[Tutorial] 8227L units - How to recover from a brick - Android Head-Units

So you followed a bad tutorial, or lost power during a flash, or formatted your unit for some reason and now you have a unit that seems mostly unresponsive. All hope may not be lost. You do have a backup, right??
If you don't have your own backup, you may be able to find one online somewhere that will work, but be aware that not all 8227L units are the same, and not every ROM dump you find online is going to work. At any rate, the issue is beyond the scope of this tutorial, so we'll proceed assuming you either have your own backup or have located a compatible one. I'm also going to assume that you have SP-Flashtool and have been able to use it, as it's fairly hard to end up with a bricked unit without using SP-Flashtool to begin with.
There are two different types of backup that can be relied on in this situation. The first, and probably more reliable backup format is a ROM dump from SP-Flashtool, consisting of 3 files, BOOT_1, BOOT_2, and EMMC_USER. They may be named something different. If SP-Flashtool's automatically suggested names were used, they could be named ROM_0, ROM_1 and ROM_2, in which case you'll need to pay attention to the file sizes. The other type is a group of many files, containing backups of the individual partitions, usually named boot.img, recovery.img, system.img, userdata.img, etc. In either case, you will also require a suitable scatter file, which you should have with your backup.
You're going to need to access the "test point" on your unit in order to flash your backup if you have flashed the wrong pre-loader or formatted the pre-loader partition. There is a chunk of read-only memory on the board containing the factory preloader, and that's what we'll be accessing to pull this off.
For information on disassembling your unit and accessing the test point, see my tutorial here on unlocking the bootloader.
Determine the process for reloading your backup based on the type of backup that you have and the state your system is in by reading the Getting Prepared section. The Flashing section will explain how to actually start the flashing process. It's important that you don't skip ahead! Ensure you've prepared everything correctly!
Getting prepared:
Remove all external power from the unit, and prepare SP-Flashtool with your scatter file and backup files. Do not connect the USB cable yet. If you are using system.img, userdata.img, recovery.img etc, make sure all the paths to the files are correct on the Download tab. As long as you have not attempted to modify the partition file, you can flash in Download Only mode, and you're good to go. If you have attempted to modify the partition table, the most reliable way to ensure that your backup loads correctly is to flash only your preloader first on the first pass, and then do another pass in Format All + Download mode with all of your files selected. After your preloader is restored, you should not need to use the test point for the second pass.
If your backup is a ROM dump, and you have a BOOT_1, BOOT_2, and EMMC_USER backup file, then you will need to use the "advanced mode" in SP-Flashtool to restore. While in SP-Flashtool, press Ctrl + Alt + v to enable advanced mode. Then from the Window menu at the top, check the box for Write Memory, and switch to the newly opened Write Memory tab. For the file path entry, browse or type the path to your BOOT_1 backup. Set the Begin Address to 0x0. After flashing BOOT_1, you will need to repeat the flashing process for BOOT_2 and EMMC_USER, but once BOOT_1 is flashed, your preloader is restored and you should not need to use the test point to restore the other files.
Flashing:
At this point, you should have SP-Flashtool prepared with your backup files and the unit should be disconnected from power and USB. In the next step you'll need to have the test point shorted as you plug the USB in, and remove the short when the tool connects to the factory preloader so get prepared to do that. If you're in the Download tab at this point, click the Download button, if you're in Write Memory mode, click the Write Memory button. SP-Flashtool will start looking for a device. Plug in your USB cable with the test point shorted on your board. Once SP-Flashtool recognizes the device, you usually need to give it a couple of seconds to initialize the connection before you remove the short. You may have to try a few times to get the timing right. If you remove the short too quickly or hold it in place for too long, the connection will fail and you'll need to try again. Once you get it right, it should begin flashing as normal. If you're only flashing your preloader on the first pass, you should not need to use the testpoint to get SP-Flashtool to recognize your device on subsequent passes. Finish reloading all of your backup files and you're done! You should have a functional device!

Very good information here. I've been reading a lot on these forums and it is safe to say that majority of people accidentally bricked their devices without having a backup but also Windows not installing MediaTek drivers properly.

iceblue1980 said:
Very good information here. I've been reading a lot on these forums and it is safe to say that majority of people accidentally bricked their devices without having a backup but also Windows not installing MediaTek drivers properly.
Click to expand...
Click to collapse
I'm a Linux user, so I'm not really a good person to ask about the Windows drivers... the best solution I can offer is, "Throw it out, install Linux," lol. Unfortunately a lot of useful and arguably required utilities for working with these units are Windows-only, so I'm working on developing a suite of cross-platform applications to replace them.

So I dismantled my bricked 8227L unit (accidentally formatted the Flash ROM with SP FLash Tools, but reckon the factory preloader is still there?) and before soldering the test points I wanted to ask couple of n00b questions:
1. When my unit is completely shut down (power disconnected), I insert the 4-pin USB cable and then connect it with my Win10 laptop through USB 2.0 but nothing happens. Nothing pops up, no new hardware detected. I have the latest MediaTek drivers installed. I also tried to insert a USB stick to the head unit just to see if there is any power or reading going on when the unit is on, and there is absolutely nothing. Can this mean my USB on the head unit is faulty?
2. Tried to look at pictures and look online how you actually "short" the test points. Some suggest just to put some solder on the golden plates, you say to connect one wire - but what do you do with the wire when connecting laptop to head unit through USB? Is that wire supposed to touch any other "golden plates"?
Thanks

I am so delighted to see someone hitting on the hot iron. Looking forward to the detailed tutorial to take backup, unlock bootloader, customize my radio.
I do have the scatter file to flash twrp but as I mentioned on other post that my radio is not detected in Sp flash tools when its off.
When I reboot it, it then gets detected for 2 seconds. I remember I did not remove the power cable may be this is why it's not fully powered off?
I'll try to remove the cable and check if it's get detected.
And then I will firstly start with the backup to stock rom just to be on safe side.
Just a noob question. Is stock backup possible before unlocking the bootloader?

I tried the test point and write memory, but I am getting an error. Attached is the screenshot.
threadreaper said:
So you followed a bad tutorial, or lost power during a flash, or formatted your unit for some reason and now you have a unit that seems mostly unresponsive. All hope may not be lost. You do have a backup, right??
If you don't have your own backup, you may be able to find one online somewhere that will work, but be aware that not all 8227L units are the same, and not every ROM dump you find online is going to work. At any rate, the issue is beyond the scope of this tutorial, so we'll proceed assuming you either have your own backup or have located a compatible one. I'm also going to assume that you have SP-Flashtool and have been able to use it, as it's fairly hard to end up with a bricked unit without using SP-Flashtool to begin with.
There are two different types of backup that can be relied on in this situation. The first, and probably more reliable backup format is a ROM dump from SP-Flashtool, consisting of 3 files, BOOT_1, BOOT_2, and EMMC_USER. They may be named something different. If SP-Flashtool's automatically suggested names were used, they could be named ROM_0, ROM_1 and ROM_2, in which case you'll need to pay attention to the file sizes. The other type is a group of many files, containing backups of the individual partitions, usually named boot.img, recovery.img, system.img, userdata.img, etc. In either case, you will also require a suitable scatter file, which you should have with your backup.
You're going to need to access the "test point" on your unit in order to flash your backup if you have flashed the wrong pre-loader or formatted the pre-loader partition. There is a chunk of read-only memory on the board containing the factory preloader, and that's what we'll be accessing to pull this off.
For information on disassembling your unit and accessing the test point, see my tutorial here on unlocking the bootloader.
Determine the process for reloading your backup based on the type of backup that you have and the state your system is in by reading the Getting Prepared section. The Flashing section will explain how to actually start the flashing process. It's important that you don't skip ahead! Ensure you've prepared everything correctly!
Getting prepared:
Remove all external power from the unit, and prepare SP-Flashtool with your scatter file and backup files. Do not connect the USB cable yet. If you are using system.img, userdata.img, recovery.img etc, make sure all the paths to the files are correct on the Download tab. As long as you have not attempted to modify the partition file, you can flash in Download Only mode, and you're good to go. If you have attempted to modify the partition table, the most reliable way to ensure that your backup loads correctly is to flash only your preloader first on the first pass, and then do another pass in Format All + Download mode with all of your files selected. After your preloader is restored, you should not need to use the test point for the second pass.
If your backup is a ROM dump, and you have a BOOT_1, BOOT_2, and EMMC_USER backup file, then you will need to use the "advanced mode" in SP-Flashtool to restore. While in SP-Flashtool, press Ctrl + Alt + v to enable advanced mode. Then from the Window menu at the top, check the box for Write Memory, and switch to the newly opened Write Memory tab. For the file path entry, browse or type the path to your BOOT_1 backup. Set the Begin Address to 0x0. After flashing BOOT_1, you will need to repeat the flashing process for BOOT_2 and EMMC_USER, but once BOOT_1 is flashed, your preloader is restored and you should not need to use the test point to restore the other files.
Flashing:
At this point, you should have SP-Flashtool prepared with your backup files and the unit should be disconnected from power and USB. In the next step you'll need to have the test point shorted as you plug the USB in, and remove the short when the tool connects to the factory preloader so get prepared to do that. If you're in the Download tab at this point, click the Download button, if you're in Write Memory mode, click the Write Memory button. SP-Flashtool will start looking for a device. Plug in your USB cable with the test point shorted on your board. Once SP-Flashtool recognizes the device, you usually need to give it a couple of seconds to initialize the connection before you remove the short. You may have to try a few times to get the timing right. If you remove the short too quickly or hold it in place for too long, the connection will fail and you'll need to try again. Once you get it right, it should begin flashing as normal. If you're only flashing your preloader on the first pass, you should not need to use the testpoint to get SP-Flashtool to recognize your device on subsequent passes. Finish reloading all of your backup files and you're done! You should have a functional device!
Click to expand...
Click to collapse

amit_coolcampus said:
I tried the test point and write memory, but I am getting an error. Attached is the screenshot.
Click to expand...
Click to collapse
Can you please look into it.
To be more precise:
1. I was able to restore my preloader from the EMMC_BOOT_1 backup.
2. Now I can see my device in device manager as well as in SP flash tools.
3. I tried to use "Formal all + Download" and "Firmware upgrade". With EMMC_user partition write memory. Both times I get the attached error.
4. I was able to restore EMMC_User . Itvgets completed successfully but radio doesn't boot up. Only black screen.
5. I also tried to download a few Firmwares and flash them but I get the same error. Even in download mode.
Error: S_FT_ENABLE_DRAM_FAIL (4032)
[EMI] Enable DRAM Failed!
[Hint]:
Please check your load matches to your target which is to be downloaded.
So precisely, I am able to flash only stock backed up ROM and that too in download mode.

threadreaper said:
So you followed a bad tutorial, or lost power during a flash, or formatted your unit for some reason and now you have a unit that seems mostly unresponsive. All hope may not be lost. You do have a backup, right??
If you don't have your own backup, you may be able to find one online somewhere that will work, but be aware that not all 8227L units are the same, and not every ROM dump you find online is going to work. At any rate, the issue is beyond the scope of this tutorial, so we'll proceed assuming you either have your own backup or have located a compatible one. I'm also going to assume that you have SP-Flashtool and have been able to use it, as it's fairly hard to end up with a bricked unit without using SP-Flashtool to begin with.
There are two different types of backup that can be relied on in this situation. The first, and probably more reliable backup format is a ROM dump from SP-Flashtool, consisting of 3 files, BOOT_1, BOOT_2, and EMMC_USER. They may be named something different. If SP-Flashtool's automatically suggested names were used, they could be named ROM_0, ROM_1 and ROM_2, in which case you'll need to pay attention to the file sizes. The other type is a group of many files, containing backups of the individual partitions, usually named boot.img, recovery.img, system.img, userdata.img, etc. In either case, you will also require a suitable scatter file, which you should have with your backup.
You're going to need to access the "test point" on your unit in order to flash your backup if you have flashed the wrong pre-loader or formatted the pre-loader partition. There is a chunk of read-only memory on the board containing the factory preloader, and that's what we'll be accessing to pull this off.
For information on disassembling your unit and accessing the test point, see my tutorial here on unlocking the bootloader.
Determine the process for reloading your backup based on the type of backup that you have and the state your system is in by reading the Getting Prepared section. The Flashing section will explain how to actually start the flashing process. It's important that you don't skip ahead! Ensure you've prepared everything correctly!
Getting prepared:
Remove all external power from the unit, and prepare SP-Flashtool with your scatter file and backup files. Do not connect the USB cable yet. If you are using system.img, userdata.img, recovery.img etc, make sure all the paths to the files are correct on the Download tab. As long as you have not attempted to modify the partition file, you can flash in Download Only mode, and you're good to go. If you have attempted to modify the partition table, the most reliable way to ensure that your backup loads correctly is to flash only your preloader first on the first pass, and then do another pass in Format All + Download mode with all of your files selected. After your preloader is restored, you should not need to use the test point for the second pass.
If your backup is a ROM dump, and you have a BOOT_1, BOOT_2, and EMMC_USER backup file, then you will need to use the "advanced mode" in SP-Flashtool to restore. While in SP-Flashtool, press Ctrl + Alt + v to enable advanced mode. Then from the Window menu at the top, check the box for Write Memory, and switch to the newly opened Write Memory tab. For the file path entry, browse or type the path to your BOOT_1 backup. Set the Begin Address to 0x0. After flashing BOOT_1, you will need to repeat the flashing process for BOOT_2 and EMMC_USER, but once BOOT_1 is flashed, your preloader is restored and you should not need to use the test point to restore the other files.
Flashing:
At this point, you should have SP-Flashtool prepared with your backup files and the unit should be disconnected from power and USB. In the next step you'll need to have the test point shorted as you plug the USB in, and remove the short when the tool connects to the factory preloader so get prepared to do that. If you're in the Download tab at this point, click the Download button, if you're in Write Memory mode, click the Write Memory button. SP-Flashtool will start looking for a device. Plug in your USB cable with the test point shorted on your board. Once SP-Flashtool recognizes the device, you usually need to give it a couple of seconds to initialize the connection before you remove the short. You may have to try a few times to get the timing right. If you remove the short too quickly or hold it in place for too long, the connection will fail and you'll need to try again. Once you get it right, it should begin flashing as normal. If you're only flashing your preloader on the first pass, you should not need to use the testpoint to get SP-Flashtool to recognize your device on subsequent passes. Finish reloading all of your backup files and you're done! You should have a functional device!
Click to expand...
Click to collapse
does the sgpt/pgpt partitions (the partition tables) need to be flashed?

I searched many forums but still feel lost. Can someone tell me how to create backup of my existing stock ROM without rooting it and unlocking bootloader.
I read there can be two types of backup. Is there any way to backup my stock ROM from adb or fastboot mode also?

threadreaper said:
So you followed a bad tutorial, or lost power during a flash, or formatted your unit for some reason and now you have a unit that seems mostly unresponsive. All hope may not be lost. You do have a backup, right??
If you don't have your own backup, you may be able to find one online somewhere that will work, but be aware that not all 8227L units are the same, and not every ROM dump you find online is going to work. At any rate, the issue is beyond the scope of this tutorial, so we'll proceed assuming you either have your own backup or have located a compatible one. I'm also going to assume that you have SP-Flashtool and have been able to use it, as it's fairly hard to end up with a bricked unit without using SP-Flashtool to begin with.
There are two different types of backup that can be relied on in this situation. The first, and probably more reliable backup format is a ROM dump from SP-Flashtool, consisting of 3 files, BOOT_1, BOOT_2, and EMMC_USER. They may be named something different. If SP-Flashtool's automatically suggested names were used, they could be named ROM_0, ROM_1 and ROM_2, in which case you'll need to pay attention to the file sizes. The other type is a group of many files, containing backups of the individual partitions, usually named boot.img, recovery.img, system.img, userdata.img, etc. In either case, you will also require a suitable scatter file, which you should have with your backup.
You're going to need to access the "test point" on your unit in order to flash your backup if you have flashed the wrong pre-loader or formatted the pre-loader partition. There is a chunk of read-only memory on the board containing the factory preloader, and that's what we'll be accessing to pull this off.
For information on disassembling your unit and accessing the test point, see my tutorial here on unlocking the bootloader.
Determine the process for reloading your backup based on the type of backup that you have and the state your system is in by reading the Getting Prepared section. The Flashing section will explain how to actually start the flashing process. It's important that you don't skip ahead! Ensure you've prepared everything correctly!
Getting prepared:
Remove all external power from the unit, and prepare SP-Flashtool with your scatter file and backup files. Do not connect the USB cable yet. If you are using system.img, userdata.img, recovery.img etc, make sure all the paths to the files are correct on the Download tab. As long as you have not attempted to modify the partition file, you can flash in Download Only mode, and you're good to go. If you have attempted to modify the partition table, the most reliable way to ensure that your backup loads correctly is to flash only your preloader first on the first pass, and then do another pass in Format All + Download mode with all of your files selected. After your preloader is restored, you should not need to use the test point for the second pass.
If your backup is a ROM dump, and you have a BOOT_1, BOOT_2, and EMMC_USER backup file, then you will need to use the "advanced mode" in SP-Flashtool to restore. While in SP-Flashtool, press Ctrl + Alt + v to enable advanced mode. Then from the Window menu at the top, check the box for Write Memory, and switch to the newly opened Write Memory tab. For the file path entry, browse or type the path to your BOOT_1 backup. Set the Begin Address to 0x0. After flashing BOOT_1, you will need to repeat the flashing process for BOOT_2 and EMMC_USER, but once BOOT_1 is flashed, your preloader is restored and you should not need to use the test point to restore the other files.
Flashing:
At this point, you should have SP-Flashtool prepared with your backup files and the unit should be disconnected from power and USB. In the next step you'll need to have the test point shorted as you plug the USB in, and remove the short when the tool connects to the factory preloader so get prepared to do that. If you're in the Download tab at this point, click the Download button, if you're in Write Memory mode, click the Write Memory button. SP-Flashtool will start looking for a device. Plug in your USB cable with the test point shorted on your board. Once SP-Flashtool recognizes the device, you usually need to give it a couple of seconds to initialize the connection before you remove the short. You may have to try a few times to get the timing right. If you remove the short too quickly or hold it in place for too long, the connection will fail and you'll need to try again. Once you get it right, it should begin flashing as normal. If you're only flashing your preloader on the first pass, you should not need to use the testpoint to get SP-Flashtool to recognize your device on subsequent passes. Finish reloading all of your backup files and you're done! You should have a functional device!
Click to expand...
Click to collapse
Hi I have made a video tutorial on how to make stock ROM backup using information from this forum. Hope it's helpful for everyone.

Hi friends,
Have you are observed overheating of touch panel of your car stereo or hangs in your Android car stereo or system not responding or application keep crashing etc.
Then this video is for you. I have done this small modification in my car.
I made a small hole on sides of AC vents such that cool air blows over the heat sink of Android car stereo and two cpu fans of 12V take power supply from same connector.
Whenever the car stereo is turned ON the fans also turn ON and blow cool air over the heat sink to keep it cool.

Hi I have made a updated video tutorial with added info on how to make stock ROM backup.
[UPDATE][ROM Dump] Stock ROM backup of Android Car Stereo | Memory Dump Procedure via flashtool

amit_coolcampus said:
Can you please look into it.
To be more precise:
1. I was able to restore my preloader from the EMMC_BOOT_1 backup.
2. Now I can see my device in device manager as well as in SP flash tools.
3. I tried to use "Formal all + Download" and "Firmware upgrade". With EMMC_user partition write memory. Both times I get the attached error.
4. I was able to restore EMMC_User . Itvgets completed successfully but radio doesn't boot up. Only black screen.
5. I also tried to download a few Firmwares and flash them but I get the same error. Even in download mode.
Error: S_FT_ENABLE_DRAM_FAIL (4032)
[EMI] Enable DRAM Failed!
[Hint]:
Please check your load matches to your target which is to be downloaded.
So precisely, I am able to flash only stock backed up ROM and that too in download mode.
Click to expand...
Click to collapse
How did your computer see it again? I can't do it.

The sp flash tools cant read my device, ive press the down button, the up button but still it doesnt detected.
Is it because ive load a different scattered file or not suitable file?
Can you give me a hint?
Ive just brick my device because flash wrong file and i dont have any backup.
Please help me, thanks in advance.
threadreaper said:
So you followed a bad tutorial, or lost power during a flash, or formatted your unit for some reason and now you have a unit that seems mostly unresponsive. All hope may not be lost. You do have a backup, right??
If you don't have your own backup, you may be able to find one online somewhere that will work, but be aware that not all 8227L units are the same, and not every ROM dump you find online is going to work. At any rate, the issue is beyond the scope of this tutorial, so we'll proceed assuming you either have your own backup or have located a compatible one. I'm also going to assume that you have SP-Flashtool and have been able to use it, as it's fairly hard to end up with a bricked unit without using SP-Flashtool to begin with.
There are two different types of backup that can be relied on in this situation. The first, and probably more reliable backup format is a ROM dump from SP-Flashtool, consisting of 3 files, BOOT_1, BOOT_2, and EMMC_USER. They may be named something different. If SP-Flashtool's automatically suggested names were used, they could be named ROM_0, ROM_1 and ROM_2, in which case you'll need to pay attention to the file sizes. The other type is a group of many files, containing backups of the individual partitions, usually named boot.img, recovery.img, system.img, userdata.img, etc. In either case, you will also require a suitable scatter file, which you should have with your backup.
You're going to need to access the "test point" on your unit in order to flash your backup if you have flashed the wrong pre-loader or formatted the pre-loader partition. There is a chunk of read-only memory on the board containing the factory preloader, and that's what we'll be accessing to pull this off.
For information on disassembling your unit and accessing the test point, see my tutorial here on unlocking the bootloader.
Determine the process for reloading your backup based on the type of backup that you have and the state your system is in by reading the Getting Prepared section. The Flashing section will explain how to actually start the flashing process. It's important that you don't skip ahead! Ensure you've prepared everything correctly!
Getting prepared:
Remove all external power from the unit, and prepare SP-Flashtool with your scatter file and backup files. Do not connect the USB cable yet. If you are using system.img, userdata.img, recovery.img etc, make sure all the paths to the files are correct on the Download tab. As long as you have not attempted to modify the partition file, you can flash in Download Only mode, and you're good to go. If you have attempted to modify the partition table, the most reliable way to ensure that your backup loads correctly is to flash only your preloader first on the first pass, and then do another pass in Format All + Download mode with all of your files selected. After your preloader is restored, you should not need to use the test point for the second pass.
If your backup is a ROM dump, and you have a BOOT_1, BOOT_2, and EMMC_USER backup file, then you will need to use the "advanced mode" in SP-Flashtool to restore. While in SP-Flashtool, press Ctrl + Alt + v to enable advanced mode. Then from the Window menu at the top, check the box for Write Memory, and switch to the newly opened Write Memory tab. For the file path entry, browse or type the path to your BOOT_1 backup. Set the Begin Address to 0x0. After flashing BOOT_1, you will need to repeat the flashing process for BOOT_2 and EMMC_USER, but once BOOT_1 is flashed, your preloader is restored and you should not need to use the test point to restore the other files.
Flashing:
At this point, you should have SP-Flashtool prepared with your backup files and the unit should be disconnected from power and USB. In the next step you'll need to have the test point shorted as you plug the USB in, and remove the short when the tool connects to the factory preloader so get prepared to do that. If you're in the Download tab at this point, click the Download button, if you're in Write Memory mode, click the Write Memory button. SP-Flashtool will start looking for a device. Plug in your USB cable with the test point shorted on your board. Once SP-Flashtool recognizes the device, you usually need to give it a couple of seconds to initialize the connection before you remove the short. You may have to try a few times to get the timing right. If you remove the short too quickly or hold it in place for too long, the connection will fail and you'll need to try again. Once you get it right, it should begin flashing as normal. If you're only flashing your preloader on the first pass, you should not need to use the testpoint to get SP-Flashtool to recognize your device on subsequent passes. Finish reloading all of your backup files and you're done! You should have a functional device!
Click to expand...
Click to collapse

Watch this new video guide that shows how to successfully restore your head unit using Test Point recovery.

somebody can help me how I find test point??

denin84 said:
somebody can help me how I find test point??
Click to expand...
Click to collapse
What kind of head unit do you have?

iceblue1980 said:
What kind of head unit do you have?
Click to expand...
Click to collapse
AC8227L ZXDZ 01 sir

denin84 said:
AC8227L ZXDZ 01 sir
Click to expand...
Click to collapse
I will reply in your other post.

Hi,
I think I have bricked my alps FF-5000 8227L device
I did the following steps before this happened:
1. I flashed the HU with this firmware: 8227L_8_UI04-国外11_v1_20210421 UPDATE.zip link
2. The process was successful, everything worked fine, but the screen resolution was much bigger than the device native resolution.
3. I found a possible solution in another forum, according to that I uploaded the attaced files in the zip to the system.
4. This process was also successful but after that the system didn't boot anymore. I can see only black screen with backlit.
I'm not sure what and why happened but I would like to know if there is any solution to fix this or the only one possible way is the test point method recovery.
And yeah, I don't have any dump from the rom. No backups.
Also attached a screen from the stock fw version.

Related

[GUIDE] New unbrick guide compilation

I’ve been helping a buddy get his A500 back to working order, so I thought I’d add the steps taken here which lead to successful replacement of boot loader and ability to flash roms again.
First off Blackthun3r is a genius and you cats should totally donate and thank him if this stuff helps.
The info is a bit spread out so I hope this helps consolidate things. We all owe big ups to jnktechstuff for starting this post here:
http://forum.xda-developers.com/showthread.php?t=1699277 go thank him too.
One thing everyone is right about: You must secure your ID just in case, which is needed to properly reprogram the stock/crappy recovery boot. Two options I saw:
1) From a nandroid backup (inside the clockwork recovery folder or wherever your previous bootloader stored them) there is a uid.txt file.
2) When you run Afterota if it can’t find a uid it will generate a file “AcerIDs.txt”.
Afterota is great too but wouldn’t fix/attached to our A500 in APEX mode, but this feature alone is huge.
For AfterOTA, Thanks and Salute to Gersma:
http://forum.xda-developers.com/showthread.php?t=1675939
Next is just getting the thing to boot.
http://forum.xda-developers.com/showthread.php?t=1699277
Mentioned in “How to unbrick” , as stated they suggest you get 3 files. Here’s what we got :
1) Decrypter (mandatory)
2) 2 ICS roms (you only need one, but he suggests to get both just in case, or even an older Honeycomb if those fail you).
The one that worked for us was ICS 4.0.3: 7.014.01_41.203.01.
Extract the decrypter and use on the rom/zip you downloaded. It will make a separate rom/zip with the words ‘decrypted’ at the end. EXTRACT THIS FILE!
Inside the newly extracted zip file should be 3 files. If you don’t have it or your zip program says it’s corrupted then you don’t need to decrypt it, use the non-encrypted version of the rom pack you just downloaded (i.e. it wasn’t encrypted)!
3 files will look like:
1) Update.zip
2) AMSS.zip
3) Acer_A500_7.014.01_041.203.01_COM_GEN1.txt (or whatever rom you had downloaded)
These 3 files need to be on the root of your external SD micro card (either put it into a reader for pc access or if your system is functional copy it over via USB cable while mounted in the A500). The basic bootloader does nothing but check for an update.zip and apply it. However, it cannot replace itself (saw with a CWM or TWRP) and thus what I think is the ‘rub’ with this device.
After the update.zip applies, boot the system normally. You should have a locked OTA version of ICS with USB Debugging enabled, if not, hit Options, Developer and turn on USB Debugging. If it doesn’t boot, try another rom/decrypt combo. If it boots moved these three files into a sub folder on your SD Card and save for next time you brick it
Next, get the right driver for Windows from Acer site (this is important because it has the ICS USB and the APEX/boot USB driver needed):
http://www.acer.be/ac/nl/BE/content/drivers
You now need to unlock, add SU and Super User. Hit the following link and get Blackthund3r’s Root app (ICS7.1.x for Windows) top of page:
http://forum.tegraowners.com/viewtopic.php?f=30&t=350
When you hit some of this download links be sure to check for things like the skip ad button top right corner, else you’ll download the wrong thing:
Extract and run “ICS Root 2.exe”
1) DO NOT mess with the bundles tabs right now, but ensure all checks minus bottom two are selected and ‘Do it!’
2) You should see that it does confirm for you that it is connected and USB Debugging turned on.
You should now have the device setup to run a proper APEX adjustment, which lets you replace the bootloader and then apply all the little zips and roms your heart desires. Blackthund3r has the last tools we need:
Get APXFlash: http://a500bootloaderflash.tk/#download-links (again watch out for the adfly and click skip add to get to your zips).
APXFlash has all the bundles from proper Blackthund3r repository, the FAQ below may have suggested certain types but that info is kinda old SO just grab a bundle 15, 16 or whatever you are looking for (16 is a great team wiz recovery version combo Skrilax has done, we used that one).
1) Go to Bundle Market and follow the wizard:
2) After downloading the bundle of choice you’ll now be prompted to put in your SBK number from that Acer ID or uid txt file.
3) You should then back up your dump file as it is recommended in the process.
4) Hit blue arrow ‘next’ to see your flash options below, we used the Automatic method, smooth as butter.
5) Follow the prompts for APX mode and click blue once the device is blacked out and the mode has changed on status. This is where that official Acer driver comes in handy.
6) Complete the process as instructed and you’ll be good to go!
Last tool used is:
A500 Manager: http://a500bootloaderflash.tk/#download-links (again watch out for the adfly and click skip add to get to your zips).
This app rocks to help you get into recovery mode (or test your new bootloader) until you get a rom on there that allows you to do it from the power off button or notification tray.
Most of these links and info are at the bottom of Blackthund3r’s FAQ page, which were also super helpful:
http://a500bootloaderflash.tk/
Again this helped my friend and he was thinking several of you could benefit. Even when typing this up I figured some better/quicker ways to maybe get some of the data but this is the thorough steps we took and I hope it helps you! I also had screen caps so once I figure out how to add those, if it'll help or someone needs it will look into that ;p

[Q] N7 APX mode only - full recovery?

Hi all,
Has anyone followed Rayman's excellent article the-inner-workings-of-secure-boot-key-and-nvflash and fully recovered a N7 from APX only mode?
I have this situation which I think resulted from the battery dying during the 4.4.2 update - Doh I know, but thought I had enough juice to complete the update.
Rayman says the required files will be made available but I cannot find them anywhere
Since every motherboard has a unique key, there is no generic blob. To be able to recover your N7, you will need a backup of it, but it's impossible to make if your device is dead.
Try to send it to Asus/Google.
Erovia said:
Since every motherboard has a unique key, there is no generic blob. To be able to recover your N7, you will need a backup of it, but it's impossible to make if your device is dead.
Try to send it to Asus/Google.
Click to expand...
Click to collapse
Did you read the article? Sounds like you can use the sbk which is a hash of the cpuid...
Nope, but why don't you ask around in the flatline topic?
Erovia said:
Nope, but why don't you ask around in the flatline topic?
Click to expand...
Click to collapse
too much of a noob to post on the forum, but thanks for the pointer.
FYI Raymans article. It does sound possible to bring it back, but there was no follow up with the required files;
What is Secure Boot Key and how does it work?
I've been getting lots of questions about this, so here is some simple background:
The secure boot key is an AES128 encryption key that can used to encrypt various data on the flash memory. It's a generic nvidia tegra2 thing, that the manufacturer can optionally use to make their device more "secure".
When the SBK is set, it's stored in a one-time-programmable "fuse". This also means that now that the key is out, they can't change it on already released devices, only new devices.
When the tegra2 starts up, the AES key is available to the hardware AES engine only. E.g. not even the bootloader can read it back! However, the bootloader can *use* the key to encrypt whatever data it wants through the hardware AES engine. And here is the explanation why the blob flashing method actually works! The bootloader checks for the blob in the staging partition and encrypts and flashes it as needed.
Once the bootloader is done, it clear the key from the AES engine which makes it impossible to encrypt or decrypt things from within the OS.
So what happens when it boots into APX/Nvflash mode?
The basic APX mode is stored in the BootROM and hence can never be changed. It appears to accept only a very limited range of commands, and each command needs to be encrypted using the SBK to be accepted. If it receives a command that's not properly encrypted, it disconnects the USB and appears to be off. This is the dreaded "0x4" error that people have been getting when attempting to get nvflash working.
It should be noted, that even with the SBK inputted into nvflash, most regular nvflash commands won't be available. I'm still not entirely sure why (and I can't rule out it will change).
What *is* available, is the nvflash --create command. What this command does is repartition and format all partitions, set bct and odmdata and send over all needed partitions to the device (and encrypt them as needed). This means a full recovery is possible, but regular ability to flash e.g. just boot.img or read partitions off of the device is not possible at this point.
So what do we need for nvflash?
In order to get a working (e.g. --create) nvflash, we need a few bits of information as well as some files:
◦Secure Boot Key
◦BCT file (boot device setup, ram configuration and a bit more)
◦ODM data (board-specific bit-field specifying various board settings. *Needs* to be correct
◦flash.cfg (e.g. list of settings and names/identifiers of partitions.
On top of these files, we also need all the partitions, e.g. bootloader.bin, boot.img, recovery.img and system.img. Luckily, these partition files are available in official ASUS updates and can be extracted from the blob file using my blob tools
The first four peices aren't readily available, but through lots of effort and a good deal of luck, we have managed to recreate the needed files. Secure Boot Key has already been released (note that this was by far the hardest!) and the rest will most likely follow over the weekend. Keep in mind that we want to keep this legal, so don't expect us to release any ready-made packs for unbricking! We will however make the recreated files available. Since these are recreated and not actual ASUS files, there should be no problems with them.
I hope this helps give a better understanding of how and what secure boot key is and what it gives us.

QD 9008 FIX!! Tested on LG-V410(G Pad 7.0 US ATT)

I am beyond ecstatic, after 3 months of research, trial and error, I fixed my tablet!!
I am pleased to announce a fix to the dreaded QDLOAD 9008 brick! I've written this tutorial on the one tablet experimented on (LG-V410 aka Gpad 7.0 LTE US ATT), but I'm pretty certain others may find this helpful to other qualcomm msm based devices.
Background: I maintain that I can fix anything I break so I did the worst thing and corrupted the data on my LG GPAD LTE 7.0 (V410). As a result the tablet wouldn't go into any mode, no lights, even when charging, no screen image or light, nothing. When I plugged it into my computer, it wasn't even recognized, windows told me the device was having a problem. After a little experimentation I got it recognized (held power while connected to power cycle) by the computer as "QD BULK". Further research I found some drivers for Qualcomm devices and got the computer to recognize it as "QDLOADER 9008". I thought this was great news but from there got no where. I tried qpst, qfuse, hyperterminal, LG B2C, LG SUPPORT TOOL, EFS Professional, miflash, blankflash, etc... everything I tried got me nowhere. After 3 months, It is now fully operational and apparently CARRIER UNLOCKED, talk about a pot of gold at the end of a rainbow!!
WORD OF WARNING: This is not a simple matter, 9008 most likely means your Grand Partition Table is corrupted, and the poor thing doesn't have a clue how to function. My method is NOT GUARANTEED in any way, I will not be responsible if you turn your paper weight of a device into permanent paper weight or half functioning paper weight etc...PROCEED WITH CAUTION, this is not for the feint of heart nor a simple fix!! You've been warned!
PreRequisites:
-Windows (for expanding the KDZ) (there may be a linux alternative to LGFirmwareExtract)
-Linux and some basic experience with dd and navigating the terminal (I used ubuntu) --(again, nearly everything I'm about to explain can probaly be translated to another os.)
-KDZ for your device. http://forum.xda-developers.com/g-pad-10/general/kdz-lg-g-pad-7-0-v410-t3224867
-Replacement aboot and boot (see attached)
-KDZ Extractor ---http://forum.xda-developers.com/showthread.php?t=2600575
-TWRP http://forum.xda-developers.com/g-pad-10/development/recovery-twrp2-8-5-0lgv400-410-t3049568
-Fasboot and ADB http://forum.xda-developers.com/showthread.php?t=2588979
-A modified rom like Cyanogen mod etc... http://download.cyanogenmod.org/?device=v410
-16GB microsd card + a way of directly writing to it (i.e. usb card reader etc..) a second one is helpful but not required.
-Most important, Patience, beer, more patience, and more beer...
To teach a man to fish, some pertinent understanding: First thing to understand is how your main board works. Personally I disassembled my device and cross referenced every chip to do this, Good news is you don't have to. When power goes to the device, the SoC (system on a chip) looks to built in storage media for booting instructions (think low level here) and that in turn fires up everything else and then loads your kernel etc... You may be aware, there are two different types of computer systems out there, the old method used a BIOS, and the current uses UEFI. Older machines, when power was given to the system, the BIOS was responsible for firing up peripherals and finding the bootloader etc... UEFI (Unified Extended Firmware Instruction) however, relies on firmware on storage media to do all that.
For example, an x86 PC with a bios, when power is given to the board, the bios runs the show, testing equipment and waking up devices, then when it's ready, it looks to external media for a little magic byte at the end of the first sector of that media to indicate that it is bootable and in turn will boot (let those instructions take over). This style of booting media is called MBR or Master Boot Record.
Modern machines and most mobile devices use GPT or global partition table. There are quite a few advantages to GPT one primary being the possibility of many many more primary partitions, (MBR was very limited). The GPAD 7 LTE has 34 partitions to put things in perspective. When your device is stuck in 9008 mode, it is because it doesn't have a clue how to boot, most likely your GPT is corrupted. Fortunately, at least with the Gpad 7.0 this information does not have to be on the onboard internal memory chip. For this fix we will be constructing an sdcard to have all this info to get into a mode capable of writing to the emmc.
Without Further Ado, Here are the steps:
]PLUG THE TABLET INTO A CHARGER while you do the following (you may think it's been off and fully charged, but in reality it's probably been trying to boot over and over again while looking lifeless)
1.) Get the KDZ for your device (stock firmware)
2.) Extract the DZ using LGFirmwareExtractor
3.) Extract all the .bin files from the DZ using LGFirmwareExtractor
3b.) V410 US LTE ONLY - Replace aboot and boot with the files I attatched --I was fortunate enough to back them up before I hosed my tablet and they proved invaluable as the ones in the KDZ I linked to were causing strange graphic issues.
4.) open a terminal in linux and dd the sdcard with the file you extracted called "PrimaryGPT...."
I.E. "sudo dd if=/PATHTODZFILES/PrimaryGPT_0.bin of=/dev/sdx" (BE CERTAIN of the of= path, you can find yourself with more problems if you get that wrong) (run "sudo fdisk -l | less" first to verify what your sdcard's path is.)
This is where it gets tedious...:
5.) Do some hand stretches and start charting all 34 partitions on paper. Your sdcard is now partitioned with GPT and you need to know the name of each partition and its path. I.e. ("Partition name: LAF Located at /dev/sdXx")
6.) now for the fun part: dd every .bin to the corresponding partition EXCEPT: laf.bin and any of the system_xxxxx.bin files. (laf disables fastboot and the next step will bring you to a useless LG firmware download mode)( I.e. sudo dd if=/PATHTODZFILES/laf_xxx.bin of=/dev/sdXx) If some fail out, don't fret too much, I'm currently uncertain which ones are required and don't feel like corrupting my tablet again to figure that out. If the next step doesn't work you may need to revisit this step and ensure everything was accurate. It's easy to write down the wrong location for a partition and throw everything off
7.)Unmount your sdcard and put it in the tablet
8.) Press and hold power and volume up...If all went well, there is suddenly life to your paperweight!! Congratulate yourself and prepare for more fun... If nothing happened, revisit the above steps, more than likely something got flashed to the wrong partition.
9.)Now that you have fastboot, plug your tablet into the computer and use the following command: "fastboot boot TWRP.img" (or whatever the name or path is for your downloaded TWRP image.
10.) You should now be in TWRP and now your device is ADB ready, we are close to the home stretch...
11.) Now we need to load up an sdcard with all those dz files (except for laf and system images) and the custom rom like cyanogen mod. (if you only have the one sdcard you can unmount it and remove it while the table is in TWRP...crazy right?, if you opt for this, reformat the sdcard to ext or fat or whatever you please so the tablet can see all the bin files) Then put the sdcard into the tablet. You may need to remount the card in twrp before proceeding...
12.) Now from your computer type the following command "adb shell".
13.) now just like you did with the sd card dd PrimaryGPT_0.bin to the internal memory card, with the following command: dd if=/sdcard/PrimaryGPT_0.bin of=/dev/block/mmcblk0
14.) Grab the paper you wrote all the partitions down on and start doing the same thing you did to the sdcard to your tablet. You'll adjust the following command accordingly: "dd if=/sdcard/PARTITIONNAME.bin of=/dev/block/mmcblkpX (X being the partition number)
(again skip all system bin's and laf_xxxx.bin. Flashing laf disables fastboot on LG devices.)
15.) now time to install your custom rom, go through the prompts, clear your cache, and delvik cache and choose power off.
If all went well, you now have a tablet again, that's unlocked too!!!!! If not, don't lose faith, revisit the steps and ensure you didn't mistype or overlook something, this is so tedious it's easy to do. For instance, if you mistype your of=xxx it will create the file instead and give no error.
Post with your success stories, questions or difficulties and I'll try to help.
Yours Truly,
TheKiln
UPDATE/WARNING: Do not at any time under any circumstances dd directly from your host computer to the internal memory on your tablet, only do this via the asb shell. This may render a mode that I have not yet found a fix to, I will be working on it soon but from initial observation may be more complicated then the above instructions. With any invasive hacks like this tutorial there is always the possibility of making matters worse, so exercise caution and patience.
Quick Update/Revision : I am actively experimenting with this device and wanted to share that if your sbl1 and sbl1b partition is corrupt I have confirmed it will also cause 9008 mode. Therefore, it may be best to determine if the table is corrupt (try "parted /dev/block/mmcblk print"), and if not instead of wiping rewriting mmcblk0 try restoring sbl1 and sbl1b first. The V410 boots in the following order from what I can tell slb1->aboot->boot->system. So far I haven't found a downside to my prior instructions but to be less invasive just in case it might be wise to try this amendment.
I know my grand partition is corrupt, because after doing fastboot erase, basically everything, it came up as /dev/sdb. In a panic, I had deleted all the partitions, so now obviously my emmc storage is one big formated 16gb HD that cannot be seen in windows or linux no longer.
I just tried your method, found this post by doing a google search for:
sudo dd if=PrimaryGPT_0.bin
Had been doing just this, including the laf and many other ways. Am still getting the same thing though when putting the sdcard in the tablet, shows a 0% battery.
with the sdcard in the tablet I do get:
Bus 003 Device 063: ID 05c6:f006 Qualcomm, Inc.
Then after a few minutes, leaving it plugged into the USB I get:
Bus 003 Device 058: ID 1004:61a1 LG Electronics, Inc.
Also, with the sdcard in I do get KDZ_FW_UPD_EN to start updating but then get a perimeter error.
bethnesbitt said:
I know my grand partition is corrupt, because after doing fastboot erase, basically everything, it came up as /dev/sdb. In a panic, I had deleted all the partitions, so now obviously my emmc storage is one big formated 16gb HD that cannot be seen in windows or linux no longer.
I just tried your method, found this post by doing a google search for:
sudo dd if=PrimaryGPT_0.bin
Had been doing just this, including the laf and many other ways. Am still getting the same thing though when putting the sdcard in the tablet, shows a 0% battery.
with the sdcard in the tablet I do get:
Bus 003 Device 063: ID 05c6:f006 Qualcomm, Inc.
Then after a few minutes, leaving it plugged into the USB I get:
Bus 003 Device 058: ID 1004:61a1 LG Electronics, Inc.
Also, with the sdcard in I do get KDZ_FW_UPD_EN to start updating but then get a perimeter error.
Click to expand...
Click to collapse
Ive seen the exact mode you are referring to. Three possibilities:
1.) unplugged, hold down the power button for 30 seconds (or less if fastboot comes up)
2.) your sd card does not have all the necessary partitions to boot (which i just confirmed are specifically rpm, rpmb, tz, tzb, sbl1, sbl1b, PrimaryGpt(has to be done first), aboot and abootb)
3) They didn't dd quite right. from my active testing Ive found if you script the dd'ing it doesn't quite flash right, unless you add a delay after each step.
Its actually a very good sign you are seeing the 0% battery logo, sounds like you are almost there. Let me know what happens. Ill be happy to help guide you. Ive dedicated my v410 as a dev board so Im constantly running tests and reverse engineering it.
The 0% only shows up with the sdcard in, after I remove it, nothing. Tried wall charging it all night, that did nothing.
My theory is that if there was some way to mount the raw emmc and dd the primarygpt.bin to the raw emmc hd then the rest would be not problem.
I deleted the original EMMC partitions in gparted under linux after doing an erase fastboot -w laf, system, etc... something like that. After that the tablet did not show up again in gparted as soon as I unplugged it.
Right now I'm zero dd'ing my 16gb sd card, dang dd'ing seems to glue the partitions to the sdcard, If I try to fdisk the sdcard or delete the partitions using gparted, as soon as I dd the primarygpt.bin the old files reappear. Need to start fresh with 0s to the card.
In windows I can actually install specific lg drivers while in qualcomm hs_usb 9008 mode. The interesting thing with the sdcard in I can install the LG Android Net USB serial driver, which will not work while in 9008 mode.
bethnesbitt said:
The 0% only shows up with the sdcard in, after I remove it, nothing. Tried wall charging it all night, that did nothing.
My theory is that if there was some way to mount the raw emmc and dd the primarygpt.bin to the raw emmc hd then the rest would be not problem.
I deleted the original EMMC partitions in gparted under linux after doing an erase fastboot -w laf, system, etc... something like that. After that the tablet did not show up again in gparted as soon as I unplugged it.
Right now I'm zero dd'ing my 16gb sd card, dang dd'ing seems to glue the partitions to the sdcard, If I try to fdisk the sdcard or delete the partitions using gparted, as soon as I dd the primarygpt.bin the old files reappear. Need to start fresh with 0s to the card.
In windows I can actually install specific lg drivers while in qualcomm hs_usb 9008 mode. The interesting thing with the sdcard in I can install the LG Android Net USB serial driver, which will not work while in 9008 mode.
Click to expand...
Click to collapse
The 0% comes up when your sdcard is inserted because you are close to getting it done. You're going to have your computer running all night on the zero'ing but I can assure you that will be in vein. The whole point of this tutorial is so you can get into a mode in which you can flash the emmc. I can tell you are a little lost in the steps so pm me and I'll help you out. Also a word to the wise, you can try all you want with windows and the 9008 drivers, but seriously there is nothing out there specific to the v410 thats going to help you "engage" the 9008 mode. Not being stubborn I've just literally tried it all. If it's any credit I am clinically OCD. I can't sleep till I figure things out.
Finally, I see a hope is shining here!
I bricked my LG VK810, when I was trying to flash twrp, I refered to v500 pad instead and I flashed wrong img files (aboot, boot, sb1, sb2, sb3, tz & twrp.img) "only those 6 files" so I only need to replace those with the correct files, which I downloaded now.
I do not have Ubuntu, however I have CentOS, which i have not used for couple of years, so I forgot how to use it. also do I still need to use the LG Firmware Extractor?
please help
thekiln said:
This is where it gets tedious...:
5.) Do some hand stretches and start charting all 34 partitions on paper. Your sdcard is now partitioned with GPT and you need to know the name of each partition and its path. I.e. ("Partition name: LAF Located at /dev/sdXx")
6.) now for the fun part: dd every .bin to the corresponding partition EXCEPT: laf.bin and any of the system_xxxxx.bin files. (laf disables fastboot and the next step will bring you to a useless LG firmware download mode)( I.e. sudo dd if=/PATHTODZFILES/laf_xxx.bin of=/dev/sdXx) If some fail out, don't fret too much, I'm currently uncertain which ones are required and don't feel like corrupting my tablet again to figure that out. If the next step doesn't work you may need to revisit this step and ensure everything was accurate. It's easy to write down the wrong location for a partition and throw everything off
Click to expand...
Click to collapse
Please please please help, how to do those steps!
nmnm4alll said:
Please please please help, how to do those steps!
Click to expand...
Click to collapse
I am not certain exactly which partitions have to be flashed, the attached note I made was from what I can tell so far. I was simply noting that it may be best to try one partition at a time vs doing them all at once, it is at your own descretion. So as far as listing the partitions, I'm not familuar with the centos distro but in Ubuntu it is something to the effect of fdisk /dev/sdb -l or gdisk /dev/sda then p. I hope that answers your question, If not please be more specific to your exact question.
thekiln said:
I am not certain exactly which partitions have to be flashed, the attached note I made was from what I can tell so far. I was simply noting that it may be best to try one partition at a time vs doing them all at once, it is at your own descretion. So as far as listing the partitions, I'm not familuar with the centos distro but in Ubuntu it is something to the effect of fdisk /dev/sdb -l or gdisk /dev/sda then p. I hope that answers your question, If not please be more specific to your exact question.
Click to expand...
Click to collapse
Thank you very much for your response, I am sorry I have never flashed partitions before, sbut I noticed gparted is not on CentOS, so I downloaded Puppy precise Linux as I was able to find gparted and I tried using it as shown in this video, https://www.youtube.com/watch?v=6z1Tu9l8WNc
But I am confused now about how big and what are the formats for the 34 partitions which need to be created?
nmnm4alll said:
Thank you very much for your response, I am sorry I have never flashed partitions before, sbut I noticed gparted is not on CentOS, so I downloaded Puppy precise Linux as I was able to find gparted and I tried using it as shown in this video, https://www.youtube.com/watch?v=6z1Tu9l8WNc
But I am confused now about how big and what are the formats for the 34 partitions which need to be created?
Click to expand...
Click to collapse
Flashing PrimaryGPT_0.bin will automatically create the partitions. Flashing the individual partitions will give each partition the data needed. There should be no need to manually create partitions, if no partitions show up in gparted, the problem goes back to primarygpt, as that is the partition table.
I am not quite sure what you mean by:
thekiln said:
5.) Do some hand stretches and start charting all 34 partitions on paper. Your sdcard is now partitioned with GPT and you need to know the name of each partition and its path. I.e. ("Partition name: LAF Located at /dev/sdXx")
Click to expand...
Click to collapse
how to can I get the Partition names?
Edit: I finally was able to get Ubuntu installed on my computer, so please instruct accordingly, sorry I have been googling everything you have mentioned in your OP with no luck!
Thanks in advance.
nmnm4alll said:
I am not quite sure what you mean by:
how to can I get the Partition names?
Edit: I finally was able to get Ubuntu installed on my computer, so please instruct accordingly, sorry I have been googling everything you have mentioned in your OP with no luck!
Thanks in advance.
Click to expand...
Click to collapse
For the names I like to use "parted /dev/sdb" then "print" (sdb being the location of the sd card, might be sdc, sdd, etc..)
thekiln said:
For the names I like to use "parted /dev/sdb" then "print" (sdb being the location of the sd card, might be sdc, sdd, etc..)
Click to expand...
Click to collapse
Thanks for the command line, I came up with this 36 partitions
https://www.dropbox.com/s/bw8nj317y3v7pw6/VirtualBox_Ubunto_05_01_2016_08_59_03.png?dl=0
now how do I know each partition's path?
you have mentioned "I.e. ("Partition name: LAF Located at /dev/sdXx")"
so do I type for example: "modem: LAF located at /dev/sdb1" (sdb1 is my sdcard's path)?
thekiln said:
6.) now for the fun part: dd every .bin to the corresponding partition EXCEPT: laf.bin and any of the system_xxxxx.bin files. (laf disables fastboot and the next step will bring you to a useless LG firmware download mode)( I.e. sudo dd if=/PATHTODZFILES/laf_xxx.bin of=/dev/sdXx) If some fail out, don't fret too much, I'm currently uncertain which ones are required and don't feel like corrupting my tablet again to figure that out. If the next step doesn't work you may need to revisit this step and ensure everything was accurate. It's easy to write down the wrong location for a partition and throw everything off
Click to expand...
Click to collapse
Those are the files got extracted from the DZ file
https://www.dropbox.com/s/z3ebiy4vvnsy9oo/Untitled.png?dl=0
and this is a screenshot in Ubuntu after copying the file on a 64 memory stick and mounting it
https://www.dropbox.com/s/gqn35n1npklq8ld/VirtualBox_Ubunto_05_01_2016_09_30_15.png?dl=0
Do I just type: "sudo dd if=/media/mike/MEMORY/aboot_153600.bin of=/dev/sdb1" and so on for all .bin files?
Please try to write command lines as I do not have experience with Linux
I'll be honest and blunt, if you do not have experience with linux, a simple keystroke mistake could wipe your entire computer. I can't in good conscience recommend touching dd if you're not familiar with it. Not trying to be condescending or anything just really dangerous tools we are working with here.
it have problem
wow !!! i can see the LG logo in my tablet !!!
but i can't run next step !!!
pushed power + volume up button but i never changed screen !!
This is written on the screen.
"boot certification verify"
please help me i copy 34 partition on SDcard after that what can i do? please answer , this does not work (( 8.) Press and hold power and volume up...If all went well, there is suddenly life to your paperweight!! Congratulate yourself and prepare for more fun... If nothing happened, revisit the above steps, more than likely something got flashed to the wrong partition.
Issue
Hello, I've successfully followed the tutorial until step 9. When i flash TWRP it reboots and comes back to the fastboot screen.
If I hold the vol+ button when it is booting, the download mode screen flashes for a second and then it comes back to the fastboot.
I haven't been able to to anything else and would be very grateful if someone could help me with this.
Apparently there is no bootloader so it is stuck
I attached a picture of my screen
LG G Pad 7.0 V400
Is there a way to unlock Qualcomm 9008 from LG V400?
Finally my dead tablet went into fastboot mode.
Except windows cannot find a fastboot driver and fastboot command can't locate the device either. Any suggestions?

[HOW-TO]Android 8.1 for Z00VD/ZC500TG

Hello people of XDA,
as I promised here, here's a tutorial for getting Android Oreo 8.1 up and running to your device.
NOTE: I DID NOT MAKE THIS TUTORIAL! This is a translated guide from 4PDA by nik-kst. I've also rehosted some of the files on Google Drive so you won't have to register on 4PDA(hopefully).
Code:
[B]Your warranty is now void. [/B]
I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed. Please do some research if you have any concerns about features included in this ROM before flashing it! YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
Now that the disclaimer is dealt with, let's get on with this tutorial shall we?
First things first, we need to grab a bunch of things:
SP Flash Tool;
MediaTek VCOM Drivers;
The Stock Kernel(it will make sense to you soon!);
Scatter file for repartitioning, drop it inside the stock kernel folder(credit to fca.sjc);
ADB and Fastboot of your choice;
New recovery;
Oreo's Backup, drop it inside a MicroSD card or drop it once you have re-partitioned the device successfully;
Once you have everything setup and extracted, you're ready to go!
First, we gotta go ahead and install VCOM drivers - we won't be able to do anything to our phone without them.
If you're running Windows 8/10, make sure to disable Driver Signature Verification.
Go to Device Manager, click Action at the top and click Add legacy hardware. A new wizard window will appear.
Choose Install the hardware that I manually select from a list(Advanced);
In the next window, choose Show all devices and click Next, then click Have disk...
Then you will be prompted to direct to the driver install info, so click Browse...
Now go to the folder of drivers and select the Setup Information file that's fitting for your computer, x86 for 32-bit and x64 for 64-bit.
You should now find 5 new devices in the list, add them one by one by repeating steps 2 to 6 until you have all of them installed.
Windows might complain about unsigned drivers, just allow their installation and proceed.
If your ports list looks similar to the picture below, then you're set for the next step!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Next, we'll want to back up the NVRAM partition, because AFAIK, it keeps important unique data about your device such as WiFi, IMEI etc. data.
Note: You may want to take out your MicroSD card and SIM cards prior to this just in case. Also, might be the possible fix if readback for NVRAM fails(needs confirmation).
First, open up Flashtool.exe as admin and go to Readback tab;
Click on Add, a new item in the list will appear. You want to double-click on it, so that a Save File window would appear.
Save that file anywhere you want, name it whatever you like, for convenience I've named mine ROM_NVRAM.
Now, you'll want to find the address in the memory for NVRAM partition. To do this, open up the stock firmware(credit to fca.sjc) scatter file in a text editor(like Notepad++), and find line partition_name: nvram
In that paragraph, find two values: linear_start_addr and partition_size they should be 0x380000 and 0x500000 respectively.
Punch in those values into the Readback block start address window, so it should look something like this:
Now, click Read Back, it should gray out along with Add and Remove.
Now, turn off your device, pull out the battery for about 30 seconds, reinsert it and DO NOT TURN IT ON YET! With the Volume Down "-" button pressed, plug in your device into the USB port.
The NVRAM partition should've been read and you'll get a giant green tick sign when it's done.
Now that that's done, we can start repartitioning our device.
Make sure your SP FlashTool is running as admin, otherwise restart it as admin.
Open up the Download tab and in the line Scatter-loading File click Choose and navigate to the 8.1 scatter file, it should be named MT6580_Android_scatter_8.1.txt.
From the dropdown list, select Format All + Download.
Again, take out the battery for 30 seconds and put it back in WITHOUT turning it back on.
Now click Download, and with the Volume down "-" button held down, plug the device into your PC. There should be a bunch of colored progress bars at the bottom of the window.
Once it's done, you should get the giant tick pop-up, after which you can disconnect the device, and start it normally.
NOTE: it takes a while for the first launch, so give it some time!
Once it starts up into the first launch wizard, we can now restore the NVRAM.
In order to activate the memory writing function of SP FlashTool, re-start it with admin and press Ctrl + Alt + V, the window header should have (Advanced mode) now.
From the Window drop-down, select Write Memory, it should redirect you to a new tab named accordingly.
In the File Path field, browse to the ROM_NVRAM backup that you made earlier.
In the Begin Address (HEX) field, copy the linear_start_addr value off the scatter file.
The region should be left at EMMC_USER.
Now, click the Write memory button, turn off the device, re-insert the battery just like before, and connect the device with the Volume Down "-" button pressed.
It should begin the writing of the NVRAM and once it's done a giant tick pop-up will appear.
Now after that is done, boot into the OS, check that everything works, including IMEI and WiFi.
Also, during the setup wizard or later in the settings setup a screen lock with a pattern or a PIN or a password(credit to fca.sjc), because the partitions may remain encrypted and show 0mb(needs confirmation)
Now you'll want to unlock the bootloader and flash the TWRP recovery.
Now this is a standard recovery flash, but for a quick summary:
Enable Developer options;
Enable OEM unlocking;
Reboot into bootloader mode(I like to use ADB for adb reboot-bootloader);
Make sure your device is detected via fastboot devices, if not, google some drivers for ADB;
Unlock the bootloader via fastboot oem unlock, and press the Volume up button to confirm the bootloader unlocking.
Now, reboot the phone, it will take a while to reboot, DO NOT PANIC AND WAIT.
Now that we have bootloader unlocked, we can flash the TWRP:
Go into bootloader mode;
Confirm you are being detected again by fastboot devices;
Flash the recovery with fastboot flash recovery [twrp recovery name].img;
now, WITHOUT booting into system we boot into recovery and confirm it works.
Now that you've done all this, you propably want to run Oreo now, eh? Well, here's what we do now:
Note: make sure you have the Oreo's backup zip extracted at it's own folder inside your MicroSD card or inside the phone's internal storage by now(thanks @ZappaDong for letting me know)
From recovery, select Wipe > Advanced Wipe and select system and vendor, and wipe them. Logs may complain about not seeing vendor, ignore that message.
Then, we restore everything from the Oreo backup;
Finally, do a factory reset(aka wipe Data, Dalvik and cache);
And reboot!
Now, fingers crossed, you should be booting into a fully functional 8.1 Oreo! if you did, congratulations!
Please let me know if I've made any mistakes and/or this has worked for you.
All credits go to the awesome people at 4PDA, especially nik-kst(if you're reading this, you the real MVP!), below I've linked the sources I've written this guide from.
Nik-kst's guide to repartitioning the device for Oreo;
Nik-kst's post about the Stable Oreo ROM.
Reserved for possible FAQ in the future
@aurismat, Hey man it worked as expected ! However, I was a bit confused on the repartitioning part when selecting ''Format all+download'' option then clicking ''start'' will only give an error stating that the IMG file of ''vendor'' is missing. (I am using SP FLASH v5.1744)
But nevertheless, I tried the ''Download only'' option and lucky it worked as well. I just wanted to clarify should it be Format all +download or Download only? Or is there a missing corresponding IMG file for vendor ?
Hey @JustAnormalGuy,
It should've been Format All + Download.
Also I'm glad that my post has helped at least one person.
Thanks for pointing out this omitted detail though, I'll edit the post ASAP.
Thanks for the translation!
--- solved ---
I have tried it three times but never managed to back up the NVRAM partition.
Error: s_dl-get_fram_setting_fail (5054) see attached screenshot
-----------
I have used Win 10 on my Mac and it worked.
Now I am stuck at step "5. Unlock the bootloader via fastboot oem unlock, and press the Volume up button to confirm the bootloader unlocking."
this looks O.K. to me
----------------------------------
>fastboot oem unlock
...
(bootloader) Start unlock flow
OKAY [ 16.047s]
finished. total time: 16.047s
-----------------------------------
But now nothing happens after
-----------------------------------
> fastboot reboot
rebooting...
finished. total time: 0.000s
-----------------------------------
It's stuck in
[Fastboot Mode] <<==
=> FASTBOOT Moe ...
and nothing happens.
UPDATE
O.K. I have used the Power Button to switch it off and on again, there was a small Android for a few seconds and the phone rebooted the second time. Now I am waiting for it to finish booting.
UPDATE 2
TWRP is working now
And what TWRP.img should I use for
"3. Flash the recovery with fastboot flash recovery [twrp recovery name].img;"
in the next paragraph? Is this the "New recovery;" from the download section at the top?
Thank you!
Missing tips:
- Put both scatter files inside the stock kernel folder before starting.
-I used the stock scatter file for the NVRAM backup then the 8.1 scatter only for the Formal all+Download step.
- When you first run the stock ROM, set up a pin or a password, otherwise you will have failed to mount data in twrp and data will show as 0mb due to its encryption.
@aurismat does that WW file includes the new vendor release?
In the vendor, a bug was detected, the camera with the auto flash turned on, did not turn on (rather, it turned on and off immediately), the flash when shooting video.
Now everything works as it should: yes2:
Fixed vendor: 07/07/2018
https://yadi.sk/d/DUGRYLnc3YtADV
I did everything according with this tutorial. Sadly my mobile network is not connecting idk why. I get an error saying Simprocessor and it doesnt connect on mobile network. It detects the networks but wont connect. Im going back to stock until someone can help me fix it.
@ZappaDong:
Yes, you should use the one I provided the link at the list of downloads.
Also, a bit late and I may be wrong, but your DRAM reads may be hindered by a MicroSD card(confirmation needed). Try ejecting it before you read off the NVRAM.
@fca.sjc:
First of all, thanks for pointing out my missing tips.
I'm not really sure if it includes the fixed vendor. I didn't really have any issues with the camera's flash, so they already included it(?)(again, needs confirmation).
For failed connections, make sure you flashed the NVRAM correctly(hence why you should test the telephony after you've repartitioned to stock 5.0 with the NVRAM backup flashed).If you failed to do that, I was told you should be able to recover the NVRAM data with Maui(?) software(confirmation needed, once again).
Thanks to both of you for pointing out these tips, I'll update the guide and credit you when I'll have more time. Cheers!
[*]For failed connections, make sure you flashed the NVRAM correctly(hence why you should test the telephony after you've repartitioned to stock 5.0 with the NVRAM backup flashed).If you failed to do that, I was told you should be able to recover the NVRAM data with Maui(?) software(confirmation needed, once again).
[/LIST]
Click to expand...
Click to collapse
After repartition, wifi, 3g and mobile signal works fine. I just cant flash twrp after unlocking bootloader otherwise i get a bootloop (unable to mount data and storage). So after i installed twrp and wiped/restore vendor and system, i reflashed stock recovery to acess android and then, restarted again to recovery. At this point, i did the write memory step again, using old vendor and the new vendor. None seem to work. I even backed up NVRAM using TWRP at first to make sure i did it right and tried to restore from there and it doesnt seem to be an IMEI issue. Maybe it has something to do with the frequency. Im on Brazil right now and idk
It does recognize my Sim card, my number, it downloads the data operators and etc but it doesnt connect to the mobile signal idk why. The bug starts at the restore step so it has something to do with this part.
I just test stuff but im pretty experienced at flashing and reflashing, etc. I guess only a dev can help and i actually went back to 7.1 UHANS rom, wich i got from 4pda.ru. Before using this rom, I was having a bluetooth audio stream bug and Ive tested like 4-5 roms, one for each kernel that was there. Lets see if someone can help me with this, cause i want oreo for better bluetooth audio stream.
Thanks for your help so far. I really apreciate it. This device is very good and we dont see many mods here on xda for it.
aurismat said:
@ZappaDong:
Yes, you should use the one I provided the link at the list of downloads.
Also, a bit late and I may be wrong, but your DRAM reads may be hindered by a MicroSD card(confirmation needed). Try ejecting it before you read off the NVRAM.
Click to expand...
Click to collapse
Thanks again!
I am using Windows 10 (bootcamp on the iMac) now and I have read the description in the 'old' [ROOT/TWRP] thread but used the files you have provided.
TWRP is working now, but I got an error that the ZIP file on the SD card was corrupted. Maybe I have damaged it when copying it to the SD card under OS X.
I am just redownloading it with Windows 10 and give it another try. (Yandex is very slow now, about 60 KB/s)
------------------------------------------------------------------
UPDATE
I have downloaded "WW_Phone-user_810_O11019_1528478718_release.zip" again, put in on the SD card, booted into Recovery, wiped system and vendor and chose "Install" , selected the "WW_Phone-user_810_O11019_1528478718_release.zip" file.
But I still get an error message.
Installing zip file '/external_SD/WW ... release.zip'
Checking for digest file
Skipping Digest Check: no Digest file found
[IN RED]Invailid zip file format!
Error installing zip file '/ 'external_SD/WW ... release.zip' [/IN RED]
Updating partion details...
...done
I have just copied the zip file from the download folder to the SD card - have I missed anything?
ZappaDong said:
And what TWRP.img should I use for
"3. Flash the recovery with fastboot flash recovery [twrp recovery name].img;"
in the next paragraph? Is this the "New recovery;" from the download section at the top?
Thank you!
Click to expand...
Click to collapse
Yup that one
@ZappaDong, yeah I kind of forgot to mention again - you should've extracted the .zip in which the backup came in. It's a backup, not an installation zip.
It needs to be extracted into its own folder inside the MicroSD card, so that then it could be used by TWRP to recover the partitions.
Thanks for pointing this out to me though, gonna edit it ASAP.
@fca.sjc bro AFAIK that problem of yours could be because of one or more of the following:
1. Your IMEI is missing or null. I would suggest SN Write tool (since I already tried it). Is quite effective, it is comparable to Maui Meta although I haven't tried it yet. (Tutorial here ==> https://forum.hovatek.com/thread-12306.html )
It is better to use PC restore tools since it writes directly to the nvram unlike apks like Chamelephon which (according to what I know) writes only to nvdata.
2. You need to switch the sims. What i mean is just if you have 2 sims on your phone, switch sim 1 in with sim 2. I forgot the explanation on it but it helps.
3. You need to switch off data connection on the other sim. On the several roms I tried on 4pda including this 8.1 pixel based rom, upon first bootup, the data connection on both sims are already on, therefore 3G cannot work. So first turn both sim's connection off then check if network mode is set to 3G. If not do the Solution #2.
JustAnormalGuy said:
@fca.sjc bro AFAIK that problem of yours could be because of one or more of the following:
1. Your IMEI is missing or null. I would suggest SN Write tool (since I already tried it). Is quite effective, it is comparable to Maui Meta although I haven't tried it yet. (Tutorial here ==> https://forum.hovatek.com/thread-12306.html )
It is the best IMEI restore tool since it writes directly to the nvram. (Meaning it retains even after wipes to data, system etc. via twrp)
2. You need to switch the sims. What i mean is just if you have 2 sims on your phone, switch sim 1 with sim 2. I forgot the logic on how that helps but I've seen it as a solution as the phone rereads the sims.
3. You need to switch off data connection on the other sim. On the several roms I tried on 4pda including this 8.1 pixel based rom, upon first bootup, the data connection on both sims are already on, therefore 3G cannot work. So first turn both sim's connection off then check if network mode is set to 3G. If not do the Solution #2.
Click to expand...
Click to collapse
Thanks for your help bro. I did check the IMEI while i was on this oreo rom. It seem to be ok. Number was there but i did not check if it was the right number. I might check it when i try to flash again. Probably later today when i'm home.
The problem wasnt just data connection, it was the connection itself. I couldnt call or receive SMS to activate whatsapp, for example. Like i said previously, those features were ok after repartitioning (on stock repartitioned). After the restore step, i did check all network options, including data, network mode, network connections available,etc. I'll follow your tutorial to restore the IMEI if the numbers are different then. I'll remember to take some screenshots next time so you guys can help me figure out what the problem is. Thanks again
aurismat said:
@ZappaDongIt's a backup, not an installation zip.
Click to expand...
Click to collapse
Yes, that did the trick. The installation went through and everything seems to work now.
Thank you again for your patience.
I saw there in the forum 4pda that are doing roms project treble pro zenfone go, only that I can not understand the mode of installation, you know how?
Ricardo Flowers said:
I saw there in the forum 4pda that are doing roms project treble pro zenfone go, only that I can not understand the mode of installation, you know how?
Click to expand...
Click to collapse
Yeah, it is possible -
FIrstly you'd need a vendor image that has fixed RIL(telephony) - vendor off this thread's 8.1 has RIL broken in Treble ROMs.
Luckily you can get it off any 8.1 custom ROM off ska-vova in 4pda. Just download any of his .zips(i.e. his ResurrectionRemix ROM(which imo is just official ResRemix with their Russian preference for a browser, but fine)), flash them and then backup the /vendor off it(and /boot for good measure)
Buuuuut then you need a TWRP that supports system image flashing - not sure if the one I provided here has it, if it hasn't - I'll post it here.
Then all you need to do is flash the Treble image, restore the /vendor(and /boot if you need to) and hope for the best!
Sadly the Havoc OS 2.0, the only ARM A-Only Pie-based ROM available here didn't work for me - just straight bootloops.
Your mileage may vary - if you get the Havoc OS 2.0 instaled, I'd love to read about it.
aurismat said:
Yeah, it is possible -
FIrstly you'd need a vendor image that has fixed RIL(telephony) - vendor off this thread's 8.1 has RIL broken in Treble ROMs.
Luckily you can get it off any 8.1 custom ROM off ska-vova in 4pda. Just download any of his .zips(i.e. his ResurrectionRemix ROM(which imo is just official ResRemix with their Russian preference for a browser, but fine)), flash them and then backup the /vendor off it(and /boot for good measure)
Buuuuut then you need a TWRP that supports system image flashing - not sure if the one I provided here has it, if it hasn't - I'll post it here.
Then all you need to do is flash the Treble image, restore the /vendor(and /boot if you need to) and hope for the best!
Sadly the Havoc OS 2.0, the only ARM A-Only Pie-based ROM available here didn't work for me - just straight bootloops.
Your mileage may vary - if you get the Havoc OS 2.0 instaled, I'd love to read about it.
Click to expand...
Click to collapse
Can you do a tutorial? I did not quite understand how it installs. Sorry, google translate does not help.
Deleted

MK903V Firmware Imaging using AndroidTool v2.3

Hi,
I do have some MK903V TV Sticks that came with Android 4.4.2 and some with Android 7.1.
I thought I could potentially just clone the complete flash from one device to another using AndroidTool v2.3, but that failed.
I used "ExportImage" from "Advanced Function" to export the flash from 0 to 0x00E90000. I then selected the exported file and flashed it to Address 0x00000000 and name "system" using the "Download Image" tab.
The AndroidTool said it uploaded the file and verified okay. But after that I re-exported few blocks from 0x0 and found that the flash was not overwritten. The device did not boot (no HDMI signal).
I re-exported the system partition and found that it wrote the full backup into the system partition instead.
So basically the Tool used the "name" column and completely ignored the "address" column?
Is there a way to just write the complete flash using AndroidTool v2.3 ignoring partitions? I basically just want to mirror a device to another.
Okay, so I guess I understood that "LOADER" is actually aware of all partitions on the device and also their use/format. The "Address" column seems to be ignored completely. I guess this is only relevant for "MASK ROM" mode devices?
I found out by trying to write to "parameter" partition, hoping it would write to 0x00. But instead it wrote into the first partition at 0x08 and properly wrote the header in front of it with the size of the written data.
So, I now know how to properly extract the "parameter" image from another device and I assume all other partitions can be simply dumped and written without any magic happening to them? But I need to write them partition by partition?
For my understanding... The LOADER mode / the green "Loader" row in AndroidTool is something that is not on the flash, right? But it obviously reads the flash and its partitions.
If I'm right, I cannot brick the device as long as I don't flash a different "Loader" (which I don't have anyways as I cannot extract it from another device).
But: When I mess up the "parameter", will LOADER mode still boot fine and allow me to rewrite "parameter"?
Is "Loader" always booting "uboot" next, which then decides on booting into "kernel" or "recovery" if "R" is pressed?
Okay, I have so many questions and I can't really find any documentation :/
So at least I'll continue my self conversation here.
The bootloader of the RK3288 - and I'm still not sure what exactly it is - has two modes, LOADER and MASKROM.
I think in LOADER mode it is aware of partitions and makes sure users can only flash data to specific partitions. However, you can also update the partitions (and other stuff?) by writing to "parameter", which is part of the first few blocks of the flash.
In MASKROM mode it is not aware of any contents of the flash and you can basically write over the complete flash. In this mode the AndroidTool will actually use the Address column to flash data (I think).
I'm not exactly sure what triggers MASKROM mode but I guess the bootloader boots MASKROM mode if it cannot find "valid" data on the flash.
For example
erases the Flash and IDB, which forces the device from LOADER into MASKROM mode.
I also found lots of instructions that tell you to short two pins on the NAND Flash chip of the device to trigger MASKROM mode. None of these instructions tell you why you do it and how it works, but I guess it just disables the Flash so the bootloader reads back all zeroes or anything like that?
I also cannot find any information what IDB is, what it stands for and where it is stored, but it seems to play an important role here :/
There are multiple Versions of the "bootloader". e.g. https://github.com/neo-technologies/rockchip-bootloader / https://forum.xda-developers.com/t/rk-bl-rockchip-bootloader-collection.3739510/ lists RK3288Loader_uboot_Apr182014_155036.bin, RK3288Loader_uboot_Apr212014_134842.bin, RK3288Loader_uboot_V2.17.02.bin, RK3288Loader(L)_V2.17.bin, RK32xxLoader(L)_uboot_V2.15_replace_ddr.bin
They obviously do some things differently, but I'm not sure if this is relevant for "normal" operation of the device or just if you need to do special things. e.g.
Running Android or Linux from an SD card on a RK3288 device - An easy way to dual boo
If you are interested in dual booting Android and Linux on your RK3288 device or you simply want to try a different Android ROM or Linux distro without flashing the device, then use this method of booting from an SD card. You will need a PC...
forum.xda-developers.com
says that RK3288Loader_uboot_V2.17.02.bin is required to boot from SD card. So earlier versions can't do that?
Can I flash these Loaders to any RK3288 device (I guess?) or are they device specific? Can I downgrade? Can I flash them in LOADER and MASKROM mode? Many things I don't understand properly...
The filenames usually contain "uboot". I guess that's not because they include uboot, but because the bootloader starts U-Boot from the "uboot" partition on a regular boot?

Categories

Resources