[Q] I can't go into Recovery mode. Why? - Legend General

I have the following problem, I can not go into recovery mode. I know how to do that.I have access only in fastboot menu.when i try to enter from fastboot menu to recovery mode i don't have connection with the PC , because the problem is DRIVERS to start the second step "step2-windows.bat" for rooting.
I HAVE GOLD CARD !!!!!! .I had all drivers before this problem drivers was added to the PC and the phone WAS rooted.
The problem is not in my Windows i try those step on ,Windows7, windows xp ,Linux Ubuntu 10.4. And errors are the same "unknown device" and is impossible to install drivers to ROOT the phone.
Before the phone can not detect the SD card.The problem is fixed now is working .Now the phone is with original ROM and is not rooted.May be I have to flash new bootloader or new recovery.img I don't know.
My cable is not damaged.
the reason that I want to enter in recovery mode is that i want to root the phone again.
!!!!!!!!!!!WHO CAN HELLP ME !!!!!!!!!!!!!
sorry for my bad english

Strange.......... how it could be:
release your battery, push the power to release residual power , maybe 1 minute, in sert the battery and try go to recovery again

BesFen said:
Strange.......... how it could be:
release your battery, push the power to release residual power , maybe 1 minute, in sert the battery and try go to recovery again
Click to expand...
Click to collapse
The same f**** message "device not recognized". And it start to search Drivers on windows 7 x86 (fresh installation before 30 min.).
"Android 1.0, Qualcomm CDMA technologies MSM " - searching for drivers .. and the message "device not recognized" or "unknown device"

problem occurs when app2sd install and replace all programs to sd card.I enter into recovery mode and i wipe all options.After reboot my sd card was unmounted ........
may be this will be helpful

Follow this:
http://android.modaco.com/content/htc-legend-legend-modaco-com/309961/usb-brick-rickrolled-b0rked-fixed/

I've had a similar problem during the rooting-process of my legend
I have Win7 X86 and it also couldn't find any drivers for the legend.
Then I installed the HTC Sync application found on the HTC-Homepage
So i would suggest that you do the same

It is not an usb driver issue.
The phone acting as different device depending of its mode normal/fastboot/recovery/usb mount etc
Boot to bootloader select fastboot
run on your computer "fastboot oem boot"
if you have any of thoose =1 you have to alter it to 0
where the bold down is of importance
Normal output is:
INFOTAG xxxxx
INFOCID is HTC__***
INFOserial numer: *********
INFOcommandline from head: no_console_suspend=1 console=null
INFOcommand line length = xxx
INFOactive commandline:
board_legend.disable_uart3=0
board_legend.usb_h2w_sw=0
board_legend.disable_sdcard=0
diag.enabled=0
board_legend.debug_uart=0
smisize=0
userdata_sel=0
androidboot.emmc=false
androidboot.baseband=7.08.35.21 (or other)
andriodboot.cid=HTC_XXX (different depending on serial )
androidboot.carrier=HTX-
androidboot.mid=
androidboot.keycaps=querty
androidboot.mode=normal
androidboot.serialno=xxxxxxxx
androidboot.bootloader=0.43.00001
no_console_suspend=1
console=null
aArm_partion[0].name=misc
aArm_partion[1].name=recovery
aArm_partion[2].name=boot
aArm_partion[3].name=system
aArm_partion[4].name=cache
aArm_partion[5].name=userdata
partition number=6
Valid partition num=6
mpu_nand_acpu_rw 8F2 1000

result is :
Code:
C:\android SDK\tools>fastboot oem disable_uart3=0
... INFO[ERR] Command error !!!
OKAY [ 0.016s]
finished. total time: 0.016s
C:\android SDK\tools>fastboot oem usb_h2w_sw=0
... INFO[ERR] Command error !!!
OKAY [ 0.000s]
finished. total time: 0.016s
C:\android SDK\tools>fastboot oem boot
... INFOsetup_tag addr=0x60000100 cmdline add=0x9D
078D14
INFOTAG:Ramdisk OK
INFOTAG:smi ok, size = 0
INFOTAG:hwid 0x0
INFOTAG:skuid 0x22F00
INFOTAG:hero panel = 0x0
INFOTAG:engineerid = 0x0
INFOMCP dual-die
INFOMCP dual-die
INFOTAG:mono-die = 0x0
INFODevice CID is not super CID
INFOCID is HTC__032
INFOsetting->cid::HTC__032
INFOserial number: HT03YNX02877
INFOcommandline from head: no_console_suspend=1 console=null
INFOcommand line length =446
INFOactive commandline: board_legend.disable_uart3=1 board_legen
INFOd.usb_h2w_sw=1 board_legend.disable_sdcard=0 diag.enabled=0
INFOboard_legend.debug_uart=0 smisize=0 userdata_sel=0 androidbo
INFOot.emmc=false androidboot.baseband=7.05.35.26L androidboot.
INFOcid=HTC__032 androidboot.carrier=HTC-EastEurope androidboot.
INFOmid=PB7610000 androidboot.keycaps=qwerty androidboot.mode=no
INFOrmal androidboot.serialno=HT03YNX02877 androidboot.bootloade
INFOr=0.43.0001 no_console_suspend=1 console=null
INFOaARM_Partion[0].name=misc
INFOaARM_Partion[1].name=recovery
INFOaARM_Partion[2].name=boot
INFOaARM_Partion[3].name=system
INFOaARM_Partion[4].name=cache
INFOaARM_Partion[5].name=userdata
INFOpartition number=6
INFOValid partition num=6
INFOmpu_nand_acpu_rw 8F2 1000
FAILED (status read failed (Too many links))
finished. total time: 0.874s
the phone must be rooted main is not this is the problem and what this mean
FAILED (status read failed (Too many links))

this is your problem:
board_legend.disable_uart3=1
board_legend.usb_h2w_sw=1
The FAIL string at bottom is normal.

this is your problem:
board_legend.disable_uart3=1
board_legend.usb_h2w_sw=1
The FAIL string at bottom is normal.
So you tell us that you have succeed with unrooting and lock usbcontroller.
Umm, sounds like and bad combination.
I had the uart3=1 probleb but still rooted and could insert new mtd0.img
have you tested to replace this two files?
http://www.shadowchild.nl/mtd0legend.img
http://www.shadowchild.nl/flash_image
download to your sdcard direct or with other usb/sdcard writer.
install terminal
open run
su
to check if it it still rooted
if so
chmod 755 /data/flash_image
cat /sdcard/flash_image > /data/flash_image
cat /sdcard/mtd0legend.img > /data/mtd0.img
/data/flash_image misc /data/mtd0.img
and reboot

I assume you updated your legend to rom >2.03 (or any above 2.xx) you will have to downgrade
http://forum.xda-developers.com/showthread.php?t=725430
when you downgrade, root the legend again (fastboot usb > step1) then recovery mode >> step2
should work, worked for me tho. If not do step1 few times and try step2 again

snakehult said:
this is your problem:
Board_legend.disable_uart3=1
board_legend.usb_h2w_sw=1
the fail string at bottom is normal.
So you tell us that you have succeed with unrooting and lock usbcontroller.
Umm, sounds like and bad combination.
I had the uart3=1 probleb but still rooted and could insert new mtd0.img
have you tested to replace this two files?
http://www.shadowchild.nl/mtd0legend.img
http://www.shadowchild.nl/flash_image
download to your sdcard direct or with other usb/sdcard writer.
Install terminal
open run
su
to check if it it still rooted
if so
chmod 755 /data/flash_image
cat /sdcard/flash_image > /data/flash_image
cat /sdcard/mtd0legend.img > /data/mtd0.img
/data/flash_image misc /data/mtd0.img
and reboot
Click to expand...
Click to collapse
thank you !!!

no way.....its not working showing
C:\sdk\tools>chmod 755 /data/flash_image
'chmod' is not recognized as an internal or external command,
operable program or batch file.
C:\sdk\tools>cat /sdcard/flash_image > /data/flash_image
The system cannot find the path specified.

no no
you most run that on your phone.
install terminal emulator or similar
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

i can't download......... showing insufficient storage........i even can't install application through 91pc suite for android..........i need help....

how do i type this in terminal all at once or sentence by sentence?

do exactly what he does :
http://android.modaco.com/content/h...com/309961/usb-brick-rickrolled-b0rked-fixed/
after unbricking your usb , install a stock rom not a custom coz you need a clean system.img.
If you don't do that, usb bricking will come again after flashing with a custom rom...
You can install a new stock rom ( like 2.03 etc... ) and use the thread "how to downgrade to 1.31" and root your legend again.
Another solution :
If the rom is not rooted and you can't follow unbrick instructions try this ( it's what i've done but not sure if result will be the same for you... ) :
Go to recovery mode ( power + volume down ) , select fastboot and try step 1 of rooting process, that will push 1.31 rom + some necessary tool to root the rom.
if all succeded , you will have a 1.31 rom apparently not rooted... but ! yes but ! after installing "connectbot" from market and select "local" and type 2 time "su" i got root access ! if not try step 1 of rooting process under fastboot mode.
If all is ok and you have ( like me ) root acces ( after typing 2 times "su" you will past from $ to # at the beginning of the line... ) , follow unbrink process .
Code:
if your phone can't even see the memory card, enable first with:
fastboot oem enableqxdm 0
Do the above step in Recovery mode.
Once the memory card is visible, transfer the files "flash_image" and "mtd0.img" to the memory card
howevor is possible.
Restart the phone, and install connectbot from the market.
Open connectbot, and through terminal (local) issue the following commands:
su [B][U](2 times)[/U][/B]
cat /sdcard/flash_image > /data/flash_image "then press enter"
cat /sdcard/mtd0.img > /data/mtd0.img "then press enter"
chmod 755 /data/flash_image "then press enter"
[B][U]and to finish process type the following command 2 times[/U] :[/B]
/data/flash_image misc /data/mtd0.img "then press enter"
It will give you 2 errors, on the last command, but ignore it and restart the phone
It should be fixed.
after that i had upgraded to an official stock rom to get back a clean system.img and boot.img. oh yes... phone again unrooted... ok... downgrade to 1.31 and root again

Isn't there a noob friendly way to unbrick.i couldn't possibly do all of that.
Sent from my HTC Legend using XDA App

THANK YOU!!!!
My phone lost the ability to read SD-cards and this thread helped me tremendously. I was just about to sell it or go and buy a new one or something.
Hugs to all!

heelp me
Very very much please help me fix my htc my legend. I do not see sd card, I can not root them anymore, can not find drivers. I do only step 1, you want to put up two do not communicate with the PC. Do not know much about Android, where I do not know the commands to be written, please help me. TeamViewer eventually get through to my PC. My address is [email protected] messenger. I pray a lot.

Related

Huge problem to restore nandroid backup - "can't mount SDCARD:/nandroid/"

Hello, when I tried to update my Magic to a new radio something went wrong. Start-up screen freezes. Only fastboot and recovery are available.
Now, when I trie to restore my nandroid backup in recovery I get the message:
E: Can't mount /dev/block/mmcblk0
p1 (or /dev/block/mmcblk0)
(No such file or directory)
E: Can't mount SDCARD:/nandroid/
And it's not the SDcard that's malfunctioning...
When I trie it with fastboot I get:
C:\AndroidSDK\tools>fastboot flash system system.img
sending 'system' (80002 KB)... OKAY
writing 'system'... INFOsignature checking...
FAILED (remote: signature verify fail)
C:\AndroidSDK\tools>fastboot flash boot boot.img
sending 'boot' (2560 KB)... OKAY
writing 'boot'... INFOsignature checking...
FAILED (remote: signature verify fail)
C:\AndroidSDK\tools>fastboot flash userdata data.img
sending 'userdata' (132301 KB)... OKAY
writing 'userdata'... INFOsignature checking...
FAILED (remote: signature verify fail)
I've searched everywhere for a solution for this problem, and tried everything but nothing helped. So I hope someone can help me here...
These are the specifications of my phone:
SAPPHIRE PVT 32A ENG S-ON H
HBOOT-1.33.2010 (SAP10000)
RADIO-6.35.10.18
The original radio was 3.22.20.17
I had recovery-RA-sapphire-v1.6.2H, but after my failed radio update, it rebootet after 2 seconds...so now I use recovery-RA-hero-v1.6.2 to enter my recovery. This one works, doesn't reboot, but I don't have acces to my SDcard.
Thanks for you're help!
How long are you waiting after booting to Recovery before trying the restore? I think there's an issue with the amount of time it takes to mount the SDCard. Try waiting for a bit. It does work for me, but not if I immediately try to backup/restore after entering Recovery. I usually wait a couple of minutes.
well...I've waited 10 minutes...but still the same response...
If I see your specifications, I see that your phone is OFF and mine ON, in another tread someone said that the "ON"-sign was the reason for not having acces to the Sdcard... :s But I'm not sure this is true...
Even...everything I trie to flash with fastboot (so I don't need acces to my SDcard I guess...) doesn't work...due to that signature verify failure... Maybe there is a solution for that problem...?
Hey it seems you really have a problem.
The hboot version is not right for your radio version. You obviously did not follow the very clear howto by cursordroid, easily found in the android development section. I'm not sure how to solve this, but you must first look for some way to upgrade the SPL to the version that works correct with new radio.
Hi...yes... I updated the radio on a wrong way...
I already thought that this new radio and 'old' SPL were the reason why this doesn't function anymore...
I already tried to update the SPL on different ways... With recovery I don't have acces to my SD card and with fastboot I get the same response as above... I don't think there is another way... :s
I really screwed up this time...I hope someone can help me out... This is the first time this happens to me but it will be the last
Woww you're so lucky you didn't brick. Love it when people fail to follow simple instructions! And how would a nandroid restore help? Since when does that restore radio/spl. Also how did you manage to get the hero recovery on there? Did you flash the recovery then radio?
Since you're using the hero recovery, it takes some time to mount the sd card. SO wait a bit when you try this
Try this,
1) fastboot oem enableqxdm 0
2) If that doesn't work, you're sort of screwed. I'm not sure if it will work since youre s-on
3) If it works, flash the old radio in recovery.
4) I'd try goldcard if none of the above works
Hi...thanks for the help!
Well, I read somewhere that I could use that hero recovery... So I use fastboot to boot the recovery on my Magic, that's the only way to enter the recovery.
I first flashed recovery sapphire 1.6.2H, made a back-up and then I flashed the radio...
I tried what you asked and I got this:
C:\AndroidSDK\tools>fastboot oem enableqxdm 0
... INFO[ERR] Command error !!!
OKAY
So...I guess I'm screwed...?
Re: Huge problem to restore nandroid backup - "can't mount SDCARD:/nandroid/"
If your phone really fails to mount the sdcard in recovery, even after waiting a while, you might still be able to flash a correct engineering spl if your recovery allows you to connect by adb. The idea would be to push the img to /cache and flash it from there, using the adb command line. I have never tried that though so no guarantees.
Sent from my HTC Magic using the XDA mobile application powered by Tapatalk
Hi, yes, I waited 30minutes...still no result... should I wait longer?
I found the correct engineering spl and I can connect by adb...
Could you tell me which commands I have to type in cmd to push the engineering spl (.zip) with adb?
Thanks!
PM me if you haven't solved the problem yet.
I haven't solved the problem yet.. Could you tell me which commands I have to type for adb in command prompt? This is the name of the .zip file "update.Engineering-SPL-HBOOT-1.33.2009-signed"
Thanks for the help man... But I didn't succeed yet...I didn't get an error message but something went wrong... This is until where I got:
C:\AndroidSDK\tools>adb shell
/ # df
df
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 98492 0 98492 0% /dev
/dev/block/mtdblock4 81920 1192 80728 1% /cache
/ # exit
exit
C:\AndroidSDK\tools>adb push hboot-1.76.2007.img
Android Debug Bridge version 1.0.25
-d - directs command to the only connected USB devic
e
returns an error if more than one USB device is
present.
-e - directs command to the only running emulator.
returns an error if more than one emulator is r
unning.
-s <serial number> - directs command to the USB device or emulator w
ith
the given serial number. Overrides ANDROID_SERI
AL
envivornment variable.
-p <product name or path> - simple product name like 'sooner', or
a relative/absolute path to a product
out directory like 'out/target/product/sooner'.
If -p is not specified, the ANDROID_PRODUCT_OUT
environment variable is used, which must
be an absolute path.
devices - list all connected devices
connect <host>:<port> - connect to a device via TCP/IP disconnect <host
>:<port> - disconnect from a TCP/IP device
device commands:
adb push <local> <remote> - copy file/dir to device
adb pull <remote> <local> - copy file/dir from device
adb sync [ <directory> ] - copy host->device only if changed
(see 'adb help all')
adb shell - run remote shell interactively
adb shell <command> - run remote shell command
adb emu <command> - run emulator console command
adb logcat [ <filter-spec> ] - View device log
adb forward <local> <remote> - forward socket connections
forward specs are one of:
tcp:<port>
localabstract:<unix domain socket name>
localreserved:<unix domain socket name>
localfilesystem:<unix domain socket name>
dev:<character device name>
jdwp:<process pid> (remote only)
adb jdwp - list PIDs of processes hosting a JDWP transport
adb install [-l] [-r] <file> - push this package file to the device and instal
l it
('-l' means forward-lock the app)
('-r' means reinstall the app, keeping its data
)
adb uninstall [-k] <package> - remove this app package from the device
('-k' means keep the data and cache directories
)
adb bugreport - return all information from the device
that should be included in a bug report.
adb help - show this help message
adb version - show version num
DATAOPTS:
(no option) - don't touch the data partition
-w - wipe the data partition
-d - flash the data partition
scripting:
adb wait-for-device - block until device is online
adb start-server - ensure that there is a server running
adb kill-server - kill the server if it is running
adb get-state - prints: offline | bootloader | device
adb get-serialno - prints: <serial-number>
adb status-window - continuously print device status for a specifie
d device
adb remount - remounts the /system partition on the device re
ad-write
adb reboot [bootloader|recovery] - reboots the device, optionally into the boo
tloader or recovery program
adb root - restarts the adbd daemon with root permissions
adb usb - restarts the adbd daemon listening on USB adb
tcpip <port> - restarts the adbd daemon listening on TCP on the spec
ified port
networking:
adb ppp <tty> [parameters] - Run PPP over USB.
Note: you should not automatically start a PPP connection.
<tty> refers to the tty for PPP stream. Eg. dev:/dev/omap_csmi_tty1
[parameters] - Eg. defaultroute debug dump local notty usepeerdns
adb sync notes: adb sync [ <directory> ]
<localdir> can be interpreted in several ways:
- If <directory> is not specified, both /system and /data partitions will be u
pdated.
- If it is "system" or "data", only the corresponding partition
is updated.
I didn't know for sure what you ment with '(the hboot file must be present in the current folder of course)' so pasted the SPL "hboot-1.76.2007" on my SDcard and in AndroidSDK/tools
Then I did this:
C:\AndroidSDK\tools>adb shell
/ # flash_image hboot /cache/hboot-1.76.2007.img
flash_image hboot /cache/hboot-1.76.2007.img
can't find hboot partition
It could be that you did forget a 'space' between boot and cache so I tried this:
/ # flash_image hboot /cache /hboot-1.76.2007.img
flash_image hboot /cache /hboot-1.76.2007.img
usage: flash_image partition file.img
/ # reboot bootloader
reboot bootloader
When I rebooted in bootloader everything was still the same... Did I do something wrong?
Already thanks for the great help!
janximan said:
Thanks for the help man... But I didn't succeed yet...I didn't get an error message but something went wrong... This is until where I got:
C:\AndroidSDK\tools>adb shell
/ # df
df
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 98492 0 98492 0% /dev
/dev/block/mtdblock4 81920 1192 80728 1% /cache
/ # exit
exit
C:\AndroidSDK\tools>adb push hboot-1.76.2007.img
Click to expand...
Click to collapse
this should be
Code:
C:\AndroidSDK\tools>adb push hboot-1.76.2007.img /cache
when the hboot file is in your tools folder. You got a usage message from the command, that means the command was malformed. So the rest couldn't work either. And no I did not miss any space in the flash_image command.
Damn, sorry to disappoint but I did some more research and I think my idea won't work after all
the Sign is on, and you have to turn it off. Use the goldcard method and use:
http://rapidshare.com/files/267446145/2.53.707.2_-_sappimg.zip
to turn it off, and start the flasshing process again for safe keeping.
Instructions:
http://translate.google.pt/translat...ss.C3.A1rio_para_fazer_o_processo&sl=pt&tl=en
If you want try flash using HTC Magic oficial update and start the process all over again for safe keeping.
Hope it helps
i was reading things better. Have you tried to download a oficially signed from HTC Hboot and in fastboot flashing it ? If you sucessed you could reverse the process
PS: does anyone know to explain me why did this exacly happened?
Jup...still no difference...
Thanks drbobb for all the effort and time! If there really is no other way to make it work than the goldcard method... I should try this one...but read it first a few times...
Jgcaap... Thanks for the help.. I explained on the first page how I get this far... Updated my radio on a wrong way :s
how did you update the radio ? Sorry to ask again but in the first page isnt expressed if you done by flashing procedure (USB) or by other method (Recovery).
Well...i don't know for sure but I think I just flashed a new radio (.zip) file in recovery... Without using fastboot...
Well according to the studies the most safe is in fastboot, in recovery you can also flash but there is always a risk since the recovery might not be 100% safe to flash. But you still havent done anything else? Please try remember because there must be a way of exploiting to make the phone work again.

[GUIDE] Unlock Bootloader on Orange UK Atrix using OS X Snow Leopard 10.6.8

I had to do a lot of hunting around to do this so thought I would write it all down.
Before you do this I would recommend reading these threads so you have an idea of what you are about to do:
http://forum.xda-developers.com/showthread.php?t=1136261
http://forum.xda-developers.com/showthread.php?t=1196747
You will need sbf_flash (attached to thread), fastboot-mac (attached to thread), the SBF file (attached to thread) and adb from the android SDK. Easiest thing is to download the Android SDK and copy sbf_flash.sh, fastboot-mac and the sbf file to platform-tools in the Android SDK.
1. Root your device with Gingerbreak.apk (v1.20) available here:
http://forum.xda-developers.com/showthread.php?t=1044765
2. Backup with Titanium backup (BATCH -> backup apps & system data)
3. Power down your device
4. Power it back up holding the volume up button
5. Connect your device to your Mac
6. Open a Terminal and 'cd' to where all your tools are ie type 'cd PATH TO platform-tools'. You'll need to change the permissions on 'sbf_flash.sh' and 'fastboot-mac' so type these in the terminal:
chmod +x sbf_flash.sh
then
chmod +x fastboot-mac
7. Run this 'sudo ./sbf_flash.sh intl-fix-try1.sbf' and you should get something like this:
SBF FLASH 1.23 (mbm)
http://opticaldelusion.org
=== intl-fix-try1.sbf ===
Index[5]: Unexpected chip 16
Index[6]: Unexpected chip 16
00: RDL03 0x00000000-0x002FFFFF 7F75 AP
01: RDL01 0x00800000-0x008407FF 3556 BP
02: CG02 0x00000010-0x0000580F 4615 AP
03: CG03 0x000000A0-0x0008009F 2135 AP
04: CG42 0x00000020-0x0030001F F03C AP
05: CG44 0x00000050-0x0030004F 0C66 AP
06: CG47 0x00000070-0x0008006F E7CB AP
>> waiting for phone: Connected.
>> uploading RDL03: 100.0%
-- OK
>> verifying ramloader
-- OK
>> executing ramloader
-- OK
>> waiting for phone: Connected.
>> sending erase
-- OK
>> uploading CG02: 100.0%
-- OK
>> uploading CG03: 100.0%
-- OK
>> uploading CG42: 100.0%
-- OK
>> uploading CG44: 100.0%
-- OK
>> uploading CG47: 100.0%
-- OK
>> rebooting
8. Let the device reboot
9. Power the device back off
10. Power it up with the volume down button, then press up
11. In your terminal run this './fastboot-mac -i 0x22b8 oem unlock'
... INFOUnlocking your device can permanently VOID your warranty.
INFOThis process cannot be reversed. If you wish to proceed,
INFOreissue the unlock OEM command containing the unique ID
INFOof your device: XXXXXXXX
OKAY
12. Enter it again with your device ID ie './fastboot-mac -i 0x22b8 oem unlock XXXXXXXXX' and this should happen:
... INFODevice is now unlocked
OKAY
13. Enter this in Terminal './fastboot-mac -i 0x22b8 reboot'
14. Success you've unlocked your bootloader!
15. Install Titanium Backup and restore your applications 'BATCH -> restore missing apps and all system data)
HOW TO FLASH GINGERBREAD ON OS X
Download moto-fastboot mac from here:
http://forum.xda-developers.com/showthread.php?t=1138092
Download Gingerbread and RAM fix from here (intsructions there for which Tegra version you need):
http://forum.xda-developers.com/showthread.php?t=1169409
1. Extract all the files to the same directory and CD there in the terminal.
2. Put your phone in fastboot mode (turn it on holding volume down button then press volume up)
3. Type these commands in the terminal:
chmod +x moto-fastboot-osx64
./moto-fastboot-osx64 flash boot XXXXXX.boot.img (work out what Tegra part you need to flash and change the XXXXXX to that!)
./moto-fastboot-osx64 flash system ORFR234-system.img
./moto-fastboot-osx64 flash webtop webtop.img
./moto-fastboot-osx64 reboot
Hurray you have Gingerbread!
INCREDIBLY USEFUL LINKS
FIX FINGERPRINT READER BROKEN AFTER TITANIUM BACKUP RESTORE
http://forum.xda-developers.com/showpost.php?p=12567301&postcount=8
SQLITE3 SO YOU CAN ACTUALLY DO THE FINGERPRINT FIX (COPY IT TO SYSTEM/BIN AND CHANGE PERMISSIONS TO 777 WITH ROOT EXPLORER)
http://forum.xda-developers.com/showpost.php?p=9848889&postcount=1
ROMRACERS RECOVERY
http://forum.xda-developers.com/showthread.php?t=1204500
Flash like this:
1. Put phone in fastboot mode
2. Open a terminal and cd to where fastboot-mac-osx64 is
3. Erase your recovery
./moto-fastboot-osx64 erase recovery
4. Flash romracers recovery
./moto-fastboot-osx64 flash recovery /PATH/TO/recovery-atrix4.1.img
5. Reboot
./moto-fastboot-osx64 reboot

[HOW TO] Unbricking/Restoring your Kindle Fire

UPDATE: It has come to my attention that zergRush root has been patched and no longer works on the most resent updates. At the moment I haven't checked to see what to use to replace it. I would advise anyone who is needing to unbrick your device to go over to this thread started by Vashypooh: http://forum.xda-developers.com/showthread.php?t=1399889. It is the Kindle Fire Utility v0.9.1 and has options to unbrick your kindle fire among many other great features. Please try his utility out as I have not been keeping up with this thread much over the holidays.
My kindle fire was stuck in a bootloop/bricked (info on what was going on prior to fixing: forum.xda-developers.com/showthread.php?t=1355371) after some complications when trying to install google apps. I may of deleted system files, really not sure what happened at this point. Anyway, this is what finally fixed it. This will get your device to the just out of the box state. Just follow along with the commands. I documented as much as I could, but if you have any questions feel free to ask. Hope this helps anyone whos Kindle Fire wont boot up!
For this to work you will need fastboot and zergRush root
get fastboot here: http://multiupload.com/TPWBYSCGM7
details on how fastboot works: http://wiki.cyanogenmod.com/wiki/Fastboot
zergRush root: http://rootkindlefire.com/kindle-fire-root/how-to-root-kindle-fire/
->zergRush should be in the folder called files when extracted
Also make sure your device is charged, this will save you some time at the end!
I most likely not respond to private messages. This is a general thread so anyone can post here. It is beneficial to others since they may be experiencing the same problems as you. Being in my inbox wont help anyone.
***DISCLAIMER***: This process may not work for everyone! It really does depend on what you did to brick your kindle fire!! Also please consider thinking twice about messing with your device again after you fix it. Unless, of course, you think you can fix it on your own or are an advanced user.
PS: Read other peoples posts! Many have posted a lot of useful information, please use this to your advantage before asking questions!
PPS:What you did to brick your device is probably not unique. in order to prevent this thread from annoying those trying to help and from getting too long, we may ignore posts that ask questions or ask for solutions that have already been asked. If you don't get a reply within 24 hours, your problem probably falls under this.
PPPS:If the directions don't work and you don't see a solution in this thread already then you probably bricked your device beyond this way of recovery and need to seek other ways. If you are still having troubles please post a DESCRIPTIVE (pictures, links, anything and everything you did to get where you are at now) question/post with the problems you are facing and we can try and help you. Thank you.
---------------------------------------///------------------------------------
Hard reset may work for some people - hold power button for ~20 seconds and turn back on. If it doesn't then proceed:
---------------------------------------///------------------------------------
How to begin the how-to using cmd:
1. Download the files you need and stick them in your C:\ directory
2. stick fastboot in C:\KindleFireRoot\files directory
3. open cmd (command prompt)
4. navigate to the files directory on your C:\ drive
should look similar to this:
​
Code:
C:\users\userName>cd C:\KindleFireRoot\files
5. now you are in the kindleFireRoot\files directoryshould look something like this:
​
Code:
C:\KindleFireRoot\files>
Now you can start following the directions in the how-to and type exactly what you see to the right of the $ and # symbols. You should see them but do not type another one next to what you already see.
---------------------------------------///------------------------------------
IF YOU THINK MODIFYING PERMISSIONS ON /system/app IS WHAT CAUSED YOUR DEVICE TO BOOTLOOP THEN FOLLOW THESE STEPS:
check your permissions first
Code:
adb shell
ls -l /system/
they should look like:
Code:
drwxr-xr-x root root 1970-01-01 00:00 lost+found
drw-r-xr-x root root 2011-11-29 12:31 app
drwxr-xr-x root shell 2011-11-16 03:03 bin
-rw-r--r-- root root 2144 2008-08-01 12:00 build.prop
drwxr-xr-x root root 2011-11-16 03:03 etc
drwxr-xr-x root root 2011-11-16 03:03 fonts
drwxr-xr-x root root 2011-11-16 03:03 framework
drwxr-xr-x root root 2011-11-16 03:03 lib
drwxr-xr-x root root 2011-11-16 03:03 media
drwxr-xr-x root root 2011-11-16 03:03 tts
drwxr-xr-x root root 2011-11-16 03:03 usr
drwxr-xr-x root shell 2011-11-16 03:03 vendor
drwxr-xr-x root shell 2011-11-29 12:31 xbin
if yours do not look like this then continute:
follow the steps to temp root FIRST(steps 1 and 2 below)!
AFTER you temp root:
Code:
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
chmod 755 /system/app
then reboot
Note: this can work with any directory that has permissions messed up
---------------------------------------///------------------------------------
IF YOU CHANGED WALLPAPERS/THEME AND BRICKED YOUR DEVICE BY MESSING WITH FRAMEWORK-RES.APK TRY THIS:
if you have adb active, try
adb shell ls -l /system/framework/framework-res.apk
if you dont see it show permissions as rw-r--r--
temp root (steps 1 and 2) first then run:
adb shell mount -o remount rw /system
adb shell chown root /system/framework/framework-res.apk
adb shell chmod 644 /system/framework/framework-res.apk
adb shell mount -o remount ro /system
adb reboot
if that does not work, then you need to go back to the old file, get it from the amazon update (download the update from their site and unzip it with 7zip or winrar, ignore the fact it's called bin and just rename it if you don't know how to do it otherwise to .zip).
then run
adb push framework-res.apk /data/local/tmp
adb shell mount -o remount rw /system
adb shell mv /data/local/tmp/framework-res.apk /system/framework/framework-res.apk
adb shell chown root /system/framework/framework-res.apk
adb shell chmod 644 /system/framework/framework-res.apk
adb reboot
---------------------------------------///------------------------------------
IF NONE OF THE ABOVE APPLIES TO YOU THEN DO THESE STEPS:
//Step 1: push zergRush on the device then run chmod 755 on zergRush
Code:
$ adb push zergRush /data/local/tmp
$ adb shell chmod 755 /data/local/tmp/zergRush
//Step 2: temp root
Code:
$ adb shell
adb server is out of date. killing...
* daemon started successfully *
$ cd data/local
cd data/local
$ cd tmp
cd tmp
$ ls
ls
boomsh
zergRush
sh
$ rm sh boomsh [B]Remove everything but zergRush here, it will not matter if yours is missing/out of order compared to mine[/B]
rm sh boomsh
$ ./zergRush
./zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00015118
[*] Scooting ...
[*] Sending 149 zerglings ...
[+] Zerglings found a way to enter ! 0x10
[+] Overseer found a path ! 0x000151e0
[*] Sending 149 zerglings ...
[+] Zerglings caused crash (good news): 0x40119cd4 0x0054
[*] Researching Metabolic Boost ...
[+] Speedlings on the go ! 0xafd195cb 0xafd3937f
[*] Popping 24 more zerglings
[*] Sending 173 zerglings ...
[+] Rush did it ! It's a GG, man !
[+] Killing ADB and restarting as root... enjoy!
//Step 3: reboot into fastboot
//note: 4002 for fastboot
Code:
$ adb shell
# cd /system/bin
cd /system/bin
# idme bootmode 4002
idme bootmode 4002
<idme> write 4002 to offset 0x1000
# reboot
reboot
//Step 4: clear user data and cache using fastboot
//note: 0x1949 is the device-id for the kindle so fastboot can recognize it
Code:
$ fastboot -i 0x1949 -w //this part might take a while
erasing 'userdata'... OKAY [110.203s]
erasing 'cache'... OKAY [ 28.328s]
finished. total time: 138.531s
//Step 5: change back to normal boot mode in fastboot
//note: 4000 is for normal boot
Code:
$ fastboot -i 0x1949 oem idme bootmode 4000
... OKAY [ 0.219s]
finished. total time: 0.219s
//Step 6: use fastboot to restart kindle fire
Code:
$ fastboot -i 0x1949 reboot
rebooting...
finished. total time: 0.016s
At this point the kindle hit splash screen for a few minutes then told me that my device needed to be charged (was at 13%) to continue. **So make sure your device is charged**, otherwise you will have to wait about 20-30 minutes depending on your charge %. The amber light finally came on while connected to PC which it wasn't doing before so this was a good sign.
After it was charged enough the next step stated: "Your kindle has detected a problem and must clear app storage.The recovery precess will erase some applications and data from your device. Apps from the appstore are stored in the cloud and can be reinstalled later. This will reset your kindle to its original factory settings. You will need to re-register your kindle prior to downloading items from your amazon account. Please press power button to proceed"
After you press the power button it shows a progress bar, reboots, hits splash screen for a few minutes then takes you to set up your Kindle Fire account YAYYYY!
Just a suggestion but perhaps one of the mods could move this to the developer's forum (or sticky it and make the links have http:// in front)? The OP could not post it there since they do not have 10 posts yet, but they're a friend of mine and we worked together to unbrick their device.
unbricking from recovery
I am going to try the method for unbricking, but not sure it will work on mine. My fire is stuck on the boot screen where it has a long message saying there is a problem with the fire and that it needs to restore the apps and bring it back to default.
It then says to press the power button continue with the restore. Then it completes, says success, then reboots right back into the same message screen all over again.
When I adb devices I get "firexxxxxSN recovery"
I am hoping fastboot can help me or perhaps I need to re-image recovery or boot.
What happened was this. I tried to follow a method to change my wallpapers using metamorph. I followed all the steps then started getting theme errors and such while in the kindle. I rebooted and was stuck in the bootloop as described here.
Being the novice I am, I thought I could then copy over a fresh copy of "system" from the fire system dump that was posted. I did this and this is where I am now.
Any help would be appreciated. It might be a good idea for us to figure this one out so that we have the procedure.
you dont need root to run idme.
But since you can get root, try clearing the /data/dalvik-cache by hand & reboot.. much quicker than a full userdata wipe.
Hi, assuming your responding to me, whats idme? Right now I cant get root just a bootloop. And when I adb devices I get my device serial # recovery where is normally says device serial # device
---------- Post added at 03:57 PM ---------- Previous post was at 03:46 PM ----------
Here is the exact message I get on the screen:
'Your Kindle has detected a problem and must clear app storage. The recovery process will erase some applications and data from your device. Apps from the appstore are stored in the cloud and can be reinstalled later.
This will reset your kindle to its original factory settings. you will need to re-register your kindle prior to downloading items from your Amazon account.
Please press power button to proceed.'
After i press the power button I get a status bar indicating the restore, it then says success, then reboots and ultimately comes back to the same restore screen as noted above.
Any help is appreciated.
Hey, can you please tell me how you get into fastboot? I went to the wiki and did everything it said there but am stuck because I am getting stuck on step 5
Boot device into bootloader - How do I do this? Is this simply powering on the fire?
Make sure the device is in FASTBOOT and not HBOOT - same question
I'm getting "zergRush: permission denied" any help?
Wow, I'm so glad I found this! You just may be my life/job saver. I'm going to try this right now and reply with status.
transfuntioner said:
you dont need root to run idme.
But since you can get root, try clearing the /data/dalvik-cache by hand & reboot.. much quicker than a full userdata wipe.
Click to expand...
Click to collapse
I tried this previous to what I explained in my fix above and it didn't work. I was still stuck in bootloop and getting the same errors in the logs.
transfuntioner said:
you dont need root to run idme.
But since you can get root, try clearing the /data/dalvik-cache by hand & reboot.. much quicker than a full userdata wipe.
Click to expand...
Click to collapse
@transfuntioner - This sounds logical and I did try this. In my specific case it didn't work either but may work for others.
Done! Thanks ubeezee your awesomeness knows no boundaries. I owe you big-time! I'ma gonna buy you a whole case of beers.
@md202000 Glad it worked for you!
justki said:
I'm getting "zergRush: permission denied" any help?
Click to expand...
Click to collapse
Can you give more explanation (i.e. what you were doing beforehand)?
---------- Post added at 08:56 PM ---------- Previous post was at 08:54 PM ----------
bjanice44 said:
Hey, can you please tell me how you get into fastboot? I went to the wiki and did everything it said there but am stuck because I am getting stuck on step 5
Boot device into bootloader - How do I do this? Is this simply powering on the fire?
Make sure the device is in FASTBOOT and not HBOOT - same question
Click to expand...
Click to collapse
Don't rely on the wiki directions...those are meant for other devices (particularly phones). Just do the steps listed in the OP in that order. You won't get some screen that explicitly says FASTBOOT. You'll just assume you are there because fastboot commands will work (and the fact you told the device to go into fastboot before rebooting it through bootmode idme).
Hi, assuming your responding to me, whats idme? Right now I cant get root just a bootloop.
Click to expand...
Click to collapse
Just because you have a bootloop, does not imply you cannot do things like run adb. You need to run "adb shell" with the kindle plugged into the computer and then push over the zergRush exploit and get root and then switch the mode to FASTBOOT. You cannot as far as I know get into FASTBOOT on the device unless you are able to tell it to through temp rooting and adb first.
But since you can get root, try clearing the /data/dalvik-cache by hand & reboot.. much quicker than a full userdata wipe.
Click to expand...
Click to collapse
From trying that with ubeezee, it did nothing to help on its own. It took clearing out all user data to trigger a restore that did something useful.
bjanice44 said:
I am going to try the method for unbricking, but not sure it will work on mine. My fire is stuck on the boot screen where it has a long message saying there is a problem with the fire and that it needs to restore the apps and bring it back to default.
It then says to press the power button continue with the restore. Then it completes, says success, then reboots right back into the same message screen all over again.
When I adb devices I get "firexxxxxSN recovery"
I am hoping fastboot can help me or perhaps I need to re-image recovery or boot.
What happened was this. I tried to follow a method to change my wallpapers using metamorph. I followed all the steps then started getting theme errors and such while in the kindle. I rebooted and was stuck in the bootloop as described here.
Being the novice I am, I thought I could then copy over a fresh copy of "system" from the fire system dump that was posted. I did this and this is where I am now.
Any help would be appreciated. It might be a good idea for us to figure this one out so that we have the procedure.
Click to expand...
Click to collapse
Did you try it out?
justki said:
I'm getting "zergRush: permission denied" any help?
Click to expand...
Click to collapse
I think I know why, I forgot to add that you need to run chmod 755 on zergRush.(see updated first post)
adb shell chmod 755 /data/local/tmp/zergRush
after you push zergRush
i got to step 3 and there is no animation over the letters, so i think i am in fastboot, but i can not access the shell anymore. it appears my device is not being seen by adb? evn at a cmd prompt i tried fastboot devices and that shows nothing either.
any advice?
dingo8baby said:
i got to step 3 and there is no animation over the letters, so i think i am in fastboot, but i can not access the shell anymore. it appears my device is not being seen by adb? evn at a cmd prompt i tried fastboot devices and that shows nothing either.
any advice?
Click to expand...
Click to collapse
I'm not totally sure what you mean. Are you trying to access adb while in fastboot? Because that will not work.
When you're in fastboot, you don't use adb, you use fastboot commands to wipe all the user data (see the reference link in the OP for the commands that work on fastboot and note that it's nothing like adb). Fastboot runs a much lower level than anything you access in adb--it's like being in the BIOS for your computer more or less. It wont show "devices" or anything like that unless you explicitly run the "fastboot -i 0x1949 devices" command (I didn't bother to run that command on the kindle, I just jumped ahead and had it wiped using fastboot, since it didn't really matter if it detected it or not).
However, even if you don't run that command to show devices, you'll know it works when you run the fastboot command to wipe data and it gives you a reply. If it doesn't give a reply and just hangs, then you weren't in fastboot (or you typed the command wrong) and need to try again (press ctrl+c to cancel the command, but just FYI, it takes 3-5 minutes for it to wipe all data, so be patient before canceling).
dingo8baby said:
i got to step 3 and there is no animation over the letters, so i think i am in fastboot, but i can not access the shell anymore. it appears my device is not being seen by adb? evn at a cmd prompt i tried fastboot devices and that shows nothing either.
any advice?
Click to expand...
Click to collapse
Like yareally said, you should move on to step 4 if you are in fastboot. The only time you will need to access adb shell is when it says on the instructions.
ok, i'm sorry if i wasn't clear.
I saw the $ prompt, so I assumed the commands were run in a adb shell.
If i run the fastboot commands in a cmd window, this is the output:
C:\android-sdk-windows\tools>fastboot -i 0x1949 -w
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall 'flash boot' + 'flash system'
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
dingo8baby said:
ok, i'm sorry if i wasn't clear.
I saw the $ prompt, so I assumed the commands were run in a adb shell.
If i run the fastboot commands in a cmd window, this is the output:
C:\android-sdk-windows\tools>fastboot -i 0x1949 -w
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall 'flash boot' + 'flash system'
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
Click to expand...
Click to collapse
I'm a bit confused as to what you are doing. What were you using before to enter commands? Whatever you were using that got you to step 3, was what you need to use. There should always be $ infront of your commands.
Oh I just saw the problem, the fastboot your using is out of date. Theres no -i command. I think the one that I linked was out of date too.. I'll upload the one I have which is the most current and link it on the main post. Sorry about that! So just start over after you update fastboot using whatever you were using before to enter commands that got you into fastboot.

[MOD] Increase your SYSTEM partition to 2.5GB , Boot to 30MB , Recovery to 30MB for Y

Finally your and MY wait is over Hear @I Putu Tirta Agung S & @Annabathina are introducing that HOW TO INCREASE YUREKA / PLUS PARTITIONS ........
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I & @I Putu Tirta Agung S are not responsible for anything that may happen to your phone as a result of following this guide / installing custom roms and/or kernels. you do so at your own risk and take the responsibility upon yourself. ​​
NOTE : Please read hole thread before starting........
Preface
This guide has been tested to work on Lollipop and Marshmallow. By following this guide, you will resize your boot, system, cache, and recovery partition to the new partition size as can be seen below:
This guide is quite safe as it doesn't change the emmc GUID and its unique partitions GUID, which is hard coded into our Yureka's non-HLOS (High Level Operating System).
The Guides
Backing up important partitions ( Very very important )
Go to TWRP (please use the newest, or at minimal Abhishek's 3.0.1-0), and when you are in it run "adb shell" from your computer using " ADB+&+Fastboot of yureka " by " Hold shift key and right click on mouse and select Open command window here " then type below lines ONE BY ONE (remember to do it line by line)
Code:
[SIZE="4"]dd if=/dev/block/mmcblk0 of=/sdcard/gpt.bin bs=512 count=34
adb shell dd if=/dev/block/mmcblk0p1 of=/sdcard/modem
adb shell dd if=/dev/block/mmcblk0p2 of=/sdcard/sbl1
adb shell dd if=/dev/block/mmcblk0p3 of=/sdcard/sbl1bak
adb shell dd if=/dev/block/mmcblk0p4 of=/sdcard/aboot
adb shell dd if=/dev/block/mmcblk0p5 of=/sdcard/abootbak
adb shell dd if=/dev/block/mmcblk0p6 of=/sdcard/rpm
adb shell dd if=/dev/block/mmcblk0p7 of=/sdcard/rpmbak
adb shell dd if=/dev/block/mmcblk0p8 of=/sdcard/tz
adb shell dd if=/dev/block/mmcblk0p9 of=/sdcard/tzbak
adb shell dd if=/dev/block/mmcblk0p10 of=/sdcard/hyp
adb shell dd if=/dev/block/mmcblk0p11 of=/sdcard/hypbak
adb shell dd if=/dev/block/mmcblk0p12 of=/sdcard/pad
adb shell dd if=/dev/block/mmcblk0p13 of=/sdcard/modemst1
adb shell dd if=/dev/block/mmcblk0p14 of=/sdcard/modemst2
adb shell dd if=/dev/block/mmcblk0p15 of=/sdcard/misc
adb shell dd if=/dev/block/mmcblk0p16 of=/sdcard/fsc
adb shell dd if=/dev/block/mmcblk0p17 of=/sdcard/ssd
adb shell dd if=/dev/block/mmcblk0p18 of=/sdcard/DDR
adb shell dd if=/dev/block/mmcblk0p19 of=/sdcard/fsg
adb shell dd if=/dev/block/mmcblk0p20 of=/sdcard/sec
adb shell dd if=/dev/block/mmcblk0p22 of=/sdcard/params
adb shell dd if=/dev/block/mmcblk0p23 of=/sdcard/panic
adb shell dd if=/dev/block/mmcblk0p24 of=/sdcard/autobak
adb shell dd if=/dev/block/mmcblk0p26 of=/sdcard/persist[/SIZE]
Copy all files from internal storage (sdcard) to your computer, keep them safe as they are very important if something bad happens.
Doing the magic
Download and extract "gpt.zip" attached in this post, and copy the "gpt.bin" file to the root of your internal storage (internal sdcard).
1. Go back to TWRP and run "adb shell" again from your computer, then type:
2. Go back to TWRP and run "adb shell" again from your computer, then type:
dd if=/sdcard/gpt.bin of=/dev/block/mmcblk0 bs=512 count=34
Click to expand...
Click to collapse
3. After all done, reboot to your bootloader and flash your recovery (TWRP) by typing:
fastboot -i 0x1ebf erase recovery
fastboot -i 0x1ebf flash recovery TheNameofYourRecovery.img
Click to expand...
Click to collapse
4. After that, type below commands (remember to do it line by line):
fastboot -i 0x1ebf oem unlock
fastboot -i 0x1ebf erase boot
fastboot -i 0x1ebf format cache
fastboot -i 0x1ebf format userdata
fastboot -i 0x1ebf format system
fastboot -i 0x1ebf reboot-bootloader
fastboot -i 0x1ebf boot recovery
Click to expand...
Click to collapse
5. After booting to TWRP, wipe everything again (system, data, cache, dalvik, internal storage)
6. Reboot the phone to TWRP again.
7. Copy your original "params", "panic", "autobak", and "persist" files you backed up earlier to the root of your internal storage (internal sdcard) and run "adb shell" again from your computer, then type:
adb shell dd if=/sdcard/params of=/dev/block/mmcblk0p22
adb shell dd if=/sdcard/panic of=/dev/block/mmcblk0p23
adb shell dd if=/sdcard/autobak of=/dev/block/mmcblk0p24
adb shell dd if=/sdcard/persist of=/dev/block/mmcblk0p26
Click to expand...
Click to collapse
This step is very important, so don't miss it or you will hard bricked your god damn phone.
8. After all done, reboot to your bootloader and type again below codes (remember to do it line by line):
fastboot -i 0x1ebf oem unlock
fastboot -i 0x1ebf erase boot
fastboot -i 0x1ebf format cache
fastboot -i 0x1ebf format userdata
fastboot -i 0x1ebf format system
fastboot -i 0x1ebf reboot-bootloader
fastboot -i 0x1ebf boot recovery
Click to expand...
Click to collapse
After booting to TWRP, wipe everything again (system, data, cache, dalvik, internal storage)
9. Reboot the phone to TWRP again.
Troubleshooting
Wallah, now you have 2.5 GB of system partition, 150 MB (it will be usefull if you use f2fs file system) cache partition, 30 MB of recovery partition, 30 MB of boot partition, and around 11.77 GB of data partition.
Oh btw, if you flash "userdata.img" from COS or CM roms, you will get something similar to this:
target reported max download size of 268435456 bytes
erasing 'userdata'...
OKAY [ 8.440s]
sending 'userdata' (137434 KB)...
OKAY [ 5.164s]
writing 'userdata'...
FAILED (remote: image size too large)
finished. total time: 13.634s
Click to expand...
Click to collapse
Why? Because now your data partition is approximately 1.5 GB smaller. So just relax, if you got that kind of warning.
Furthermore, because a lot of devs use that ****in ".dat" files ****ty thing ("system.new.dat", "system.patch.dat" and "system.transfer.list"), if you flash their roms (such as CM, AICP, Exodus, bla bla bla), you will see that your partition will go back to its original value. But not to worry, it is not the real value of what is really use. It is because of the nature on how sparse ext4 image is compiled, they need to set the partition size before compiling, and of course they use the old one, not the one we have changed.
So to overcome this problem, you need to do it the hard way, explained in the second post below. However, if you don't want the hazzle then just flash AOSParadox or YuOS (the TWRP version, not the fastboot one) or Mokee or any rom that doen't have "system.new.dat", "system.patch.dat" and "system.transfer.list" in its zip file, as they will read the new partition size just fine.
ADB+&+Fastboot : link
Partition changer : link
Back up code PNG : link
Device Driver installation links
ADB for pc : link
YU usb drivers : link
PdaNet drivers : link
@I Putu Tirta Agung S MY friend for every thing ( NOTE : YOUR the best HACKER that I ever met )
@Annabathina
If you want the hard way in changing ROMs with ****in ".dat" files ****ty thing ("system.new.dat", "system.patch.dat" and "system.transfer.list") to read the new partition size, then you need Ubuntu with the latest kernel (that has the latest patch on "Transparent Compression", see this post), and follow these steps (thanks to xpirt for his guide):
Step 1 - Decompressing = DAT (sparse data) -> EXT4 (raw image)
We're now using sdat2img binary, the usage is very simple (make sure you have python 3.x installed):
Code:
./sdat2img.py <transfer_list> <system_new_file> <system_ext4>- <transfer_list> = input, system.transfer.list from rom zip
<system_new_file> = input, system.new.dat from rom zip
<system_ext4> = output ext4 raw image file
and a quick example of usage:
Code:
./sdat2img.py system.transfer.list system.new.dat system.img
by running this command you will get as output the file my_new_system.img which is the raw ext4 image.
Step 2 - Decompress EXT4 (raw image) -> OUTPUT folder -> Compress EXT4 (raw image)
Now we need to mount or ext4 raw image into an output folder so we can see apks/jars etc. To do this we need to type this command:
Code:
sudo mount -t ext4 -o loop system.img output/
As you can see there is a new folder called output which we can edit/modify/delete your files (not able to? see here)
Now we need to compress it back to a raw ext4 image, to do this we need the make_ext4fs binary. Make sure you have the file_contexts file (taken from the Rom zip) inside the make_ext4fs path. Then type this (got issues? see here).
Code:
/make_ext4fs -T 0 -S file_contexts -l 2684354560 -a system system_new.img output/
The value of 2684354560 in above code is the new size of system partition in Bytes. Upon doing the above processes, you will get the new raw ext4 image called 'system_new.img' ready for the next step.
Step 3 - Converting = EXT4 (raw image) -> DAT (sparse data)
Now we need the rimg2sdat binary, the usage is very simple:
Code:
./rimg2sdat <system_img>
<system_img> = name of input ext4 raw image file
and a quick example of usage:
Code:
./rimg2sdat my_new_system.img
As you can see the output is composed by system.transfer.list, (system.patch.dat) & system.new.dat, ready to be replaced inside your Rom zip.
Just to make it really simple
1. Fire up your beloved ubuntu, make sure you have python 3.x installed.
2. Download "sdat2img.py", "make_ext4fs", and "rimg2sdat" binaries, and put it inside a folder (use a file manager for god sake). We can name the folder "****inGreat".
3. Now make an empty folder inside "****inGreat" folder, and name it "output".
4. Extract "system.new.dat", "system.patch.dat", "system.transfer.list", and "file_contexts" from your beloved rom's zip file, and put it inside "****inGreat" folder.
5. Now open "****inGreat" folder with root privilege, then open terminal (we call it cmd in windows) from there.
6. type below code on the terminal (one line at a time):
Code:
./sdat2img.py system.transfer.list system.new.dat system.img (press enter)
sudo mount -t ext4 -o loop system.img output/ (press enter)
/make_ext4fs -T 0 -S file_contexts -l 2684354560 -a system system_new.img output/ (press enter)
./rimg2sdat my_new_system.img (press enter)
7. Now copy the new "system.new.dat", "system.patch.dat", "system.transfer.list", and "file_contexts" inside "****inGreat" folder back to your beloved rom's zip file.
8. Flash the rom via TWRP
9. And you are good to go.
10. Ain't that simple!!!!!!!!!!!!!
sdat2img.py
- github.com
make_ext4fs
- mega.co.nz
rimg2sdat
- mega.co.nz
@I Putu Tirta Agung S MY friend for every thing ( NOTE : YOUR the best HACKER that I ever met )
@Annabathina
Guys I have tested it for 5 times before posting
Thank to @I Putu Tirta Agung S for everything ​​
reserved
reserved for future post

HELP!!! How to fix "Can’t load Android System your data may be corrupt" error without losing your data ?

Update 2 : I have managed to take a backup of all the eMMC partitions using QFIL but I don't know how to proceed further.
Update 1 : Successfully flashed Stock ROM both via using ADB Sideload and SD card in the recovery but I am still stuck on the same "Can’t load Android System.Your data may be corrupt.If you continue to get this message, you may need to perform a factory data reset and erase all user data stored on this device " screen.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
----------------------------------------------------------------------------------------------------------------------------------------------------------
Hello guys,I was uninstalling some apps and accidently Asus launcher,Google Play and Play services etc got selected as well.While apps were getting uninstalled and/or downgraded,phone restarted somehow and everything is screwed up now.I am stuck on a screen telling “Can’t load Android System.Your data may be corrupt.If you continue to get this message, you may need to perform a factory data reset and erase all user data stored on this device” with 2 options underneath, 1.Try again and 2.Factory data reset
When I select “Try again” it shows “ Dead android robot on his back and red triangle” for a split second and then goes to Asus logo screen for 5 seconds and then ask for encryption key, when I enter the key it goes to ASUS logo screen again for 30-40 seconds and again back to Error screen.
Here is the video of the problem (Keep reloading if it doesn't load in first attempt)
Asus Zenfone 3 Bootloop
Watch "Asus Zenfone 3 Bootloop" on Streamable.
streamable.com
Asus ZenFone 3 ZE552KL
ROM : Stock Oreo Version WW-15.0410.1807.75
Bootloader is Locked
Recovery : Stock Recovery
USB debugging : Disabled
Android device encryption is ON
Device is booting in Fastboot Mode and Recovery Mode.
It even boots to the Sideload Mode via recovery and running "adb devices" command shows it attached with it's serial number and sideload but other commands don't work.
Device is being shown /listed in Fastboot Mode.
I am unable to use adb as USB debugging is disabled.Running "adb devices " command shows device’s serial number and "recovery" written next to it ,in the command prompt.
Will flashing Version WW-15.0410.1807.75 again do the job without wiping user data ?
How about flashing only boot.img / system.img ? Can we resolve the issue by just flashing just system.img or boot.img instead of flashing complete stock ROM ?
I don't care about performance of the system or unpredicted issues later on,my entire focus is on preserving my data.I don’t wanna to lose my data coz there are some very important documents,projects reports, pictures and backups in it.
Any help would be greatly appreciated!
I extracted the Stock ROM zip and found it's updater script in "META-INF/com/google/android"
JavaScript:
ifelse( getprop("ro.build.id") == "OPR1.170623.026", ui_print("Android O device"), (
(greater_than_int(getprop("ro.build.date.utc"), 1514390400)) || abort("Can't install this package on device version less than 14.2020.1712.85 device build time (" + getprop("ro.build.date") + ").");
) );
ifelse( getprop("ro.product.name") == "OPEN_Phone", ui_print("OPEN SKU device"), (
getprop("ro.product.name") == "WW_Phone" || abort("This package is for \"WW_Phone\" devices; this is a \"" + getprop("ro.product.name") + "\".");
) );
ui_print("Target: asus/WW_Phone/ASUS_Z012D:8.0.0/OPR1.170623.026/15.0410.1807.75-0:user/release-keys");
show_progress(0.750000, 540);
ui_print("Patching system image unconditionally...");
block_image_update("/dev/block/bootdevice/by-name/system", package_extract_file("system.transfer.list"), "system.new.dat", "system.patch.dat") ||
abort("E1001: Failed to update system image.");
ui_print("Verifying the updated system image...");
if range_sha1("/dev/block/bootdevice/by-name/system", "136,0,32767,32768,32770,33009,33011,33516,65535,65536,65538,66043,98303,98304,98306,98545,98547,99052,131071,131072,131074,131579,163839,163840,163842,164081,164083,164588,196607,196608,196610,197115,229375,229376,229378,229617,229619,230124,262143,262144,262146,262651,294910,294912,294914,295153,295155,295660,327679,327680,327682,328187,335068,360448,360450,360955,393214,393216,393218,393723,393724,393725,425982,425984,425986,426491,458751,458752,458754,459259,491519,491520,491522,492027,524287,524288,524290,524795,557055,557056,557058,557563,589823,589824,589826,590331,622591,622592,622594,623099,655358,655360,655362,655867,688126,688128,688130,688635,720894,720896,720898,721403,753662,753664,753666,754171,786430,786432,786434,786939,819198,819200,819202,819441,819443,819948,851966,851968,851970,852475,884734,884736,884738,884977,884979,885484,917502,917504,917506,918011,950270,950272,950274,950779,967696,967697,983040") == "9a4740126249131da4ccd7e39fcf8d7302a3f818" then
if range_sha1("/dev/block/bootdevice/by-name/system", "136,32767,32768,32770,33009,33011,33516,65535,65536,65538,66043,98303,98304,98306,98545,98547,99052,131071,131072,131074,131579,163839,163840,163842,164081,164083,164588,196607,196608,196610,197115,229375,229376,229378,229617,229619,230124,262143,262144,262146,262651,294910,294912,294914,295153,295155,295660,327679,327680,327682,328187,335068,335580,359936,360448,360450,360955,393214,393216,393218,393723,393724,393725,425982,425984,425986,426491,458751,458752,458754,459259,491519,491520,491522,492027,524287,524288,524290,524795,557055,557056,557058,557563,589823,589824,589826,590331,622591,622592,622594,623099,655358,655360,655362,655867,688126,688128,688130,688635,720894,720896,720898,721403,753662,753664,753666,754171,786430,786432,786434,786939,819198,819200,819202,819441,819443,819948,851966,851968,851970,852475,884734,884736,884738,884977,884979,885484,917502,917504,917506,918011,950270,950272,950274,950779,967696,967697") == "6d1cea242bbacf2ea86f62fa6c06b6bde31ec430" then
ui_print("Verified the updated system image.");
else
abort("E1003: system partition has unexpected non-zero contents after OTA update");
endif;
else
abort("E1002: system partition has unexpected contents after OTA update");
endif;
show_progress(0.050000, 5);
package_extract_file("boot.img", "/dev/block/bootdevice/by-name/boot");
show_progress(0.200000, 10);
# ---- radio update tasks ----
ui_print("Patching firmware images...");
ifelse(msm.boot_update("main"), (
ui_print("installing cmnlib64");
package_extract_s_file("firmware-update/cmnlib64.mbn", "/dev/block/bootdevice/by-name/cmnlib64");
ui_print("installing sbl1");
package_extract_s_file("firmware-update/sbl1.mbn", "/dev/block/bootdevice/by-name/sbl1");
ui_print("installing cmnlib");
package_extract_s_file("firmware-update/cmnlib.mbn", "/dev/block/bootdevice/by-name/cmnlib");
ui_print("installing rpm");
package_extract_s_file("firmware-update/rpm.mbn", "/dev/block/bootdevice/by-name/rpm");
ui_print("installing tz");
package_extract_s_file("firmware-update/tz.mbn", "/dev/block/bootdevice/by-name/tz");
ui_print("installing devcfg");
package_extract_s_file("firmware-update/devcfg.mbn", "/dev/block/bootdevice/by-name/devcfg");
ui_print("installing aboot");
package_extract_s_file("firmware-update/emmc_appsboot.mbn", "/dev/block/bootdevice/by-name/aboot");
ui_print("installing lksecapp");
package_extract_s_file("firmware-update/lksecapp.mbn", "/dev/block/bootdevice/by-name/lksecapp");
ui_print("installing keymaster");
package_extract_s_file("firmware-update/keymaster.mbn", "/dev/block/bootdevice/by-name/keymaster");
), "");
ifelse(msm.boot_update("backup"), (
ui_print("installing cmnlib64bak");
package_extract_s_file("firmware-update/cmnlib64.mbn", "/dev/block/bootdevice/by-name/cmnlib64bak");
ui_print("installing sbl1bak");
package_extract_s_file("firmware-update/sbl1.mbn", "/dev/block/bootdevice/by-name/sbl1bak");
ui_print("installing cmnlibbak");
package_extract_s_file("firmware-update/cmnlib.mbn", "/dev/block/bootdevice/by-name/cmnlibbak");
ui_print("installing rpmbak");
package_extract_s_file("firmware-update/rpm.mbn", "/dev/block/bootdevice/by-name/rpmbak");
ui_print("installing tzbak");
package_extract_s_file("firmware-update/tz.mbn", "/dev/block/bootdevice/by-name/tzbak");
ui_print("installing devcfgbak");
package_extract_s_file("firmware-update/devcfg.mbn", "/dev/block/bootdevice/by-name/devcfgbak");
ui_print("installing abootbak");
package_extract_s_file("firmware-update/emmc_appsboot.mbn", "/dev/block/bootdevice/by-name/abootbak");
ui_print("installing lksecappbak");
package_extract_s_file("firmware-update/lksecapp.mbn", "/dev/block/bootdevice/by-name/lksecappbak");
ui_print("installing keymasterbak");
package_extract_s_file("firmware-update/keymaster.mbn", "/dev/block/bootdevice/by-name/keymasterbak");
),"no backup partition");
msm.boot_update("finalize");
ui_print("installing modem");
package_extract_s_file("firmware-update/NON-HLOS.bin", "/dev/block/bootdevice/by-name/modem");
ui_print("installing dsp");
package_extract_s_file("firmware-update/adspso.bin", "/dev/block/bootdevice/by-name/dsp");
ui_print("installing asusfw");
package_extract_file("firmware-update/asusfw.img", "/dev/block/bootdevice/by-name/asusfw");
set_progress(1.000000);
It's been a long time since I've used an Android phone.
I believe it was possible to flash a stock ROM and gaaps using fastboot commands without erasing user data.
audit13 said:
It's been a long time since I've used an Android phone.
I believe it was possible to flash a stock ROM and gaaps using fastboot commands without erasing user data.
Click to expand...
Click to collapse
Nope,I haven't tried that yet coz before doing anything I want to be absolutely sure that it's not gonna wipe my data. Again,flashing the complete stock ROM is required or flashing a specific image like boot.img / system.img would resolve the issue ?
Please take a look at this thread.I didn't get "-w flag" thing.
hello, what you are trying to achieve is possible but we need to make solution specific to your android version which is android 8.
secondly explain what happened in detail like was your phone rooted or not, like if not then how on earth you uninstall system apps, if not uninstalled just degraded using uninstall updates button tell me.
xda is only in my laptop so i am unable to reply instantly, you can use telegram to talk to me @Bhd82
[email protected] said:
secondly explain what happened in detail like was your phone rooted or not, like if not then how on earth you uninstall system apps, if not uninstalled just degraded using uninstall updates button tell me.
Click to expand...
Click to collapse
My device is not rooted.Yes,I selected multiple apps to uninstall and Asus launcher,Play Store,Google Play Services also got selected accidenlty and when Uninstall button was clicked, I suppose were downgraded in the process.
[email protected] said:
hello, what you are trying to achieve is possible but we need to make solution specific to your android version which is android 8.
secondly explain what happened in detail like was your phone rooted or not, like if not then how on earth you uninstall system apps, if not uninstalled just degraded using uninstall updates button tell me.
xda is only in my laptop so i am unable to reply instantly, you can use telegram to talk to me @Bhd82
Click to expand...
Click to collapse
Hello buddy,here is the video of the bootloop.
encryption is downgrade protected so you probably broke it. so first you should dump cache partition and search kernel logs for QSEECOM. if your bootloader is unlocked, boot custom recovery from fastboot boot command and dump partitions from adb pull, otherwise dump from edl.py.
loaders can be found here
https://forum.xda-developers.com/showthread.php?t=3603643&page=4
https://forum.xda-developers.com/showthread.php?t=3759473
https://romprovider.com/download-prog_emmc_firehose-qcom-phone-cpus
https://www.firmware27.com/2017/06/collectionprog-emmc-firehose-prog-ufs.html
https://www.leakite.com/collection-qualcomm-emmc-programmer-files
https://github.com/programmer-collection
https://github.com/bkerler/Loaders
https://github.com/thantoeaungat/firehose
https://www.tuserhp.com/2018/02/prog-emmc-firehose-ufs-firehose.html
https://firmwarego.com/index.php?a=downloads&b=folder&id=2288
edit: or try to get logcat during boot-loop
Code:
fastboot oem adb_enable
fastboot continue
adb logcat > logcat.log
aIecxs said:
encryption is downgrade protected so you probably broke it
Click to expand...
Click to collapse
Hello buddy,thank you for your valuable input! It means a lot! Well ,device was running without any glitch even after disabling and downgrading several pre installed apps and bloatwares.Several times ,I downgraded Playstore and Google play services to fix some issues.And everything went hand in hand with encryption enabled.I guess ,in this particular case, device got restarted during downgrading process and that corrupted some files.
aIecxs said:
if your bootloader is unlocked, boot custom recovery from fastboot boot command and dump partitions from adb pull, otherwise dump from edl.py.
Click to expand...
Click to collapse
My bootloader is locked and USB debugging is disabled.Yes, I have been digging threads regarding QSEECOM and QPST for past few days.
aIecxs said:
edit: or try to get logcat during boot-loop
Code:
fastboot oem adb_enable
fastboot continue
adb logcat > logcat.log
Click to expand...
Click to collapse
Unfortunately,unlocking bootloader would wipe out all the data which I want to preserve.Is there any way to get logcat with bootloader locked and usb debugging disabled ?
Thank you!
sorry I didn't know that fastboot oem adb_enable requires unlocked bootloader.
yes there is maybe. you can flash adb enabled AVBv1 signed modified boot.img from Qualcomm HS-USB QDLoader 9008 EDL mode if you have deep flash cable or figure out test point
first backup all partitions to PC
(replace ./ with proper path on disk or cd into directory. home directory ~ might run out of disk space)
Bash:
mkdir ~/tmp
cp -v ./prog_emmc_firehose_8953_ddr.mbn ~/tmp
cd edl
python3 ./Loaders/fhloaderparse.py ~/tmp Loaders
python3 ./edl.py printgpt
python3 ./edl.py r boot boot.img
python3 ./edl.py r system system.img
python3 ./edl.py r cache cache.img
python3 ./edl.py r metadata metadata.bin
python3 ./edl.py r devinfo devinfo.bin
python3 ./edl.py r userdata userdata.img
python3 ./edl.py r ...
second modify default.prop in boot.img ramdisk with AIK
Code:
ro.debuggable=1
ro.adb.secure=0
ro.secure=0
persist.sys.usb.config=mtp,adb
third flash image-new.img (which is hopefully AVBv1-signed) back to device and try get logcat while booting android (might brick your device)
Bash:
python3 ./edl.py w boot image-new.img
python3 ./edl.py reset
adb logcat '*:W' -b all | tee ~/logcat.txt
In case you bricked just restore backup boot.img and go for logs in cache partition. loop mount the partition image
Bash:
mkdir ~/cache
sudo -H mount -t ext4 -o loop,ro,noexec,noload,noatime ./cache.img ~/cache
sudo -H thunar ~/cache
edit: optional patch avb/dm-verity with Magisk
(attachments removed)
aIecxs said:
so first you should dump cache partition and search kernel logs for QSEECOM.dump from edl.py.
Click to expand...
Click to collapse
Hello,after a lot of research and experiments,I finally managed to build an EDL flash cable and figured out device's key combination to get the device in QDLoader 9008 EDL mode.
While I am a tech enthusiast,I am incognizant of Linux / Python so kindly bear with me.Even after spending hours I couldn't find any tutorial / video regarding how to use edl.py / bkerler/edl. Instructions here are unclear and complicated.Looks developer have a notion that everybody on this planet have an understanding of coding or python.It's full of jargons.A video tutorial of the whole process could be quite informative but unfortunatley it's missing.
This "loader" thing is also utterly confusing, some people are referring prog_emmc_firehose files as loader while bkerler/Loaders are entirely different phenomenon and I am unable to comprehend it.
I had downloaded xubuntu.iso to boot it via USB on Windows 11 machine only to find it later that bkerler/edl is first asking to use 3.9GB large Re LiveDVD and then later want us to install python + git and loads of other things.I don't understand what's the point of doing all this when one can run Linux commands in Windows using Windows Subsystem for Linux (WSL).
aIecxs said:
you can flash adb enabled AVBv1 signed modified boot.img from Qualcomm HS-USB QDLoader 9008 EDL mode if you have deep flash cable or figure out test point
first backup all partitions to PC
(replace ./ with proper path on disk or cd into directory. home directory ~ might run out of disk space)
Bash:
mkdir ~/tmp
cp -v ./prog_emmc_firehose_8953_ddr.mbn ~/tmp
cd edl
python3 ./Loaders/fhloaderparse.py ~/tmp Loaders
python3 ./edl.py printgpt
python3 ./edl.py r boot boot.img
python3 ./edl.py r system system.img
python3 ./edl.py r cache cache.img
python3 ./edl.py r metadata metadata.bin
python3 ./edl.py r devinfo devinfo.bin
python3 ./edl.py r userdata userdata.img
python3 ./edl.py r ...
second modify default.prop in boot.img ramdisk with AIK
Code:
ro.debuggable=1
ro.adb.secure=0
ro.secure=0
persist.sys.usb.config=mtp,adb
third flash image-new.img (which is hopefully AVBv1-signed) back to device and try get logcat while booting android (might brick your device)
Bash:
python3 ./edl.py w boot image-new.img
python3 ./edl.py reset
adb logcat '*:W' -b all | tee ~/logcat.txt
In case you bricked just restore backup boot.img and go for logs in cache partition. loop mount the partition image
Bash:
mkdir ~/cache
sudo -H mount -t ext4 -o loop,ro,noexec,noload,noatime ./cache.img ~/cache
sudo -H thunar ~/cache
edit: optional patch avb/dm-verity with Magisk
(have attached patched boot.img for both)
Click to expand...
Click to collapse
I am sorry but this post went completely over my head. Can you please recommend some step by step tutorial ? Thank you!
no worry, just follow the install instructions, then follow above steps. you can also do it on windows. but when it comes to loop-mount partition images it's far more easier to do it in linux (viewing logs in cache partition). another reason is you don't have to struggle with Qualcomm HS-USB QDLoader 9008 Drivers as linux fully handle all usb drivers automatically.
Prerequisites Step 1 (linux)
open terminal with CTRL + ALT + T and navigate to any directory on your hard disk with cd
Code:
cd /media/xubuntu/*
Prerequisites Step 2
install dependencies
Code:
# Debian/(X)ubuntu/Mint/etc
sudo apt update
sudo apt install adb fastboot python3-dev python3-pip liblzma-dev git
(optional) disable mobile broadband communication (skip this)
Code:
sudo apt purge modemmanager
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
sudo apt purge ModemManager
Prerequisites Step 3
download build and install edl.py
Code:
# edl.py (required)
git clone -b 3.52.1 https://github.com/bkerler/edl.git
cd edl
# common firehose programmer collection = factory loaders (optional)
git submodule update --init --recursive
# build + install
python3 setup.py build
sudo python3 setup.py install
(optional) set usb permissions so edl.py can run without sudo
Code:
sudo cp Drivers/51-edl.rules /etc/udev/rules.d
sudo cp Drivers/50-android.rules /etc/udev/rules.d
Prerequisites Step 4
connect device in EDL mode and check if linux can see it
Code:
lsusb
now ready for installing own loader and backup everything!
(see above)
- fhloaderparse.py
- edl.py
next step can be skipped because I already did it for you (see attachments)
- download and extract AIK-Linux-v3.8-ALL.tar.gz
- copy boot.img into AIK directory
- execute unpackimg.sh shell script
- modify default.prop
- execute repackimg.sh shell script
once you have backup proceed with flashing modified boot, reboot phone and get a logcat.txt
(see above)
aIecxs said:
no worry, just follow the install instructions, then follow above steps.
Click to expand...
Click to collapse
Install instructions of what ? Linux or edl.py ? Should I boot into xubuntu via a bootable USB flash drive ? Thank you!
- boot into xubuntu via a bootable USB pendrive
- goto - settings - keyboard - add your language and remove english layout
- open your prefered directory on windows hard disk
- right mouse click - open terminal here
- proceed with prerequisites (post #11)
- get a working firehose programmer (trial and error)
- proceed with backup (post #9)
aIecxs said:
Prerequisites Step 4
connect device in EDL mode and check if linux can see it
Code:
lsusb
now ready for installing own loader and backup everything!
(see above)
- fhloaderparse.py
- edl.py
Click to expand...
Click to collapse
Hello friend,after days of trial and error I managed to take a backup of all the partitions using QFIL.
As I want to do it via edl.py ,I have also set up a persistent Xubuntu USB and completed the Step 4.It looks like Linux has recognized the device in EDL mode ?
If I am correct,in the next step, I need to put "prog_emmc_firehose_8953_ddr.mbn" inside "edl" folder (
[email protected]:/media/xubuntu/New Volume/XB/edl) and open Terminal there and run the following commands one by one which will make backups inside "edl" folder.Correct me if I am wrong.
Bash:
mkdir ~/tmp
cp -v ./prog_emmc_firehose_8953_ddr.mbn ~/tmp
cd edl
python3 /media/xubuntu/New Volume/XB/edl/Loaders/fhloaderparse.py ~/tmp Loaders
python3 /media/xubuntu/New Volume/XB/edl/edl.py printgpt
python3 /media/xubuntu/New Volume/XB/edl/edl.py r boot boot.img
python3 /media/xubuntu/New Volume/XB/edl/edl.py r system system.img
python3 /media/xubuntu/New Volume/XB/edl/edl.py r cache cache.img
python3 /media/xubuntu/New Volume/XB/edl/edl.py r metadata metadata.bin
python3 /media/xubuntu/New Volume/XB/edl/edl.py r devinfo devinfo.bin
python3 /media/xubuntu/New Volume/XB/edl/edl.py r userdata userdata.img
python3 /media/xubuntu/New Volume/XB/edl/edl.py r ...
Again,there are 67 emmc partitions ( these are the partitions backed up by QFIL) out there.Nothing like "metadata".How do we find the names of the partition on LInux ? And do we need to do it manually one by one or is there any command to dump all the partitions ?
Thank you!
yes QDL means EDL...
(paths with whitespaces must be quoted "/media/xubuntu/New Volume/XB/edl" but no need to type the whole path at all, just dot ./ is fine if you already cd'd into directory)
yes you can place prog_emmc_firehose_8953_ddr.mbn inside edl directory, just parse the proper file path as first argument to fhloaderparse.py (like tmp/ in example)
./edl.py printgpt is the initial command it will print you all partition names and some device info. if it fails, maybe EDL got timeout and phone needs to reboot into EDL mode again
yes there is command to dump all partitions at once. you don't need it as you already have done this step from QFIL which is great, it means you found working firehose programmer
Code:
python3 edl.py printgpt
python3 edl.py rl dumps
your device obviously don't have metadata partition that was just example code
But you already have cache.bin you should loop-mount file and zip the logs from inside recovery directory. I will have a look into it maybe there is something useful inside. it should not contain anything that violates your privacy, however if you are paranoid about wifi/mac address or IMEI you can password protect zip
yes you can place prog_emmc_firehose_8953_ddr.mbn inside edl directory, just parse the proper file path/name as first argument to fhloaderparse.py (like tmp/ in example)
Complete file path is
/media/xubuntu/New Volume/XB/edl/prog_emmc_firehose_8953_ddr.mbn
Click to expand...
Click to collapse
and I am running terminal inside "edl folder" but despite several attempts I am getting following error.
Am I doing it the wrong way ? Can you please tell me the exact commands to run ?
aIecxs said:
But you already have cache.bin you should loop-mount file and zip the logs from inside recovery directory.
Click to expand...
Click to collapse
How do you do that ? By executing Step 4 of Post #9 ?
Bash:
mkdir ~/cache
sudo -H mount -t ext4 -o loop,ro,noexec,noload,noatime ./cache.img ~/cache
sudo -H thunar ~/cache
Thanks a lot!
one of your paths doesn't exist, either edl/Loaders/fhloaderparse.py is missing or it's because whitespaces in path
"/media/xubuntu/New Volume/XB/edl"
Code:
cd edl
python3 Loaders/fhloaderparse.py . Loaders
or if the above doesn't work
Code:
mkdir ~/tmp
cd edl
cp -v ./prog_emmc_firehose_8953_ddr.mbn ~/tmp
python3 ./Loaders/fhloaderparse.py ~/tmp Loaders
please also double check fhloaderparse.py exist and is spelled correctly and typed case sensitive
aIecxs said:
one of your paths doesn't exist, either edl/Loaders/fhloaderparse.py is missing.
Please also double check fhloaderparse.py exist and is spelled correctly and typed case sensitive
Click to expand...
Click to collapse
Yes,it's missing.There is no file called "fhloaderparse.py" inside "Loaders" folder.
It's also missing in bkerler/Loaders.
it is somehow removed from github
this commit is the last including it
https://github.com/bkerler/Loaders/tree/9b90b81
edit: lol it's still there in edlclient/Tools but without .py suffix
that's why the setup.py is needed, it will install the scripts right in environment so fhloaderparse is in $PATH already
this is new usage
Code:
mkdir ~/tmp
cd edl
cp -v prog_emmc_firehose_8953_ddr.mbn ~/tmp
fhloaderparse ~/tmp Loaders
_____________________________________________________________________delete___________________________________________________________________________

Categories

Resources