I am dealing with a large number of SM-T530 tablets and a some of them have been showing signs of memory corruptions after a few months of usages. The symptoms varied from:
Stuck at first samsung logo, then going to Download mode with "emmc read failed" error
Stuck at second samsung logo
Not charging, not switching on (dead)
Sending the devices to Samsung service, they said it requires motherboard replacement
Examining the devices that are still switching on, by going to recovery mode, I found the data partition corrupted (lots of IO errors)
As for the dead devices, I was able to boot them off an external SD-card, and by examining the internal EMMC I found the bootloader partitions corrupt. In some cases I was able to rewrite those partitions via dd or odin, and the devices are back working, in other cases they became not even writable (IO error), although I was able to reflash other partitions on the same EMMC (recovery, system ..etc).
Another interesting find is about the devices which had only the userdata partition corrupt (stuck at second samsung logo), I changed the system to mount userdata to an external Sdcard partition, which means all future writes were going to the external SD card. Yet, after a while their bootloaders still got corrupted badly (not writable). I initially thought maybe there were too many writes into userdata that is shortenening the EMMC life, but this should discard that assumption.
I've done a lot of research (very useful information by @Oranav @E:V:A @Entropy512 @Hashcode @danarama @sfhub)and the closest symptoms I've come to is the description of Samsung eMMC secure erase bug/ Superbrick bug
This bug results in damage to wear leveller internal data structures when a secure erase command is issued to the chip when the wear leveller is in a particular state. The issue manifests itself as the chip locking up whenever an attempt is made to access regions that were near whatever region was erased. This is why some users had hardbricks (damage hit the bootloader) but others only found /data inaccessible. Once damage occurs, the only way to repair a device is a motherboard replacement. Not even JTAG can fix these devices -- hence the term "Superbrick".
Click to expand...
Click to collapse
But I do not think it's the case because:
- The device does an OTA update in recovery just once, and the update binary only executes a delete_recursive command, and the device is used fine for several months afterwards.
- During the usage, the device never does an OTA update, and never goes into recovery mode again, so unless android automatically issues a secure erase for some reason, then it never happens
- The EMMC model is a Toshiba, which in fact is listed in the same section as non affected by the bug
The EMMC name is 016GE2 (Toshiba), which supposedly is not affected. I'd appreciate ANY helps or pointers to how to diagnose this, or how to even manually reproduce the problem on working devices.
These are Qualcomm MSM8226 devices, which means they go to QDL mode when they're dead and connected via USB, in case there is something to do from there.
t,
Thanks for confirming a debrick image will function :good:
okay, the sm-t530nu && sm-t330nu are both Model: MMC 016GE2
From what i can see so far this could be "fixable" via firmware maybe,
I have both these tabs and abuse them heavily, so thoughts are, firmware version, could be something app-related skunking data partition,
the devices may need /data partition reformatted through a recovery. If you did make the jump to LP that could be more likely, as well as incompatible data leftovers from previous api level. Take one of the dead ones and start by wiping/reformatting data through recovery and work from there, reinstalling your apps with no "leftovers" and so on and so forth.
m
if it is the chip itself then the tab is probably doomed.
This does seem to be more than likely a firmware issue...
eMMC sudden death research
also this http://forum.xda-developers.com/showpost.php?p=38112844&postcount=79
On
I've done a lot of research and the closest symptoms I've come to is the description of Samsung eMMC secure erase bug/ Superbrick bug
Click to expand...
Click to collapse
kernel patch does appear to be present in the LL kernel source releases so should be sorted in LP 5.x firmware
moonbutt74 said:
f you did make the jump to LP that could be more likely, as well as incompatible data leftovers from previous api level. Take one of the dead ones and start by wiping/reformatting data through recovery and work from there, reinstalling your apps with no "leftovers" and so on and so forth.
Click to expand...
Click to collapse
So far all bricked devices happen to be 4.4.2. I have not yet seen it on LP, but then only very very few of them are on LP and haven't been in use long enough.
moonbutt74 said:
kernel patch does appear to be present in the LL kernel source releases so should be sorted in LP 5.x firmware
Click to expand...
Click to collapse
Can you point to where it is in the kernel source? So far all fixes in kernel that I've seen target only specific chips by name, and 016GE2 is not there. I mean if it's the same problem as those Samsung EMMC chips, I believe it it has only been fixed for those Samsung chips, right ?
t,
okay from my git master branch for SM-T530_EUR_LL
drivers/mmc/card/block.c @ 2874-2876 , @ 3249 , and look at static const struct mmc_fixup blk_fixups[] = from 3252 onward
if this is what's going on i suppose you need the value for MMC_QUIRK_INAND_CMD??
and the correct id for the chip, it lloks to be something like this maybe?
Code:
MMC_FIXUP("MMC[COLOR="Red"]???[/COLOR]", CID_MANFID_TOSHIBA, CID_OEMID_ANY, add_quirk_mmc,
MMC_QUIRK_BLK_NO_CMD[COLOR="Red"]??[/COLOR]),
That appears to be the meat of the patches you originally pointed to.
and from include/linux/mmc/card.h#L367 @ 367 #define MMC_QUIRK_SEC_ERASE_TRIM_BROKEN (1<<10) /* Skip secure for erase/trim */
also about three lines up you may need an entry to match correct CMD##
Code:
#define MMC_QUIRK_INAND_CMD38 (1<<6) /* iNAND devices have broken CMD38 */
#define MMC_QUIRK_BLK_NO_CMD23 (1<<7) /* Avoid CMD23 for regular multiblock */
not so sure about it though.
The 016GE2 is apparently Toshiba, so maybe something like
Code:
MMC_FIXUP("MMC16GE2", CID_MANFID_TOSHIBA, CID_OEMID_ANY, add_quirk_mmc,
MMC_QUIRK_BLK_NO_CMD??),
i'm not sure how to find CMD##
LP runs pretty good, although with the date of these patches this was probably present in the KK source as well but didn't address this device.
tgalal,
I have a SM-T331 tablet that just died. Can you explain me how did you booted your dead devices from an external SDHC?
I had the same answer from Samsung service: the motherboard must be replaced (almost the same price of a new device)
Thanks!
tgalal said:
I am dealing with a large number of SM-T530 tablets and a some of them have been showing signs of memory corruptions after a few months of usages. The symptoms varied from:
Stuck at first samsung logo, then going to Download mode with "emmc read failed" error
Stuck at second samsung logo
Not charging, not switching on (dead)
Sending the devices to Samsung service, they said it requires motherboard replacement
...
As for the dead devices, I was able to boot them off an external SD-card, and by examining the internal EMMC I found the bootloader partitions corrupt. In some cases I was able to rewrite those partitions via dd or odin, and the devices are back working, in other cases they became not even writable (IO error), although I was able to reflash other partitions on the same EMMC (recovery, system ..etc).
...
Click to expand...
Click to collapse
I have a huge query. I have a ZTE Maven 3 which I bought second-hand, which luckily came blocked from the signal, rather, that I could only have the At & t sim, try to unlock it anyway but fail, I made a guide that is here to root and in the end, when I did it now, the wifi did not work for me, then I tried to flash it, with a firmware that I saw here, but my sister interrupted it when it was in process, and I tried to unravel it, without any success, now, I bought a new phone of the same model but now unlocked, which I want to copy the firmware, to be able to repair the other and recover the money spent having to buy another. Has anyone been able to do it? I know what could be done on other models with the snap dragon processor, putting it in Qualcomm HSDLoader 9006 mode but I don't know how to do it.
How can i boot the shield (2017 16GB) into apx / rcm mode?
i have the same question. My intrest is more in tinkering with the tegra x1 in order to get a different root solution not contingent on nvidias closed source crap. I'm running a 2015 foster model and it is getting increasingly difficult to find tutorials on that system specifically with the newer updates. +i am interested in learning the process to exchange the hdd and mopy and manipulate the widevine keys that don't work on mine after the forced 7.2.3 update that occured with all update sofware removed from my system that also fried my controller with a botched firmware update that is blacklisted and not mentioned on the internet except people asking and all replies deleted. you know general unfettered access to the system without the bootloaders say so .
I am looking for a professional who can re-program my Samsung s10+
Apparently a tool is needed which not everyone has, so called Jtag.
my initial issue is posted here:
Samsung S10 + bootloop ERASE FAIL: READ ONLY
Samsung S10 + SM-F975F/DS IMEI stating Taiwan (Update: Very contradicting information if the phone is Snapdragon OR Exynos) if it even matters to solve the issue I dont know Owner of the above since 2019 without issues; USB debugging mode...
forum.xda-developers.com
snakebite3 said:
I am looking for a professional who can re-program my Samsung s10+
Apparently a tool is needed which not everyone has, so called Jtag.
my initial issue is posted here:
Samsung S10 + bootloop ERASE FAIL: READ ONLY
Samsung S10 + SM-F975F/DS IMEI stating Taiwan (Update: Very contradicting information if the phone is Snapdragon OR Exynos) if it even matters to solve the issue I dont know Owner of the above since 2019 without issues; USB debugging mode...
forum.xda-developers.com
Click to expand...
Click to collapse
Bro, even I have Jtag, but still can't help you because I will need the device WITH me in order to use Jtag. By the way, are you sure that you need Jtag since if the issues is not related to re-programing the bootloader itslef, then Jtag have nothing to do with it.
seams like I lead to confusion of which I have barley any knowledge.
All I know is that ODIN firmware flash didnt work and upon the 3rd repair company said that they cant fix it but several people said that EMMC needs reprogramming but some kind of tool is needed of which I related to JTAG. my issue is here https://forum.xda-developers.com/t/samsung-s10-bootloop-erase-fail-read-only.4260661/\
of which we are 2 people with the identical issue
Got sloppy with a brief return to stock to reprovision my sim card. When going back to a custom rom I managed to run the copy script from the wrong slot. My problem lies with getting a working blankflash. It seems those customer hating folk over at Lenovo keep revoking firehose files. I'm looking for ideas on solutions. Can't get to telegram because my phone is dead. I'm very good with computing but haven't learned how to build a singleimage file yet and how flexible the firehose is for using different models, mine is xt1962-1 (us retail, amazon, in case I'm chasing after the wrong device). Any pointers or links greatly appreciated.