Related
I'd like to share some experience on hacking SHARP Android phones.
In the past I have published 102SH unlock and a tool helping users outside Japan to obtain OTA.
About rooting.
We have following preconditions.
a. Locked bootloader.
b. aboot without fastboot facilities.
c. kernel driver preventing read/write to certain partitions.
d. eMMC hardware write protections on certain blocks(including boot, recovery, system, etc.), enforced by power on write protection. This cannot be disabled unless a power off. Please refer document of eMMC datasheet.
For a or b it does not affect rooting.
For c, if we have kernel exploit it's not the case.
For d, you cannot write to protected blocks after the phone booting into Android. So even with temp root and patched kernel you can do nothing making root persist.
Someone mentioned loki. First it's an *old* LK exploit in 2013. Second boot is eMMC write protected. So it's over.
Also someone mentioned fi01's root tools. It's useless here since it's too outdated for this phone. I know every detail of the exploits inside the tool.
Therefore the two ways are all wrong.
What does the right way rooting this phone like?
a. We have to find several exploits and the final one should be kernel exploit. If I'm not going wrong, we could turn off eMMC power and set Qualcomm download magic in SMEM, then a hot reboot should bring the device into download mode with all partition writable.
b. We could try to find exploit or backdoor in sbl1/aboot.
I hope this thread becoming a serious technic discussing thread and more powerful devs joinning in.
2015.4.12
I'm going to give up on this phone.
I still don't have a 306SH SBL1 dump, too lazy to do it. The following result is based on a 305SH SBL1 dump received from someone.
Modem dump here if anyone interested.
https://www.dropbox.com/s/syulmij77qtzb7q/modem.bin.306sh.S8216.tar.xz?dl=0
And a 305SH SBL1 dump is attached.
Power on this phone with Volume Up pressed brings this device boot into FLDR mode, which can load and run code in SBL1. But unfortunately, there are complicated checks(possible RSA protected) before jumping to the code. Code will be loaded to 0x20000000 and the entry point is 0x20000050.
This will show you more on how to talk to the phone over USB cable.
Code:
lsusb -v -d 04dd:933a
The protocol is simple:
op: 1 byte(== 0x00)
size: 4 byte(BE order)
flag: 1 byte(== 0xFF causes loaded address changes to 0xf8002000 other than 0x20000000)
data: size byte(s)
sum: 1 byte(== ~sum of all bytes in from op)
Then the phone replies 010201fb which means failure and reboots, on success it will reply 010200fc.
On success, there is further checking on the outgoing data. If the check fails, the phone will go to EDL mode(aka emergency download mode, USB VID=Qualcomm and PID=9008, some guys may be familiar with it.)
Another simple operation in this mode is displaying the phone's code name.
By sending 3001ce the phone will reply 3109[8 bytes string][1 byte sum]. For my 306SH Boost Mobile variant, this string is "PB25".
Sent from my MI 4C using XDA Free mobile app
goooooooood job!
tewilove said:
I'd like to share some experience on hacking SHARP Android phones.
In the past I have published 102SH unlock and a tool helping users outside Japan to obtain OTA.
I approtiate FlowSwitch's work and he is my idol.
About rooting.
We have following preconditions.
a. Locked bootloader.
b. aboot without fastboot facilities.
c. kernel driver preventing read/write to certain partitions.
d. eMMC hardware write protections on certain blocks(including boot, recovery, system, etc.), enforced by power on write protection. This cannot be disabled unless a power off. Please refer document of eMMC datasheet.
For a or b it does not affect rooting.
For c, if we have kernel exploit it's not the case.
For d, you cannot write to protected blocks after the phone booting into Android. So even with temp root and patched kernel you can do nothing making root persist.
Someone mentioned loki. First it's an *old* LK exploit in 2013. Second boot is eMMC write protected. So it's over.
Also someone mentioned fi01's root tools. It's useless here since it's too outdated for this phone. I know every detail of the exploits inside the tool.
Therefore the two ways are all wrong.
What does the right way rooting this phone like?
a. We have to find several exploits and the final one should be kernel exploit. If I'm not going wrong, we could turn off eMMC power and set Qualcomm download magic in SMEM, then a hot reboot should bring the device into download mode with all partition writable.
b. We could try to find exploit or backdoor in sbl1/aboot.
I hope this thread becoming a serious technic discussing thread and more powerful devs joinning in.
Sent from my MI 4C using XDA Free mobile app
Click to expand...
Click to collapse
you can change DIAG by enter ##3424# and enter MSL code, it need a driver, i think if we change DIAG, we can root it from another mode
Don't spam.
Sent from my MI 4C using XDA Free mobile app
tewilove said:
Don't spam.
Sent from my MI 4C using XDA Free mobile app
Click to expand...
Click to collapse
who ?
tewilove said:
I'd like to share some experience on hacking SHARP Android phones.
In the past I have published 102SH unlock and a tool helping users outside Japan to obtain OTA.
I approtiate FlowSwitch's work and he is my idol.
About rooting.
We have following preconditions.
a. Locked bootloader.
b. aboot without fastboot facilities.
c. kernel driver preventing read/write to certain partitions.
d. eMMC hardware write protections on certain blocks(including boot, recovery, system, etc.), enforced by power on write protection. This cannot be disabled unless a power off. Please refer document of eMMC datasheet.
For a or b it does not affect rooting.
For c, if we have kernel exploit it's not the case.
For d, you cannot write to protected blocks after the phone booting into Android. So even with temp root and patched kernel you can do nothing making root persist.
Someone mentioned loki. First it's an *old* LK exploit in 2013. Second boot is eMMC write protected. So it's over.
Also someone mentioned fi01's root tools. It's useless here since it's too outdated for this phone. I know every detail of the exploits inside the tool.
Therefore the two ways are all wrong.
What does the right way rooting this phone like?
a. We have to find several exploits and the final one should be kernel exploit. If I'm not going wrong, we could turn off eMMC power and set Qualcomm download magic in SMEM, then a hot reboot should bring the device into download mode with all partition writable.
b. We could try to find exploit or backdoor in sbl1/aboot.
I hope this thread becoming a serious technic discussing thread and more powerful devs joinning in.
Sent from my MI 4C using XDA Free mobile app
Click to expand...
Click to collapse
Forgive me as ive never held a sharp android phone let alone worked on on. but i have a few questions regarding the "knowns" of this device. ive worked on many other devices and it was "known" to have a locked bootloader up until i packed teh cwm/twrp correctly and showed them they dont have a locked bootloader.
sprint is fairly open about bootloaders so why would this one be locked? is there a trend in sharp locked bootloader phones? has someone flashed a custom boot.img/recovery and been presented with a locked bootloader warning screen?
trying to find out some more information and this seemed teh most informed one.
shabbypenguin said:
Forgive me as ive never held a sharp android phone let alone worked on on. but i have a few questions regarding the "knowns" of this device. ive worked on many other devices and it was "known" to have a locked bootloader up until i packed teh cwm/twrp correctly and showed them they dont have a locked bootloader.
sprint is fairly open about bootloaders so why would this one be locked? is there a trend in sharp locked bootloader phones? has someone flashed a custom boot.img/recovery and been presented with a locked bootloader warning screen?
trying to find out some more information and this seemed teh most informed one.
Click to expand...
Click to collapse
Hey! I remember you from the galaxy avant forum. Thanks for your work on that phone. Are you interested in trying to obtain root for this phone? I am going to try and make a bounty for this phone, but I am unsure as how to do so.
Let me know if I can be of assistance to you.
Quickdraw996 said:
Hey! I remember you from the galaxy avant forum. Thanks for your work on that phone. Are you interested in trying to obtain root for this phone? I am going to try and make a bounty for this phone, but I am unsure as how to do so.
Let me know if I can be of assistance to you.
Click to expand...
Click to collapse
my buddy autoprime and i used to chat about this phone, we both wanted one when it launched but neither we willing to just get one. i was hoping the price would have died down a bit but its held strong. at any rate right now im just looking for info, ive never worked on a sharp device before and im unfamiliar with how their bootloaders run in comparison to samsung/lg
shabbypenguin said:
my buddy autoprime and i used to chat about this phone, we both wanted one when it launched but neither we willing to just get one. i was hoping the price would have died down a bit but its held strong. at any rate right now im just looking for info, ive never worked on a sharp device before and im unfamiliar with how their bootloaders run in comparison to samsung/lg
Click to expand...
Click to collapse
How would one go about figuring out such things? I have not tried to get to recovery, download mode, etc yet.
Quickdraw996 said:
How would one go about figuring out such things? I have not tried to get to recovery, download mode, etc yet.
Click to expand...
Click to collapse
@parkerlreed on reddit answered a few of my questions. in teh past if i was able to root a device i could just compile recovery and root everyone then for devices like samsung, without knowing the bootloader situation or how to flash software on this device im left a bit clueless atm.
shabbypenguin said:
@parkerlreed on reddit answered a few of my questions. in teh past if i was able to root a device i could just compile recovery and root everyone then for devices like samsung, without knowing the bootloader situation or how to flash software on this device im left a bit clueless atm.
Click to expand...
Click to collapse
How can I test to see if the bootloader is locked?
Quickdraw996 said:
How can I test to see if the bootloader is locked?
Click to expand...
Click to collapse
Without root, the only option is something fairly stupid that could render your device non-booting.
shabbypenguin said:
Without root, the only option is something fairly stupid that could render your device non-booting.
Click to expand...
Click to collapse
****, figured as much.
shabbypenguin said:
Without root, the only option is something fairly stupid that could render your device non-booting.
Click to expand...
Click to collapse
I... might be up for this. Mother is moving over to Verizon prepaid. I would then have a Moto G to use as my main phone, leaving the Aquos for testing. I'll report back if this turns out to be the case.
Well... This is interesting... The day before I get my new phone to replace my Crystal (cracked digitizer), people with Android experience show interest... Oh well... :silly:
What has made things difficult is that it does some weird stuff without any clue to us as to what it's doing.
USB in computer then Vol Up + Pwr: Phone vibrates once, the Notification LED turns White and installs something on my laptop. The install does not finish before the phone turns off roughly 15 seconds later. That install does not happen again when tried a second time.
Vol Up THEN USB in computer THEN when the LED turns Red hold Pwr: Windows audibly cues a device connect and the screen turns on displaying Charging with a battery logo. The screen then turns off and Windows audibly cues a disconnect. After the audio cue the phone vibrates for roughly 6 seconds, stops, vibrates for another 2 (vibrated for 15 seconds on other tries), and LED turns White (another audio connect cue) for about 15 seconds and turns off (audio disconnect cue).
I started a thread here: http://forum.xda-developers.com/aquos-crystal/help/download-mode-306sh-t3005531 but have not been able to recreate it again...
There is another thread where I posted where the Crystal would endlessly vibrate off and on...
I will still keep the Crystal and might stick around to do some experimental stuff to try to figure things out since it won't be my daily driver anymore. Hope this helps.
I have seen that exact behavior on mine. When I got the solid white LED, I quickly ran adb and fastboot but neither showed the device (on Linux so I don't have to worry about drivers installing). I've also seen it show up as a USB device while powered off and charging but same deal there. I think it just does that so it can register charging from Windows.
I'll try to get a writeup of all the exact behavior.
---------- Post added at 10:22 PM ---------- Previous post was at 09:56 PM ----------
Ok here it goes...
Powered off:
Unplugged:
Hold Vol Up + Power + release shortly after = White light for 15 seconds
Hold Vol Down for 5 seconds + Press and hold Power for a few seconds and continue to hold Vol down = Recovery mode
Plugged: Red light for charging. Device shows up to computer under the generic USB VID/PID ID 04dd:933a Sharp Corp.
Hold Vol Up + Power + release shortly after = same as above. adb nor fastboot -i 0x04dd see the device
Hold Vol Down for 5 seconds + Press and hold Power for a few seconds and continue to hold Vol down = Same as above. Plugging it in after entering recovery shows no devices on the computer.
"Vol Up THEN USB in computer THEN when the LED turns Red hold Pwr: " as mentioned above just seems to go into charging mode then does a small reset and goes back into charging mode.
Holding just power and continuing to hold it: Device starts to boot up, turns back off due to long holding power, and then starts to vibrate if you continue to hold power. Doesn't stop until power is released.
I am able to get my device recognized by adb/fastboot, however when I try to do an oem unlock, it says it is "waiting for device" even though it is connected and was just working fine. Any help?
Someone else says that they have possibly unlocked their bootloader via the command I typed, but no matter what I try, it will not stop "waiting for [my] device"
Quickdraw996 said:
I am able to get my device recognized by adb/fastboot, however when I try to do an oem unlock, it says it is "waiting for device" even though it is connected and was just working fine. Any help?
Someone else says that they have possibly unlocked their bootloader via the command I typed, but no matter what I try, it will not stop "waiting for [my] device"
Click to expand...
Click to collapse
Are you sure it's even seeing the device? fastboot devices would show it. Also what device do you have exactly? 04dd is the vendor code for Sharp...
parkerlreed said:
Are you sure it's even seeing the device? fastboot devices would show it. Also what device do you have exactly? 04dd is the vendor code for Sharp...
Click to expand...
Click to collapse
I have a Sharp Aquos Crystal.
Typing in "adb devices" shows my device, I have not tried typing in "fastboot devices" though, will try that later today.
I simply typed what was listed in another Sharp Aquos Crystal thread and it appears that they may have unlocked their bootloader.
Quickdraw996 said:
I have a Sharp Aquos Crystal.
Typing in "adb devices" shows my device, I have not tried typing in "fastboot devices" though, will try that later today.
I simply typed what was listed in another Sharp Aquos Crystal thread and it appears that they may have unlocked their bootloader.
Click to expand...
Click to collapse
If it's showing up under adb then it's not in fastboot mode. That's the issue here. Actually trying to figure out if there is a fastboot mode and how to get to it. And then on top of that seeing if a bootloader unlock works.
BIG BREAKTHROUGH (at least for myself) :
So for some time now, I've thought that I had hard-bricked my
dwycoff2013 said:
BIG BREAKTHROUGH (at least for myself) :
So for some time now, I've thought that I had hard-bricked my
Click to expand...
Click to collapse
BIG BREAKTHROUGH (at least for myself) :
So for some time now, I've thought that I had hard-bricked my moto XT1609, and I thought what I needed would be best summarized with the words 'blankflash template'. This sent me on a furious wild goose chase for Qualcomm drivers, deactivating driver signature enforcement on a Windows computer, etc., etc. . . You catch my drift. Well, long story short, I ended up coming across another XT1609 (same variant) and since the charger port and screen were all effed up, I just changed out the motherboards and viola! I had my G⁴ Play back in working order. I rooted with auto-init root, and everything was working fine. I took the battery out after powering down, placed my sim and microSD card, and upon attempting the boot, I panicked. It was doing the same thing the last motherboard was doing: showing the "moto" boot screen, vibrating, then black screen, a flash, and it looped. I couldn't load recovery nor kernel. So, I tried to uninstall the init root, and attempted boot, but to no avail.
I was certain all was lost.
However, after reading the PDF of the essay where the bootloader vulnerability was discovered, I decided to utilise fastboot in hopes of saving the kernel from crashing (i assumed the black screen, and the flash was the bootloader attempting to load the kernel). My commands:
fastboot oem config fsg-id vzw (I have the vzw variant)
fastboot oem config carrier vzw
fastboot continue
And success! I saved the kernel from crashing. I urge anyone else having the same problem I described to try fastboot commands using your carrier's id in lieu 'vzw' and let me know the results, please!
Sent from my resurrected vzw xt1609
P.S. I also just had the same problem with this phone again, however this time I set the carrier id blank (as it were from the factory) and let the fsg-id be set by the auto-init root script..
Anyone (senior/recognized members) have any input on what's actually going on here? I'd love to actually be aware of what I'm changing and how it's affecting the boot.
dwycoff2013 said:
BIG BREAKTHROUGH (at least for myself) :
So for some time now, I've thought that I had hard-bricked my moto XT1609, and I thought what I needed would be best summarized with the words 'blankflash template'. This sent me on a furious wild goose chase for Qualcomm drivers, deactivating driver signature enforcement on a Windows computer, etc., etc. . . You catch my drift. Well, long story short, I ended up coming across another XT1609 (same variant) and since the charger port and screen were all effed up, I just changed out the motherboards and viola! I had my G⁴ Play back in working order. I rooted with auto-init root, and everything was working fine. I took the battery out after powering down, placed my sim and microSD card, and upon attempting the boot, I panicked. It was doing the same thing the last motherboard was doing: showing the "moto" boot screen, vibrating, then black screen, a flash, and it looped. I couldn't load recovery nor kernel. So, I tried to uninstall the init root, and attempted boot, but to no avail.
I was certain all was lost.
However, after reading the PDF of the essay where the bootloader vulnerability was discovered, I decided to utilise fastboot in hopes of saving the kernel from crashing (i assumed the black screen, and the flash was the bootloader attempting to load the kernel). My commands:
fastboot oem config fsg-id vzw (I have the vzw variant)
fastboot oem config carrier vzw
fastboot continue
And success! I saved the kernel from crashing. I urge anyone else having the same problem I described to try fastboot commands using your carrier's id in lieu 'vzw' and let me know the results, please!
Sent from my resurrected vzw xt1609
P.S. I also just had the same problem with this phone again, however this time I set the carrier id blank (as it were from the factory) and let the fsg-id be set by the auto-init root script..
Anyone (senior/recognized members) have any input on what's actually going on here? I'd love to actually be aware of what I'm changing and how it's affecting the boot.
Click to expand...
Click to collapse
Hi, dwycoff2013
I'm trying to resurrect my locked bootloader vzn XT1609, as well. I don't think I have a hardware issue. I upgraded to Android 7.1.1 a month or so ago and it was running fine until a few days ago when it started bootlooping much in the way you've described. The blue splash screen comes up for 5 or 10 seconds then the screen goes black, then the blue screen comes up for 5 or 10 seconds, then it goes black, ad infinitum. Well, sometimes it actually goes farther, gets to the screen with the dancing colored dots before rebooting but this is very rarely. I tried installing the auto-init initroot image on it but it sends back a "Permission denied" error for it. I'm wondering if it's because I have 7.1.1 images installed instead of something older?
Anyway, your fastboot commands don't fix anything for me. It continues to bootloop. What version of Android were you running when you tried this?
Thanks!
I was using the 6.0.1 vzw firmware. Can you get to the bootloader with power and vol- ?
I'm assuming you can, considering you're mention of using the fastboot commands. Well, I'd say to install the QFIL & QPST tools, along with the Qualcomm Bulk HS-USB drivers. Once you get to the bootloader, try 'fastboot reboot edl' and it should put the device into Qualcomm's Emergency Download Mode and your computer should recognise the device as QC HS-USB 9008 DL, I believe. If that doesn't work, perhaps try taking the battery out, holding the vol+ button and inserting your USB cable.
dwycoff2013 said:
I'm assuming you can, considering you're mention of using the fastboot commands. Well, I'd say to install the QFIL & QPST tools, along with the Qualcomm Bulk HS-USB drivers. Once you get to the bootloader, try 'fastboot reboot edl' and it should put the device into Qualcomm's Emergency Download Mode and your computer should recognise the device as QC HS-USB 9008 DL, I believe. If that doesn't work, perhaps try taking the battery out, holding the vol+ button and inserting your USB cable.
Click to expand...
Click to collapse
Hi again, dwycoff2013
Sorry I haven't responded earlier. I had to finish my taxes and get my W10 boot working again. I was using Linux Mint in my previous attempts. I'm going to try and install the Qualcomm stuff you recommended but maybe you can answer a few more questions in the meantime:
1. My goal at this point is to get the stock Moto images running again. It appears that this is what you were able to do, from your description. Will running the Qualcomm utilities allow me to do this or will they only allow me to install Qualcomm images?
2. Do the Qualcomm utilities come with a version of fastboot that understand "reboot edl"?
3. My phone has a locked bootloader. I'm assuming that this is why my previous attempts to reflash failed. Can the Qualcomm utilites work when the phone is locked?
4. Can you point me to the pdf document that you were talking about?
Thanks. I'm sorry to sound like a newbie at this Android stuff, but this is what I am
Alright. just to get this out of the way, I used to do tech support for HTC many moons ago. like back when they were *the* name in originating new tech to smart phones. I worked my ass off to get into the R&D team that handled all the new products that got released and to our product recovery team(the idiots that try to put a good light on a bad decision made by corporate). I have rooted and installed custom ROMS and recovery software on several phones from them as well as since then with the latest being my old galaxy S7 loaded up with TWRP and lineagoe OS(although i do not remember which version now)
But i did not do literally *ANY* of that with my Xiaomi MiA1. the phone functioned how i wanted it to out of the box and with the stock ROM, i had no need or desire to do anything with the ROM.
I have all but completely given up on doing this on my own now. I have gone over every guide on the MI forums for xiaomi and i think i may have even exhausted the ones that are available here now too. I am not sure WTH the problem at this point even is but here is the lowdown:
:fingers-crossed:
got the update near the end of December/beginning of January to update my MI A1 to the new android pie version that just came out OTA(i actually have two of these phones, one i have not updated since the first update to oreo, and this one that is hardbricked from after the PIE update)
At first when i got the OTA update, my phone started to act sluggish. simple apps like messenger, or google drive that had always worked flawlessly suddenly were taking ages to load. So like any sensible person, i pulled my info to my SD card, took it out, and then did a system recovery to restore factory defaults and start with a fresh OS again, just like when windows starts behaving poorly.
only this did not fix the problem. It persisted with poor performance after the factory data reset and upon my next reboot, my phone just stopped loading when it got to the MI logo on the screen. i literally let the phone sit on this screen overnight thinking just maybe it was being slow to boot after the reset. No luck and in the morning it remained at this screen.
just to make a note:
-phone was purchased off of amazon, i have reached out to the seller(it was a business)
-phone is in CANADA, so there are no service centers
-i CANNOT enter recovery mode(pwr + volup + voldn), it just freezes at the mi screen
-i CAN enter fastboot, but cannot flash room
-bootloader is locked and i have not yet found a method that will successfully unlock it
-the miflash tool does not work(on any version what-so-ever)
-the mi unlock tool gets to 50% and then fails, cannot unlock
-i have installed minimal adb for fastboot, none of the related commands succeed(yes system sees the phone:
c:\adb>fastboot devices
91c0963c0804 fastboot)
-i cannot unlock bootloader here and cannot install twrp or any other recovery image and it will not allow it even temporarily
I've gotten desperate enough to have even gone to the extreme and tried EDL mode by using test point to enter, computer recognizes the device even as the qualcom 9008, still no luck with any of the tools or ROMs provided on Xiaomi's website.
So be real with me here ladies and gents.... should i take this thing on my next trip up a telecomm tower and biff it as hard as i can at the ground(obviously in a snowless area for the most satisfaction) or can you saintly people actually offer me some support on this to turn my brick paperweight back into a phone again?
it is also worth mentioning that this is my first post here because i have never before had a problem with following any of he guides on here to accomplish any task i've ever set out to do with an android device, but this beastly lil mother is seriously making me consider becoming an iphone person(not really but do you get the frustration here?)
I'm writing this at 5:30 in the morning after being up all night working on this task so if my info is missing somewhere along the line just poke me with stick and i will fill in the blanks as needed.
I couldn't be bothered to get and load screenshots tonight but i will get some up tomorrow after sleep, for now i am going to the graveyard to rest.
Thanks for any responses in advance here.
What error show miflash when you try to flash in edl mode?
balannaer said:
Alright. just to get this out of the way, I used to do tech support for HTC many moons ago. like back when they were *the* name in originating new tech to smart phones. I worked my ass off to get into the R&D team that handled all the new products that got released and to our product recovery team(the idiots that try to put a good light on a bad decision made by corporate). I have rooted and installed custom ROMS and recovery software on several phones from them as well as since then with the latest being my old galaxy S7 loaded up with TWRP and lineagoe OS(although i do not remember which version now)
But i did not do literally *ANY* of that with my Xiaomi MiA1. the phone functioned how i wanted it to out of the box and with the stock ROM, i had no need or desire to do anything with the ROM.
I have all but completely given up on doing this on my own now. I have gone over every guide on the MI forums for xiaomi and i think i may have even exhausted the ones that are available here now too. I am not sure WTH the problem at this point even is but here is the lowdown:
:fingers-crossed:
got the update near the end of December/beginning of January to update my MI A1 to the new android pie version that just came out OTA(i actually have two of these phones, one i have not updated since the first update to oreo, and this one that is hardbricked from after the PIE update)
At first when i got the OTA update, my phone started to act sluggish. simple apps like messenger, or google drive that had always worked flawlessly suddenly were taking ages to load. So like any sensible person, i pulled my info to my SD card, took it out, and then did a system recovery to restore factory defaults and start with a fresh OS again, just like when windows starts behaving poorly.
only this did not fix the problem. It persisted with poor performance after the factory data reset and upon my next reboot, my phone just stopped loading when it got to the MI logo on the screen. i literally let the phone sit on this screen overnight thinking just maybe it was being slow to boot after the reset. No luck and in the morning it remained at this screen.
just to make a note:
-phone was purchased off of amazon, i have reached out to the seller(it was a business)
-phone is in CANADA, so there are no service centers
-i CANNOT enter recovery mode(pwr + volup + voldn), it just freezes at the mi screen
-i CAN enter fastboot, but cannot flash room
-bootloader is locked and i have not yet found a method that will successfully unlock it
-the miflash tool does not work(on any version what-so-ever)
-the mi unlock tool gets to 50% and then fails, cannot unlock
-i have installed minimal adb for fastboot, none of the related commands succeed(yes system sees the phone:
c:\adb>fastboot devices
91c0963c0804 fastboot)
-i cannot unlock bootloader here and cannot install twrp or any other recovery image and it will not allow it even temporarily
I've gotten desperate enough to have even gone to the extreme and tried EDL mode by using test point to enter, computer recognizes the device even as the qualcom 9008, still no luck with any of the tools or ROMs provided on Xiaomi's website.
So be real with me here ladies and gents.... should i take this thing on my next trip up a telecomm tower and biff it as hard as i can at the ground(obviously in a snowless area for the most satisfaction) or can you saintly people actually offer me some support on this to turn my brick paperweight back into a phone again?
it is also worth mentioning that this is my first post here because i have never before had a problem with following any of he guides on here to accomplish any task i've ever set out to do with an android device, but this beastly lil mother is seriously making me consider becoming an iphone person(not really but do you get the frustration here?)
I'm writing this at 5:30 in the morning after being up all night working on this task so if my info is missing somewhere along the line just poke me with stick and i will fill in the blanks as needed.
I couldn't be bothered to get and load screenshots tonight but i will get some up tomorrow after sleep, for now i am going to the graveyard to rest.
Thanks for any responses in advance here.
Click to expand...
Click to collapse
take your sd card off your phone i had similar issues and fixed them that way
ccalixtro said:
What error show miflash when you try to flash in edl mode?
Click to expand...
Click to collapse
it depends on which version of the flash tool is used. the beta version of the flash tool claims that it is successful, but the phone will not load to the Android OS after that is completed and it still will not load into the recovery mode to attempt to factory reset or anything else.
other versions have given errors:
miflash 2017.7.20.0 gives the response after attempting for about 10 seconds of "ACK count don't match!"
miflash 2018.11.15.0 gives the error response of "cannot receive hello packet"
and as stated before the miflash beta goes through the complete flash process with the result stating a "success" response, but the phone will not load to OS, just remains stuck on the MI logo screen when the phone is booting up
i have some screen grabs of all this but i am not yet worthy through XDA to be permitted to share them
thanks for the reply
kuartito said:
take your sd card off your phone i had similar issues and fixed them that way
Click to expand...
Click to collapse
i dismantled the phone manually bro, when you use EDL mode this way the SIM/SD tray is removed you then remove the entire backplate and then disconnect the battery cable from the circuit board and you use the test point method to short two pins that force the system to start in EDL mode when you connect the usb-C cable, so unfortunately that is not the issue :crying:
it never seems to be the simple solutions
Thanks for the reply!
Still dead in the water on this one.
Going to look into getting a replacement, that is a disappointing end to the Xiaomi experience
Facing similar issue. Am able to flash however still stuck when device is rebooted with this message;
Supported API: 3
E: Failed to clear BCB message: failed to FSync/dev/block/bootdevice/by-name/miscperation not permitted.
So I finally rooted my Oneplus 6t from t mobile. I bought the phone from swappa and it worked great. I installed a random rom and it bricked my phone.
I assume it is a soft brick since i can access adb mode but it requires me to power off the phone
and hold the volume keys along with the power button. Otherwise the phone will just boot up and
will be sutck in a continous boot loop. I then tried to fic this issue by using an msm tool found in
the xda fourms. I then entered recovery mode and perfomed a "wipe data/factory reset. I think it hurt more than it helped. Any suggestions on how to unbrick my phone?
I tried using alll three msm tools in this fourm.
when i use the msm tool (MSMDownloadTool 9.0v2) the update just stops after 4 secounds.
Also the update would fail if i were to use the msm tool (MSMDownloadTool 9.0v1 and MSMDownloadTool 9.0.13)
I have tried reinstalling the qualcom drivers but no luck.
I tried deleting the drivers and allowing windows to detect the phone nad download its own usb drivers
but it did not help.
i apologize if i post this in the wrong section. I am new here.
all links and info i followed to attemp to unbrick my phone can be found in this fourm
[TOOL] T-Mobile OnePlus 6T MSMDownloadTool [Firmware 9.0.13] [8/9]
Okay folks, took forever to find, but we finally have it, the T-Mobile OnePlus 6T MSMDownloadTool, your brick savior, bootloader relocker, among other things, I will include a basic faq at the end. Requirements: 1. Windows PC 2. OnePlus 6T -...
forum.xda-developers.com
falzer2007 said:
when i use the msm tool (MSMDownloadTool 9.0v2) the update just stops after 4 secounds.
Click to expand...
Click to collapse
that's not very descriptive, produce the error and share results here
dmtec said:
that's not very descriptive, produce the error and share results here
Click to expand...
Click to collapse
Okay so I open the msm tool. Then I have my oneplus 6t (t mobile) turned off. I hold both volume buttons and keep holding them while I connect the USB cable to the phone. Its basically in edl mode at this point. Then I press the start option on the msm tool. The bar fills up with green and completes itself. However a number appears that saids "4s" inside of the square. I assume that means 4 seconds left or completed in 4 seconds. My phone is still in edl mode at this time and will not boot up in any menu (normal.menu, boot menu/recovery mode). Unlesss I boot it manually.
And yes I tried a scenario where I held down both volume buttons, connected USB cord, and then let go. I also tried the scenario where I held both volume buttons, connected usb cord and kept holding the volume buttons until the process completed itself but I would get the same result. "4s"
dmtec said:
that's not very descriptive, produce the error and share results here
Click to expand...
Click to collapse
falzer2007 said:
So I finally rooted my Oneplus 6t from t mobile. I bought the phone from swappa and it worked great. I installed a random rom and it bricked my phone.
I assume it is a soft brick since i can access adb mode but it requires me to power off the phone
and hold the volume keys along with the power button. Otherwise the phone will just boot up and
will be sutck in a continous boot loop. I then tried to fic this issue by using an msm tool found in
the xda fourms. I then entered recovery mode and perfomed a "wipe data/factory reset. I think it hurt more than it helped. Any suggestions on how to unbrick my phone?
I tried using alll three msm tools in this fourm.
when i use the msm tool (MSMDownloadTool 9.0v2) the update just stops after 4 secounds.
Also the update would fail if i were to use the msm tool (MSMDownloadTool 9.0v1 and MSMDownloadTool 9.0.13)
I have tried reinstalling the qualcom drivers but no luck.
I tried deleting the drivers and allowing windows to detect the phone nad download its own usb drivers
but it did not help.
i apologize if i post this in the wrong section. I am new here.
all links and info i followed to attemp to unbrick my phone can be found in this fourm
[TOOL] T-Mobile OnePlus 6T MSMDownloadTool [Firmware 9.0.13] [8/9]
Okay folks, took forever to find, but we finally have it, the T-Mobile OnePlus 6T MSMDownloadTool, your brick savior, bootloader relocker, among other things, I will include a basic faq at the end. Requirements: 1. Windows PC 2. OnePlus 6T -...
forum.xda-developers.com
Click to expand...
Click to collapse
Hi, Falzer. had all but given up and was prepared to head to T-Mobile to buy the 1+ 9 Pro (I almost wish I did not fix my phone... *BUT* I DID!
My issue occurred trying to flash a Magisk patched boot.img to my newly unlocked bootloader phone. I was following an article that alleged one could root the phone without TWRP. I will say this TWRP is your friend; don't dis "him". By the way, unlocking my phone wiped my data so always important to read the whole article first as it was mentioned in the NEXT step.
[Should be including the actual error here - it is found throughout these forums but I cannot recall the exact display. Basically, if you have an unlocked bootloader and then get to the CrashDump screen, follow from here:]
Retrieve the file, boot11.1.1.1.img and download from this thread/link:
OOS stable boot image and patched magisk boot image both for 11.1.1.1.
Leaving this here as i ended up boot looping from installing custom kernel, and it being a new release i was pulling my hair trying to figure this out. Flashed through fastboot with "fastboot flash boot_a XX.img, fastboot flash boot_b XX.img"...
forum.xda-developers.com
Do *NOT* mess with the other file to the right.
Hold all 3 buttons (2 volume buttons + power) and once/if you see Fastboot Mode, release the buttons.
Have ADB installed (you should be able to find plenty of directions for doing this).
From either PowerShell (or *maybe* CMD Prompt started as Administrator as I had been using this "successfully" for most functions):
fastboot devices
fastboot flash boot boot11.1.1.1.img
fastboot reboot
I could not believe my phone ACTUALLY booted (even with the McLaren animation intact; I'm sure one of the gurus here knows why) after all the failed attempts fooling around with MSM Download Tool [4.0] which almost EVERYONE swears by fixes/restores any brick. I understand ON ONE is forcing anyone to use any specific resolution; I am just trying to provide another last ditch effort.
EDIT/Caveat: I did not even check to see how old that thread above is, I believe late September and I had actually taken updates [via TMobile??] until the last one with a week to 10 days *but* that was probably wiped with the boot unlock so I do not know which "update" I got but figured I didn't have much to lose as I already had a "bad" version of a boot.img flashed anyway. Anyone with any technical explanations, feel free to comment. Thanks!
I am Japanese and speak little English so I used deepl. Please forgive me for the long and difficult to read sentences...
This post was originally written as a question, but now that it's resolved, I'm documenting what I've tried to help anyone else having the same problem I'm having!
I recently inherited a broken Nexus 6P from a friend. I thought it was a cpu failure but apparently not.
symptoms
・If you press and hold the power button and try to start the device as usual, a white Google logo appears, followed by the following warning. The warning will disappear and the white Google logo will glow for a few seconds, then the screen will go blank and the white Google logo will appear again, and the loop will continue until the battery runs out.
⚠
Your device has loaded a different operating system.
Visit this link on another device:
g.co/ABH
・Fastboot will boot normally. When I start recovery mode from there, I get the following warning and then fall into the same loop as described above
⚠
Your device Is corrupt, It can't be trusted and may not work properly.
Visit this link on another device:
g.co/ABH
・The boot loader is locked and if you enter a command it will be rejected because you are not allowed to unlock the OEM lock.
・There are no articles about resolving this symptom, and Google Officials have not posted a solution.
・For this reason, it is not possible to install software by sideloading with ADB or to install a factory image with Fastboot.
Solution
・Force reinstall firmware using Qfil and then install Google factory image
What you need
・Tools to disassemble the nexus 6P
・Something to conduct electricity to short the board (I used tweezers).
・USB-C cable
・Windows PC
・Qfil
・Qpst
・Firmware to install with Qfil (search for Nexus 6P Qfil ROM) I'm not sure why some of them have Android version 5, but that's fine..
ATTENTION
I will not know if you fail and brick or destroy the device. Everything is at your own risk.
IMEI and other information will be lost and the device will only display “unknown”.
This means your Nexus 6P will no longer be usable as a phone.
method
Please install Qfil and Qpst and Qualcomm drivers on your computer beforehand!
Please pre-download both the Rom and Google factory images to be installed with Qfil!
1.Power off the device and remove the rear frame. (You can learn more about how to disassemble the device at ifixit, etc.)
2.Remove the screw securing the plate on the left side of the fingerprint sensor and take out the plate. (If successful you should be able to see three connectors)
3.Connect the USB cable to the PC with the two points on the board indicated by the arrows in the image shorted together
I have uploaded an image of the test point. We will use this test point for this work. Also, do not allow the metal that shorts the test point to come in contact with any metal other than the test point. It is very dangerous.
4.Keep shorting until Qfil recognizes the device. When recognized, it will display Qualcomm HS-USB QDLoader 9008
5.Select FlatBuild. xml, mbn or other files and press the download button. At this time, put your computer in airplane mode and keep it off the network (I don't know if this makes sense, but it worked this way)
If you want to know more about the procedure here, search for other people's articles...
6.Download succeed
Finish Download
If it looks like this, you have succeeded. The device should now be bootable; boot in Fastboot mode (the Fastboot screen will look weird, but it's ok).
7.Enter the following Fastboot command on your computer
fastboot oem unlock
If the device shows LOCKED and nothing else changes, but the PC shows Okay, you have succeeded.
8.Download your favorite version of the factory image from Google. Once downloaded, unzip and run install.bat.
9.The device will automatically restart and resurrection.