Related
Some basics - About bootloader, kernel, recovery, rom, /system and some other partitions.
There are many noobs out there and sometimes even I am one. Two days ago @Closed Force asked me, where I know my stuff from and why things are like they are... So I finally decided to write this little guide about how Android devices basically work and what are the special things about our G2.
If you find wrong facts or any other mistakes (grammatical, language, contentwise), please bear with me. That's how I read it in the forums. And of course not everything written on XDA is correct. So please tell me by PM, or by posting in this thread if you have additions, corrections or any other concerns about this OP.
Where I got to know all this stuff? Reading, reading, reading. I first started modding my old HTC desire like 4 years ago. Since then and even before I'm reading. Mainly here on XDA but also on some german forums and wikis. It might have taken me easily 200 hours or more. So the only way to learn for a newbie (and everyone else too) is reading.
Personally I own a D802 variant. I know about some things that were different in details for the US variants, but things should be right as they are.
Finally thanks to
@d00lz for some extra research/additions and a quick read through.
@Art Vanderlay for some additions.
So let's get started:
When you press the power button, your device will load the Bootloader. The Bootloader afterwards wil load either the Recovery Image (recovery.img), the Kernel (boot.img) or the Download Mode Bootloader (laf.img), depending on the keys you press. At the moment there are three different bootloaders; The Jellybean one, the KitKat one, and the new Lollipop one. Not one of these Bootloaders can be unlocked yet, so there are workarounds which allow us to boot custom ROMs (specifically Kernels, but more about that later) and custom Recoverys. At the beginning there was the Jellybean Bootloader. The Developers (sorry, I don't know which ones) found out how to get around the locked Bootloader pretty early. They called this workaround Loki. It's intergrated into nearly every ROM except the ones which require the KitKat Bootloader (but that's usually not the reason they don't support the JellyBean one). Anyways, soon the KitKat update came and so did the new KitKat Bootloader. Sadly, LG patched the Loki exploit with this new update. However, the Developers found a new way to get the Bootloader booting files which weren't signed by LG. They called this workaround Bump. Bump basically imitates the LG signature so the bootloader thinks this file was really signed by LG. Obviously this workaround works with the JellyBean Bootloader too. In the Lollipop Bootloader this exploit has been closed and no one knows how to get around the new Bootloader, yet. In conclusion to Bootloaders, as long you have a working Bootloader, your device is not dead. You can usually recover it in some way.
The G2 has about 30 partitions (for a more detailed explanation, look here, thanks @d00lz). Each partition has its own purpose. One of them is the Recovery partition. Imagine: A Recovery partiton and a working Bootloader are everything you need to keep your phone working. It's kind of an Operating System in itself, completely independent from Android or anything else stored on your Mobile. The great thing about the Recovery partition is that it's so small that it can be run directly in the RAM. This means it's capable of modifing EVERY goddamn partition on your Mobile, including the Bootloader and the Recovery partition itself (means you can flash a new recovery.zip in your current recovery). Attention: if you are using the Recovery with a 4.4 KitKat Bootloader, it needs to be a Bumped Recovery. If it isn't bumped the Bootloader realizes that the Recovery is not genuine and generates a "Secure Boot Error".
Same thing goes for the Kernel. The Kernel is located in your /boot partition (found gzipped inside your boot.img) and is loaded by the Bootloader when you only press the Power Button and you let your Mobile boot normally. This is the reason why your Kernel also needs to be Bumped if you want to get your system booting on a KitKat Bootloader. When 4.4 KitKat came out, most Developers switched over to using LG's 4.4 KitKat sources for their projects. After a while it was realized that 4.2 JellyBean sources were a lot more reliable for AOSP baed ROMs. This is why most AOSP ROMs use the 4.2 JellyBean Bootloader and the 4.2 JellyBean Kernel sources while Stock based ROMs use the 4.4 KiKat Bootloader and 4.4 KitKat Kernel. There are different Kernels for AOSP ROMs and for Stock based ROMs. This is because Stock Kernels support some ROM functionalities that AOSP ROMs don't have, for example; Knock Code. (Note: Knock Code isn't open source, which is also another big reason why it isn't available for AOSP ROMs.) So there are huge differences between Stock and AOSP based ROMs/Kernels. The Kernel (without factoring in the AOSP and Stock issue) can be switch at anytime you want.
Now about the /data partition... All your personal stuff, including Apps, System Settings, App Data and so on will be stored there. The reason why you should clear it every time you change the ROM is that there are many variables set by the ROM you are coming from. Your current ROM may have some tweaks the new one doesn't have which means the new ROM doesn't know how to handle them which leads to crashes and instability.
Now let's get to the ROM... Having a 4.2 JellyBean Bootloader and a 4.2 JellyBean Kernel doesn't mean the top layer has to be 4.2 too. Most of the AOSP based ROMs are based on Googles KitKat or Lollipop sources. And this is true KitKat or Lollipop, with all its functionalities. Those huge version differences cause some problems in development. No wonder some things do not work properly today, but it's still the best working combination at the moment. It's kind of a wonder how it works as it is, but let's be happy with it. I'm very curious how AOSP ROMs with Lollipop Kernel sources will work. Your ROM and your entire existing Operating System is found in the /system partition. This is why it's the main partition which is modified while flashing. Which partitions will be modified and (how) is written in the updater-script file of the file you're going to flash. Theoretically, running a updater-script of a ROM which changes the Bootloader (/aboot partition) can brick your device. That's also the reason why you should only flash stuff made for your device only!
As already said an updaterscript can modify every partition through the recovery. All ROMs bring their own kernel, so you basically don't have to care about it, except you want to use a non-bumped ROM (with kernel) together with the KitKat bootloader.
Finally something about the baseband/modem (these terms are interchangeable). I noticed that the Developers or rather the Original Posters sometimes don't know which baseband the user should use with the ROM. In earlier days the wrong baseband could make the ROM bootloop. Today most ROMs work with most basebands. It's obviously best if you stay on the one you currently are on and just flash another one if something doesn't work (auto-rotation for example). The baseband can be flashed at any time and is on it's own partition.
Okay Download Mode time. It's part of the laf partition (laf.img). This partition is used by LG and it's PC software to recover the phone and bring it back to Stock. It's a partition in itself, but not completely independent of the Bootloader. It's because of this that you can of course have a fully working Bootloader, but a dead Download Mode. This means you will not be able to flash a .KDZ/.TOT file the next time you are in big trouble! ^^
Okay to wrap up I should mention the EFS partition. The EFS partition stores your device's IMEI (and the serial number as far as I know) of your device. NEVER wipe it. With a empty EFS partition you can use your mobile as a brick, ok maybe you can use it as a media tablet, but that's it (WiFi still works, @Art Vanderlay tested; see below).
Again: if you got questions/additions/correction or see a mistake, post below, or PM me, I'll edit this post...
reserved
Great post. A thread like this should be the first thread you read as soon as you enter the LGG2 sub forum.
Expect a private message soon.
Also, reserved for possible future additions .
d00lz said:
Great post. A thread like this should be the first thread you read as soon as you enter the LGG2 sub forum.
Expect a private message soon.
Also, reserved for possible future additions .
Click to expand...
Click to collapse
And you could modify your signature now^^
Sunandroid said:
And you could modify your signature now^^
Click to expand...
Click to collapse
Nice write up Sunny. You can credit Dan Rosenburg for creating loki. I can also confirm that wifi still works without modemst1 and modemst2 aka efs. My phone suffers for this thread.
@Sunandroid
Perfect! This was all I was looking for. Now I finnaly understand how my G2 works and I'll most likely not need to ask more "noob questions" in this matter.
But I would like to ask some questions because I've left with doubts after reading the OP.
As long as I have /recovery/ and /aboot/ working, I can recover my device exclusively with software. Is this right?
I've concluded that you need /aboot/ to be able to enter in /recovery/ and with recovery you can mess up with any other partition.´
How can I tell if /modem/ found here is compatible with my device? Are all /modem/ partitions the same in the same models? For example, I'm from Portugal so I have a Portuguese D802 LG G2 (if I type its IMEI in a site, it recognizes it as portuguese). If I flash a German D802 modem or English or even American, considering that they are all from D802 would they work flawlessly with my device?
Why does /modem/ cause auto-rotation to work? What exactly is /modem/?
I have a backup of all the partitions in my laptop (made via TWRP). But what happens if I accidentaly lose my /efs/ partition? Can I flash another phone's /efs/?
Rayaxe said:
@Sunandroid
Perfect! This was all I was looking for. Now I finnaly understand how my G2 works and I'll most likely not need to ask more "noob questions" in this matter.
But I would like to ask some questions because I've left with doubts after reading the OP.
As long as I have /recovery/ and /aboot/ working, I can recover my device exclusively with software. Is this right?
I've concluded that you need /aboot/ to be able to enter in /recovery/ and with recovery you can mess up with any other partition.´
How can I tell if /modem/ found here is compatible with my device? Are all /modem/ partitions the same in the same models? For example, I'm from Portugal so I have a Portuguese D802 LG G2 (if I type its IMEI in a site, it recognizes it as portuguese). If I flash a German D802 modem or English or even American, considering that they are all from D802 would they work flawlessly with my device?
Why does /modem/ cause auto-rotation to work? What exactly is /modem/?
I have a backup of all the partitions in my laptop (made via TWRP). But what happens if I accidentaly lose my /efs/ partition? Can I flash another phone's /efs/?
Click to expand...
Click to collapse
Glad I could help you this way...
about /aboot and /recovery: yes you are right. It is even better, if you have an intact laf too. That's the download mode. But as long the other two work, you can fix the laf partition easily. But if you get into the situation, that only those two are working, better don't flash a bootloader (=/aboot). If it's the wrong one your device is bricked.
Aboot is the key to your device. Everything else is fixable. At least with a little bit of knowledge and time. But better don't try it out.
No, the modems are not all the same. There are (sometimes depending on the branding) extremely small differences between the basebands/modems. I personally never had the problem, that I couldn't get any connection at all. But that's not fatal. Just flash another one and try again if it works. Btw: I once made a test in some german forums with different KK basebands. I'm not sure anymore, but the differences were minimal and I think killed my connection totally.
If you loose your efs stuff, your device is a brick with extended functionalities. The IMEI and some other data stored in the efs partition is worldwide unique. So you can't just pick the one of another phone (except the other G2 is bricked or whatever). You need the IMEI for general network connection. So it will still boot up, but you won't be able to text or call anyone with this phone.
Okay ^^
So this is a full backup of all the needed partitions right? http://prntscr.com/76edu4
Should I convert these files to something like .img to be able to flash in the phone just in case I get something that disables my TWRP access?
Rayaxe said:
Okay ^^
So this is a full backup of all the needed partitions right? http://prntscr.com/76edu4
Should I convert these files to something like .img to be able to flash in the phone just in case I get something that disables my TWRP access?
Click to expand...
Click to collapse
Yeah, I guess so. As long as you ticked everything when you backed up (with blastagators TWRP!; the official one doesn't allow to backup the efs stuff), this should be fine.
Well you could. But tbh I have no idea how to convert those files into .img files. But it isn't necessary anyways: It's unlikely that you loose the efs data on your phone unless you brick it somehow. If the phone stays recoverable, The first thing you are going to do is: flashing bootloader, laf and boot.img. Then you will go back to stock through the download mode. Once you've done this it's an easy one to install twrp again and restore the efs backup. No one is gonna flash ~32 partitions by hand. There are "easier" and more usefull ways to recover the device.
Oh and btw: no backup contains the bootloader, laf and boot (recovery developer don't implement this for some reasons). But this doesn't matter. The only thing you really need is the efs backup (which partitions exactly you can see here). Everything else isn't unique and can be extracted out of kdz files and restored this way.
Edit: the two partitions mentioned here are
Sunandroid said:
Okay Download Mode time. It's part of the laf partition (laf.img). This partition is used by LG and it's PC software to recover the phone and bring it back to Stock. It's a partition in itself, but not completely independent of the Bootloader. It's because of this that you can of course have a fully working Bootloader, but a dead Download Mode. This means you will not be able to flash a .KDZ/.TOT file the next time you are in big trouble! ^^
Click to expand...
Click to collapse
My PC doesn't install any driver when my phone is on download mode,
On recovery mode (twrp) i have MTP access but on download mode i'm not having any access,
does that mean my download mode is dead?
GoPogoOreo! said:
My PC doesn't install any driver when my phone is on download mode,
On recovery mode (twrp) i have MTP access but on download mode i'm not having any access,
does that mean my download mode is dead?
Click to expand...
Click to collapse
This has nothing to do with this thread here. The issue is different. But I have no clue what it might be... If I can elaborate a maybe working answer I'm gonna answer you in the noob thread.
Sunandroid said:
This has nothing to do with this thread here. The issue is different. But I have no clue what it might be... If I can elaborate a maybe working answer I'm gonna answer you in the noob thread.
Click to expand...
Click to collapse
Oh btw i tried your (noob friendly) no download mode, no recovery mode ..... using slax,
when i typed ls /dev/sd* it's only showed my PC (only one sda) and there is no sdb, not even one
Weirdly i can access TWRP, but i can't make any custom rom boot,
Man this is frustating
I have a phone, G2 D802 Int., which probably has a corrupt EFS partition. I guess the owner broke it flashing incompatible things into it. As a result of the corruption, ESN/IMEI is lost. It shows null. But very interestingly, the EFS partition mustn't have been wiped because by chance of a boot among a hundred, it shows up the ESN. If by chance you come across to ESN, everything operates normally. And if you reboot the phone, ESN is gone again..
I managed to make recovery work again, by upgrading the phone to lollipop. (It was another time I came across ESN.) But no download mode, USB is never identified (unkonwn usb device), USB modes cannot be changed, unless by chance you come across, USB debugging is no more either.
I was thinking to backup some necessary partitions from a working phone of the same variant, but since it's "unknown device", I cannot query it as a disk. Neither it works in Ubuntu. ls /dev/sd* doesn't show the phone. It even doesn't show the working phone.
Any idea about how I can fix the corrupted EFS partition?
pisisler said:
I have a phone, G2 D802 Int., which probably has a corrupt EFS partition. I guess the owner broke it flashing incompatible things into it. As a result of the corruption, ESN/IMEI is lost. It shows null. But very interestingly, the EFS partition mustn't have been wiped because by chance of a boot among a hundred, it shows up the ESN. If by chance you come across to ESN, everything operates normally. And if you reboot the phone, ESN is gone again..
I managed to make recovery work again, by upgrading the phone to lollipop. (It was another time I came across ESN.) But no download mode, USB is never identified (unkonwn usb device), USB modes cannot be changed, unless by chance you come across, USB debugging is no more either.
I was thinking to backup some necessary partitions from a working phone of the same variant, but since it's "unknown device", I cannot query it as a disk. Neither it works in Ubuntu. ls /dev/sd* doesn't show the phone. It even doesn't show the working phone.
Any idea about how I can fix the corrupted EFS partition?
Click to expand...
Click to collapse
I luckily never had to try it, but scroll down a bit over here: http://www.droidviews.com/how-to-backup-and-restore-lost-imei-on-lg-g2/
I wish you luck!
Sunandroid said:
I luckily never had to try it, but scroll down a bit over here: http://www.droidviews.com/how-to-backup-and-restore-lost-imei-on-lg-g2/
I wish you luck!
Click to expand...
Click to collapse
Yes I know that, but since I cannot take the device to USB debugging mode, it's not the first step I could take. "USB device descriptor is failed", this is what I get when I plug the phone.
pisisler said:
Yes I know that, but since I cannot take the device to USB debugging mode, it's not the first step I could take. "USB device descriptor is failed", this is what I get when I plug the phone.
Click to expand...
Click to collapse
So what is the current state of your phone? You have twrp installed. Can you push stuff through adb when you are in the recovery (this is pretty important, since we maybe can fix the download mode this way)? Does it boot into android?
@Sunandroid, device operates normally except the voice call & data, since these depend on IMEI. The phone boots normally, and everything is working, only the IMEI shows as "null". Additionaly, cannot enter to download mode, no recovery installed, original recovery is working, which is used to do a factory reset only. No USB debugging, it says "USB device descriptor failed". Thus no adb.
pisisler said:
@Sunandroid, device operates normally except the voice call & data, since these depend on IMEI. The phone boots normally, and everything is working, only the IMEI shows as "null". Additionaly, cannot enter to download mode, no recovery installed, original recovery is working, which is used to do a factory reset only. No USB debugging, it says "USB device descriptor failed". Thus no adb.
Click to expand...
Click to collapse
From what I've read about this issue (device descriptor...) just now, it is not software but hardware related.
I've heard of people solving that issue but I couldn't manage to do. Gave the phone to my customer back after 4 days. Importer service put the phone out of warranty and offered him a motherboard replacement for 75 $ and it's pretty fair I think. After all it comes funny when he says he's gonna file a case about returning the phone and take his money back. Well, it's up to him to end up with nothing in hands after months of waiting for a case.
Shortly, this file has been closed without a reasonable solution.
Thanks for your effort @Sunandroid.
pisisler said:
I've heard of people solving that issue but I couldn't manage to do. Gave the phone to my customer back after 4 days. Importer service put the phone out of warranty and offered him a motherboard replacement for 75 $ and it's pretty fair I think. After all it comes funny when he says he's gonna file a case about returning the phone and take his money back. Well, it's up to him to end up with nothing in hands after months of waiting for a case.
Shortly, this file has been closed without a reasonable solution.
Thanks for your effort @Sunandroid.
Click to expand...
Click to collapse
Glad to hear that. Hitting the thanks button doesn't hurt.
These are the Folders & Files I used in the DE-HARD-BRICKING of the Verizon variant of the LG G4. The word out on the streets is that plenty of infected Qualcomm tools have been floating around, so I decided to share with the XDA community, as far as I know, the most recent and infection free versions that really work. I can feel for the ethical hackers out here that need to get things done with the peice of sound mind that there is nothing involved that may risk their machines security or waste time with tweaked versions that wont work for some reason or other. About the Firehose, Raw, & Patch... These are THEE ones for vs986 & ls991. I DO NOT KNOW if they will work with any other variants, although, I SUSPECT that they may work with all G4's. On the other hand . . . they very well may not. AGAIN, I DO NOT KNOW. Only vs986 & ls991 are confirmed. I am looking for HardBricked G4 owners to use these with non-confirmed variants to establish a consensus of statistics to universally root the G5 using Qualcomm Utilities. I know, Iknow. eMMc & UFS are different, Bro. BLAH! Blah! BlAh! I'm only asking for volunteers whom have a G4 in the 9008 coma and have nothing to loose. If somebody knows something that I don't, that can convince me I'm wasting my time, I am open to "practical reason". or if somebody knows that these DO WORK for all G4 models on all Android LP & MM, then this I'd also like to know also. Misdirection shan't be tolerated. MY un-bricking method is posted here
DriverPack>https://drive.google.com/file/d/0B41ACD_ESYnHQU1qSnVlVXhORjA/view?usp=sharing
G4BootRepair>https://drive.google.com/file/d/0B41ACD_ESYnHQy1sY0paaWYwQUU/view?usp=sharing
method>https://forum.xda-developers.com/g4/help/lg-g4-vs986-super-hard-brick-unbrick-fw-t3666784
QPST>https://drive.google.com/file/d/0B41ACD_ESYnHemxoOEdGVFVOVUE/view?usp=sharing
QFIL>https://drive.google.com/file/d/0B41ACD_ESYnHRG4ta2ZZMFVtcW8/view?usp=sharing
Driver Enforcement>https://drive.google.com/file/d/0B41ACD_ESYnHWWY4Rm1GelZZZ2c/view?usp=sharing
I'll be putting together a more detailed tut. if I feelm it's needed. but for now I'm assuming most of us are pretty far along. A big thank You to TheMadScientist for being the first volunteer of the G5. MODs , if this needs to be moved feel free.
CAN'T FORGET TO MENTION THIS GREAT WORK OF ART https://forum.xda-developers.com/showthread.php?t=2600575 & * USE BOARD_DIAG-2.99 FOR TOTS
There are things which are important when it comes to using this method
first of all there are no infected files out there. at least none I'm aware of and you can believe me I know a little about this topic.
the next thing is that it highly depends on what files you are using because they are device specific! I don't say they would not work though but they will make your phone a different one.
there is NO universal one package available to unbrick all device models with the same files! This is just imposssible.
There is one method available which is able to convert any G4 and for this just check my PoC thread in the G4 forum.
It's not possible to make all this without device specific files because you flash parts of the bootloader stack and those are always device specific.
I haven't looked into your files here yet but when they work for both device models then your files are converting ones which means either it will convert to ls991 or it will convert to vs986 depending on what files you have. I strongly believe you have those for the ls991.
I can say that I have all of them and I investigated then in deep.
There are some rare for ex for the H815 which work without converting and without blowing the fuses. But there some named as h815 but containing converting to ls991.
Keep in mind that converting a device this way may be irreversible depending on the files used.
If you blow efuses you're lost and its not possible to have your previous device model back again. Well ok when you buy a new mainboard then.. But that's the only way.
I just want to warn users especially bc I'm working on a safe way for converting a device forward and backwards.
When you have a vs986 and used that method: you should bring your device in fastboot mode. Check the serial. Does it starts with LGLS991....? Then you converted the device.
sfX
Sent from my LG-H815 using XDA Labs
Well put.I agree with every thing you mention. Although the end result I'm achieving is download mode to flash the correct FW that matches the board. This is why I only use the files related to laf and take notice that I am not including the boot.IMG because that would essentially be a game changer like you said. I personally am not interested in converting carrier variants.
I'd like to add, I have personally used these firehouse ,raw, & patch on both sprint and Verizon g4's to handle 9008 bricks. I just don't have in my possession an AT&t or TMO to try these files with. If anybody has an AT&T or TMO G4 that is 9008 bricked and would like to attempt something they have not tried yet. Do Not include any boot.IMG in the created recovery folder that is to be flashed. We are achieving download mode. That's it. To be able to use LGUP TO FLASH kdz or tot.
ls991 "Download Mode" recovery image
I have taken this https://drive.google.com/file/d/0B41ACD_ESYnHa3pIQlFLYUttdzg/view?usp=sharing and simply relaced sprint stuff with verizon stuff. maybe I should rename my thread from "unbrick " to "recover download mode".
If when
If when I flash the ls991 recovery folder to vs986 in QFIL, fastboot is acheived and the command prompt window report back as my verizon with the correct serial number. maybe this info can be useful to you, I hope. Because I change carriers more than I change devices and the crossover is a major PITA.
gratefuldeaddougie said:
If when I flash the ls991 recovery folder to vs986 in QFIL, fastboot is acheived and the command prompt window report back as my verizon with the correct serial number. maybe this info can be useful to you, I hope. Because I change carriers more than I change devices and the crossover is a major PITA.
Click to expand...
Click to collapse
What do you see in fastboot? Can you make a pic for me?
Sent from my LG-H815 using XDA Labs
I can not today. As I have sold the vs986 but am receiving 2 more bricked vs986's this week. I will post a pick. Pic of phone or PC cmd window? Which is of interest. Just curious although I'll post both.
gratefuldeaddougie said:
I can not today. As I have sold the vs986 but am receiving 2 more bricked vs986's this week. I will post a pick. Pic of phone or PC cmd window? Which is of interest. Just curious although I'll post both.
Click to expand...
Click to collapse
no just a photo of the fastboot screen is enough. thx
btw: the download you link in your OP does not contain any image files - only the XMLs and the firehose?! or do i miss something here?
thx
sfX
I wanna jump on the hard brick train
Just everybody remember improper use or jumping the gun can lead past hard brick to totally unrecoverable device seen it happen a many times.
Ready Set Go
Before I begin, In reference to infected files, there are many discussions such as this https://forum.xda-developers.com/g4/help/mbn-msm8992-qpst-2-7-430-unbrick-g4-t3292097 Today I received a vs986 that as of first connection does not appear in device manager. I'm gonna be reviving it regardless of what it may needs. It's 98% cosmetically and I got it for $29 and I love doing this. the process will be documented and posted. And most of all I'd like to thank TheMadScientist & steadfasterX for their inspiration or I wouldn't be doing this. Let's cross are fingers and hope for a 9008 brick. I'll force QDloader mode with test points and screenshot the device manager and go from there. If a hardware issue is present then I will deal with that deck of cards first. Until then. . . . . . . . .. .
@ steadfasterX
Maybe I assume too much. I imagine that those who have made it this far are aware of the fact that they should have a copy of the firmware version they bricked on. At least as the bare minimum to get started with. Be back tomorrow with the results.
Having trouble?
https://drive.google.com/file/d/0B41...ew?usp=sharing Extract folder / Move folder into QFIL folder as a folder not as individual files / load the firehoseprogrammer, patch, & raw / Flash / Remove battery / insert battery / hold volume up and plug in at same time until "download mode" appears on device / wait for drivers to install ? flash vs98627C.kdz with LGUP.
This will only work if the device bricked on 27C or earlier. If you know what FW version you bricked on the extract that FW and replace the appropriate files in the recovery image folder. (for ls991 sprint>https://drive.google.com/file/d/0B41ACD_ESYnHa3pIQlFLYUttdzg/view?usp=sharing
i have my g4 on 28a so it means is not possible yet with mine ? :S
This guy figured it out back in May. Exactly the method I used. Here is his guide> http://forum.gsmdevelopers.com/showthread.php?t=28897&highlight=VS986+REPAIR I can now confirm this works only with the files from the version of FW that the device bricked on. .
28a kdz mega link
gustax said:
i have my g4 on 28a so it means is not possible yet with mine ? :S
Click to expand...
Click to collapse
https://mega.nz/#!blN0UCRB!OqJbq776ePL_PNBjzzooGU8kwTPWLAHNyXQz52TxovI
I HAVE TRIED TO EXTRACT THE FILES FROM FW 28A WITH WindowsLGFirmwareExtract-1.2.5.0, I CAN EXTRACT THE DZ FROM KDZFILE BUT WHEN I TRY TO EXTRACT THE FILE FROM DZ, THE SOFTWARE CRUSHED, I HAVE TRIED WITH WINDOWS 10 AND WINDOWS 7 AND THE SAME ISSUE. THE KDZ IT IS OK BECAUSE IT IS THE ONE I USED TO UPDATE MY PHONE
COULD YOU HELP WITH THIS
i downloaded the fw 27c and tried to extract the dz and happened the same issue, so i guess the problem is te software, but i dont know what a i need, any advice?
gustax said:
i downloaded the fw 27c and tried to extract the dz and happened the same issue, so i guess the problem is te software, but i dont know what a i need, any advice?
Click to expand...
Click to collapse
I will try the extraction on my PC. I have learned something about this method this weekend. This is a one time shot. After the second attempt the device blows a fuse. I believe the firehose programmer is the same, but, the raw & patch files are specifically for the sprint. I think I may have permanently bricked a device attempting to re-create the scenario in which I was successful with during the first go at it. I'm gonna look at the 27C.kdz real quick
I am having trouble finding a root method for this phone
, Or even just some news about development. Anyone point the way?
i have the same question. Anyone have any information?
It's kinda like a bum deal right now. I got two ZTE devices no root. Upset I can't disable all these google apps
Sent from my Z971 using Tapatalk
Same. Waiting for ZTE 971 root.
What is needed to get the process started to Root the ZTE Blade Spark z971
CharmedWhovian said:
What is needed to get the process started to Root the ZTE Blade Spark z971
Click to expand...
Click to collapse
Nobody knows yet
Sent from my ZTE Z971 using XDA Labs
Anybody has ROM or smth else for this phone?
Frp for blade spark?
I have had now about 4 or 5 newer ZTE phones. What I have come across is that none were able to be rooted. I posted a few requests, no one here took on the task. I don't know if it is that they can't be rooted or its just to hard for someone to do. Either way I have gotten away from buying ZTE phones for this reason.
Did anyone try to unlock the bootloader?
Code:
adb reboot bootloader
fastboot oem unlock
AT&T shows that there have been multiple OTA updates for this phone, and the last one early Jan 2018 was over 500mb. It should not be hard to port TWRP if we have an unlocked bootloader.
https://www.att.com/devicehowto/tutorial.html#!/stepbystep/id/stepbystep_KM1217955?make=ZTE&model=ZTEZ971
sparkie420 said:
I am having trouble finding a root method for this phone
, Or even just some news about development. Anyone point the way?
Click to expand...
Click to collapse
Nope, fastboot is removed on ZTE Nougat devices
It looks like they figured out ways around this for the Axon7, using EDL mode, but I tried a few things (including axon7tool, and the flashable zip to enable fastboot) without any luck.
I'll keep digging but it doesn't look too promising.
ZTE has our kernel sources at http://opensource.ztedevice.com [ZTE Z971 Nougat(7.1.1) Kernel(3.18.31)]
Won't do us much good without an unlocked bootloader though..
Anyone know if you can use MiFlash to flash in EDL mode without an unlocked bootloader?
aslezak said:
Did anyone try to unlock the bootloader?
Code:
adb reboot bootloader
fastboot oem unlock
AT&T shows that there have been multiple OTA updates for this phone, and the last one early Jan 2018 was over 500mb. It should not be hard to port TWRP if we have an unlocked bootloader.
https://www.att.com/devicehowto/tutorial.html#!/stepbystep/id/stepbystep_KM1217955?make=ZTE&model=ZTEZ971
Click to expand...
Click to collapse
TWRP for ZTE 791
Here is a Z971 TWRP I compiled for our device.
Any brave soul want to flash it using QPST or using one of the other methods in this post? Unbrick All Qualcomm
You'll need to rename it to recovery.img first. If you have to choose a firehose, choose prog_emmc_firehose_8917_ddr.mbn
Supposedly you can flash even with a locked bootloader :good:
aslezak said:
Here is a Z971 TWRP I compiled for our device.
Any brave soul want to flash it using QPST or using one of the other methods in this post? Unbrick All Qualcomm
You'll need to rename it to recovery.img first. If you have to choose a firehose, choose prog_emmc_firehose_8917_ddr.mbn
Supposedly you can flash even with a locked bootloader :good:
Click to expand...
Click to collapse
I'll do it man just message me details on how to
I was going to try & backup all the partitions using QPST, but it seems you need to get the phone into 9006 mode. We can only get into 9008 mode [Qualcomm HS-USB QDLoader 9008] with "adb reboot edl" (emergency download mode). Holding down Vol+/Vol-/Power from EDL will get you into yet another mode, ZTE Handset Diagnostic (DFU) mode, but I couldn't figure out how to do anything from here with QPST.
The only way to get the phone into 9006 mode is to brick the bootloader, which I'm not willing to do at the moment. Supposedly you can use the "axon7tool -d" and it will try to write to your bootloader & boot, but it just crashed when I tried to do it.
The other way to get into 9006 mode is to flash an mbn and another file, but I believe those are device specific, and we don't have those..
Anyway, does anyone have a phone that wasn't updated to the latest Z971V1.0.0B20 firmware? It would be nice if we could get that from the /update folder so if we brick, we have something we might be able to flash to recover.
JonnyGrench said:
I'll do it man just message me details on how to
Click to expand...
Click to collapse
I figured out if you put the AT&T SIM card in, then Settings / AT&T Software Update, you will see the Z971V2.0 update & it will download.
I wasn't able to see the update until I put the AT&T SIM card in.
Unfortunately, I was unable to grab the OTA update.
If someone hasn't already updated to the latest software version, if you could "adb logcat -d -f /sdcard/Download/ota.txt" once the download starts, we can probably get the url of the OTA update, then work from there on building a flashable firmware... :good:
aslezak said:
I was going to try & backup all the partitions using QPST, but it seems you need to get the phone into 9006 mode. We can only get into 9008 mode [Qualcomm HS-USB QDLoader 9008] with "adb reboot edl" (emergency download mode). Holding down Vol+/Vol-/Power from EDL will get you into yet another mode, ZTE Handset Diagnostic (DFU) mode, but I couldn't figure out how to do anything from here with QPST.
The only way to get the phone into 9006 mode is to brick the bootloader, which I'm not willing to do at the moment. Supposedly you can use the "axon7tool -d" and it will try to write to your bootloader & boot, but it just crashed when I tried to do it.
The other way to get into 9006 mode is to flash an mbn and another file, but I believe those are device specific, and we don't have those..
Anyway, does anyone have a phone that wasn't updated to the latest Z971V1.0.0B20 firmware? It would be nice if we could get that from the /update folder so if we brick, we have something we might be able to flash to recover.
Click to expand...
Click to collapse
Greetings, i have ZTE blade spark too, as i see, this thread looks like it died very quick. well, i am not a developer but i'll try contacting some developers to check if we can do something. Maybe since they know a lot about it, they can help us to unlock bootloader, etc. I JUST HOPE that this thread doesnt die like the Huawei Ascend XT forums did and the phone couldnt have any custom ROM. The best thing is we have source code (the XT didnt had a good source code or no source code at all) and we can start from that. But we need a good dev to help us, try to contact as many devs as possible too.
Not to discourage you, but the fastboot is "disabled" on all ZTE U.S. devices. You would need to flash using QPST which requires having the correct vendor signed firehose programmer (which isn't available). You could try modifying the ota zip update, if you received one on your phone. You would need to download this OTA update manually before rebooting the phone (to have it installed), otherwise the link will be rolled off the logcat logs.
Good luck.
ensol52 said:
Greetings, i have ZTE blade spark too, as i see, this thread looks like it died very quick. well, i am not a developer but i'll try contacting some developers to check if we can do something. Maybe since they know a lot about it, they can help us to unlock bootloader, etc. I JUST HOPE that this thread doesnt die like the Huawei Ascend XT forums did and the phone couldnt have any custom ROM. The best thing is we have source code (the XT didnt had a good source code or no source code at all) and we can start from that. But we need a good dev to help us, try to contact as many devs as possible too.
Click to expand...
Click to collapse
So I just got this phone and wanted to root and all that like I did my S4. Came here for some help because I am most definitely not educated enough for this. I did have a question though. I see a lot about a locked bootloader but under the developer settings I see "OEM Unlocking Allow the bootloader to be unlocked." The default is off, and I have left it so. Is this anything or am I missing something?
aslezak said:
I figured out if you put the AT&T SIM card in, then Settings / AT&T Software Update, you will see the Z971V2.0 update & it will download.
I wasn't able to see the update until I put the AT&T SIM card in.
Unfortunately, I was unable to grab the OTA update.
If someone hasn't already updated to the latest software version, if you could "adb logcat -d -f /sdcard/Download/ota.txt" once the download starts, we can probably get the url of the OTA update, then work from there on building a flashable firmware... :good:
Click to expand...
Click to collapse
Just got the phone, going to do this. Edit: Total skid here btw. Is it safe to post that file here?
Foggofed said:
Just got the phone, going to do this. Edit: Total skid here btw. Is it safe to post that file here?
Click to expand...
Click to collapse
Hello ? Lol, yeah! Upload it to a good site like Android dev, I'm a lil behind the loop but I'm sure sharing your findings are what's going to lead us into a possibility of getting some Dev love...
Sent from my Z971 using Tapatalk
Hello, thank you very much for reading, I hope you can help me. I need one or more files to be able to recover my phone: Samsung Galaxy S7 Active.
These are the files that I need:
prog_emmc_firehose_8996.mbn (.elf)
rawprogram0.xml
patch0.xml
I do not know if I would also need these:
MPRG8996.hex
rawprogram_unsparse.xml
I think these files are the same as prog_emmc_firehose_8996.mbn (.elf):
8996_msimage.mbn
MSM8996.mbn
How did I make a brick my phone? Installing the first official version:
SM-G891A_G891AUCU1APG7_ATT_Full_Repair_Frimware
Previously I used this version without any problem:
G891AUCS2API2_CL8737252_QB10881022_REV02_user_low_ship_MULTI_CERT
I wish someone could help me, I have read more than 50 pages, but I have not been able to solve the problem.
Please.
Can anybody help me?
hey.... i'm on the same situation..
i need zuk Z2 pro/ prog_ufs_firehose_8996_ddr_zuk.mbn but i only have elf....
it's to remove this stupid frp lock from someone who forgot his first mail... :/
keep going we are going to find out the solution
yakine13 said:
hey.... i'm on the same situation..
i need zuk Z2 pro/ prog_ufs_firehose_8996_ddr_zuk.mbn but i only have elf....
it's to remove this stupid frp lock from someone who forgot his first mail... :/
keep going we are going to find out the solution
Click to expand...
Click to collapse
I hope someone helps us.
HEY!
I found a way!!!
...for me:/
why you want this emmc_firehose_8996.mbn?
actually, i think that you don't need that file especially, it doesn't exist from where i've searched.
if it's to flash your phone all you need is odin and a flashable file of your phone firmware
i had a zuk z2 pro and was locked with frp when i wanted to setup custom rom AOSP 9.0.0 for example.
but i managed to unlock it by flashing a custom rom without gapps in the first place to no get locked out.
tell me how your phone is reacting, what do you have access to, and your initial step before brick
yakine13 said:
hey.... i'm on the same situation..
i need zuk Z2 pro/ prog_ufs_firehose_8996_ddr_zuk.mbn but i only have elf....
it's to remove this stupid frp lock from someone who forgot his first mail... :/
keep going we are going to find out the solution
Click to expand...
Click to collapse
yakine13 said:
HEY!
I found a way!!!
...for me:/
why you want this emmc_firehose_8996.mbn?
actually, i think that you don't need that file especially, it doesn't exist from where i've searched.
if it's to flash your phone all you need is odin and a flashable file of your phone firmware
i had a zuk z2 pro and was locked with frp when i wanted to setup custom rom AOSP 9.0.0 for example.
but i managed to unlock it by flashing a custom rom without gapps in the first place to no get locked out.
tell me how your phone is reacting, what do you have access to, and your initial step before brick
Click to expand...
Click to collapse
Hello, sorry for my bad English. My phone is a Samsung Galaxy S7 Active (SM-G891A). I will try to explain what happened.
I had this version of Android 6 installed (via Odin) on the phone:
G891AUCS2API2_CL8737252_QB10881022_REV02_user_low_ship_MULTI_CERT
With that version my phone was fine, but then I tried to install the first version of Android 6 (official) via Odin:
SM-G891A_G891AUCU1APG7_ATT_Full_Repair_Frimware
When the installation was completed (Odin said the installation was successful), the phone never restarted. There is no way to turn it on with any combination of buttons, nor with a microSD with a debrick.img. A USB JIG has not worked for me either.
Windows detects my phone in Qualcomm 9008 mode. Odin does not detect it.
did you find a solution?
actually it look like to be a hard brick but as it's snapdragon 820 you can recover from it
I'm waiting for the day when noobs and half-noobs (no offense, all of us have been there) will start reading before writing and stop assuming that their 1st aid kit will revive a kitten ran over by a train.
It's okay not to know, but before writing a spam reply, just consider for a second that the user already tried your solution and is already a step ahead.
Listen guy, go to Halab Tech. They have certain firmwares for what you need, but they ask money.
Those type of firmwares have a prefix "DEBUG_EMERGENCY_DOWNLOAD_FA....'
In my case it's "DEBUG_EMERGENCY_DOWNLOAD_FA70_G955U1SQU6ASG1_CL12542406_QB24669289_REV00_user_mid_noship_MULTI_CERT.tgz"
As I consider that a bastard move (since they are selling Samsung's intellectual property as their own, stuff that should be public in the first place), I encourage you to share the files if you buy them, so that we can all use them and screw over these monopoly playing-intellectual property stealing bastards.
I'm now working on a recovery of my G955U1 (S8+ Qualcomm USA). I paid $25 for a god damn firmware and I'm gonna post it in next couple of days.
I'm personally having trouble of flashing the firmware (because not many flash tools support flashing .elf flash loaders), but I used one FRP tool (Octoplus FRP tool) to check the loader and it managed to send it, receive the "hello" packet, read partitions and erase the FRP partition (I assume it worked by the log), but I don't have a way to flash other partitions yet.
You people should have in mind one thing: even though certain devices have the same chipset, doesn't mean that you can use the same firehose flash loader, since manufacturers create different loaders for them and write their digital signatures into the chip (don't know is it hardwired or flashed), meaning that you cannot use Xiaomi's prog_ufs_firehose_8998_ddr.elf (just an example) to flash a Samsung device with MSM8992 chipset.
In fact, I think that each phone model and possibly even it's different firmware revisions have unique loaders, since I didn't manage to get a successful response from my G955U1 by sending G955U2 loader, and the loader which I managed to send is actually stated to be for G955U1U6 (U6 is the bootloader revision number, while U1 is the part of the model number).
Best of luck, contact me if you need help.
I'm not seeming to find coherent instructions to get back to stock 11.0.2.2IN11AA
I have the 8 Pro, rooted, newest magisk and I installed a magisk module that is now causing System UI crash at startup. I have tried a couple things: 1) tried the "adb wait-for-device shell magisk --remove-modules" --> nothing happens when starting back up except System UI error. 2) I've flashed back to stock boot.img (hoping to get to safe mode to disable magisk)...all I get is System UI error again.
So...what I want to do is start all over and end up with 11.0.2.2IN11AA rooted. Once I'm back to "factory" I'm pretty sure I can get back to magisk and root.
Can anyone help me with some decent instructions please?
Thanks
I can. So last week I managed go back from a rooted situation to stock rom with LOCKED bootloader. This means that you're phone will be as you bought it and you're gonna lose everything of course.
This video on YT helped me.
***REMEMBER TO CHOOSE YOUR FIRMWARE BECAUSE I THINK THIS VIDEO IS FOR ASIA, IF IT IS THE SAME FOR YOU THEN YOU SHOULD FOLLOW THIS VIDEO***
I provide you a link with a thread on xda where I found the version for my oneplus 8 pro (EU)
[OP8PRO][OOS 11AA/BA/DA] Unbrick tool to restore your device to OxygenOS | XDA Developers Forums (xda-developers.com)
Thanks I'll check it out and report back
glhelinski said:
Thanks I'll check it out and report back
Click to expand...
Click to collapse
Let me know
glhelinski said:
I'm not seeming to find coherent instructions to get back to stock 11.0.2.2IN11AA
I have the 8 Pro, rooted, newest magisk and I installed a magisk module that is now causing System UI crash at startup. I have tried a couple things: 1) tried the "adb wait-for-device shell magisk --remove-modules" --> nothing happens when starting back up except System UI error. 2) I've flashed back to stock boot.img (hoping to get to safe mode to disable magisk)...all I get is System UI error again.
So...what I want to do is start all over and end up with 11.0.2.2IN11AA rooted. Once I'm back to "factory" I'm pretty sure I can get back to magisk and root.
Can anyone help me with some decent instructions please?
Thanks
Click to expand...
Click to collapse
Visit the MSM thread, that's it
Sneakdovi said:
Let me know
Click to expand...
Click to collapse
Good site and instructions. They sure don't make it clear that msmtool is packaged inside the image download file
glhelinski said:
Good site and instructions. They sure don't make it clear that msmtool is packaged inside the image download file
Click to expand...
Click to collapse
I only donwloaded the EU verision (because i'm in Italy), went to qualcom recovery, and started the process
Sneakdovi said:
I only donwloaded the EU verision (because i'm in Italy), went to qualcom recovery, and started the process
Click to expand...
Click to collapse
Please help me, i'm bricked my new device. I want that ****** monocrome filter and make to many bull**** ! :-( I need my phone.
The MSM-Tool is give me always "Sahara" errors. Make the same misstake then you! I locked the bootloader!
Please.
chr_rocke808 said:
Please help me, i'm bricked my new device. I want that ****** monocrome filter and make to many bull**** ! :-( I need my phone.
The MSM-Tool is give me always "Sahara" errors. Make the same misstake then you! I locked the bootloader!
Please.
Click to expand...
Click to collapse
First off, you may want to edit your language in here, no need to swear. Secondly you should check out the thread regarding the MSM tool.
[OP8PRO][OOS 11AA/BA/DA] Unbrick tool to restore your device to OxygenOS
Disclaimer: By attempting any of the processes listed in this thread you accept full responsibility for your actions. I will not be held responsible if your device stops working, catches fire, or turns into a hipster and claims to have been...
forum.xda-developers.com
Post #2 above has a video and also links to the same place that freshlybaked420 referenced... Should be enough to get you back on track
FreshlyBaked 420 said:
First off, you may want to edit your language in here, no need to swear. Secondly you should check out the thread regarding the MSM tool.
[OP8PRO][OOS 11AA/BA/DA] Unbrick tool to restore your device to OxygenOS
Disclaimer: By attempting any of the processes listed in this thread you accept full responsibility for your actions. I will not be held responsible if your device stops working, catches fire, or turns into a hipster and claims to have been...
forum.xda-developers.com
Click to expand...
Click to collapse
Yes, it's all true. Sorry for that i have now working for many days on this. Not sleeping enought. One more question that could bring me a step foward...
I was on IN11.0.2.2 before i locked the bootloader and bricked the device.
Now i downladed the Decrypted OxygenOS 11.0.0 IN21BA Version. I have now the error: Param Preload Device not match image. Question: Must i habe the Decrypted OxygenOS 11.0..2.2 IN21BA Version that it goes to work?
I can't the use the link for the right version, it is password protected.!
Thanks
The password is listed in the OP
glhelinski said:
The password is listed in the OP
Click to expand...
Click to collapse
Thank you, but I didn't find it.
One point I have forgotten to tell. Before the hard brick happened, I used Magistik and Patch a new boot.img then I flashed this with fastboot command. My failure was to make this 2. times. with different patches. The horrible thing is now that I must delete these files on my Laptop to get more space. When this the Problem of the MSMTOOL error is I had not really a chance to unbrick my device. Have anyone Downgrade with MSMTOOL the Stock Rom?
Thx for your help. I download now from OP the latest ROM. I will try it. I feel really scared. Maybe my device is not unbricked anymore.
The other Tool that I have (last chance) is the original Qualcomm flashing Tool QPST.
described here:
Download QPST Flash Tool & How to Use it to Flash Firmware on Qualcomm Android Devices
Download all versions of QPST Flash tool and learn how to use the QFIL and Software Download programs to flash firmware files on Qualcomm Android devices.
www.thecustomdroid.com
-- > But I found nothing here, that this tool was used. There is no special Rom here to found.
chr_rocke808 said:
Thank, but i didn't find it.
One point i forgotten to tell. Before the hard brick happend, i used Magistik and Patch a new boot.img then i flashed this with fastboot comand. My failure was to make this 2. times. with diffred pachtes. The horrible thing is now that i must delete this files on my Laptop to get more space. When this the Problem of the MSMTOOL error is i had not realy a chance to unbrick my device. Habe anyone Donwgrade with MSMTOOL the Stock Rom?
Thx for your help. I download now from OP the latest ROM. I will try. i feel realy scared. Mabye my device is not unbricked anymore.
The other Tool that i have (last chance) is the orginal Qulacomm flashing Tool QPST.
described here:
Download QPST Flash Tool & How to Use it to Flash Firmware on Qualcomm Android Devices
Download all versions of QPST Flash tool and learn how to use the QFIL and Software Download programs to flash firmware files on Qualcomm Android devices.
www.thecustomdroid.com
-- > But i found nothing here, that this tool was used. There is noch spezial Rom here to found.
Click to expand...
Click to collapse
None of that matters.
1st identify your device!
What region is it?
If you have BA then don't flash AA you'll mess things up.
2nd visit the MSM thread!
Download the tool 'for your device!'
3rd boot to EDL (I responded to you in the romaur thread how to do this)
4th as soon as it's connected to your pc in edl, flash the device
5th MSM will relock your bootloader.
6th don't do something if you're not sure, just ask.
Oh and lol chill on the swearing also on posting everywhere, just make 1 thread and stick with it, people will help
Hey, my Phone is working like a charm. Thx for the great work !!!. I'm so happy !!!
It is better to come here to real developers, I had to get bad download links and bad Software! This was the only problem. For many years I have the first Samsung Galaxy and I'm knowing that I can get all the problems for not booting devices back. But I was scared that many Devices like Huwai bring their bootloaders with cryptographic methods in a safe trunk.
Best wishes to you, and the people that I'm working for the android project!
regardless,
chr_rocke808
chr_rocke808 said:
Hey, my Phone is working like a charm. Thx for the great work !!!. I'm so happy !!!
It is better to come here to real developers, I had to get bad download links and bad Software! This was the only problem. For many years I have the first Samsung Galaxy and I'm knowing that I can get all the problems for not booting devices back. But I was scared that many Devices like Huwai bring their bootloaders with cryptographic methods in a safe trunk.
Best wishes to you, and the people that I'm working for the android project!
regardless,
chr_rocke808
Click to expand...
Click to collapse
Lol no worries pal, but trust me, always make a thread unless one exists, it'll work out.
Glad you're sorted.