in cmd.
Click to expand...
Click to collapse
Yeah, seems so.
Just tryed unlocking again, no I got a factory reset, so I'll tell if it's unlocked in some minutes.
Thanks!

CosmicBlue2000 said:
Nevermind.
The universal tool to flash files from phone without a computer is this app:
https://play.google.com/store/apps/details?id=de.mkrtchyan.recoverytools
Didn't know that, thanks . As I don't like flashhing, I love apps
And again, this link seems broken. Nothing to download there. Just an empty page.
I know that and have done that, but didn't happen.
Yeah, seems so.
Just tryed unlocking again, no I got a factory reset, so I'll tell if it's unlocked in some minutes.
Thanks!
Click to expand...
Click to collapse
The link is fine. But here is a mirror:
http://www103.zippyshare.com/v/KjOWHpFf/file.html
If your device starting a factory reset when you trying to unlock bootloader. This is the correct reaction.
All android devices do this when receiving bootloader unlock command to prevent system errors. Hopefully it goes well for you
Click to expand...
Click to collapse
Click to expand...
Click to collapse

"Bootloader unlocked: yes"
Thank you so much

Redmi Note 4X - No wifi, no MAC, no signal, unknown baseband BUT still have IMEI

Hi everyone!
It was yesterday, when I plugged a 3.5 audio jack from a speaker to my Xiaomi Redmi Note 4x (Mido), the LED light flash red, and the phone turned off.I tried to turn it on, and all I got is bootloop (Mi logo with Unlocked >> Mi logo with Android, again and again)
I did a full backup in TWRP, and flashed a new rom, AND... the bootloop continue...
So I did some researches, and found a solution:
After flash a new rom, make a backup of that rom using TWRP > go to Wipe > Wipe Dalvik/Cache and wipe Cache > restore the backup and reboot.
I passed the bootloop, the MIUI 9 logo show up, setup somethings like language, accept Terms and Conditions, and... wait, there's no wifi, no signal, and definitely can not sign in to Mi Account, can not do anything, just sit there and staring at the login screen...
Then I think about the full backup up there ^
Restored, no bootloop, no Mi Account, just stuck at lockscreen, its said wrong password > back to TWRP > Advance > File Manager > /data/system > delete gatekeeper.key (2 files), locksetting (3 files), reboot and I got in to the screen.
So the problems are, there is no Wifi, no MAC address, unknown baseband, no signal.
MEID, IMEI still there, TWRP, fastboot still working.
Can someone help me about this case please!
Thank you so much!
P/s: Sorry about my English, my bad presentation ^^
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Did you tried to flash full dev firmware with Mitools? That was useful for my when I lost my EFS folder.... But first, format data and system with TWRP.

ramping said:
Did you tried to flash full dev firmware with Mitools? That was useful for my when I lost my EFS folder.... But first, format data and system with TWRP.
Click to expand...
Click to collapse
Do you mean XiaoMiTool?
If XiaoMiTool, I tried once, and fall to bootloop

tunglam24111993 said:
Hi everyone!
It was yesterday, when I plugged a 3.5 audio jack from a speaker to my Xiaomi Redmi Note 4x (Mido), the LED light flash red, and the phone turned off.I tried to turn it on, and all I got is bootloop (Mi logo with Unlocked >> Mi logo with Android, again and again)
I did a full backup in TWRP, and flashed a new rom, AND... the bootloop continue...
So I did some researches, and found a solution:
After flash a new rom, make a backup of that rom using TWRP > go to Wipe > Wipe Dalvik/Cache and wipe Cache > restore the backup and reboot.
I passed the bootloop, the MIUI 9 logo show up, setup somethings like language, accept Terms and Conditions, and... wait, there's no wifi, no signal, and definitely can not sign in to Mi Account, can not do anything, just sit there and staring at the login screen...
Then I think about the full backup up there ^
Restored, no bootloop, no Mi Account, just stuck at lockscreen, its said wrong password > back to TWRP > Advance > File Manager > /data/system > delete gatekeeper.key (2 files), locksetting (3 files), reboot and I got in to the screen.
So the problems are, there is no Wifi, no MAC address, unknown baseband, no signal.
MEID, IMEI still there, TWRP, fastboot still working.
Can someone help me about this case please!
Thank you so much!
P/s: Sorry about my English, my bad presentation ^^
Click to expand...
Click to collapse
seems like a firmware issue, i would suggest u to format data and reinstall miui

Theres a thread on the dev subforum with firmware extracted from miui full rom. Flash that via twrp.

Maybe is firmware.
Look at this.

MyNameIsRage said:
seems like a firmware issue, i would suggest u to format data and reinstall miui
Click to expand...
Click to collapse
coldplug said:
Theres a thread on the dev subforum with firmware extracted from miui full rom. Flash that via twrp.
Click to expand...
Click to collapse
jqm_ said:
Maybe is firmware.
Look at this.
Click to expand...
Click to collapse
I've tried flash a few roms for a dozen times, the result return the same.
But I will try these after work.
Thank you guys so much! :fingers-crossed::fingers-crossed::fingers-crossed:

download the modem files for mido. flash the zip. that will solve this issue. i had the same problem. flashing the modem files solved it.

MyNameIsRage said:
seems like a firmware issue, i would suggest u to format data and reinstall miui
Click to expand...
Click to collapse
coldplug said:
Theres a thread on the dev subforum with firmware extracted from miui full rom. Flash that via twrp.
Click to expand...
Click to collapse
jqm_ said:
Maybe is firmware.
Look at this.
Click to expand...
Click to collapse
My lastest backup was from a global MIUI rom flashed via XiaoMiTool.
"mido_global_images_8.1.18_20180118.0000.00_7.0_global_c557dab2eb"
(this is what I got in XiaoMiTool/rom folder in my PC).
At that thread's step 4, after flash those things, when I reboot it's show "No OS Installed, continue?"
Tried several times, same result

AND: The backup I had after I get the bootloop, not a backup when my phone still working.

i have same issue 2 weeks ago
the solution is to restore a file qcn and xqcn of the same model of your device (the exact same model)
you can restore this files by a program called QPST and you have to install qualcom driver before use of program
to use program you have to put your device in diagnostic mode enable USB debug in developer mode then use this code *#*#717717#*#* to enter diagnostic mode ( no need for root to do this )
after this your device will work but you have to restore your serial number, IMEI, wifi mac, bluetooth mac use the qualcom special tool to do this.
if you don't have the mac of wifi and bluetooth keep the one given to you by the qcn file you restored as no chance to be on same network with the same device .
NB. you can try to get your serial, IMEI, mac adresses use qualcom special tool before you start anything, so you can restore them later, you must be in diagnostic mode also to use qualcom special tool.

dr.moh1976 said:
i have same issue 2 weeks ago
the solution is to restore a file qcn and xqcn of the same model of your device (the exact same model)
you can restore this files by a program called QPST and you have to install qualcom driver before use of program
to use program you have to put your device in diagnostic mode enable USB debug in developer mode then use this code *#*#717717#*#* to enter diagnostic mode ( no need for root to do this )
after this your device will work but you have to restore your serial number, IMEI, wifi mac, bluetooth mac use the qualcom special tool to do this.
if you don't have the mac of wifi and bluetooth keep the one given to you by the qcn file you restored as no chance to be on same network with the same device .
NB. you can try to get your serial, IMEI, mac adresses use qualcom special tool before you start anything, so you can restore them later, you must be in diagnostic mode also to use qualcom special tool.
Click to expand...
Click to collapse
Tried this method yesterday, and when I try to restore, there's always an error, like "this qcn is not for my device" something, even I force it to restore, there're still an error. (I already edit the QCN file to my IMEI)
But as I said, my IMEI still there, so I stop trying that.
Now I'm stuck at bootloop, AGAIN...

tunglam24111993 said:
Tried this method yesterday, and when I try to restore, there's always an error, like "this qcn is not for my device" something, even I force it to restore, there're still an error. (I already edit the QCN file to my IMEI)
But as I said, my IMEI still there, so I stop trying that.
Now I'm stuck at bootloop, AGAIN...
Click to expand...
Click to collapse
Have u tried flashing latest firmware through twrp and then flash rom?

akisg said:
Have u tried flashing latest firmware through twrp and then flash rom?
Click to expand...
Click to collapse
You mean first format, wipe > install firmware > install rom?

akisg said:
Have u tried flashing latest firmware through twrp and then flash rom?
Click to expand...
Click to collapse
You mean:
Format dada/Wipe all > install firmware.zip > install rom.zip?
Let me try!

Do a full wipe and install the global dev ROM using TWRP. I've had that issue and it was solved using that process. Just wipe system, data, caches then install the global dev ROM using TWRP. Backups that have the firmware and bootloader partition included won't work.

tunglam24111993 said:
Tried this method yesterday, and when I try to restore, there's always an error, like "this qcn is not for my device" something, even I force it to restore, there're still an error. (I already edit the QCN file to my IMEI)
But as I said, my IMEI still there, so I stop trying that.
Now I'm stuck at bootloop, AGAIN...
Click to expand...
Click to collapse
ok my frist prolem also was bootloop
i tried every thing for 1 month even opened my device and connected the test points to reflash room as hardbricked device.
and at once every thing goes right after many failed trials now fully working device.
my advice is to read every tetourial carefully and try to read it from many sources always some small parts are missing like the correct drivers , disable windows signature enforcement, run as administrator , types of port and COM seen in device manager.
i am sure your device will work cause i have the same and no one helped in maitenance and company tell they will replace the chipset.
already i reached hard brick once in my trials there was no fastboot nor EDL.
don't stop.
---------- Post added at 04:38 PM ---------- Previous post was at 04:33 PM ----------
"this qcn is not for my device"
i got that error too when i used the one provided from internet
then i tried again with qcn i take from a friend phone we buy same models at same time
and it worked fine and no error
this is why i told you to get qcn from the same exact model
Now I'm stuck at bootloop, AGAIN... [/QUOTE]

It's hardware problem.
There's one guy get the same issues with me, he take his phone to a repair service, they replace the mainboard.
I think because of the high power (idk how to say) of the speaker, it get my device shock?
However, I send my phone to a repair service too, and still waiting for their call.
Thank you guys for your support, I really appreciated!

Same happened with me exact same with speaker
tunglam24111993 said:
It's hardware problem.
There's one guy get the same issues with me, he take his phone to a repair service, they replace the mainboard.
I think because of the high power (idk how to say) of the speaker, it get my device shock?
However, I send my phone to a repair service too, and still waiting for their call.
Thank you guys for your support, I really appreciated!
Click to expand...
Click to collapse
Same happened with me exact same with speaker

tunglam24111993 said:
It's hardware problem.
There's one guy get the same issues with me, he take his phone to a repair service, they replace the mainboard.
I think because of the high power (idk how to say) of the speaker, it get my device shock?
However, I send my phone to a repair service too, and still waiting for their call.
Thank you guys for your support, I really appreciated!
Click to expand...
Click to collapse
Could you solve the problem?

(Help) Mi-box stuck/bricked - MDZ-16-AB

Need some help with my mi box (MDZ-16-AB) as somehow it got bricked.
Background:
A while ago I tried to connect my Bluetooth headset, connection process froze and I had to hard reboot (plug out/in power). After starting up, the box die not proceed further than the initial MI logo screen (think its the first screen altogether).
I tried already to flash diverse OTA files via recovery, to which I got access, but all ended up having similar error messages as the one attached (Can't mount/open catch etc.).
I am versed in flashing roms etc. and kind of remember seeing those messages when the file system got corrupted, hence my fear that I can't fix the box at all. To my knowledge, there is still no full rom img for the MDZ-16-AB version released!?
Anyone here with further advice?
Screenshot

chrismast said:
Need some help with my mi box (MDZ-16-AB) as somehow it got bricked.
Background:
A while ago I tried to connect my Bluetooth headset, connection process froze and I had to hard reboot (plug out/in power). After starting up, the box die not proceed further than the initial MI logo screen (think its the first screen altogether).
I tried already to flash diverse OTA files via recovery, to which I got access, but all ended up having similar error messages as the one attached (Can't mount/open catch etc.).
I am versed in flashing roms etc. and kind of remember seeing those messages when the file system got corrupted, hence my fear that I can't fix the box at all. To my knowledge, there is still no full rom img for the MDZ-16-AB version released!?
Anyone here with further advice?
Screenshot
Click to expand...
Click to collapse
try a different flash drive, formatted as FAT32
try formatting drive in a different computer

try anothe power supply i had a bootloop problem with my mibox and i replaced the power supply with one i had for a psp and is working now no more reboot or bootloop at all.
maybe is not same problem but you can try

brigantti said:
try anothe power supply i had a bootloop problem with my mibox and i replaced the power supply with one i had for a psp and is working now no more reboot or bootloop at all.
maybe is not same problem but you can try
Click to expand...
Click to collapse
tried that as well with my new mibox power supply, same result though.
bigtalker said:
try a different flash drive, formatted as FAT32
try formatting drive in a different computer
Click to expand...
Click to collapse
tried that, did not help
Found a guy with a similar issue on Reddit but he had also no luck...

I went thru 4 different flash drives until it relented to flash

If you cannot resolve this issue PM me and if your happy to send your device for testing/recovery purposes you can send it to me, if i recover you can have it back, i simply need it for debugging as the one someone already sent had a wipes emmc

I've got similar problem.
I have mdz-16-ab, international version, with 1st Oreo build installed (2167). Full stock, no root access, etc. Suddenly the device stopped booting properly, during boot it displays rotating Android logo for ~5 minutes following by black screen afterwards. I managed to launch recovery, did wipes and tried to flash any of the 3 available Oreo builds to the moment being written to 2 various flash drives I possess (1 gb and 16 Gb, FAT16 and FAT32 formatted accordingly). Every attempt resulted in "Failed to verify whole-file signature" error.
Looks like it could not properly read image file from the flash drive or the image itself is wrong for this model but I'm perfectly sure image is correct.

sergeyouknw said:
I've got similar problem.
I have mdz-16-ab, international version, with 1st Oreo build installed (2167). Full stock, no root access, etc. Suddenly the device stopped booting properly, during boot it displays rotating Android logo for ~5 minutes following by black screen afterwards. I managed to launch recovery, did wipes and tried to flash any of the 3 available Oreo builds to the moment being written to 2 various flash drives I possess (1 gb and 16 Gb, FAT16 and FAT32 formatted accordingly). Every attempt resulted in "Failed to verify whole-file signature" error.
Looks like it could not properly read image file from the flash drive or the image itself is wrong for this model but I'm perfectly sure image is correct.
Click to expand...
Click to collapse
Sounds like you have a flaky USB thumb drive. Try formatting on a different pc and keep trying different usb drives. Current world record holder tried 8 different drives until succeeding with #9!!

Concur with bigtalker. Or a bad download. I followed a procedure that was a cross between https://www.reddit.com/r/AndroidTV/comments/9fo34b/xiaomi_mdz16ab_solution_to_downgrade_from_flaky/ and https://www.reddit.com/r/AndroidTV/comments/97rvqg/mi_box_stuck_in_recovery_mode/e4ct7n0/:
Extracted the 2167 7zip file to a clean 2GB thumb drive (FAT32)
Booted MiBox into recovery and did a data wipe/reset
Shut down the MiBox and inserted thumb drive
Booted MiBox into recovery, again, where it automatically picked up and installed the 2167 update
Shut down the MiBox
Cleared the thumb drive, copied the 2179 .zip over to it as update.zip and restored the xiaomi_update file (from the 2167 7zip file)
Rebooted the MiBox into recovery again. It picked-up and installed the 2179 update
Booted the MiBox into Android and did a Factory Reset
Did minimal new setup configuration on boot and installed the 2396 OTA update
Done!

Just went to update the 2nd of our two MiBox 3's. The light lights but nothing on-screen at all. It's bricked but good. I guess turning off Google Play Services wasn't enough.
Now trying to find a receipt to see if I can persuade Walmart to take it back. It's probably been too long, but it's worth a shot. I have to go back to return the now-unnecessary 2nd IR remote, anyway.
Good job, Xiaomi. You suck
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I will never buy another Xiaomi product again. Ever. You could not give me a Xiaomi product.

jseymour said:
Just went to update the 2nd of our two MiBox 3's. The light lights but nothing on-screen at all. It's bricked but good. I guess turning off Google Play Services wasn't enough.
Now trying to find a receipt to see if I can persuade Walmart to take it back. It's probably been too long, but it's worth a shot. I have to go back to return the now-unnecessary 2nd IR remote, anyway.
Good job, Xiaomi. You suck
I will never buy another Xiaomi product again. Ever. You could not give me a Xiaomi product.
Click to expand...
Click to collapse
Sorry to hear of your travail...
Did you update 2nd box via OTA or using manual steps as in reddit post?
What version did you start from on box #2?

bigtalker said:
Sorry to hear of your travail...
Click to expand...
Click to collapse
Thanks. I'm not as annoyed as I might otherwise have been, being as I was more-or-less expecting it'd happen eventually. *shrug*
bigtalker said:
Did you update 2nd box via OTA or using manual steps as in reddit post?
What version did you start from on box #2?
Click to expand...
Click to collapse
Each of the two boxes bricked themselves, or Xiaomi bricked them for me, with absolutely no intervention from me whatsoever. Box #1 was bricked to its splash screen. That one I recovered with the aforementioned procedure. Box #2 was bricked to completely dead except its front-panel indicator.
They had both been on the same versions. I don't recall which that was at the time they were bricked. The 1st or 2nd update Xiaomi pushed out for Oreo. IIRC: 2179 created as many problems as it solved, so I didn't apply that OTA when it was available. So perhaps the one before that?
There are reports of Xiaomi MiBox 3's "bricking themselves" on every on-line forum in which I participate, BT. Some to their splash screens. Some to just dead. Just like I experienced. These all started appearing about the time 2396 became available.

hi i have an IMG for MDZ-16-AB to get unbrick
https://drive.google.com/drive/folders/1-fGnIP7iLmpHUNRPhlWyEnEVHuraDc1q?usp=sharing
---------- Post added at 03:28 PM ---------- Previous post was at 03:26 PM ----------
roeer said:
hi i have an IMG for MDZ-16-AB to get unbrick
https://drive.google.com/drive/folders/1-fGnIP7iLmpHUNRPhlWyEnEVHuraDc1q?usp=sharing
Click to expand...
Click to collapse
i got brick after trying to update to version 9. and the device freeze. and now i flash this img and get out of brick. after this img burend. enter to recovery and install version 9 with this link:
https://4pda.ru/pages/go/?u=https:/...c055db0b4f8dee8d49e4b04ecf9100.zip&e=65311772

What is the AndroidTV version of the img file you posted
What is the AndroidTV version of the update.zip file you posted
Curious as to the origin of the img file. Normally such things come from the hardware vendor. Xiaomi has not been forthcoming with img files, mainly staying with flashable zip format updates

hum..
I Use USB_Burning_Tool 2.0.7 and it say Low-Power after 1' ... :'( after, crash burn...

roeer said:
hi i have an IMG for MDZ-16-AB to get unbrick
https://drive.google.com/drive/folders/1-fGnIP7iLmpHUNRPhlWyEnEVHuraDc1q?usp=sharing
---------- Post added at 03:28 PM ---------- Previous post was at 03:26 PM ----------
i got brick after trying to update to version 9. and the device freeze. and now i flash this img and get out of brick. after this img burend. enter to recovery and install version 9 with this link:
https://android.googleapis.com/pack.../2c49569c61c055db0b4f8dee8d49e4b04ecf9100.zip
Click to expand...
Click to collapse
Thank you sooo much! You saved many once working devices from the landfill.
I got it to work following the instructions posted here:
https://forum.xda-developers.com/an...ogic/s905x-xiaomi-mi-box-3-mdz-16-aa-t3502992
Edit: Download for latest USB Burning Tool v2.2.0:
https://mega.nz/file/Hd0CmACT#OPws8xFAPOGR6SmFJKfkVQ4SXjXpetJHmZZZ7nqkRHc
Note: you will need a USB Male to Male cable (2.0 is fine) which can be found for ~$5.
Ex: https://www.amazon.com/dp/B009GUXG92/
The MDZ-16-AB is almost the same as the AA except the pins are a bit more to the right:
For the image burning tool, DO NOT ERASE ALL. Uncheck Erase bootloader and keep it to 'Normal erase', this is to keep DRM keys which allows Netflix to work.
The image linked above works flawlessly!
The image is of Oreo version 2167
Once back in recovery, I was in a recovery loop. To fix this I followed the instructions posted here:
https://www.reddit.com/r/AndroidTV/comments/97rvqg/mi_box_stuck_in_recovery_mode/e4ct7n0/
After that I was able to update to Oreo version 2562 posted above.
I then followed the same procedure to manual update to Android 9 and it succeeded.
Captured the link for MDZ-16-AB Android 9 r2926 for anyone who wants to try manual updating as well:
https://android.googleapis.com/pack.../ed5bdb6aefb2bb6ee3f46a9f4d46026b9df88159.zip

@criscodecookies: I also tried flashing my bricked MDZ-16-AB. However, I'm also getting the low power error. With only the usb connected the device is not detected by the tool when shorting the two pads. Did you connect the power cable?
Thanks in advance

Hitchar said:
@criscodecookies: I also tried flashing my bricked MDZ-16-AB. However, I'm also getting the low power error. With only the usb connected the device is not detected by the tool when shorting the two pads. Did you connect the power cable?
Thanks in advance
Click to expand...
Click to collapse
Yes, power cable must be connected while shorting the two pads. Once USB Burning Tool sees the device you may then let go of shorting the pads but keep power connected.

criscodecookies said:
Yes, power cable must be connected while shorting the two pads. Once USB Burning Tool sees the device you may then let go of shorting the pads but keep power connected.
Click to expand...
Click to collapse
Yeah that seems to work. The USB Burning Tool sees the device and I can start the flash. But after a minute I get the error 'low_voltage'. I've tried all my USB ports (USB2 and USB3) and also tried to use my laptop. So now I'm wondering whether my cable is good (I've soldered it myself). I've tested for continuity so the connections are good. How are the cables inside your USB cable wired?

criscodecookies said:
Thank you sooo much! You saved many once working devices from the landfill.
I got it to work following the instructions posted here:
https://forum.xda-developers.com/an...ogic/s905x-xiaomi-mi-box-3-mdz-16-aa-t3502992
Note: you will need a USB Male to Male cable (2.0 is fine) which can be found for ~$5.
Ex: https://www.amazon.com/dp/B009GUXG92/
The MDZ-16-AB is almost the same as the AA except the pins are a bit more to the right:
For the image burning tool, DO NOT ERASE ALL. Uncheck Erase bootloader and keep it to 'Normal erase', this is to keep DRM keys which allows Netflix to work.
The image linked above works flawlessly!
The image is of Oreo version 2167
Once back in recovery, I was in a recovery loop. To fix this I followed the instructions posted here:
https://www.reddit.com/r/AndroidTV/comments/97rvqg/mi_box_stuck_in_recovery_mode/e4ct7n0/
After that I was able to update to Oreo version 2562 posted above.
I then followed the same procedure to manual update to Android 9 and it succeeded.
Captured the link for MDZ-16-AB Android 9 r2926 for anyone who wants to try manual updating as well:
https://android.googleapis.com/pack.../ed5bdb6aefb2bb6ee3f46a9f4d46026b9df88159.zip
Click to expand...
Click to collapse
i've tryed to flash this oero img16-ab on my bricked mi box 3 mdz 16-ab and the usb burning tool all the time showing me error
low power with this img but when i try to flash any other rom dont showing this error only with this rom, whats the problem?

Moto G8 Power lite Any method to unlock the bootloader ??

there is a method to unlock the bootloader of this device. researched and found nothing about it

therafael1910 said:
there is a method to unlock the bootloader of this device. researched and found nothing about it
Click to expand...
Click to collapse
Unlocking the Bootloader | Motorola Support US
Visit the customer support page to view user guides, FAQs, bluetooth pairing, software downloads, drivers, tutorials and to get repair and contact us information.
motorola-global-portal.custhelp.com
And
[Guide]Un/locking Motorola Bootloader
UnLocking and ReLocking Motorola Bootloader https://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a Moto Bootloader Unlocking site Re-Locking see Post #4 More about bootloader UnLocking Post #2 Can my...
forum.xda-developers.com

It's not possible to unlock the bootloader on the G8 power lite, only the G8/G8 power.

aryanhington said:
It's not possible to unlock the bootloader on the G8 power lite, only the G8/G8 power.
Click to expand...
Click to collapse
Says who? This is blackjack/XT2055?

sd_shadow said:
Says who? This is blackjack/XT2055?
Click to expand...
Click to collapse
I can confirm that it's not possible on the XT2055-1 running Mediatek MT6765 SoC

Did anyone try this? Can someone confirm if this works for you?
link

or folllowed this

read my post

aryanhington said:
read my post
Click to expand...
Click to collapse
It is easily possible, stop spreading BS
It cannot be done using fastboot but it is certainly possible using the Realtek VCOM USB protocol
Rooting Moto G8 Power Lite
Does anyone know where I can find a decent guide to rooting the G8 Power Lite (if one exists - I know it's only been out a few months)? I've had a Google around and looked on this forum and on reddit but I can't find anything. I haven't done...
forum.xda-developers.com
This video sums it up well
Essentially you need to:
1. download MTKCLIENT from github, works best on Linux IMHO but Windows works too - on Windows you need additional USB drivers and MTK Drivers, which i attached. Use PIP to install the requirements by going into the MTKCLIENT directory and typing into CMD/Terminal: python3 pip install -r requirements.txt
2. Copy the G8 power Lite specific script to the root folder of the MTKCLIENT
3. Open up the phone, remove the plastic covering the cameras and motherboard. Unplug the battery. Short these two pins either by soldering them together or just using something metal - this is only necessary during the flash and then should be removed.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4. Plug in usb cable to the phone but dont connect it to the pc yet. Start the program either by CD-ing to the MTKCLIENT directory and running it via CLI (on Linux: python3 mtk w proinfo,seccfg proinfo.bin,seccfg.bin, (only use this in case you wiped the bootloader in order to reflash it, the actual unlocking is done by using this generic command: python mtk da seccfg unlock) or doubleclicking the desbloq_bootloader.bat on Windows (which again contains the first command, which should only be used if the bootloader is corrupted or so, unlock using second command from terminal) . Then short the two pins, keep them shorted and connect the USB cable to the PC. You should see a bunch of code scroling, it will automatically close/end.
5. Unplug USB, remove short circuit from two pins, plug in battery, turn on phone, you should see lines of text during the boot like this:
Bootloader unlocked. Now the only use is ROOT, no custom ROMs or Recoveries available as its vastly different from normal G8 power, which has a Snapdragon CPU and totally different screen.
You'll also get a big "CARRIER INVALID" message on the home screen. I tried relocking the bootloader to fix it, but that put the phone into red state and I had to reflash the bootloader using the above mentioned command. On another note, when I trial and error-ed the unlocking process, I first used the bootloader reflash command (which effectively invalidated it) so that may be the sole cause of the invalid message and not the unlocking itself (as the message appeared after reflashing and before unlocking). If anyone tries this, just use python mtk da seccfg unlock and report back.

FakedKetchup said:
It is easily possible, stop spreading BS
It cannot be done using fastboot but it is certainly possible using the Realtek VCOM USB protocol
Rooting Moto G8 Power Lite
Does anyone know where I can find a decent guide to rooting the G8 Power Lite (if one exists - I know it's only been out a few months)? I've had a Google around and looked on this forum and on reddit but I can't find anything. I haven't done...
forum.xda-developers.com
This video sums it up well
Essentially you need to:
1. download MTKCLIENT from github, works best on Linux IMHO but Windows works too - on Windows you need additional USB drivers and MTK Drivers, which i attached. Use PIP to install the requirements by going into the MTKCLIENT directory and typing into CMD/Terminal: python3 pip install -r requirements.txt
2. Copy the G8 power Lite specific script to the root folder of the MTKCLIENT
3. Open up the phone, remove the plastic covering the cameras and motherboard. Unplug the battery. Short these two pins either by soldering them together or just using something metal - this is only necessary during the flash and then should be removed.
View attachment 5889467
4. Plug in usb cable to the phone but dont connect it to the pc yet. Start the program either by CD-ing to the MTKCLIENT directory and running it via CLI (on Linux: python3 mtk w proinfo,seccfg proinfo.bin,seccfg.bin, If it wont unlock using the custom G8 script, just run this generic command: python mtk da seccfg unlock) or doubleclicking the desbloq_bootloader.bat on Windows. Then short the two pins, keep them shorted and connect the USB cable to the PC. You should see a bunch of code scroling, it will automatically close/end.
5. Unplug USB, remove short circuit from two pins, plug in battery, turn on phone, you should see lines of text during the boot like this:
View attachment 5889471
Bootloader unlocked. Now the only use is ROOT, no custom ROMs or Recoveries available as its vastly different from normal G8 power, which has a Snapdragon CPU and totally different screen. You'll also get a big "CARRIER INVALID" message on the home screen, so after you ROOT make sure to relock the bootloader using the same method but the command is python3 mtk da seccfg lock
Click to expand...
Click to collapse
please can you kindly elaborate how you got proinfo.bin and seccfg.bin in the first place? also do you know if it uses any of the payload.bin files which are included with the mtkclient program?

aryanhington said:
please can you kindly elaborate how you got proinfo.bin and seccfg.bin in the first place? also do you know if it uses any of the payload.bin files which are included with the mtkclient program?
Click to expand...
Click to collapse
I have no idea where the files are from, I found them on the net but you know, it works so who cares
These files should work for some models of the Lite G8 as there are the UK models and a few more with the same name. I'm from Slovakia so these didn't work for me, but a generic MTK command python mtk da seccfg unlock did it just fine and I checked it's in fact unlocked by typing fasboot getvar all, and also the fact that on every boot there is a visible text saying that the bootloader is unlocked. It also shows that in developer options.

FakedKetchup said:
I have no idea where the files are from, I found them on the net but you know, it works so who cares
These files should work for some models of the Lite G8 as there are the UK models and a few more with the same name. I'm from Slovakia so these didn't work for me, but a generic MTK command python mtk da seccfg unlock did it just fine and I checked it's in fact unlocked by typing fasboot getvar all, and also the fact that on every boot there is a visible text saying that the bootloader is unlocked. It also shows that in developer options.
Click to expand...
Click to collapse
do you mean the file you attached bootloader_g8powerlite.zip , you dont know where desbloq_bootloader.bat, proinfo.bin , seccfg.bin are from? because they are not mentioned on https://github.com/bkerler/mtkclient

FakedKetchup said:
I have no idea where the files are from, I found them on the net but you know, it works so who cares
These files should work for some models of the Lite G8 as there are the UK models and a few more with the same name. I'm from Slovakia so these didn't work for me, but a generic MTK command python mtk da seccfg unlock did it just fine and I checked it's in fact unlocked by typing fasboot getvar all, and also the fact that on every boot there is a visible text saying that the bootloader is unlocked. It also shows that in developer options.
Click to expand...
Click to collapse
also how is the scatter file used ? i see you attached it but no mention on how its used

aryanhington said:
also how is the scatter file used ? i see you attached it but no mention on how its used
Click to expand...
Click to collapse
1. as i said i dont know, i found the files in the video description
2. scatter file is a useful file for flashing stuff like bootloaders though SP-Flash-Tools. I ripped it from the stock rom which i also just downloaded from the internet. I haven't tried flashing anything yet but it seems the scayyer file (and thus the MTK chip) deosnt allow flashing a nev recovery/bootloader/rom anything really. Need to check again later and play with it a bit more

FakedKetchup said:
1. as i said i dont know, i found the files in the video description
2. scatter file is a useful file for flashing stuff like bootloaders though SP-Flash-Tools. I ripped it from the stock rom which i also just downloaded from the internet. I haven't tried flashing anything yet but it seems the scayyer file (and thus the MTK chip) deosnt allow flashing a nev recovery/bootloader/rom anything really. Need to check again later and play with it a bit more
Click to expand...
Click to collapse
please can you post which error message you get? in theory you should be able to flash anything after the bootloader is unlocked, unless there is some secure boot or verity which is still enabled, which would need to be toggled off. i think you may have the wrong scatter file in that case

aryanhington said:
please can you post which error message you get? in theory you should be able to flash anything after the bootloader is unlocked, unless there is some secure boot or verity which is still enabled, which would need to be toggled off. i think you may have the wrong scatter file in that case
Click to expand...
Click to collapse
Yes i think there is another video on his channel showing that before flashing you need to once again short the 2 pins and execute another program, then flash using SP Tools. There is no error, but when i load up the scatter file, it shows bunch of partitions, none of which are named boot/recovery/bootloader etc. so i don't know if its actually possible. Also I recommend doing all this on Linux, much less hassle, but you will need to compile libpng-12 in order for SP Tools to work. On Ubuntu there should be a binary package in the repos but i used Debian and the package is not supported since release 16.04 so...
according to his channel, you can root it. He uses something called Avenger Box which i assume is some flahing hardware, but we can use SP Flash tools just fine
First, backup NVRAM using SP flash tools in the Readback section
Click ADD NEW and save it to a location on your PC
Then open up your scatter file and look for partition called NVRAM, see the lines "LINEAR START ADRESS", as well as PARTITION SIZE, enter these values to the readback popup menu as such:
(the values on the picture are not real)
Press OK, plug in your device with the shorted pins, press Readback ICON and see if its successful. I am not sure if disabling the protection is needed for readback, will attempt tomorrow.
Tutorial video or a generic guide
Then you can take advice from this video although he isn't using SP Tools so its not a step by step kind of thing. Also for some reason he refuses to share the unlock protection scripts as he is "running a business" by rooting these phones, what a clown , ill try to DM him and see if he shares it or whatever. Ill try to find a way to root it via SP but its a hit or miss.
Edit: Found the script on this exact website:
It's now easy to bypass MediaTek's SP Flash Tool authentication
A group of developers has created a Python utility to bypass the authentication routine of MediaTek SP Flash Tool. Check it out now!
www.xda-developers.com
So on some phones you hold downa volume button to flash but in our case we most likely need to short the 2 pins again

aryanhington said:
please can you post which error message you get? in theory you should be able to flash anything after the bootloader is unlocked, unless there is some secure boot or verity which is still enabled, which would need to be toggled off.
Click to expand...
Click to collapse
FakedKetchup said:
Yes i think there is another video on his channel showing that before flashing you need to once again short the 2 pins and execute another program, then flash using SP Tools. There is no error, but when i load up the scatter file, it shows bunch of partitions, none of which are named boot/recovery/bootloader etc. so i don't know if its actually possible. Also I recommend doing all this on Linux, much less hassle, but you will need to compile libpng-12 in order for SP Tools to work. On Ubuntu there should be a binary package in the repos but i used Debian and the package is not supported since release 16.04 so...
View attachment 5891625
according to his channel, you can root it. He uses something called Avenger Box which i assume is some flahing hardware, but we can use SP Flash tools just fine
First, backup NVRAM using SP flash tools in the Readback section
View attachment 5891651
Click ADD NEW and save it to a location on your PC
Then open up your scatter file and look for lines "LINEAR START ADRESS", as well as PARTITION SIZE, enter these values to the readback popum menu as such:
View attachment 5891667
Press OK, plug in your device, press Readback ICON and see if its successful. I am not sure if disabling the protection is needed for readback, will attempt tomorrow.
Tutorial video
Then you can take advice from this video although he isn't using SP Tools so its not a step by step kind of thing. Also for some reason he refuses to share the unlock protection scripts as he is "running a business" by rooting these phones, what a clown , ill try to DM him and see if he shares it or whatever. Ill try to find a way to root it via SP but its a hit or miss.
Edit: Found the script on this exact website:
It's now easy to bypass MediaTek's SP Flash Tool authentication
A group of developers has created a Python utility to bypass the authentication routine of MediaTek SP Flash Tool. Check it out now!
www.xda-developers.com
So on some phones you hold downa volume button to flash but in our case we most likely need to short the 2 pins again
Click to expand...
Click to collapse
in regards to not seeing the recovery partition etc on sp flash tool, its because the scatter file you have used doesnt contain those partitions. I can help you do a full readback of the rom via sp flash tool and create a proper scatter file for your device, because that one you used is most likely incomplete or for another device.
also you lost me at the part regarding libpng-12 , thats only used to render png files . you can come on libera.chat irc and i have created a channel called #motog8powerlite if you need help as its easier to communicate on there

aryanhington said:
in regards to not seeing the recovery partition etc on sp flash tool, its because the scatter file you have used doesnt contain those partitions. I can help you do a full readback of the rom via sp flash tool and create a proper scatter file for your device, because that one you used is most likely incomplete or for another device.
also you lost me at the part regarding libpng-12 , thats only used to render png files
Click to expand...
Click to collapse
libpng-12 is a dependency of the program, probably for the Welcome tab which is made out of pictures instead of a mark language elements...
In regards to the recovery partitions, i found out it is because on devices with A/B partitions, the recovery is merged into the boot.img file. Im not aware of any custom recoveries made for it.
Patching it for root is as straightforward as installing older version of Magisk App on any android phone, copying the stock boot.img anywhere on the device, then patching the file from the app and flashing using SP Tools.
I patched the boot.img from the stock rom. I also managed to successfully execute the bypass script. It used to throw out Missing Default Config error, but i found the default config on github (exploits-collection; attachments) and used that just fine - copy the contents of the archive into the root folder of the bypass utility:
So, in order to unblock the protection, one needs to SOLDER the two pins, any other method was extremely unreliable. On Windows, install LIBUSB drivers from the attached file or from sorceforge. Do it in such a way that you run the installer and you'll get to this popup:
then click next
and youll see bunch of devices. Now plug in the phone with unplugged battery and shorted pins, then wait till a new device pops up, could be called MTK Device or anything like that. You select it and install the libusb library to it. Unplug the phone.
CD into the Bypass Utility folder via CMD/Terminal and run as root: python3 main.py, but install the requirements beforehand (sudo) pip install pyusb pyserial json5 ( running the program as root, the dependencies may not carry over so install them as root as well)
If you did everything right, you should see a prompt saying "Waiting for device"
Then you keep the 2 pins shorted and plug in the phone, if all goes right you should see this output:
On linux, you need a custom patched kernel, either get the patch or get a prepatched kernel or live boot a FireOS iso.
from the README file:
## Usage on Linux
Skip steps 1-2 after first usage
To use this you need [FireISO](https://github.com/amonet-kamakiri/fireiso/releases) or [this patch](https://github.com/amonet-kamakiri/kamakiri/blob/master/kernel.patch) for your kernel
Prebuilt kernels for various distros are available [here](https://github.com/amonet-kamakiri/prebuilt-kernels)
1. Install python
2. Install pyusb, pyserial, json5 as root with command:
```
pip install pyusb pyserial json5
```
3. Run this command as root and connect your powered off phone with volume+ button, you should get "Protection disabled" at the end
```
./main.py
```
4. After that, without disconnecting phone, run SP Flash Tool in UART Connection mode
Click to expand...
Click to collapse
As long as you keep the phone plugged in, the protection is off, however i found myself often needing to re-run the script before each action that utilizes the bootrom.
Using the mentioned scatter file throws out errors. I tried to first remove the protection and then immediately run the NVRAM readback but it failed
Full guide https://forum.xda-developers.com/t/...d-flash-in-edl-with-no-auth-for-free.4229683/
I tried to make my own scatter file by using MTK Droid Tools, but this utility only supports MTK65xx and below CPUs, so it isnt possible in our case. I also tried a generic MTK6765 scatter but that didn't work either. Without the scatter file, the tool doesn't kow where to write the boot.img and thus its a dead end. I'll try to do this on a different PC see if anything changes but i highly suspect its just a wrong scatter file. I got it from this allegedly stock rom.
What i stumbled across is this mirror site, where basically every ROM this device ever had is uploaded, so i think ill start there.
HUGE EDIT:
Accidentally i didnt load up the scatter file from the ROM directory but instead from a different location, tus it didnt load all the other necessary parts. It seems like you have to flash everything, not just one part like recovery or bootloader. Or maybe you can flash a single thing and that is what the square checkboxes are for lol
Thus i can happily announce that i successfully flashed the boot.img, after which Root Checker wstill reported NON-ROOT. I installed MAGISK APP once again and it asked me to reboot to finalize, then it rebooted, i entered the Magisk app and rooted directly from the app. -and the phone is rooted !
Technically it could be possible to flash a custom ROM using this exact tool, although i can only imagine few of the hardware actually working without manually fixing ACPI etc.
It is certainly one of the most difficult root procedures, but nothing unusual in the world of reverse engineering

FakedKetchup said:
libpng-12 is a dependency of the program, probably for the Welcome tab which is made out of pictures instead of a mark language elements...
In regards to the recovery partitions, i found out it is because on devices with A/B partitions, the recovery is merged into the boot.img file. Im not aware of any custom recoveries made for it.
Patching it for root is as straightforward as installing older version of Magisk App on any android phone, copying the stock boot.img anywhere on the device, then patching the file from the app and flashing using SP Tools.
I patched the boot.img from the stock rom. I also managed to successfully execute the bypass script. It used to throw out Missing Default Config error, but i found the default config on github (exploits-collection; attachments) and used that just fine - copy the contents of the archive into the root folder of the bypass utility:
View attachment 5892949
So, in order to unblock the protection, one needs to SOLDER the two pins, any other method was extremely unreliable. On Windows, install LIBUSB drivers from the attached file or from sorceforge. Do it in such a way that you run the installer and you'll get to this popup:
View attachment 5892951
then click next
View attachment 5892953
and youll see bunch of devices. Now plug in the phone with unplugged battery and shorted pins, then wait till a new device pops up, could be called MTK Device or anything like that. You select it and install the libusb library to it. Unplug the phone.
CD into the Bypass Utility folder via CMD/Terminal and run as root: python3 main.py, but install the requirements beforehand (sudo) pip install pyusb pyserial json5 ( running the program as root, the dependencies may not carry over so install them as root as well)
If you did everything right, you should see a prompt saying "Waiting for device"
Then you keep the 2 pins shorted and plug in the phone, if all goes right you should see this output:
View attachment 5892965
On linux, you need a custom patched kernel, either get the patch or get a prepatched kernel or live boot a FireOS iso.
from the README file:
As long as you keep the phone plugged in, the protection is off, however i found myself often needing to re-run the script before each action that utilizes the bootrom.
Using the mentioned scatter file throws out errors. I tried to first remove the protection and then immediately run the NVRAM readback but it failed
View attachment 5892981
Full guide https://forum.xda-developers.com/t/...d-flash-in-edl-with-no-auth-for-free.4229683/
I tried to make my own scatter file by using MTK Droid Tools, but this utility only supports MTK65xx and below CPUs, so it isnt possible in our case. I also tried a generic MTK6765 scatter but that didn't work either. Without the scatter file, the tool doesn't kow where to write the boot.img and thus its a dead end. I'll try to do this on a different PC see if anything changes but i highly suspect its just a wrong scatter file. I got it from this allegedly stock rom.
What i stumbled across is this mirror site, where basically every ROM this device ever had is uploaded, so i think ill start there.
HUGE EDIT:
Accidentally i didnt load up the scatter file from the ROM directory but instead from a different location, tus it didnt load all the other necessary parts. It seems like you have to flash everything, not just one part like recovery or bootloader. Or maybe you can flash a single thing and that is what the square checkboxes are for lol
View attachment 5893083
Thus i can happily announce that i successfully flashed the boot.img, after which Root Checker wstill reported NON-ROOT. I installed MAGISK APP once again and it asked me to reboot to finalize, then it rebooted, i entered the Magisk app and rooted directly from the app. -and the phone is rooted !
Technically it could be possible to flash a custom ROM using this exact tool, although i can only imagine few of the hardware actually working without manually fixing ACPI etc.
It is certainly one of the most difficult root procedures, but nothing unusual in the world of reverse engineering
Click to expand...
Click to collapse
please can you elaborate why you're using exploits_collection-master as before you mentioned you were using mtkclient-main? also do you know why a patched kernel is required on linux?

Not sure but without them it throws out errors, I looked up the error and found a GitHub page which was referenced to the mtkclient - it essentially needs a default config and I supplied that, the file contains configurations for many APUs which are listed in the readme file
Patched kernel I assume is necessary for the bootrom exploit, again if you took few minutes to check the links I mentioned it's all there on GitHub. The kernel needs a way to communicate with the MTK protocol, on Windows there is the VCOM Driver and LIBUSB wizard, on Linux you need to apply the driver to the kernel manually or download a prepatched one.
Hope I proved my point that it's indeed possible to root it and unlock the bootloader, it took me dozens of hours so least you could do is go ahead and edit all the messages where you confidently said it isn't and link this forum there.