Related
Easiest [GUIDE] for Newbies to
ROOT Dell Venue 8 Tablet 3840 and 7840
with Android 4.4.4
TETHERED CWM METHOD ** Disclaimer: This is not my work. I have just consolidated all information and files together into one simple STEP BY STEP GUIDE.
** Do at your own Risk. I am not responsible if you mess up your tablet. The method works perfectly on my 3840 and a fb friend 7840 without any issues and should work for everyone.
** This may work for some other Intel Chipset devices/tablets too. Inform me if it works for your model
** ALL THE CREDIT GOES TO AMAZING DEVELOPER @social-design-concepts Thanks pal
=====================================================================
Visit and read this thread by @social-design-concepts Please read carefully once before proceeding. You dont need to download anything from this thread. Download everything from this thread only.
WHAT IS TETHERED CWM?
Remember this is called "TETHERED CWM" method. Tethered means wired. Everytime when you want to use Recovery Mode, you need to use this tool by connecting tablet to pc, which copies recovery files "temporarily" in Tablet Memory and then you can use this temporary Custom CWM Recovery to do the Recovery tasks. When you reboot phone back to normal the CWM is removed from memory and you are back on that useless stock recovery. YES, its temporary and everytime you want to use Custom CWM, you need to use this tool. Quiet Annoying but hey, some things in life are bit difficult and you have to stay with it.
Preparations
==========
1) You must take full backup of your data in phone in sdcard or internal memory. No cry and complain later if you lose data.
2) Run Software Update (twice or more times) so you will be on latest Android 4.4.4 and there will be no update shown after that. I did exactly same.
3) Your PC must be installed with ADB and Fastboot Drivers already. You can Download Driver HERE or HERE or find it on Dell / Intel Driver Website.
* Drivers can be easily installed and tool can work on any Windows Version. I did this on Windows 8.1 64 Bit Version without any issues. PIECE OF CAKE. If you have any problem installing then check FAQ section below.
You must connect Phone to PC to test, so windows will finish installing drivers after detection of phone. (recommended)
4) Now on Tablet Open >>> Settings >>> About Tablet >>> Press "Build Number" several times to enable "Developers Options" in Settings. Now go back and again Open >>> Settings >>> Developers Options >>> Enable "Debugging Mode"
5) Download THIS TETHERED CWM/TWRP FLASHING TOOL and copy and extract on any disk in your PC, but not on DESKTOP or C drive. I mean copy and extract anywhere on D or E or F drive onwards but not on C drive, to avoid permission issues of Windows 8.1
6) Download UPDATE-SuperSU-v2.46.zip (3.83 MB) and copy, as it is, on EXTERNAL SDCARD (recommended) or Internal Memory (not recommended). This exact file works for me and everyone. *Do not change it with other versions.
Now you are totally ready to ROOT.
LETS START.....
STEPS OF ROOTING
===================
Step1) Switch on Table/Phone Normally and connect to PC with USB cable. If it is first time, then PC will install ADB Drivers automatically.
Step2) Open folder on your PC where you extracted files of ROOTing Tool. Select "launcher.bat" and RUN AS ADMINISTRATOR. It will open Command Prompt Box with a Tool Menu as shown below.
Step3) The tool menu will ask you to ACCEPT the terms, where you need to type "ACCEPT" in capital letters and press enter key to proceed
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Step4) After ACCEPTing terms, on next menu, type "5" to select "CWM" as Recovery to load.
*Do not select TWRP right now as there could be some confusion later in this guide.
Step5) Now check that the tool running on command prompt box on PC is reporting as either :
DEVICE STATUS: ADB-ONLINE
DEVICE STATUS: FASTBOOT-ONLINE
*If device status is "Unknown" You may need to carefully start again from beginning.
Now tool will be showing you three TRIGGER options to root. You need to type "T3" and start third trigger.
Tablet will immediately boot into "FASTBOOT" mode (DroidBoot mode). If it is first time, then PC will install Fastboot drivers to recognize device and in FASTBOOT mode, tool will copy TETHERED CWM on tablet and will show lots of text flowing on tablet screen and on PC too.
*Ignore error on last line in above image, its normal.
When done, phone will show you Fastboot menu. Now remove cable from tablet.
Step6) On Fastboot Menu, you need to press volume up or down to select "RECOVERY" option and press <Power> key to start phone in NEW CWM RECOVERY MODE. This time you will see completely different CWM "Vampirefo Venue8 Ver 6.0.3.7" with grey color background and with more working features of CWM.
Step7) Now select "Install Zip from SDCard" and select and flash "UPDATE-SuperSU-v2.46.zip" file.
YOU HAVE ROOTED YOUR TABLET DELL VENUE 8 LTE 3840 MERRIFIELD (India Version) or 7840.
Good Luck guys
Frequently Asked Questions
=================================
1) How to install Fastboot/Bootloader/ADB/Android USB drivers,etc in Windows 8/8.1/10?
Answer: Most Important Info: Many pals here get stuck while installing drivers in Win8+(32/64bit), especially FASTBOOT and BOOTLOADER MODE drivers. These drivers are not Digitally signed, hence Windows8/8.1 does not allow them to install as its standard feature. May be they did it for extended security of windows. So NO PROBLEMO!!! In such case, you can DISABLE DRIVER SIGNATURE ENFORCEMENT feature in simple steps as shown in this video. After these steps when PC starts you will find no difference but then drivers will start installing "obediently" like they did install in XP
https://www.youtube.com/watch?v=gmw86KplqmU
2) WHAT IS TETHERED CWM?
Answer: Remember, this is called "TETHERED CWM" method. Tethered means wired. Everytime when you want to use Recovery Mode, you need to use this tool by connecting tablet to pc, which copies recovery files "temporarily" in Tablet Memory and then you can use this temporary Custom CWM Recovery to do the Recovery tasks. When you reboot phone back to normal the CWM is removed from memory and you are back on that useless stock recovery. YES, its temporary and everytime you want to use Custom CWM, you need to use this tool. Quiet Annoying but hey, some things in life are bit difficult and you have to stay with it.
Post reserved for more Screenshots.
Help with Windows 10
Hi cmahendra,
Thanks for your sharing, I'm facing a problem with installing the ADB drivers on Windows 10. Could you please to look at it.
Have you tried to root the venue 8 3840 on win 10? I'm also DISABLE DRIVER SIGNATURE ENFORCEMENT as you suggested but the issue seems still there.
Thank you & Regards.
JPham said:
Hi cmahendra,
Thanks for your sharing, I'm facing a problem with installing the ADB drivers on Windows 10. Could you please to look at it.
Have you tried to root the venue 8 3840 on win 10? I'm also DISABLE DRIVER SIGNATURE ENFORCEMENT as you suggested but the issue seems still there.
Thank you & Regards.
Click to expand...
Click to collapse
Are you using the latest Intel drivers?
JPham said:
Hi cmahendra,
Thanks for your sharing, I'm facing a problem with installing the ADB drivers on Windows 10. Could you please to look at it.
Have you tried to root the venue 8 3840 on win 10? I'm also DISABLE DRIVER SIGNATURE ENFORCEMENT as you suggested but the issue seems still there.
Thank you & Regards.
Click to expand...
Click to collapse
xBIGREDDx said:
Are you using the latest Intel drivers?
Click to expand...
Click to collapse
Thanks @xBIGREDDx I was going to suggest him same. To install latest drivers from Intel Website. Link updated in Opening post.
Thanks!
I just wanted to say a quick thanks for posting this! I tried to root my Dell Venue 8 3840 once before but was unsuccessful. I followed your instructions, and though the steps at the end were just a little different for mine, it worked! I noticed you also mentioned your 3840 was for India, and I wanted to mention that I'm in the United States and it still worked, and I verified root access with Root Checker Basic. That way other people know it should work for their device.
Thanks again! :good:
johndavisjr77 said:
I just wanted to say a quick thanks for posting this! I tried to root my Dell Venue 8 3840 once before but was unsuccessful. I followed your instructions, and though the steps at the end were just a little different for mine, it worked! I noticed you also mentioned your 3840 was for India, and I wanted to mention that I'm in the United States and it still worked, and I verified root access with Root Checker Basic. That way other people know it should work for their device.
Thanks again! :good:
Click to expand...
Click to collapse
Sorry for late reply, but thanks for confirming that it worked for US version too. Actually I did not wanted people to blame me for any unexpected issues, therefore I mentioned its tested on Indian Version perfectly. Others can still try it because technically there is no risk at all, even if rooting fails. In fact, I succeeded after many failures with this tool itself.
Thanks for your instruction, but at step 5, the status is "unknow", should I do next step? my device is LTE version. Thanks!!
Dell venue 10 7000
cmahendra said:
Post reserved for more Screenshots.
Click to expand...
Click to collapse
Will this method work for dell venue 10 7000 ?
It has the same processor
hksingh said:
Will this method work for dell venue 10 7000 ?
It has the same processor
Click to expand...
Click to collapse
No idea! But Dell makes unbrickable devices. You can restore to stock rom again so no harm in trying. I am taking risks since last 7/8 years and not a single phone is hard-bricked . Always recovered.
But Do at your own risk because everyone's fighting spirit and knowledge is different
It works on Win 7, have the problem whit win 10..WTF you are not reply my question , though thanks for your post!!
I pair flashing of the SuperSU file with a flashable BusyBox maintained in the Android dev thread. Check it out here:
http://forum.xda-developers.com/showthread.php?t=3219431
It eliminates the need to download BusyBox Installer (unless you're looking for a particular flavor)
Thanks for the instructions! I had to do the instructions twice. First so the tablet could get to the droidboot screen so I could install the google inc adb interface drivers. On the second go everything worked as it should. Thanks again!
cmahendra said:
No idea! But Dell makes unbrickable devices. You can restore to stock rom again so no harm in trying. I am taking risks since last 7/8 years and not a single phone is hard-bricked . Always recovered.
But Do at your own risk because everyone's fighting spirit and knowledge is different
Click to expand...
Click to collapse
Please help me uncle! i just have a tablet dell 3840 lte and try to root it step by step like the topic but i have stuck at step 4,the status device is unknow,and then i tried again severals time so carefully but it still like that,i also did the step in the youtube video to DISABLE DRIVER SIGNATURE ENFORCEMENT,i did it on my pc with window 8.1,what can i do now,uncle,please help me,it is too slow and forgive me pls if i have any mistake in using english,i'm from vietnam,and thank agians,i'm looking forward to have your help ^^
phucvn93 said:
Please help me uncle! i just have a tablet dell 3840 lte and try to root it step by step like the topic but i have stuck at step 4,the status device is unknow,and then i tried again severals time so carefully but it still like that,i also did the step in the youtube video to DISABLE DRIVER SIGNATURE ENFORCEMENT,i did it on my pc with window 8.1,what can i do now,uncle,please help me,it is too slow and forgive me pls if i have any mistake in using english,i'm from vietnam,and thank agians,i'm looking forward to have your help ^^
Click to expand...
Click to collapse
Did you install adb/fastboot? My pc wouldn't let me download the file from the link for some reason, but there is another thread on xda website on how to install it. It's called 15 sec fastboot/adb install.
phucvn93 said:
Please help me uncle! i just have a tablet dell 3840 lte and try to root it step by step like the topic but i have stuck at step 4,the status device is unknow,and then i tried again severals time so carefully but it still like that,i also did the step in the youtube video to DISABLE DRIVER SIGNATURE ENFORCEMENT,i did it on my pc with window 8.1,what can i do now,uncle,please help me,it is too slow and forgive me pls if i have any mistake in using english,i'm from vietnam,and thank agians,i'm looking forward to have your help ^^
Click to expand...
Click to collapse
I am not sure but there is some difference in 3840 and 3840 LTE. You are adviced to look all threads in this tablet section for more information on rooting and flashing this tablet.
tictac02_02 said:
Did you install adb/fastboot? My pc wouldn't let me download the file from the link for some reason, but there is another thread on xda website on how to install it. It's called 15 sec fastboot/adb install.
Click to expand...
Click to collapse
yes,i downloaded the zip file from a link in the topic and extract it,is it exactly an adb/fastboot?
---------- Post added at 05:25 AM ---------- Previous post was at 05:21 AM ----------
cmahendra said:
I am not sure but there is some difference in 3840 and 3840 LTE. You are adviced to look all threads in this tablet section for more information on rooting and flashing this tablet.
Click to expand...
Click to collapse
yes,i'm looking for some topic to know more but it so hard to find more helpful infor,it seem to be very few user with this tablet
phucvn93: yes,i downloaded the zip file from a link in the topic and extract it,is it exactly an adb/fastboot?
Yup, it will ask you after downloading the program if you would like to install fastboot, then ask you if you want to install adb drivers. Then I did all the steps in this thread twice. Once to get the tablet to boot in droidboot to install adb drivers and then again for it to run fastboot. I also had to update my tablet drivers and select the adb drivers. I'm sure the steps I took was a lot more work then most maybe. Not sure if what I did will work for you since mine is not a 3840 lte. But would be happy to post the steps I took.
tictac02_02 said:
phucvn93: yes,i downloaded the zip file from a link in the topic and extract it,is it exactly an adb/fastboot?
Yup, it will ask you after downloading the program if you would like to install fastboot, then ask you if you want to install adb drivers. Then I did all the steps in this thread twice. Once to get the tablet to boot in droidboot to install adb drivers and then again for it to run fastboot. I also had to update my tablet drivers and select the adb drivers. I'm sure the steps I took was a lot more work then most maybe. Not sure if what I did will work for you since mine is not a 3840 lte. But would be happy to post the steps I took.
Click to expand...
Click to collapse
oh may be i'll try adb/fastboot 15sec tonight,do u try it or know other topic,forum that discuss about our problem? pls pm me if you know
RADev Team Presents:
Hard Brick Fix Tool for Meizu m3 Note M91 (TESTED) (WORKING)
Warning:- This tutorial is only for M3 Note (M91). Do not try it on Meizu m3 note (L91) as it has not been tested on the same. If you still want to try it, you are on your own.
Requirements:-
1. A mildly functioning brain
2. Ability to follow specific instructions
3. A Meizu m3 note
4. Modified SP Flash tool
5. A PC/laptop
6. An Internet Connection
Steps:-
1. Download all the files from the link below.
2. Extract and Install the VPN. Since it is a crack, follow this link to install and configure it mod edit - warez link removed
3. After installing the VPN, select the server location as China
4. Load SP Flash tool It is located under flash_file.7z>sp flash tool for meizu only.7z>sp flash tool.exe
5. After opening SP flash tool, add the file MTK_AllInOne_DA.bin in the Download_Agent bar. This file is located in flash_file.7z>sp flash tool for meizu only.7z>MTK_AllInOne_DA.bin
6. After this, in Scatter -loading fie, add MT6755_Android_scatter.txt This file is located in flash_file.7z>m3 note flash files>MT6755_Android_scatter.txt
7. Then in authentication file, load auth_sv5.auth This file is located in flash_file.7z>sp flash tool for meizu only.7z>auth_sv5.auth
8. With your phone TURNED OF, connect it to PC/laptop and press Download
This should flash the official Flyme recovery on your phone and through it you can flash any flyme firmware by connecting your phone to your PC/laptop.
Why our tool works?
You must have seen hundreds of videos on YouTube claiming how their tutorial works. The thing is, 99.9% of them don't know what they're talking about. We aim to fix that with our tutorial. Coming back to the question, the reason why our tutorial works is that it does not try to copy anything to the phone. Since we have the authrisation file that the Meizu service centers use, we are able to flash anything Flyme firmware we want to the phone without a MRT Dongle because just like a dongle, because of the authorisation file, we can directly flash to the eMMC storage of the phone. No matter how messed up your phone is, it will definitely come back to life.
Special thanks to @ChatDexter for trying this tutorial on his hard bricked m3 note and conforming that it works.
This is a list of drivers that you'll need to install on your PC/Laptop in order to flash the files successfully:-
MediaTek USB Port
MediaTek Preloader USB VCOM (Android)
MediaTek DA USB VCOM (Android)
Download Links:-
Modified SP Flash Tool:- https://drive.google.com/open?id=0Bx-sLSxdUQt2cl9GY3NNNHN1Zk0
... Crack VPN:- mod edit - warez link removed
Some Win10 x64 Drivers:- https://drive.google.com/open?id=0Bx-sLSxdUQt2RnEwZGFUemdEazg
Tips:-
If you get BROM or VROM error then it is because you do not have the proper drivers installed.
Turn on Windows Update to automatically download the missing drivers
The reason for connecting to a Chinese VPN is because the authorisation file was leaked from China and it needs to verify a signature from a Chinese server to flash things on the phone. Failure to do this results in error while trying to flash recovery.
If you face any difficulty following any of the steps mentioned here please join our Chatbox and Channel on Telegram so that our 1000+ members can help you out
Channel:- https://t.me/RADevTeam
ChatBox:- https://t.me/FlymeChatBox
Other useful links:-
Meizu m3 note Bootloader Unlock Tutorial:- https://forum.xda-developers.com/android/development/developer-verified-meizu-m3-note-t3682643
We will also be posting a new TWRP and a new custom ROM for the Meizu m3 note. Please support us
Our work is and always will be 100% free of charge. Being a developer is not easy and requires a lot of time and resources. If you like our job PLEASE CONSIDER DONATING.Donation Link:- http://radevdonate.blogspot.com
rudro bro mine is L91.. and its bricks i just before said in telegram group chat. what about we L91 users? plz advice
I don't know where I went wrong but some how I unlocked bootloader but didn't get to twrp
So I m trying to fix it can you tell me how to install driver (I had all in 1 mkt driver installer & tried many different method but still got Brm code error) and also can't find vpn with Chinese mainland server
rudra964 said:
RADev Team Presents:
Hard Brick Fix Tool for Meizu m3 Note M91 (TESTED) (WORKING)
Warning:- This tutorial is only for M3 Note (M91). Do not try it on Meizu m3 note (L91) as it has not been tested on the same. If you still want to try it, you are on your own.
Requirements:-
1. A mildly functioning brain
2. Ability to follow specific instructions
3. A Meizu m3 note
4. Modified SP Flash tool
5. A PC/laptop
6. An Internet Connection
Steps:-
1. Download all the files from the link below.
2. Extract and Install the VPN. Since it is a crack, follow this link to install and configure it mod edit - warez link removed
3. After installing the VPN, select the server location as China
4. Load SP Flash tool It is located under flash_file.7z>sp flash tool for meizu only.7z>sp flash tool.exe
5. After opening SP flash tool, add the file MTK_AllInOne_DA.bin in the Download_Agent bar. This file is located in flash_file.7z>sp flash tool for meizu only.7z>MTK_AllInOne_DA.bin
6. After this, in Scatter -loading fie, add MT6755_Android_scatter.txt This file is located in flash_file.7z>m3 note flash files>MT6755_Android_scatter.txt
7. Then in authentication file, load auth_sv5.auth This file is located in flash_file.7z>sp flash tool for meizu only.7z>auth_sv5.auth
8. With your phone TURNED OF, connect it to PC/laptop and press Download
This should flash the official Flyme recovery on your phone and through it you can flash any flyme firmware by connecting your phone to your PC/laptop.
Why our tool works?
You must have seen hundreds of videos on YouTube claiming how their tutorial works. The thing is, 99.9% of them don't know what they're talking about. We aim to fix that with our tutorial. Coming back to the question, the reason why our tutorial works is that it does not try to copy anything to the phone. Since we have the authrisation file that the Meizu service centers use, we are able to flash anything Flyme firmware we want to the phone without a MRT Dongle because just like a dongle, because of the authorisation file, we can directly flash to the eMMC storage of the phone. No matter how messed up your phone is, it will definitely come back to life.
Special thanks to @ChatDexter for trying this tutorial on his hard bricked m3 note and conforming that it works.
This is a list of drivers that you'll need to install on your PC/Laptop in order to flash the files successfully:-
MediaTek USB Port
MediaTek Preloader USB VCOM (Android)
MediaTek DA USB VCOM (Android)
Download Links:-
Modified SP Flash Tool:- https://drive.google.com/open?id=0Bx-sLSxdUQt2cl9GY3NNNHN1Zk0
... Crack VPN:- mod edit - warez link removed
Some Win10 x64 Drivers:- https://drive.google.com/open?id=0Bx-sLSxdUQt2RnEwZGFUemdEazg
Tips:-
If you get BROM or VROM error then it is because you do not have the proper drivers installed.
Turn on Windows Update to automatically download the missing drivers
The reason for connecting to a Chinese VPN is because the authorisation file was leaked from China and it needs to verify a signature from a Chinese server to flash things on the phone. Failure to do this results in error while trying to flash recovery.
If you face any difficulty following any of the steps mentioned here please join our Chatbox and Channel on Telegram so that our 1000+ members can help you out
Channel:- https://t.me/RADevTeam
ChatBox:- https://t.me/FlymeChatBox
Other useful links:-
Meizu m3 note Bootloader Unlock Tutorial:- https://forum.xda-developers.com/android/development/developer-verified-meizu-m3-note-t3682643
We will also be posting a new TWRP and a new custom ROM for the Meizu m3 note. Please support us
Our work is and always will be 100% free of charge. Being a developer is not easy and requires a lot of time and resources. If you like our job PLEASE CONSIDER DONATING.Donation Link:- http://radevdonate.blogspot.com
Click to expand...
Click to collapse
Hello guys,
I own Meizu M3 Note L168h LTE recently i downloded an update version (TEST version)
From the following address downloads.meizufans.org/m3note/firmware/test/
I Chose version 6.7.10.17.
I updated the device by copying the update.zip into an sdcard and chossing update after pressing the power button and volume up.
during the update (About 10%) the phone turned itself off and now all i got is black screen no matter what keys combination i press the phone wont turn on.
the phone is detected via pc as mediatek serial.
also i have no idea how to determinate the phone version i see around the forums M91 AND L91 versions.
How to determinate what version i own and what scatter should i use.
fernando can you send me the link to the l version ? cause i hardbircked my m3 note too and im trying to figure it out.
gmail; [email protected]
No matter what i do i get some sort of error mostly send error and i cant find vpn with Chinese server
rudra964 said:
RADev Team Presents:
Hard Brick Fix Tool for Meizu m3 Note M91 (TESTED) (WORKING).....
Other useful links:-
Meizu m3 note Bootloader Unlock Tutorial:- https://forum.xda-developers.com/android/development/developer-verified-meizu-m3-note-t3682643
We will also be posting a new TWRP and a new custom ROM for the Meizu m3 note. Please support us
Our work is and always will be 100% free of charge. Being a developer is not easy and requires a lot of time and resources. If you like our job PLEASE CONSIDER DONATING.Donation Link:- http://radevdonate.blogspot.com
Click to expand...
Click to collapse
Fernando Morea said:
https://drive.google.com/drive/folders/0B-ShPFGEwXcoUDQ1N1BaWERYY0U
For L Model, don't remove It admins, this could help people
Click to expand...
Click to collapse
i have L681. i had it when it was launched. that time there was no warming on the forums that this model m3 note has two type of main board. first one is M model. that is why i made a mistake. i flashed the wrong M firmware. after than my L681 hard bricked. tried many things. got worse and worse finally it stacked in boot loop and black screen. nothing changed sofar . Thank you very much. this is the second day off my phone that i use for more than one year.
Thank you thank you thank you.
and thank you.
Who has hard bricked. here is my guide.
My Phone is L681.
+ first of all before you start these drivers must be installed correctly:
MediaTek USB Port
MediaTek Preloader USB VCOM (Android)
MediaTek DA USB VCOM (Android)
+ than try the all steps again and again.
if it doesnt flash keep pressing three side buttons at the same time and hold it untill it restarts (usb cable was pluged.). it flashed. than i succeed.
than i used Kirpitch.M3Note modifed sp flash tool to flash my firmware. it has both for m and l models flyme 6 support.
thank you very much RADev Team
thnx fendora tht really help to flash my phone
Can you please update the link of the vpn I really need it
Is it neccesary no do the VPN step? it's not any link to download it
Hello, friends.
This patched FlashTool not working now - something wrong:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Where is a mistake?
Mokuq said:
Hello, friends.
This patched FlashTool not working now - something wrong:
Where is a mistake?
Click to expand...
Click to collapse
Same here.
The popup with the QQ user is shown and I can't flash my bricked phone.
Anybody?
Thanks
kok
Unbrick flashtool again does not work. RaDev Team
what happened? Is there a solution to the problem?
ip server address 211.149.209.11 the certificate file came from it, now the answer is not correct and the program hangs. is there any way to contact the person who provided this tool?
this version of SP flash tool freezes and force closes just while choosing the scatter file and the authorization file and the thing is I tried every single sp flash tool version and they all work but not on meizu I mean they don`t freeze except this one which won`t give me any chance to flash
Someone can fix this "QQ" error ?
Please reupload VPN
Please reupload the vpn link
i need it seriously pls pls
Bhatti001 said:
Please reupload the vpn link
i need it seriously pls pls
Click to expand...
Click to collapse
you dont need vpn. it s a warez
Hi there. I bricked my phone trying to install a beta Flyme 7.0 ( https://translate.google.com/transl...m/showthread.php?t=1410072&edit-text=&act=url ) but, as the guy said, he tried it on the M681H.
I've installed the provided drivers (screencap 1) and, when I try to plug the phone in holding the volume down button, I get the result in attachment screencap 2. I hear the new device sound and in device manager it appears as "MTK USB Port (COM6)". A few seconds later it disconnects and it connects again. I've tried several different drivers to no success. Also, when I connect it without holding Volume- , it fails immediately with the error "Status BROM CMD Fail".
Any advice? Thanks for your work, if I sort this out I will look forward to your custom ROM.
Hi to all,
i tried to unlock bootloader but i bricked my M3 NOTE, now i try to follow this guide but i have some problems with sp flash tools. Sometimes i receive QQ error like some post above. Sometimes I able to launch SP Flash tools and Download starts with the red line DOWNLOAD DA, some seconds after the software fails with errors 600003, i read that it can be some error on the installation of the drivers but i unable to find this error. How can check in Windows 10 if all drivers iis isntalled? Thanks a lot to all
did u use any vpn while flashing? which country are u from
Hello guys, I was one the unfortunate guys who tried to downgrade from an updated XLOADER version FW to an older and failed to do so, resulting a hard brick. I managed to get my phone up and running again with free tools without DC-Phoenix, I include everything detailed in my post, even a preconfigured virtualbox linux system for the initial steps. I also included an UPDATE.app splitter too.
So, this is not an XLOADER downgrade tutorial, with this you can get your phone running again with the newer xloader FW-s. In this case I used files from the B386 version, so your phone will be on 8.0.0.386(C432). WARNING your IMEI number will most likely be gone if you do something wrong, as mine did, this method is only a last bastion to reset your phone. And I don't really have acces for my phone in the coming weeks, but I have some stuff left from firmwares if there is any problem with the script, just hit me up in the thread for any errors or missing stuff.
What you need for this whole thing:
This archive, it contains the firmware, the tools, the preconfigured linux, and the drivers.
VirtualBox downloaded and installed, just google it.
A physically opened phone, unscrewed motherboard, as the testpoint is on the other side, and something to short your testpoint.
First steps:
After you downloaded the archive, just unzip the whole thing to a folder where you have enough space ( the archive is ~7.8GB unzipped)
Now you need to download and install VirtualBox, and import the HIKEY.ova virtual system I included in the zip.
Here's how you can do it
Step one, The HIKEY.ova file is located in the virtual machine folder
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Step two, Leave the settings at default and import it
Setting up your phone and computer:
You need to open up your phone physically, here is a good video of the disassembly https://www.youtube.com/watch?v=Zkj7YVeSzS4
Now, if you got your motherboard unscrewed, you must leave the cable with the big arrow connected to it.
Plug your usb cable into your phone and into your computer, now you must short your testpoint, I included an image about where the testpoint is. https://i.imgur.com/q9ZNGgx.jpg
Just use metal tweezers or a bent metal paperclip, one end on the test point, and the other end to something you can ground it with, the metal shields next to it are good to use.
If you did everything right, your computer should recognize a new device named USB SER, if this is the case, you now must install the huawei android phone drivers. Now the USB SER is now recognized as HUAWEI USB COM 1.0 in the device manager.
Starting the revive process:
After you got the HUAWEI USB COM 1.0 set up, you need to start the virtual linux machine.
The first thing it will ask for is hw login, just type this with lowercase letters.
Code:
hw
hw (again)
Now, you need to add your HUAWEI USB COM 1.0 to the virtual machine.
To do this you need to click the USB icon in the lower right corner and select HUAWEI USB COM 1.0.
.
.
It should have connected as ttyUSB0, you can check it with the command
Code:
dmesg
Now you need to type
Code:
cd hikey_idt/
sudo ./hikey_idt -c config -p /dev/ttyUSB0
(if it asks for sudo password its hw again, also if your device is connected as other ttyUSB number, then you should use that number)
You should see this written from the console if it succeded
With this, you now have a special fastboot booted in your phone.
Flashing the system:
You can now exit the virtual machine, and run first batch, named 1. revive flasher.bat.
It will give you two options after it finished flashing the system, check the one you need, VTR-L29 or VTR-L09.
After the batch is done and you felt that the phone rebooted from the fastboot mode, you can now disconnect the phone from the computer.
You now need to connect the LCD cable, the battery cable, and buttons cable back to your motherboard, no need to re screw the mobo yet, just leave everything hanging in case you need to do the process again with the testpoint.
Now manually boot back into fastboot, Hold volume down while connecting your usb to your computer.
Now you need to flash a TWRP with 2. TWRP recovery.bat.
After that, boot into TWRP, wait for it to completely boot up, and flash an oeminfo with one of the oeminfo batches 3a or 3b.
With this, you should now be able to boot into the system, if there are still problems like bootlooping, do a factory reset from recovery.
Big thanks to:
@goodwin_c for the special fastboot/hikey_idt combo.
@Pretoriano80 for the TWRP recovery
@ante0 for the splitupdate.exe
Im downloading all the files right now. Let you know how it goes. THANK YOU so much
---------- Post added at 06:02 PM ---------- Previous post was at 05:46 PM ----------
This you can get your phone running again with the newer xloader FW-s. In this case I used files from the B386 version, so your phone will be on 8.0.0.386(C432). WARNING your IMEI number will most likely be gone if you do something wrong, as mine did, this method is only a last bastion to reset your phone. And I don't really have acces for my phone in the coming weeks, but I have some stuff left from firmwares if there is any problem with the script, just hit me up in the thread for any errors or missing stuff.
-what can I do wrong?. I don't want to break my IMEI. if i follow your instructions, Also my firmware before it was hard brick is VTR-L09 8.0.0.310(c25) Custom version CUSTC23D001. I wont have any issues flashing the firmware you provide? , thank you for your help
NowLearn said:
Im downloading all the files right now. Let you know how it goes. THANK YOU so much
---------- Post added at 06:02 PM ---------- Previous post was at 05:46 PM ----------
This you can get your phone running again with the newer xloader FW-s. In this case I used files from the B386 version, so your phone will be on 8.0.0.386(C432). WARNING your IMEI number will most likely be gone if you do something wrong, as mine did, this method is only a last bastion to reset your phone. And I don't really have acces for my phone in the coming weeks, but I have some stuff left from firmwares if there is any problem with the script, just hit me up in the thread for any errors or missing stuff.
-what can I do wrong?. I don't want to break my IMEI. if i follow your instructions, Also my firmware before it was hard brick is VTR-L09 8.0.0.310(c25) Custom version CUSTC23D001. I wont have any issues flashing the firmware you provide? , thank you for your help
Click to expand...
Click to collapse
What I did wrong was flashing the board fw wrong, erasing modemnvm partition, erasing nvme partition, and some other partitions that got my imei ****ed up. I excluded those from the batch, and because of this, there are possibilities that it might not work. And as of your version, I did not include that one in the stuff. I used the european fw, but with some modification you can use your own FW with my stuff. I can maybe compile it for you, but that'll take some time.
yoghurt13 said:
What I did wrong was flashing the board fw wrong, erasing modemnvm partition, erasing nvme partition, and some other partitions that got my imei ****ed up. I excluded those from the batch, and because of this, there are possibilities that it might not work. And as of your version, I did not include that one in the stuff. I used the european fw, but with some modification you can use your own FW with my stuff. I can maybe compile it for you, but that'll take some time.
Click to expand...
Click to collapse
Im installing the virtualbox right now. I would like to know If i flash your VERSION, i wont have any issue? if its european and my phone its from Latin America?. I dont mind having a different firmware as long that my phone dont break.
NowLearn said:
Im installing the virtualbox right now. I would like to know If i flash your VERSION, i wont have any issue? if its european and my phone its from Latin America?. I dont mind having a different firmware as long that my phone dont break.
Click to expand...
Click to collapse
Most likely your phone will work, but there would be baseband differences because of the oeminfo, and update version, wich would mean you can't make phonecalls and mobile data. I'm downloading your firmware currently, so be patient and I'll get stuffed in a new zip with the modifications.
yoghurt13 said:
Most likely your phone will work, but there would be baseband differences because of the oeminfo, and update version, wich would mean you can't make phonecalls and mobile data. I'm downloading your firmware currently, so be patient and I'll get stuffed in a new zip with the modifications.
Click to expand...
Click to collapse
bro, u didnt have to do that, but I appreciate it. Let me pm u. Thank you again
Would it be possible to rebrand VTR-L09 to VTR-L29 using this method?
2. TWRP Recovery.bat not working. just say waiting any devices. ı cant make phone restart to fastboot mode. I do disconnect battery,lcd and botton cable and connect usb cable in ps.use testpoint to connect,ps see the device anythings okay. cd hikey_idt/
sudo ./hikey_idt -c config -p /dev/ttyUSB0. I enter this codes and says finish downloading and phone get vibration thats all.after that open revive flasher.bat. and choıce vtr-l29 and enter thats all.ım stuck in the.connect again lcd,battery and botton cable trying to open twrp.bat but not open.by the way if when phone get vibration after that ı need see phone start with fastboot mood? because cant access fastboot mode. I dont really understand how this works.
volpula said:
2. TWRP Recovery.bat not working. just say waiting any devices. ı cant make phone restart to fastboot mode. I do disconnect battery,lcd and botton cable and connect usb cable in ps.use testpoint to connect,ps see the device anythings okay. cd hikey_idt/
sudo ./hikey_idt -c config -p /dev/ttyUSB0. I enter this codes and says finish downloading and phone get vibration thats all.after that open revive flasher.bat. and choıce vtr-l29 and enter thats all.ım stuck in the.connect again lcd,battery and botton cable trying to open twrp.bat but not open.by the way if when phone get vibration after that ı need see phone start with fastboot mood? because cant access fastboot mode. I dont really understand how this works.
Click to expand...
Click to collapse
Do you have any direct messaging app we can communicate? I can maybe help with teamviewer if that's an option for you.
I can currently suggest that if your phone vibrates after linux command and finish download, that's already a good sign. After that, try to close the linux machine, and just remove and reconnect usb, and see if your device is now visible in device manager.
Ok, so I was able to rebrand to VTR-L29 but my IMEI is 0.
Anyone can help me put my IMEI back? I tried to use HCU but it's telling my that my current security patch is not supported.
Thanks!
Ekenfo said:
Ok, so I was able to rebrand to VTR-L29 but my IMEI is 0.
Anyone can help me put my IMEI back? I tried to use HCU but it's telling my that my current security patch is not supported.
Thanks!
Click to expand...
Click to collapse
Currently there is no way to reset your IMEI with android 8+, as HCU and the other softwares does not support our phone over android 8, if your IMEI is erased then It's might be gone forever at this rate, but I'm trying to find a method, but no guarantees.
yoghurt13 said:
Do you have any direct messaging app we can communicate? I can maybe help with teamviewer if that's an option for you.
I can currently suggest that if your phone vibrates after linux command and finish download, that's already a good sign. After that, try to close the linux machine, and just remove and reconnect usb, and see if your device is now visible in device manager.
Click to expand...
Click to collapse
I can give you only my instagram.beacause I dont have a backup phone rightnow just waiting to fix my phone.if I can fix that buy a new phone but never huawei again.
yoghurt13 said:
Currently there is no way to reset your IMEI with android 8+, as HCU and the other softwares does not support our phone over android 8, if your IMEI is erased then It's might be gone forever at this rate, but I'm trying to find a method, but no guarantees.
Click to expand...
Click to collapse
Do you know if the IMEI is contained in the oeminfo image? Maybe we could just hex edit it and flash it back?
Or maybe using the AT+EGMR=1,7,"IMEI"' command? But root is needed for that.
In the steps you described in your first post you say to flash twrp in fastboot. My device is locked so it's not working.
The only way I can get twrp to flash is after using the testpoint method. But then when I try to go in recovery I'm only getting in the stock recovery, not trwp...
Any idea?
Thanks!
yoghurt13 said:
Do you have any direct messaging app we can communicate? I can maybe help with teamviewer if that's an option for you.
I can currently suggest that if your phone vibrates after linux command and finish download, that's already a good sign. After that, try to close the linux machine, and just remove and reconnect usb, and see if your device is now visible in device manager.
Click to expand...
Click to collapse
by the way I try remove and reconnect usb but device manager can't see the device. only see device when I reach and touch testpoint area again.
volpula said:
by the way I try remove and reconnect usb but device manager can't see the device. only see device when I reach and touch testpoint area again.
Click to expand...
Click to collapse
Then there is the problem, try to install HiSuite, or my android driverpack, and try to see if the phone shows up in device manager.
Ekenfo said:
Do you know if the IMEI is contained in the oeminfo image? Maybe we could just hex edit it and flash it back?
Or maybe using the AT+EGMR=1,7,"IMEI"' command? But root is needed for that.
In the steps you described in your first post you say to flash twrp in fastboot. My device is locked so it's not working.
The only way I can get twrp to flash is after using the testpoint method. But then when I try to go in recovery I'm only getting in the stock recovery, not trwp...
Any idea?
Thanks!
Click to expand...
Click to collapse
That command only works on MTK devices, and for the TWRP if you can flash it in testpoint instead of the normal recovery, with
Code:
fastboot flash recovery_ramdisk twrp image file location
, then you should be able to boot that if you disconnect the usb, and hold vol up while restarting phone.
yoghurt13 said:
That command only works on MTK devices, and for the TWRP if you can flash it in testpoint instead of the normal recovery, with
Code:
fastboot flash recovery_ramdisk twrp image file location
, then you should be able to boot that if you disconnect the usb, and hold vol up while restarting phone.
Click to expand...
Click to collapse
I'm not sure why but for some reasons I can't get the phone to boot into TWRP, I only get the emui recovery screen.
Another thought : It appears hisuite could rollback the firmware to a nougat version. That option is not available with my phone.
Is there a version that we know for sure that hisuite allows to downgrade from?
Maybe we could flash that version, downgrade using hisuite and then hcu would work?
Ekenfo said:
I'm not sure why but for some reasons I can't get the phone to boot into TWRP, I only get the emui recovery screen.
Another thought : It appears hisuite could rollback the firmware to a nougat version. That option is not available with my phone.
Is there a version that we know for sure that hisuite allows to downgrade from?
Maybe we could flash that version, downgrade using hisuite and then hcu would work?
Click to expand...
Click to collapse
There is currently no way to downgrade from XLOADER2, huawei did some black magic with it, and there is a checker built in the phone that checks if its a loader1 or 2.
So, I flashed TRWP in both recovery_ramdisk and erecovery_ramdisk and I was able to access it.
I got my nvme image and patched it to unlock the bootloader.
But that doesn't help to get hcu to work...
Any idea what would be the next step to fix my imei?
Ekenfo said:
So, I flashed TRWP in both recovery_ramdisk and erecovery_ramdisk and I was able to access it.
I got my nvme image and patched it to unlock the bootloader.
But that doesn't help to get hcu to work...
Any idea what would be the next step to fix my imei?
Click to expand...
Click to collapse
I literally have no ideai yet how to fix our IMEI, since the NVME partition does not contain the information we need, I just tested one from a working phone, and it was the same as before, zeroed out IMEI.
[LOOK AT POST #2 FOR UPDATES]
Good Morning/noon/afternoon/night whatever. Since I'm the dumbest man alive, I've messed up my tablet once again. Yesterday, I wanted to flash Valera's Project Treble zip, and i followed each and every single instruction UNTIL before flashing the GSI. I was following a guide on XDA and it said that no heavy modifications (SuperSU or Magisk) can stay. So I was worried because I still had magisk installed (T820 Tweaked by @rorymc928). Then in Valera's forum it was written that if i flash @ashyx TWRP, i can format everything and all would be good to go. BUT when I used Valera's TWRP to flash ashyx's TWRP image, nothing worked. It was stuck on download mode. So the next day (today) I used ODIN to flash the Stock ROM, but while doing that the Tab rebooted for no reason. And now the Tab is showing "An error has occured while flashing the device software" and whatever mode I went to, it kept rebooting after some time, so I can't flash ANYTHING. As a last ditch effort, I nand flashed the Stock ROM and that failed too. Now I'm desperate to do anything. Please help. I beg
Edit: Now I've messed up real bad. Since download mode wasn't staying on for more than 30 seconds, I decided to flash the OS in parts. First, I flashed the bootloader (BL). This is where the problems began. While flashing, the fricking tab rebooted and now my tab is in a veggie state. Nothing works, doesn't respond to ANYTHING. Upon connecting to PC, it displays "Qualcomm HS-USB QDLoader 9008". From what I can see, the entire boot partition and some core Qualcomm files got messed up. So I beg anybody for a solution. (Especially the people I trust: @rorymc928 @JordanBleu and @ashyx)
On YouTube I saw someone using EMMC Dongle to fix their Samsung phone, using a raw dump of the device. So i would ask anybody to give me a raw dump of the SM-T820 32 GB version OR tell me how to solve this problem please (I can't stress this enough)
NullCode said:
Edit: Now I've messed up real bad. Since download mode wasn't staying on for more than 30 seconds, I decided to flash the OS in parts. First, I flashed the bootloader (BL). This is where the problems began. While flashing, the fricking tab rebooted and now my tab is in a veggie state. Nothing works, doesn't respond to ANYTHING. Upon connecting to PC, it displays "Qualcomm HS-USB QDLoader 9008". From what I can see, the entire boot partition and some core Qualcomm files got messed up. So I beg anybody for a solution. (Especially the people I trust: @rorymc928 @JordanBleu and @ashyx)
On YouTube I saw someone using EMMC Dongle to fix their Samsung phone, using a raw dump of the device. So i would ask anybody to give me a raw dump of the SM-T820 32 GB version OR tell me how to solve this problem please (I can't stress this enough)
Click to expand...
Click to collapse
Hello, and sorry for what happened to your tab.
Infact, it wasn't recommended to flash the OS in separate parts like you did, but when you were flashing them you should have seen if the "auto reboot" case in Odin was checked or not (and you should have unchecked it).
I must to be clear : you have to tell us if TWRP still works (which isn't probable) or if your download mode (Odin mode) still works, which is the basic of all, even on bricked devices.
If it works then you can reflash all the firmware again, BUT COMPLETELY AND NOT IN PARTS, if it doesn't work, then.... Your tab is deeply bricked and won't recover in an easy way.
JordanBleu said:
Hello, and sorry for what happened to your tab.
Infact, it wasn't recommended to flash the OS in separate parts like you did, but when you were flashing them you should have seen if the "auto reboot" case in Odin was checked or not (and you should have unchecked it).
I must to be clear : you have to tell us if TWRP still works (which isn't probable) or if your download mode (Odin mode) still works, which is the basic of all, even on bricked devices.
If it works then you can reflash all the firmware again, BUT COMPLETELY AND NOT IN PARTS, if it doesn't work, then.... Your tab is deeply bricked and won't recover in an easy way.
Click to expand...
Click to collapse
Uh oh. Yeah TWRP and Download mode all don't work. Nothing works. Only after connecting to the PC it shows QDLoader 9008 mode. And the reason I flashed it in parts is because THE DAMN TAB WOULDN'T STAY ON, EVEN AFTER I LET IT CHARGE FOR 5 HOURS. And even after I flashed it in parts it just rebooted and the bootloader flash failed. So yeah, hard bricked.
Oh and @JordanBleu I wonder if you have an SM-T820. Do you?
NullCode said:
Edit: Now I've messed up real bad. Since download mode wasn't staying on for more than 30 seconds, I decided to flash the OS in parts. First, I flashed the bootloader (BL). This is where the problems began. While flashing, the fricking tab rebooted and now my tab is in a veggie state. Nothing works, doesn't respond to ANYTHING. Upon connecting to PC, it displays "Qualcomm HS-USB QDLoader 9008". From what I can see, the entire boot partition and some core Qualcomm files got messed up. So I beg anybody for a solution. (Especially the people I trust: @rorymc928 @JordanBleu and @ashyx)
On YouTube I saw someone using EMMC Dongle to fix their Samsung phone, using a raw dump of the device. So i would ask anybody to give me a raw dump of the SM-T820 32 GB version OR tell me how to solve this problem please (I can't stress this enough)
Click to expand...
Click to collapse
NullCode said:
Uh oh. Yeah TWRP and Download mode all don't work. Nothing works. Only after connecting to the PC it shows QDLoader 9008 mode. And the reason I flashed it in parts is because THE DAMN TAB WOULDN'T STAY ON, EVEN AFTER I LET IT CHARGE FOR 5 HOURS. And even after I flashed it in parts it just rebooted and the bootloader flash failed. So yeah, hard bricked.
Oh and @JordanBleu I wonder if you have an SM-T820. Do you?
Click to expand...
Click to collapse
If you are talking about the wifi version, then sadly no (I only have the cellular variant, SM-T825).
I hope I can help you even with the cellular version.
JordanBleu said:
If you are talking about the wifi version, then sadly no (I only have the cellular variant, SM-T825).
I hope I can help you even with the cellular version.
Click to expand...
Click to collapse
Thanks a lot for giving your help. My plan is this:
My tab is in EDL Mode, and I saw on Google that EDL Devices can boot to SD Card when the eMMC Fails. So what I want to do is flash the bootloader and the PIT File to an SD Card, using the image pulled from your Tab.
Now the problem is:
1: The tutorials I found for doing this are OLD (like Galaxy S3 old).
2: I have no clue where the bootloader is stored on Samsung devices.
And also here is the tutorial I found for the Galaxy S3:
"1: Boot the device to TWRP and connect it to PC and open ADB (if you don't have it install "minimal ADB and Fastboot")
Now type the following commands:
ADB devices (to check if your device is detected).
If it is OK then do:
ADB shell
dd if=/dev/block/mmcblk0p1 of=/external_sd/part1.img
dd if=/dev/block/mmcblk0p2 of=/external_sd/part2.img
dd if=/dev/block/mmcblk0p4 of=/external_sd/part4.img
OK you see one number is always changing... we need this with following numbers:
1 2 4 5 6 7 10 11 14 15
Partition 10 and 14 are a bit larger so the command may look like it's stuck but it isn't."
Could you mind performing these steps and sending the files to AndroidFileHost?
Thanks in advance if you do.
And if it works I'll make a guide for everyone who has a hard bricked Tab.
By coincidence, without knowing your post, I recently read something about EDL I didn't know anything about before.
Perhaps this helps.
https://www.the***********.com/qualcomm-edl-mode-guide/
This adress seems censored so you have to replace the star by (custom) followed directly by (droid).
I've asked that guy if it's possible to build such a flashable file from the stock ROM but didn't get an answer yet.
bmwdroid said:
By coincidence, without knowing your post, I recently read something about EDL I didn't know anything about before.
Perhaps this helps.
https://www.the***********.com/qualcomm-edl-mode-guide/
This adress seems censored so you have to replace the star by (custom) followed directly by (droid).
I've asked that guy if it's possible to build such a flashable file from the stock ROM but didn't get an answer yet.
Click to expand...
Click to collapse
Good morning. Yeah I've tried that site because @rorymc928 gave me that website a long time ago (and it didn't go well). EDL devices can boot from the SD, so I wanted the bootloader image from anybody's Tab S3. I'd be very happy if you managed to give me.
NullCode said:
Good morning. Yeah I've tried that site because @rorymc928 gave me that website a long time ago (and it didn't go well). EDL devices can boot from the SD, so I wanted the bootloader image from anybody's Tab S3. I'd be very happy if you managed to give me.
Click to expand...
Click to collapse
Giving you the boot.img is not the problem but mine is for T825.
Don't know if they differ.
You could extract it from of the stock T820 ROM files couldn't you?
If you still want it, just tell me.
But as far as I understand the a. m. site the tool can only flash .elf or .mbn files didn't read about .img files.
bmwdroid said:
Giving you the boot.img is not the problem but mine is for T825.
Don't know if they differ.
You could extract it from of the stock T820 ROM files couldn't you?
If you still want it, just tell me.
But as far as I understand the a. m. site the tool can only flash .elf or .mbn files didn't read about .img files.
Click to expand...
Click to collapse
Man that's a bummer. You didn't understand my request. I don't need the boot.img (I already have it). What I need is the image of the BOOTLOADER (apdp, NON-HLOS, sec, tz, rpm, cmnlib etc) all combined in an img file. That's only possible if another person with the same device grabs one and sends it to me
bmwdroid said:
Giving you the boot.img is not the problem but mine is for T825.
Don't know if they differ.
You could extract it from of the stock T820 ROM files couldn't you?
If you still want it, just tell me.
But as far as I understand the a. m. site the tool can only flash .elf or .mbn files didn't read about .img files.
Click to expand...
Click to collapse
Also @bmwdroid well there's nothing to lose, so I'm giving you the thread which mentions how to do it (it was made for the Note 4, so idk if it still works) https://forum.xda-developers.com/note-4/general/tutorialhow-to-make-debrick-image-t3488082
Sorry that I misunderstood you.
You'll need to reinstall the stock OS with Odin on Windows
NullCode said:
Also @bmwdroid well there's nothing to lose, so I'm giving you the thread which mentions how to do it (it was made for the Note 4, so idk if it still works) https://forum.xda-developers.com/note-4/general/tutorialhow-to-make-debrick-image-t3488082
Click to expand...
Click to collapse
Hi @NullCode!
I've googled for the recovery process because I would use custom ROM on my SM-T590, so I want to make sure it can be restored if something goes wrong, and found your thread.
For me, in the downloaded official Samsung ROM there is a BL_T590(...) file which you can open with WinRAR (of course, download the FW for your model, for example with Frija). Then it will give you files like aboot.mbn.lz4 (I think this one is the Android bootloader), apdp.mbn.lz4, cmnlib.mbn.lz4, etc. You can decompress these files with LZ4 command line tool, and then you may be able to reflash them in EDL mode.
Edit: On some forums I found that they didn't decompress LZ4 files, so I have no idea which way could work.
Also there are some solutions to generate rawprogram.xml files for flashing, but I'm not sure if it's allowed to link them here.
Good luck, and let me know if this worked!
Tools:
Frija: https://forum.xda-developers.com/s10-plus/how-to/tool-frija-samsung-firmware-downloader-t3910594
LZ4 tool: https://github.com/lz4/lz4/releases/tag/v1.9.3
UDPSendToFailed said:
Hi @NullCode!
I've googled for the recovery process because I would use custom ROM on my SM-T590, so I want to make sure it can be restored if something goes wrong, and found your thread.
For me, in the downloaded official Samsung ROM there is a BL_T590(...) file which you can open with WinRAR (of course, download the FW for your model, for example with Frija). Then it will give you files like aboot.mbn.lz4 (I think this one is the Android bootloader), apdp.mbn.lz4, cmnlib.mbn.lz4, etc. You can decompress these files with LZ4 command line tool, and then you may be able to reflash them in EDL mode.
Edit: On some forums I found that they didn't decompress LZ4 files, so I have no idea which way could work.
Also there are some solutions to generate rawprogram.xml files for flashing, but I'm not sure if it's allowed to link them here.
Good luck, and let me know if this worked!
Tools:
Frija: https://forum.xda-developers.com/s10-plus/how-to/tool-frija-samsung-firmware-downloader-t3910594
LZ4 tool: https://github.com/lz4/lz4/releases/tag/v1.9.3
Click to expand...
Click to collapse
Hello! Well I would like to thank you for trying to help, but flashing with EDL mode isnt a possibility. Because even if i have the full ODIN firmware [which I do] I would need the official signed Samsung Firehose loader with the Sahara protocol. If that was a bit too complicated [no offence], basically I need to hack into Samsung's servers OR persuade a Samsung repair employee to give me the loader to flash my tab with. Alas, since this isnt a possibility, I am planning to send this tablet to its homeland [America] and get it JTAG flashed, because that is the only thing that can be done for this
NullCode said:
Hello! Well I would like to thank you for trying to help, but flashing with EDL mode isnt a possibility. Because even if i have the full ODIN firmware [which I do] I would need the official signed Samsung Firehose loader with the Sahara protocol. If that was a bit too complicated [no offence], basically I need to hack into Samsung's servers OR persuade a Samsung repair employee to give me the loader to flash my tab with. Alas, since this isnt a possibility, I am planning to send this tablet to its homeland [America] and get it JTAG flashed, because that is the only thing that can be done for this
Click to expand...
Click to collapse
Are you sure about that? I mean, isn't the EDL interface universal among Qualcomm SOCs? I think it is, there are lots of tools for flashing, also I haven't seen anything about Samsung locks this option, the only manufacturer that blocks 3rd party flashers is Xiaomi as far I know, but there is a modded flasher software for Xiaomi too. As I can see, there are threads about Galaxy S8 being reflashed and is working fine, so in theory Samsung doesn't lock bootloaders.
Also there is a file for MSM8996 for Galaxy Note 8 which is Snapdragon 820 in your tablet. It's in the G930XU5 folder.
https://forum.xda-developers.com/showpost.php?p=77904842&postcount=2
UDPSendToFailed said:
Are you sure about that? I mean, isn't the EDL interface universal among Qualcomm SOCs? I think it is, there are lots of tools for flashing, also I haven't seen anything about Samsung locks this option, the only manufacturer that blocks 3rd party flashers is Xiaomi as far I know, but there is a modded flasher software for Xiaomi too. As I can see, there are threads about Galaxy S8 being reflashed and is working fine, so in theory Samsung doesn't lock bootloaders.
Also there is a file for MSM8996 for Galaxy Note 8 which is Snapdragon 820 in your tablet. It's in the G930XU5 folder.
https://forum.xda-developers.com/showpost.php?p=77904842&postcount=2
Click to expand...
Click to collapse
No no Samsung doesn't block EDL mode at all (in fact, my tablet ONLY goes to EDL mode now), the problem is the flash loader, which is specific to each device. Xiaomi used to generously provide Fastboot ROMs which used the loader we are talking about and EDL mode to flash things, but they don't do that anymore.
Also, I tried the G930XU5 thing the day I wrote this thread, and it was stuck at 50% and didn't do anything else (I think this happened because the loaders are also flash chip dependant and the one in the Note 8 thread is UFS while the Tab S3 uses eMMC). Oh another thing, could you tell me the names of flashers that use EDL mode? I've only heard of QFIL and MiFlash
NullCode said:
No no Samsung doesn't block EDL mode at all (in fact, my tablet ONLY goes to EDL mode now), the problem is the flash loader, which is specific to each device. Xiaomi used to generously provide Fastboot ROMs which used the loader we are talking about and EDL mode to flash things, but they don't do that anymore.
Also, I tried the G930XU5 thing the day I wrote this thread, and it was stuck at 50% and didn't do anything else (I think this happened because the loaders are also flash chip dependant and the one in the Note 8 thread is UFS while the Tab S3 uses eMMC). Oh another thing, could you tell me the names of flashers that use EDL mode? I've only heard of QFIL and MiFlash
Click to expand...
Click to collapse
Final update: Well, someone from a mobile service explained me how it works, basically without a firehose file which is signed by Samsung specifically for the device, we can't do anything. I hope the files will be available for the public, because this way Samsung just forces their users to pay for a "repair" which could be done at home using the official Qualcomm solutions.
QPST - Official Qualcomm flasher
emmcdl - I think this one can do the flashing with multiple files since it has options like sector address, etc, also you can find a fota.zip (password for fota.zip is fotatest1234) inside the official Samsung ROM which has some partition table informations
Z3X Samsung Tool PRO - Looks like it can do many things, but doesn't start up for me, says "Card not found"
blankflash - This one is for Motorola devices, but who knows
sahara - You can find it on GitHub, there is an example .xml file too
And possibly many others which I haven't found yet.
Update: I found an app called PIT Magic, it can show partition table info and memory addresses after unpacking CSC and selecting the .pit file. Maybe that can be useful when used together with emmcdl, like flashing SBL back with emmcdl -p ttyUSB0 -b SBL1 C:\path_to_sbl1.mbn or with using these adresses in .xml files.
Update #2: There are some firehose files on "OneLabsTools" GitHub page for MSM8996 too.
https://forum.xda-developers.com/showthread.php?t=1916936
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
NullCode said:
Edit: Now I've messed up real bad. Since download mode wasn't staying on for more than 30 seconds, I decided to flash the OS in parts. First, I flashed the bootloader (BL). This is where the problems began. While flashing, the fricking tab rebooted and now my tab is in a veggie state. Nothing works, doesn't respond to ANYTHING. Upon connecting to PC, it displays "Qualcomm HS-USB QDLoader 9008". From what I can see, the entire boot partition and some core Qualcomm files got messed up. So I beg anybody for a solution. (Especially the people I trust: @rorymc928 @JordanBleu and @ashyx)
On YouTube I saw someone using EMMC Dongle to fix their Samsung phone, using a raw dump of the device. So i would ask anybody to give me a raw dump of the SM-T820 32 GB version OR tell me how to solve this problem please (I can't stress this enough)
Click to expand...
Click to collapse
You could try flashing twrp . It dont take more than 5 second. You only have to be prepare to enter to recovery mode because your device reboot automaticly
UDPSendToFailed said:
Final update: Well, someone from a mobile service explained me how it works, basically without a firehose file which is signed by Samsung specifically for the device, we can't do anything. I hope the files will be available for the public, because this way Samsung just forces their users to pay for a "repair" which could be done at home using the official Qualcomm solutions.
Click to expand...
Click to collapse
yeah I did say that a while before but I'm glad you understood. Without this "programmer" there is nothing we can do.
there's also a high likelihood that Samsung won't provide the firehose files because every company just wants money nowadays
there is a method to unlock the bootloader of this device. researched and found nothing about it
therafael1910 said:
there is a method to unlock the bootloader of this device. researched and found nothing about it
Click to expand...
Click to collapse
Unlocking the Bootloader | Motorola Support US
Visit the customer support page to view user guides, FAQs, bluetooth pairing, software downloads, drivers, tutorials and to get repair and contact us information.
motorola-global-portal.custhelp.com
And
[Guide]Un/locking Motorola Bootloader
UnLocking and ReLocking Motorola Bootloader https://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a Moto Bootloader Unlocking site Re-Locking see Post #4 More about bootloader UnLocking Post #2 Can my...
forum.xda-developers.com
It's not possible to unlock the bootloader on the G8 power lite, only the G8/G8 power.
aryanhington said:
It's not possible to unlock the bootloader on the G8 power lite, only the G8/G8 power.
Click to expand...
Click to collapse
Says who? This is blackjack/XT2055?
sd_shadow said:
Says who? This is blackjack/XT2055?
Click to expand...
Click to collapse
I can confirm that it's not possible on the XT2055-1 running Mediatek MT6765 SoC
Did anyone try this? Can someone confirm if this works for you?
link
or folllowed this
read my post
aryanhington said:
read my post
Click to expand...
Click to collapse
It is easily possible, stop spreading BS
It cannot be done using fastboot but it is certainly possible using the Realtek VCOM USB protocol
Rooting Moto G8 Power Lite
Does anyone know where I can find a decent guide to rooting the G8 Power Lite (if one exists - I know it's only been out a few months)? I've had a Google around and looked on this forum and on reddit but I can't find anything. I haven't done...
forum.xda-developers.com
This video sums it up well
Essentially you need to:
1. download MTKCLIENT from github, works best on Linux IMHO but Windows works too - on Windows you need additional USB drivers and MTK Drivers, which i attached. Use PIP to install the requirements by going into the MTKCLIENT directory and typing into CMD/Terminal: python3 pip install -r requirements.txt
2. Copy the G8 power Lite specific script to the root folder of the MTKCLIENT
3. Open up the phone, remove the plastic covering the cameras and motherboard. Unplug the battery. Short these two pins either by soldering them together or just using something metal - this is only necessary during the flash and then should be removed.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4. Plug in usb cable to the phone but dont connect it to the pc yet. Start the program either by CD-ing to the MTKCLIENT directory and running it via CLI (on Linux: python3 mtk w proinfo,seccfg proinfo.bin,seccfg.bin, (only use this in case you wiped the bootloader in order to reflash it, the actual unlocking is done by using this generic command: python mtk da seccfg unlock) or doubleclicking the desbloq_bootloader.bat on Windows (which again contains the first command, which should only be used if the bootloader is corrupted or so, unlock using second command from terminal) . Then short the two pins, keep them shorted and connect the USB cable to the PC. You should see a bunch of code scroling, it will automatically close/end.
5. Unplug USB, remove short circuit from two pins, plug in battery, turn on phone, you should see lines of text during the boot like this:
Bootloader unlocked. Now the only use is ROOT, no custom ROMs or Recoveries available as its vastly different from normal G8 power, which has a Snapdragon CPU and totally different screen.
You'll also get a big "CARRIER INVALID" message on the home screen. I tried relocking the bootloader to fix it, but that put the phone into red state and I had to reflash the bootloader using the above mentioned command. On another note, when I trial and error-ed the unlocking process, I first used the bootloader reflash command (which effectively invalidated it) so that may be the sole cause of the invalid message and not the unlocking itself (as the message appeared after reflashing and before unlocking). If anyone tries this, just use python mtk da seccfg unlock and report back.
FakedKetchup said:
It is easily possible, stop spreading BS
It cannot be done using fastboot but it is certainly possible using the Realtek VCOM USB protocol
Rooting Moto G8 Power Lite
Does anyone know where I can find a decent guide to rooting the G8 Power Lite (if one exists - I know it's only been out a few months)? I've had a Google around and looked on this forum and on reddit but I can't find anything. I haven't done...
forum.xda-developers.com
This video sums it up well
Essentially you need to:
1. download MTKCLIENT from github, works best on Linux IMHO but Windows works too - on Windows you need additional USB drivers and MTK Drivers, which i attached. Use PIP to install the requirements by going into the MTKCLIENT directory and typing into CMD/Terminal: python3 pip install -r requirements.txt
2. Copy the G8 power Lite specific script to the root folder of the MTKCLIENT
3. Open up the phone, remove the plastic covering the cameras and motherboard. Unplug the battery. Short these two pins either by soldering them together or just using something metal - this is only necessary during the flash and then should be removed.
View attachment 5889467
4. Plug in usb cable to the phone but dont connect it to the pc yet. Start the program either by CD-ing to the MTKCLIENT directory and running it via CLI (on Linux: python3 mtk w proinfo,seccfg proinfo.bin,seccfg.bin, If it wont unlock using the custom G8 script, just run this generic command: python mtk da seccfg unlock) or doubleclicking the desbloq_bootloader.bat on Windows. Then short the two pins, keep them shorted and connect the USB cable to the PC. You should see a bunch of code scroling, it will automatically close/end.
5. Unplug USB, remove short circuit from two pins, plug in battery, turn on phone, you should see lines of text during the boot like this:
View attachment 5889471
Bootloader unlocked. Now the only use is ROOT, no custom ROMs or Recoveries available as its vastly different from normal G8 power, which has a Snapdragon CPU and totally different screen. You'll also get a big "CARRIER INVALID" message on the home screen, so after you ROOT make sure to relock the bootloader using the same method but the command is python3 mtk da seccfg lock
Click to expand...
Click to collapse
please can you kindly elaborate how you got proinfo.bin and seccfg.bin in the first place? also do you know if it uses any of the payload.bin files which are included with the mtkclient program?
aryanhington said:
please can you kindly elaborate how you got proinfo.bin and seccfg.bin in the first place? also do you know if it uses any of the payload.bin files which are included with the mtkclient program?
Click to expand...
Click to collapse
I have no idea where the files are from, I found them on the net but you know, it works so who cares
These files should work for some models of the Lite G8 as there are the UK models and a few more with the same name. I'm from Slovakia so these didn't work for me, but a generic MTK command python mtk da seccfg unlock did it just fine and I checked it's in fact unlocked by typing fasboot getvar all, and also the fact that on every boot there is a visible text saying that the bootloader is unlocked. It also shows that in developer options.
FakedKetchup said:
I have no idea where the files are from, I found them on the net but you know, it works so who cares
These files should work for some models of the Lite G8 as there are the UK models and a few more with the same name. I'm from Slovakia so these didn't work for me, but a generic MTK command python mtk da seccfg unlock did it just fine and I checked it's in fact unlocked by typing fasboot getvar all, and also the fact that on every boot there is a visible text saying that the bootloader is unlocked. It also shows that in developer options.
Click to expand...
Click to collapse
do you mean the file you attached bootloader_g8powerlite.zip , you dont know where desbloq_bootloader.bat, proinfo.bin , seccfg.bin are from? because they are not mentioned on https://github.com/bkerler/mtkclient
FakedKetchup said:
I have no idea where the files are from, I found them on the net but you know, it works so who cares
These files should work for some models of the Lite G8 as there are the UK models and a few more with the same name. I'm from Slovakia so these didn't work for me, but a generic MTK command python mtk da seccfg unlock did it just fine and I checked it's in fact unlocked by typing fasboot getvar all, and also the fact that on every boot there is a visible text saying that the bootloader is unlocked. It also shows that in developer options.
Click to expand...
Click to collapse
also how is the scatter file used ? i see you attached it but no mention on how its used
aryanhington said:
also how is the scatter file used ? i see you attached it but no mention on how its used
Click to expand...
Click to collapse
1. as i said i dont know, i found the files in the video description
2. scatter file is a useful file for flashing stuff like bootloaders though SP-Flash-Tools. I ripped it from the stock rom which i also just downloaded from the internet. I haven't tried flashing anything yet but it seems the scayyer file (and thus the MTK chip) deosnt allow flashing a nev recovery/bootloader/rom anything really. Need to check again later and play with it a bit more
FakedKetchup said:
1. as i said i dont know, i found the files in the video description
2. scatter file is a useful file for flashing stuff like bootloaders though SP-Flash-Tools. I ripped it from the stock rom which i also just downloaded from the internet. I haven't tried flashing anything yet but it seems the scayyer file (and thus the MTK chip) deosnt allow flashing a nev recovery/bootloader/rom anything really. Need to check again later and play with it a bit more
Click to expand...
Click to collapse
please can you post which error message you get? in theory you should be able to flash anything after the bootloader is unlocked, unless there is some secure boot or verity which is still enabled, which would need to be toggled off. i think you may have the wrong scatter file in that case
aryanhington said:
please can you post which error message you get? in theory you should be able to flash anything after the bootloader is unlocked, unless there is some secure boot or verity which is still enabled, which would need to be toggled off. i think you may have the wrong scatter file in that case
Click to expand...
Click to collapse
Yes i think there is another video on his channel showing that before flashing you need to once again short the 2 pins and execute another program, then flash using SP Tools. There is no error, but when i load up the scatter file, it shows bunch of partitions, none of which are named boot/recovery/bootloader etc. so i don't know if its actually possible. Also I recommend doing all this on Linux, much less hassle, but you will need to compile libpng-12 in order for SP Tools to work. On Ubuntu there should be a binary package in the repos but i used Debian and the package is not supported since release 16.04 so...
according to his channel, you can root it. He uses something called Avenger Box which i assume is some flahing hardware, but we can use SP Flash tools just fine
First, backup NVRAM using SP flash tools in the Readback section
Click ADD NEW and save it to a location on your PC
Then open up your scatter file and look for partition called NVRAM, see the lines "LINEAR START ADRESS", as well as PARTITION SIZE, enter these values to the readback popup menu as such:
(the values on the picture are not real)
Press OK, plug in your device with the shorted pins, press Readback ICON and see if its successful. I am not sure if disabling the protection is needed for readback, will attempt tomorrow.
Tutorial video or a generic guide
Then you can take advice from this video although he isn't using SP Tools so its not a step by step kind of thing. Also for some reason he refuses to share the unlock protection scripts as he is "running a business" by rooting these phones, what a clown , ill try to DM him and see if he shares it or whatever. Ill try to find a way to root it via SP but its a hit or miss.
Edit: Found the script on this exact website:
It's now easy to bypass MediaTek's SP Flash Tool authentication
A group of developers has created a Python utility to bypass the authentication routine of MediaTek SP Flash Tool. Check it out now!
www.xda-developers.com
So on some phones you hold downa volume button to flash but in our case we most likely need to short the 2 pins again
aryanhington said:
please can you post which error message you get? in theory you should be able to flash anything after the bootloader is unlocked, unless there is some secure boot or verity which is still enabled, which would need to be toggled off.
Click to expand...
Click to collapse
FakedKetchup said:
Yes i think there is another video on his channel showing that before flashing you need to once again short the 2 pins and execute another program, then flash using SP Tools. There is no error, but when i load up the scatter file, it shows bunch of partitions, none of which are named boot/recovery/bootloader etc. so i don't know if its actually possible. Also I recommend doing all this on Linux, much less hassle, but you will need to compile libpng-12 in order for SP Tools to work. On Ubuntu there should be a binary package in the repos but i used Debian and the package is not supported since release 16.04 so...
View attachment 5891625
according to his channel, you can root it. He uses something called Avenger Box which i assume is some flahing hardware, but we can use SP Flash tools just fine
First, backup NVRAM using SP flash tools in the Readback section
View attachment 5891651
Click ADD NEW and save it to a location on your PC
Then open up your scatter file and look for lines "LINEAR START ADRESS", as well as PARTITION SIZE, enter these values to the readback popum menu as such:
View attachment 5891667
Press OK, plug in your device, press Readback ICON and see if its successful. I am not sure if disabling the protection is needed for readback, will attempt tomorrow.
Tutorial video
Then you can take advice from this video although he isn't using SP Tools so its not a step by step kind of thing. Also for some reason he refuses to share the unlock protection scripts as he is "running a business" by rooting these phones, what a clown , ill try to DM him and see if he shares it or whatever. Ill try to find a way to root it via SP but its a hit or miss.
Edit: Found the script on this exact website:
It's now easy to bypass MediaTek's SP Flash Tool authentication
A group of developers has created a Python utility to bypass the authentication routine of MediaTek SP Flash Tool. Check it out now!
www.xda-developers.com
So on some phones you hold downa volume button to flash but in our case we most likely need to short the 2 pins again
Click to expand...
Click to collapse
in regards to not seeing the recovery partition etc on sp flash tool, its because the scatter file you have used doesnt contain those partitions. I can help you do a full readback of the rom via sp flash tool and create a proper scatter file for your device, because that one you used is most likely incomplete or for another device.
also you lost me at the part regarding libpng-12 , thats only used to render png files . you can come on libera.chat irc and i have created a channel called #motog8powerlite if you need help as its easier to communicate on there
aryanhington said:
in regards to not seeing the recovery partition etc on sp flash tool, its because the scatter file you have used doesnt contain those partitions. I can help you do a full readback of the rom via sp flash tool and create a proper scatter file for your device, because that one you used is most likely incomplete or for another device.
also you lost me at the part regarding libpng-12 , thats only used to render png files
Click to expand...
Click to collapse
libpng-12 is a dependency of the program, probably for the Welcome tab which is made out of pictures instead of a mark language elements...
In regards to the recovery partitions, i found out it is because on devices with A/B partitions, the recovery is merged into the boot.img file. Im not aware of any custom recoveries made for it.
Patching it for root is as straightforward as installing older version of Magisk App on any android phone, copying the stock boot.img anywhere on the device, then patching the file from the app and flashing using SP Tools.
I patched the boot.img from the stock rom. I also managed to successfully execute the bypass script. It used to throw out Missing Default Config error, but i found the default config on github (exploits-collection; attachments) and used that just fine - copy the contents of the archive into the root folder of the bypass utility:
So, in order to unblock the protection, one needs to SOLDER the two pins, any other method was extremely unreliable. On Windows, install LIBUSB drivers from the attached file or from sorceforge. Do it in such a way that you run the installer and you'll get to this popup:
then click next
and youll see bunch of devices. Now plug in the phone with unplugged battery and shorted pins, then wait till a new device pops up, could be called MTK Device or anything like that. You select it and install the libusb library to it. Unplug the phone.
CD into the Bypass Utility folder via CMD/Terminal and run as root: python3 main.py, but install the requirements beforehand (sudo) pip install pyusb pyserial json5 ( running the program as root, the dependencies may not carry over so install them as root as well)
If you did everything right, you should see a prompt saying "Waiting for device"
Then you keep the 2 pins shorted and plug in the phone, if all goes right you should see this output:
On linux, you need a custom patched kernel, either get the patch or get a prepatched kernel or live boot a FireOS iso.
from the README file:
## Usage on Linux
Skip steps 1-2 after first usage
To use this you need [FireISO](https://github.com/amonet-kamakiri/fireiso/releases) or [this patch](https://github.com/amonet-kamakiri/kamakiri/blob/master/kernel.patch) for your kernel
Prebuilt kernels for various distros are available [here](https://github.com/amonet-kamakiri/prebuilt-kernels)
1. Install python
2. Install pyusb, pyserial, json5 as root with command:
```
pip install pyusb pyserial json5
```
3. Run this command as root and connect your powered off phone with volume+ button, you should get "Protection disabled" at the end
```
./main.py
```
4. After that, without disconnecting phone, run SP Flash Tool in UART Connection mode
Click to expand...
Click to collapse
As long as you keep the phone plugged in, the protection is off, however i found myself often needing to re-run the script before each action that utilizes the bootrom.
Using the mentioned scatter file throws out errors. I tried to first remove the protection and then immediately run the NVRAM readback but it failed
Full guide https://forum.xda-developers.com/t/...d-flash-in-edl-with-no-auth-for-free.4229683/
I tried to make my own scatter file by using MTK Droid Tools, but this utility only supports MTK65xx and below CPUs, so it isnt possible in our case. I also tried a generic MTK6765 scatter but that didn't work either. Without the scatter file, the tool doesn't kow where to write the boot.img and thus its a dead end. I'll try to do this on a different PC see if anything changes but i highly suspect its just a wrong scatter file. I got it from this allegedly stock rom.
What i stumbled across is this mirror site, where basically every ROM this device ever had is uploaded, so i think ill start there.
HUGE EDIT:
Accidentally i didnt load up the scatter file from the ROM directory but instead from a different location, tus it didnt load all the other necessary parts. It seems like you have to flash everything, not just one part like recovery or bootloader. Or maybe you can flash a single thing and that is what the square checkboxes are for lol
Thus i can happily announce that i successfully flashed the boot.img, after which Root Checker wstill reported NON-ROOT. I installed MAGISK APP once again and it asked me to reboot to finalize, then it rebooted, i entered the Magisk app and rooted directly from the app. -and the phone is rooted !
Technically it could be possible to flash a custom ROM using this exact tool, although i can only imagine few of the hardware actually working without manually fixing ACPI etc.
It is certainly one of the most difficult root procedures, but nothing unusual in the world of reverse engineering
FakedKetchup said:
libpng-12 is a dependency of the program, probably for the Welcome tab which is made out of pictures instead of a mark language elements...
In regards to the recovery partitions, i found out it is because on devices with A/B partitions, the recovery is merged into the boot.img file. Im not aware of any custom recoveries made for it.
Patching it for root is as straightforward as installing older version of Magisk App on any android phone, copying the stock boot.img anywhere on the device, then patching the file from the app and flashing using SP Tools.
I patched the boot.img from the stock rom. I also managed to successfully execute the bypass script. It used to throw out Missing Default Config error, but i found the default config on github (exploits-collection; attachments) and used that just fine - copy the contents of the archive into the root folder of the bypass utility:
View attachment 5892949
So, in order to unblock the protection, one needs to SOLDER the two pins, any other method was extremely unreliable. On Windows, install LIBUSB drivers from the attached file or from sorceforge. Do it in such a way that you run the installer and you'll get to this popup:
View attachment 5892951
then click next
View attachment 5892953
and youll see bunch of devices. Now plug in the phone with unplugged battery and shorted pins, then wait till a new device pops up, could be called MTK Device or anything like that. You select it and install the libusb library to it. Unplug the phone.
CD into the Bypass Utility folder via CMD/Terminal and run as root: python3 main.py, but install the requirements beforehand (sudo) pip install pyusb pyserial json5 ( running the program as root, the dependencies may not carry over so install them as root as well)
If you did everything right, you should see a prompt saying "Waiting for device"
Then you keep the 2 pins shorted and plug in the phone, if all goes right you should see this output:
View attachment 5892965
On linux, you need a custom patched kernel, either get the patch or get a prepatched kernel or live boot a FireOS iso.
from the README file:
As long as you keep the phone plugged in, the protection is off, however i found myself often needing to re-run the script before each action that utilizes the bootrom.
Using the mentioned scatter file throws out errors. I tried to first remove the protection and then immediately run the NVRAM readback but it failed
View attachment 5892981
Full guide https://forum.xda-developers.com/t/...d-flash-in-edl-with-no-auth-for-free.4229683/
I tried to make my own scatter file by using MTK Droid Tools, but this utility only supports MTK65xx and below CPUs, so it isnt possible in our case. I also tried a generic MTK6765 scatter but that didn't work either. Without the scatter file, the tool doesn't kow where to write the boot.img and thus its a dead end. I'll try to do this on a different PC see if anything changes but i highly suspect its just a wrong scatter file. I got it from this allegedly stock rom.
What i stumbled across is this mirror site, where basically every ROM this device ever had is uploaded, so i think ill start there.
HUGE EDIT:
Accidentally i didnt load up the scatter file from the ROM directory but instead from a different location, tus it didnt load all the other necessary parts. It seems like you have to flash everything, not just one part like recovery or bootloader. Or maybe you can flash a single thing and that is what the square checkboxes are for lol
View attachment 5893083
Thus i can happily announce that i successfully flashed the boot.img, after which Root Checker wstill reported NON-ROOT. I installed MAGISK APP once again and it asked me to reboot to finalize, then it rebooted, i entered the Magisk app and rooted directly from the app. -and the phone is rooted !
Technically it could be possible to flash a custom ROM using this exact tool, although i can only imagine few of the hardware actually working without manually fixing ACPI etc.
It is certainly one of the most difficult root procedures, but nothing unusual in the world of reverse engineering
Click to expand...
Click to collapse
please can you elaborate why you're using exploits_collection-master as before you mentioned you were using mtkclient-main? also do you know why a patched kernel is required on linux?
Not sure but without them it throws out errors, I looked up the error and found a GitHub page which was referenced to the mtkclient - it essentially needs a default config and I supplied that, the file contains configurations for many APUs which are listed in the readme file
Patched kernel I assume is necessary for the bootrom exploit, again if you took few minutes to check the links I mentioned it's all there on GitHub. The kernel needs a way to communicate with the MTK protocol, on Windows there is the VCOM Driver and LIBUSB wizard, on Linux you need to apply the driver to the kernel manually or download a prepatched one.
Hope I proved my point that it's indeed possible to root it and unlock the bootloader, it took me dozens of hours so least you could do is go ahead and edit all the messages where you confidently said it isn't and link this forum there.