Develop Bugs

[Q] Explain to me why devs are unable to unlock the MJB bootloader

I've been curious about how the Bootloader is locked down and why it's so difficult/impossible to unlock. How does the mfg get the initial load onto the device when it's manufactured?
I read that this bootloader has some 2048 encryption and that it's impossible to crack. However, I feel like there should be a way to alter the systems firmware from a PC or some kind of connection to the device.

Buchez said:
I've been curious about how the Bootloader is locked down and why it's so difficult/impossible to unlock. How does the mfg get the initial load onto the device when it's manufactured?
I read that this bootloader has some 2048 encryption and that it's impossible to crack. However, I feel like there should be a way to alter the systems firmware from a PC or some kind of connection to the device.
Click to expand...
Click to collapse
The way I read it somewhere is this,
There are efuses built into the processor/motherboard/memory/whatever that the new bootloader "blows" when it is installed. These efuses are necessary pathways for the older bootloaders, hence why they won't install. I don't believe the new bootloader is "locked" per say, it just prevents earlier versions from being installed. There is also a guide somewhere on these forums to recover your device from a brick if you tried to downgrade the bootloader. The new bootloader also doesn't prevent you from installing earlier roms, as long as they are flashable from recovery. Just do not try to use Odin to revert to an earlier rom. That's what causes the bricks, and although there is a procedure to recover, it doesn't sound easy and you end up back on MJB when you're done anyway. Hope that helped.
To whoever wrote the original post I referred to above, my apologies for not giving credit.

Thanks for the reply.
I'm pretty solid with flashing ROM's and such. I have been wondering if it would be possible to use a regular PC and some cool software to reset or reformat the firmware on the system.
Here is a link to the article I was reading:
http://rootzwiki.com/news/att-locks-down-its-galaxy-s-iv-bootloader/
Say I have brand new S3 hardware right off the factory floor. How does that system get injected with the software? When the factories get damaged or "Bricked" units back and refurb them, how do they do that. I know that you can use the SD card trick to jump your phone back to life, but there has to be some master way to do this

Buchez said:
Thanks for the reply.
I'm pretty solid with flashing ROM's and such. I have been wondering if it would be possible to use a regular PC and some cool software to reset or reformat the firmware on the system.
Here is a link to the article I was reading:
http://rootzwiki.com/news/att-locks-down-its-galaxy-s-iv-bootloader/
Say I have brand new S3 hardware right off the factory floor. How does that system get injected with the software? When the factories get damaged or "Bricked" units back and refurb them, how do they do that. I know that you can use the SD card trick to jump your phone back to life, but there has to be some master way to do this
Click to expand...
Click to collapse
I don't have an S3, I'm on the S3 section because my mom broke her phone, so this is speculation based on when I owned an Optimus G:
There are qualcomm tools that can fix a lot more than Odin and Fastboot can, apparently, and manufacturers have access to those. When I had an Atrix 4G someone told me they replace the entire board when eFuses are burned incorrectly, but that sounds really expensive. Anyway, just my 2 cents, i'm out~

[Q] [I747M] Please help, kitkat modem hard brick!

Hello everyone, I desperately need help. Like many people I've read about around other forums, I decided to update my Telus Galaxy S3 to KitKat, and used Mobile ODIN, just because I am lazy and I didn't want a locked bootloader(who knows what Samsung might do these days, better be safe than sorry). The phone loaded up, but it told me that there's no SIM card plugged in. So just like all of the horror stories I've read after this terrible mistake, I decided to reboot the phone and possibly install back the 4.3 modem. Well, the shutdown worked perfectly. The restarting part, not so much. The moment I turn the phone off, I realized that I was holding a paperweight which doesn't respond to anything with a single exception being the red LED light going on if I plug it in without the battery inside. Sadly this fits in the every single story I've read AFTER this stupid mistake. Apparently the NE6 modem hard-bricks phones without the appropriate bootloader, and Mobile ODIN refuses to install bootloaders(it just skips them for safety reasons, how ironic that the safety measure bricked my precious?) After around 24 hours of not sleeping and googling every solution I can possibly foresee, I bought an external Micro SD card reader and tried to flash the debrick image files found around the forums(I'm a new user, so I can't link to any of them). Unfortunately, all the debricking files I've found were for the 4.3 software and I've flashed 3 debricking files I found to my card, at least 15-20 times for each image, followed the instructions perfectly, with no sign of life from the phone. What I am wondering is, because I've also read success stories from other carrier forums with a 4.4.2 debricking file and the fact that I couldn't even get my hands on one, maybe that's what people are missing at the moment? So my question is, can someone PLEASE upload a 4.4.2 debricking image for the Canadian Galaxy S3?(SGH-i747M, Telus would be awesome but I'm willing to try anything)
As a side note, I have another idea which may or may not work. I have downloaded the entire stock firmware from SamMobile, and was considering flashing the general 4.3 debrick image, plug the card in a linux box, and dd the bootloader mbn files located in the tar file downloaded in the appropriate partitions inside the memory card. I am currently giving it a try, and will report on the results. If either of the methods work, we can save dozens of S3's falling to the wrong hands of Samsung, without a JTAG! I could've paid for a JTAG because I can't afford a new phone due to the fact that I'm heading to college next year and my family is in serious bank debt, but here in Turkey, barely anyone knows how to JTAG and every phone repair shop would try to rip you off majorly(I was an exchange student, that's why I have the Canadian phone).

Failure
I have wrote the debrick_v4.3_SGH-I747M-UEMK5.img file I've found on this forum in a Micro SD card, extracted the I747MVLUFNE6_I747MOYBFNE6_I747MVLUFNE6_HOME.tar.md5 file I've downloaded from SamMobile and copied out the aboot, sbl2, sbl3, tz, rpm, and NON-HLOS (the modem file). Booted up my OS X partition and used dd to flash all the files in the appropriate partition on the memory card using this partition table I found on another forum:
Mount Point Start End Size File-System Name
__________________________________________________ ___
/dev/block/mmcblk0p1 4194kB 67.1MB 62.9MB modem
/dev/block/mmcblk0p2 67.1MB 67.2MB 131kB sbl1
/dev/block/mmcblk0p3 67.2MB 67.5MB 262kB sbl2
/dev/block/mmcblk0p4 67.5MB 68.0MB 524kB sbl3
/dev/block/mmcblk0p5 68.0MB 70.1MB 2097kB aboot
/dev/block/mmcblk0p6 70.1MB 70.6MB 524kB rpm
/dev/block/mmcblk0p7 70.6MB 81.1MB 10.5MB boot
/dev/block/mmcblk0p8 81.1MB 81.7MB 524kB tz
/dev/block/mmcblk0p9 81.7MB 82.2MB 524kB pad
/dev/block/mmcblk0p10 82.2MB 92.7MB 10.5MB param
/dev/block/mmcblk0p11 92.7MB 107MB 14.3MB ext4 efs
/dev/block/mmcblk0p12 107MB 110MB 3146kB modemst1
/dev/block/mmcblk0p13 110MB 113MB 3146kB modemst2
/dev/block/mmcblk0p14 113MB 1686MB 1573MB ext4 system
/dev/block/mmcblk0p15 1686MB 14.8GB 13.1GB ext4 userdata
/dev/block/mmcblk0p16 14.8GB 14.8GB 8389kB ext4 persist
/dev/block/mmcblk0p17 14.8GB 15.7GB 881MB ext4 cache
/dev/block/mmcblk0p18 15.7GB 15.7GB 10.5MB recovery
/dev/block/mmcblk0p19 15.7GB 15.7GB 10.5MB fota
/dev/block/mmcblk0p20 15.7GB 15.7GB 21.0MB ext4 carrier
/dev/block/mmcblk0p21 15.7GB 15.7GB 6291kB backup
/dev/block/mmcblk0p22 15.7GB 15.7GB 3146kB fsg
/dev/block/mmcblk0p23 15.7GB 15.7GB 8192B ssd
/dev/block/mmcblk0p24 15.7GB 15.8GB 5243kB grow
Unfortunately, there is still no sign of life on the phone with the card in place, and nothing has changed. I'm still desperately waiting for ideas, or a debrick image for the 4.4.2 software. In my opinion, Chainfire should've added a check on Mobile ODIN to see if the person is flashing 4.4.2 with the 4.3 bootloader, since it's so widely known that the combination certainly causes an irreversible hard brick. Not to mention there almost certainly is Samsung's mockery with the modem/bootloader software which more than likely caused the brick intentionally.

No ones been able to fix this kind of brick yet. Just keep watching the debrick thread and hopefully we'll figure out something soon. There are 4.4 2 and 4 3 images in the thread. You just have to search them out.
You won't be able to use adb to dd those partitions while its bricked.

DocHoliday77 said:
No ones been able to fix this kind of brick yet. Just keep watching the debrick thread and hopefully we'll figure out something soon. There are 4.4 2 and 4 3 images in the thread. You just have to search them out.
You won't be able to use adb to dd those partitions while its bricked.
Click to expand...
Click to collapse
I wasn't trying to dd the partitions in the phone while it's bricked. I thought about a clever idea of using a 4.3 debrick image and to dd the individual files from the stock firmware inside the appropriate partitions of the SD CARD, not the phone, so that the debrick card contains the 4.4.2 bootloader/modem/everything. Unfortunately, it didn't do anything major. And I have been searching everywhere for the past two days, and the only 4.4.2 debrick image I've found was for the SGH-i747, not the SGH-i747M, and if you have found something else, can you please share it with me?

Sorry. Missed that you had the I747M. But if you can get the phone to boot from the debrick sdcard, its probably much easier and safer to just flash the firmware via odin or flash twrp then use it to flash one of the recovery firmware packages. Using dd should only be necessary if needing to fix a partition not included in the firmware. This is never really needed unless someone flashes something like another devices kernel or modem.

DocHoliday77 said:
Sorry. Missed that you had the I747M. But if you can get the phone to boot from the debrick sdcard, its probably much easier and safer to just flash the firmware via odin or flash twrp then use it to flash one of the recovery firmware packages. Using dd should only be necessary if needing to fix a partition not included in the firmware. This is never really needed unless someone flashes something like another devices kernel or modem.
Click to expand...
Click to collapse
That's the problem right there. I can't get the phone to boot literally anything. I don't have a debrick image for my phone, so I was going to use a 4.3 image and make it boot. You know, the debrick image is like a mirrored copy of the S3's whole eMMC, with most of the useless parts omitted, and it just includes the bootloader to boot from. The S3's CPU is designed to boot from the SD card if the eMMC fails to boot, so it works perfectly just to load the bootloader, which leads to an ODIN flash. What I was trying to do was to use a debrick image, and use the dd to copy the 4.4 bootloader and modem inside the needed partitions in the SD card, again, it's not the phone I'm dd'ing to, it's the SD card. Unfortunately, that also didn't work. Now I just need more ideas, and/or a 4.4 debrick image.

Unfortunately we have not found a way to debrick a device that hard bricked by flashing the 4.4.2 modem on 4.3. No idea why its not working....
But we have also not been able to get an I747M image. So I'd like to see some one make one for you guys just to see if it might work.
Like I said before, keep watch on the debrick thread. And if you know anyone with the same model ask them to create the img.

DocHoliday77 said:
Unfortunately we have not found a way to debrick a device that hard bricked by flashing the 4.4.2 modem on 4.3. No idea why its not working....
But we have also not been able to get an I747M image. So I'd like to see some one make one for you guys just to see if it might work.
Like I said before, keep watch on the debrick thread. And if you know anyone with the same model ask them to create the img.
Click to expand...
Click to collapse
I understand. Just a question out of nowhere, if I was able to find someone to JTAG the phone, even though it's extremely hard given my circumstances, would it still not load up? I can't afford a new phone and I'm studying abroad so being phoneless is like a death sentence to me :crying:

I have found a zip file which will create a debrick.img on your internal device storage when flashed, it was located in http://forum.xda-developers.com/showthread.php?t=2625332 I realize that it's for a different phone, but it doesn't really matter because what it does is device independent, it doesn't actually 'flash' anything to the phone. I have checked the updater-script and it's completely safe.
So, if anyone has a SGH-i747M running the latest software, practically any Canadian Galaxy S3 with KitKat installed, PLEASE flash this file and post the debrick.img located in your internal storage! It will not actually flash anything to the phone, it will just copy a small portion of the entire eMMC and save it as a file. This can save mine and many other people's phones from the KitKat's wrath, and it's a very short process!

Ive posted a script in the debrick thread a couple weeks ago. Its one I made to use for the T999 several months ago so it might be a better option since its more closely related. Ill take a look at this one too though in case anything is done differently that can give me any ideas.
Note that it has not worked on the I747 yet though. I am working with KAsp3rd on a script that will create the image a bit differently though, so hopefully we will figure this out before too long!
I still recommend trying the one available on the I747M though. You never know!
---------- Post added at 01:58 PM ---------- Previous post was at 01:54 PM ----------
Lol! Shoulda read the op of the link you posted first! The script they are using looks to be the one I originally made! Nice to see its getting around! It probably won't be giving me any new ideas though...

DocHoliday77 said:
Ive posted a script in the debrick thread a couple weeks ago. Its one I made to use for the T999 several months ago so it might be a better option since its more closely related. Ill take a look at this one too though in case anything is done differently that can give me any ideas.
Note that it has not worked on the I747 yet though. I am working with KAsp3rd on a script that will create the image a bit differently though, so hopefully we will figure this out before too long!
I still recommend trying the one available on the I747M though. You never know!
---------- Post added at 01:58 PM ---------- Previous post was at 01:54 PM ----------
Lol! Shoulda read the op of the link you posted first! The script they are using looks to be the one I originally made! Nice to see its getting around! It probably won't be giving me any new ideas though...
Click to expand...
Click to collapse
I've read some success stories on the debricking thread, and the fact that the i747 has a locked bootloader after 4.3 while Canadian phones have more mercy to their users, I'd say that there's a good chance of it working. I have a couple of questions to you though, one is why did the phone boot up to a perfectly usable state when I first flashed the modem(entire firmware minus the bootloader), while telling me that no SIM cards were inserted, and a hard brick happened after a reboot? Did the modem firmware overwrite the bootloader or something while the phone is running? And my other question is, if I actually found someone who could JTAG the phone(these people can't even pronounciate JTAG, I don't know what my chances are) would this fix the phone? Or did Samsung encrypt or hash the bootloader after the 4.4 update? I've read somewhere that the bootloaders are hashed with the IMEI number, and that JTAG is even useless now, but I'm not sure about the credibility of the place I've read it.

The I747 bootloader isn't locked. People confuse the changes made for knox with locking it. A locked bootloader prevents you from flashing any recovery or kernel. The only thing we are now "locked" out of is firmware downgrades. But this is true for all S3's after 4.3. So while the Canadian carriers may be a bit more lenient with what they want restricted, it won't have any bearing on this because its directly due to Samsung's Knox.
As for why it boots the first time and bricks on reboot, I dont think anyone knows. My best guess is some issue with knox seeing it modified after its fully booted. It might then try to adjust some value or resolve some sort of incompatibility and in doing so inadvertently causes a brick when the system tries to read/use this during boot. It probably was not designed to do this intentionally, but was also not tested with this scenario.
For jtag, I cant say positively yet. One person reported there were major issues and it couldn't be fully recovered. Another said theirs worked fine, but im not sure they bricked due to the modem. If you do try this, just make sure they guarantee their work and will refund your money if its not 100% fixed.
They do use hashes to check the IMEI and NV Data, and I believe they've done so since the S3 was first released, maybe earlier. If jtag doesn't work, I dont believe this would be the cause.

DocHoliday77 said:
The I747 bootloader isn't locked. People confuse the changes made for knox with locking it. A locked bootloader prevents you from flashing any recovery or kernel. The only thing we are now "locked" out of is firmware downgrades. But this is true for all S3's after 4.3. So while the Canadian carriers may be a bit more lenient with what they want restricted, it won't have any bearing on this because its directly due to Samsung's Knox.
As for why it boots the first time and bricks on reboot, I dont think anyone knows. My best guess is some issue with knox seeing it modified after its fully booted. It might then try to adjust some value or resolve some sort of incompatibility and in doing so inadvertently causes a brick when the system tries to read/use this during boot. It probably was not designed to do this intentionally, but was also not tested with this scenario.
For jtag, I cant say positively yet. One person reported there were major issues and it couldn't be fully recovered. Another said theirs worked fine, but im not sure they bricked due to the modem. If you do try this, just make sure they guarantee their work and will refund your money if its not 100% fixed.
They do use hashes to check the IMEI and NV Data, and I believe they've done so since the S3 was first released, maybe earlier. If jtag doesn't work, I dont believe this would be the cause.
Click to expand...
Click to collapse
I can swear I've read quite a few things involving LOKI patches for the i747, and that Canadians are spared from it. That's why I thought there are some sort of restrictions on it. Anyway, I'll get my phone JTAG'ed in a few days and will surely report back on both this and the debrick thread.

I have really bad news to anyone hoping to get out of this mess with a simple JTAG. I have contacted a phone repair shop today(don't get me wrong, they can barely say the word JTAG, so it would be nice to have someone else trying to get a JTAG done), left my phone for an hour for them to complete the operation, and they told me that the eMMC is toast and has to be replaced. Apparently the JTAG program tells them that the eMMC is shown as zero bytes, making them unable to flash anything. I have flashed quite a bit, but have never done anything potentially dangerous to the chip besides installing the 4.4.2 firmware using Mobile ODIN, which is causing the brick as it doesn't flash the bootloader. Samsung seems to have really messed something up with the KNOX crap they're pushing at our phones, and I do not appreciate this happening. I cannot live without a phone since I'm studying abroad and I am taking a bank loan to be able to pay for a new phone(phone prices are absolutely ridiculous where I live). I am even considering legal action at this point because the brick is not accidental, there has to be some sort of intention to write something potentially dangerous to the phone's bootloader from a simple modem, not to mention the eMMC chip becoming toast right after the flashing, and many people's phones are becoming toast because Samsung's clumsiness. Sadly enough Samsung doesn't even fix the i9300's with SDS here, regardless if you're under warranty or not. My apologies for the rant, but can someone please report if they ever resort to JTAG?

CBKarabudak said:
I've read some success stories on the debricking thread, and the fact that the i747 has a locked bootloader after 4.3 while Canadian phones have more mercy to their users, I'd say that there's a good chance of it working. I have a couple of questions to you though, one is why did the phone boot up to a perfectly usable state when I first flashed the modem(entire firmware minus the bootloader), while telling me that no SIM cards were inserted, and a hard brick happened after a reboot? Did the modem firmware overwrite the bootloader or something while the phone is running? And my other question is, if I actually found someone who could JTAG the phone(these people can't even pronounciate JTAG, I don't know what my chances are) would this fix the phone? Or did Samsung encrypt or hash the bootloader after the 4.4 update? I've read somewhere that the bootloaders are hashed with the IMEI number, and that JTAG is even useless now, but I'm not sure about the credibility of the place I've read it.
Click to expand...
Click to collapse
Wow...Same issue here. I have tried every option in the debrick thread with no luck. Good to see that there are still people attempting to address this issue. Even though I have a new device I will continue to try and fix this as well.

danchise77 said:
Wow...Same issue here. I have tried every option in the debrick thread with no luck. Good to see that there are still people attempting to address this issue. Even though I have a new device I will continue to try and fix this as well.
Click to expand...
Click to collapse
I have also bought a new device, but I'm considering an eMMC change on the old device to gift if to my mother. Shame on Samsung for such a messed up software, JTAG didn't even fix it so this has to be somehow intentional. No software can 'accidentally' fry an eMMC chip.

CBKarabudak said:
I have also bought a new device, but I'm considering an eMMC change on the old device to gift if to my mother. Shame on Samsung for such a messed up software, JTAG didn't even fix it so this has to be somehow intentional. No software can 'accidentally' fry an eMMC chip.
Click to expand...
Click to collapse
WOW evern with the JTAG huh? I was just about to send mine out..Thank God you said something. I am going to look into getting a new chip as well. Thanks for the heads up.

danchise77 said:
WOW evern with the JTAG huh? I was just about to send mine out..Thank God you said something. I am going to look into getting a new chip as well. Thanks for the heads up.
Click to expand...
Click to collapse
No worries, I actually mentioned about it on a previous post in this thread. But again as I mentioned there, the phone repair shops around where I live don't even know how to pronounciate JTAG, so I'd strongly suggest you send it off anyway, given the service has a money back guarantee. It might be helpful to tell your repair service that the JTAG operation on my phone reported that there was 0 bytes available in the eMMC chip.

Wondering
CBKarabudak said:
I have found a zip file which will create a debrick.img on your internal device storage when flashed, it was located in http://forum.xda-developers.com/showthread.php?t=2625332 I realize that it's for a different phone, but it doesn't really matter because what it does is device independent, it doesn't actually 'flash' anything to the phone. I have checked the updater-script and it's completely safe.
So, if anyone has a SGH-i747M running the latest software, practically any Canadian Galaxy S3 with KitKat installed, PLEASE flash this file and post the debrick.img located in your internal storage! It will not actually flash anything to the phone, it will just copy a small portion of the entire eMMC and save it as a file. This can save mine and many other people's phones from the KitKat's wrath, and it's a very short process!
Click to expand...
Click to collapse
I was wondering if this method would work for my sgh i747? I softbricked mine last night but can still force it into download mode(plug into computer take battery out hold vol down and home then put battery back in while still holding buttons) and have had no luck at all with trying to use odin(the methods that i have tried all ended in failing). Im totally new to all this, including this site so im im posting something that has already been answered i apologize, but like i said ive been searching a lot and this actually sounds somewhat promising, just wanted to double check before i screw the phone up more.

That is for hard bricks only. If itll boot download mode on its own it wont even try to use the sdcard.
When you try flashing in odin, what does it say in its message box?

[Q] HELP!! Have I bricked my new device!? SO WORRIED!!

Hey guys,
I'm kinda new to the HTC/Android world, found this community a damn good place to find support.. But now I've hit a road block.
Basically, I've been eager to root from day 1 of getting my first htc handset, I came across from jailbreak and loved the fact of customizability with Android.
So I had the Google play edition(I think, all geared towards Google) running Kit Kat 4.4.4. Love it, big Google user so this all tied together lovely.
Here is the Situation.
I found a video on youtube, cannot provide URL as I'm in work at the moment, but it was root guide from scratch. Fresh windows OS, seemingly a phone fresh out the box.. you get the idea.
I used the Hasoon2000 tool to root the device. Installed ADB etc on my pc, signed up as a a dev, got the Key for device, sent in and received my .bin file. I got up to actually rooting my device, well pleased and happy. Using TWRP via Hasoon2000.
But here is where **** hits the fan.
The device needed to update, It took me back to 4.4.2 but Im unsure on how to get back to most up to date OS and keep the root.
But when I reboot to install this, it goes into TWRP. no other way around this.
Queried this on another forum, decided to continue to be patient... but no replies, in the mean time I restored my apps and have a fiddle, see what the root function can do for myself.
I installed "Freedom 1.0.6" and a program called "Market Share"- Hate iAP, some games are ridiculously priced for the smallest of things, I just wanted to sandbox plague inc. ;(
Now the device is stuck in a boot loop, phone starts up, see the home screen for a bout 40 seconds/ one minute.. Some times I unlock the device and it goes back to flash screen then.. others I boot an app and its slides away once more.
This happened close to 15x before I left for work this morning and I imagine its just going to repeat this and run the battery - I tried to stop this loop by going into TWRP and possibly choosing to boot system this way may of stopped it.. but when I was on the boot screen with those options.. It said Tampered at top of screen and S-On- which has scared me quite a bit..
What the hell has happened!?
I'm desperate to know and don't want to have this damn thing bricked! Please help.. try explain like I'm 5, as said I'm new to a lot of this! >.<

first off, if the screen comes on, its not bricked.
esenfur said:
But here is where **** hits the fan.
The device needed to update, It took me back to 4.4.2 but Im unsure on how to get back to most up to date OS and keep the root.
But when I reboot to install this, it goes into TWRP. no other way around this.
Click to expand...
Click to collapse
Do you mean you accepted an official OTA? I think that is what you are saying. You should not be accepting OTAs on a phone that has been bootloader unlocked, custom recovery, etc. unless you know exactly what you are doing and what the result will be (which is clearly not the case).
Stock recovery is needed to install an OTA. That is why it keeps going to TWRP, then it doesn't find stock recovery and reboots, hence the loop you are stuck in. Try to find the OTA file and delete it.

redpoint73 said:
first off, if the screen comes on, its not bricked.
Do you mean you accepted an official OTA? I think that is what you are saying. You should not be accepting OTAs on a phone that has been bootloader unlocked, custom recovery, etc. unless you know exactly what you are doing and what the result will be (which is clearly not the case).
Stock recovery is needed to install an OTA. That is why it keeps going to TWRP, then it doesn't find stock recovery and reboots, hence the loop you are stuck in. Try to find the OTA file and delete it.
Click to expand...
Click to collapse
Thank you for fast response.
Official OTA - being that the phone its self said "Update the OS" - I just accepted this, hit download and began install as a reboot- didnt spot implications. As said, noob, followed a tut. If it highlighted DO NOT UPDATE or.. IF U WANT UPDATE NOW FOLLOW THIS- Great, but nothing of the sort?
Is the OTA file basically the .exe for the OS- so find it and delete it.. although I dont have enough time to navigate and establish where the file actually is located!
Or do you have any links to tutorials I could possibly follow?
Side note- when this loop started I deleted

esenfur said:
Or do you have any links to tutorials I could possibly follow?
Click to expand...
Click to collapse
This is really your main issue. By following a YouTube video and using a Toolkit, you've failed to actually learn anything or gain any real understanding or knowledge. Do yourself a favor and ditch the tutorials and videos (and toolkit for that matter) and do it the old fashioned way . . . by reading. Videos and step-by-step guides do you no good when things go south (as you've now discovered). And with the prior proper knowledge (usually not gained by following tutorials) this whole mess probably would have never happened in the first place.
A cardinal rule of Android phone modding: DO NOT accept/download/install OTAs (official OS updates) on a modded device unless you know what you are doing, and what the result will be. If in any doubt, simply DO NOT do it.
esenfur said:
Is the OTA file basically the .exe for the OS- so find it and delete it.. although I dont have enough time to navigate and establish where the file actually is located!
Click to expand...
Click to collapse
.exe file is Windows specific. You are looking for a zip file, and it typically starts with "OTA". Don't remember where its saved to, so you will have to search for it. If you can't keep the phone running long enough to do so, mount the memory on your computer and search that way.
Deleting the OTA file worked for me on a past device, although one M8 user in the same position said deleting the file didn't get him out of the loop. Flashing your ROM again, or wiping the internal memory (backup any important personal data first) might be options for you.

redpoint73 said:
you've failed to actually learn anything or gain any real understanding or knowledge.
Click to expand...
Click to collapse
Ive seen quite a fair few ratings for Hasoon2000 and decided to go with it..
redpoint73 said:
Videos and step-by-step guides do you no good when things go south (as you've now discovered).
Click to expand...
Click to collapse
agreed.. theres FAR much more I need to learn.. its scary haha.
redpoint73 said:
DO NOT accept/download/install OTAs (official OS updates)
Click to expand...
Click to collapse
taken on board. I know with my jailbreaks in past it has been a pain, assumed Android would be alot more stable to over write- due to functionality of OS and unlocked features.
I was being generic when I said .exe- basically the installer..
I returned from work to see phone stopped looping.. i could stop the install and deleted the file ASAP.. but now what.. Phone is still bugging me to update, lost the root(got a checker).. so whats the correct procedure!?

I am confused to what you are trying to accomplish at this point, is it to install a OTA, or a recovery? What exactly is going down here?
Me personally to take an OTA is to relock bootloader, install stock recovery, and make sure CID matches. I am S-Off so bootloader means very little, but you can unlock and relock at will when you are S-Off. You will not lose S-Off accepting an OTA.

Try to re-flash the ROM, with stok ROM, using TWRP and clean install. It should work.

hack14u said:
I am confused to what you are trying to accomplish at this point, is it to install a OTA, or a recovery? What exactly is going down here?
Me personally to take an OTA is to relock bootloader, install stock recovery, and make sure CID matches. I am S-Off so bootloader means very little, but you can unlock and relock at will when you are S-Off. You will not lose S-Off accepting an OTA.
Click to expand...
Click to collapse
I am trying to update the phone, root and then some..
What file am I looking for and how do I flash a ROM on a M8

esenfur said:
I am trying to update the phone, root and then some..
What file am I looking for and how do I flash a ROM on a M8
Click to expand...
Click to collapse
First of all once the bootloader is unlocked you don't have to relock it to get OTA.
As I undersand you have done the following:
1) Unlock using HTCDev-Method
2) flashed a custom revocery (TWRP in your case)
3) flashed a supersu too!?
To install the OTA means loosing root acces. Thus you have to re-root it after the OTA is done. The other problem ist that STOCK OTAs don't work with a custom recovery. Meaning you would have to flash a stock recovery first, install the OTA second (as long as you didn't change anything an just root), and re-root third.
Let's have a look which stock recovery you would need:
1) reboot to bootloader
2) connect the phone to you PC and open cmd in you adb/fastboot folder
3) enter "fastboot getvar all"
4) paste this information here (but DELETE the IMEI and SERIAL NUMBER before posting!!)
As soon as we know which stock recovery you need we will go on.

esenfur said:
Ive seen quite a fair few ratings for Hasoon2000 and decided to go with it..
Click to expand...
Click to collapse
I'm not saying there is anything "wrong" with the toolkit, per se. For the most part, it does what its intended to do.
But it also shortcuts the learning process, and facilitates folks rooting the phone without gaining the proper knowledge. This is a dangerous thing.
This is just my opinion. But I strongly believe it. If you can't accomplish these things without a toolkit, you shouldn't be rooting your phone in the first place.
Others use the toolkits, and love them. They are more than entitled to have their own opinion. But when things go south, the toolkits aren't going to help; and those folks don't have the proper knowledge and they come running here. So you tell me what is the "best" way to root the phone?
esenfur said:
I was being generic when I said .exe- basically the installer..
Click to expand...
Click to collapse
I already figured this was probably the case. But I found it better to provide the exact information on what file to delete; rather than leaving it open to the possibility of you and/or others being misinformed.
esenfur said:
Phone is still bugging me to update, lost the root(got a checker).. so whats the correct procedure!?
Click to expand...
Click to collapse
Sounds like you still have TWRP installed, so just flash SU or SuperSU to gain root.
After that, you can use Titanium Backup or similar app to find the update process and freeze it, to stop the update notifications.
Don't remember the exact process (this is where searching and reading comes in for you) but its something like "drm..." or "updater".

I have this situation before,what i do is find the right stock recovery and flash..after ota done flash back custom recovery..?

esenfur said:
I am trying to update the phone, root and then some..
What file am I looking for and how do I flash a ROM on a M8
Click to expand...
Click to collapse
At this point after seeing this, I would suggest you take some time and start reading. All of your answers are here in the forums. Knowledge is power and within the pages of this site you will find everything you need.
To take the OTA find a stock recovery, to flash ROM's find the one you like and flash via your favorite recovery.

Replace/update bootloader to boot from recovery

Hi all! I've been reading along with many an XDA thread for years now, and most people have asked my questions and found answers to them without me becoming active in any way. This will now change - I hope you can help me.
I own an unbranded Sony Xperia Z1 compact (amami). Upon receiving it, I backed up the TA partition, unlocked the bootloader and followed the steps to install Cyanogenmod (currently running the latest available nightly, CM12.1). All has worked well for a nice, long time now. I know, never touch a running system, but for a variety of reasons, I want to do the following:
Update the bootloader to make use of the proper recovery partition Sony has made available.
Install either TWRP or CWM (rather the former than the latter) to a proper recovery partition.
Be able to fool around for real once I have a proper NANDroid backup that I can actually use.
I've been able to make a NANDroid backup, that's easy. However, as far as I know, I can't use that backup with my current CM recovery. I can replace CM recovery with TWRP or CWM (with some tinkering, which is fine), but the fact that there's a way to get a proper recovery partition and that I'm currently not able to use it irks me. Perhaps some of you will understand
Now, when I install the official Sony Flash Tool (Emma), I'm offered two "services":
D5503 14.5.A.0.270 Customized_NCB 1279-4149 R2D User COM
D5503 14.6.A.1.236 Customized_NCB 1279-4149 R3D User COM
Neither of which are the "Open Devices" bootloaders listed by the FXP folks on their blog entry (sorry about the improper links, but I have no choice): ttp://fxpblog.co/2015/05/01/finally-boot-to-recovery-enabled-in-special-bootloaders-from-sony.html, and according to Sony itself, the Z1 compact should be supported: ttp://developer.sonymobile.com/2015/05/18/recovery-mode-now-available-for-a-range-of-unlocked-xperia-devices-video/
So my question to you all is this: Do I need to flash a complete stock ROM (losing my data, etc.) in order to make the new bootloader possible on amami? And if so, should I restore the TA partition I backed up in the very beginning before doing any of that? Or is what I'm trying to do pointless? If it's not pointless, is there a way to update the bootloader without wiping the phone?
Thanks for your input, guys!

tinuthir said:
Hi all! I've been reading along with many an XDA thread for years now, and most people have asked my questions and found answers to them without me becoming active in any way. This will now change - I hope you can help me.
I own an unbranded Sony Xperia Z1 compact (amami). Upon receiving it, I backed up the TA partition, unlocked the bootloader and followed the steps to install Cyanogenmod (currently running the latest available nightly, CM12.1). All has worked well for a nice, long time now. I know, never touch a running system, but for a variety of reasons, I want to do the following:
Update the bootloader to make use of the proper recovery partition Sony has made available.
Install either TWRP or CWM (rather the former than the latter) to a proper recovery partition.
Be able to fool around for real once I have a proper NANDroid backup that I can actually use.
I've been able to make a NANDroid backup, that's easy. However, as far as I know, I can't use that backup with my current CM recovery. I can replace CM recovery with TWRP or CWM (with some tinkering, which is fine), but the fact that there's a way to get a proper recovery partition and that I'm currently not able to use it irks me. Perhaps some of you will understand
Now, when I install the official Sony Flash Tool (Emma), I'm offered two "services":
D5503 14.5.A.0.270 Customized_NCB 1279-4149 R2D User COM
D5503 14.6.A.1.236 Customized_NCB 1279-4149 R3D User COM
Neither of which are the "Open Devices" bootloaders listed by the FXP folks on their blog entry (sorry about the improper links, but I have no choice): ttp://fxpblog.co/2015/05/01/finally-boot-to-recovery-enabled-in-special-bootloaders-from-sony.html, and according to Sony itself, the Z1 compact should be supported: ttp://developer.sonymobile.com/2015/05/18/recovery-mode-now-available-for-a-range-of-unlocked-xperia-devices-video/
So my question to you all is this: Do I need to flash a complete stock ROM (losing my data, etc.) in order to make the new bootloader possible on amami? And if so, should I restore the TA partition I backed up in the very beginning before doing any of that? Or is what I'm trying to do pointless? If it's not pointless, is there a way to update the bootloader without wiping the phone?
Thanks for your input, guys!
Click to expand...
Click to collapse
Check the other drop-down boxes on Emma. There should be one for 'ta update'. That's the one you want. It's been several months, so I might not be remembering right, but I'm pretty sure. Once you do that, use fastboot or Rashr to flash a compatible recovery img, and you can access the new recovery.

levone1 said:
Check the other drop-down boxes on Emma. There should be one for 'ta update'. That's the one you want. It's been several months, so I might not be remembering right, but I'm pretty sure. Once you do that, use fastboot or Rashr to flash a compatible recovery img, and you can access the new recovery.
Click to expand...
Click to collapse
Nope, no drop-down boxes. The only one is labeled "Filter", but that's empty. I can enter something, but entering "ta update" gets me nothing new. If I leave it empty, I get shown two "services", but they both seem to be complete stock re-flashings, so no dice.

tinuthir said:
Nope, no drop-down boxes. The only one is labeled "Filter", but that's empty. I can enter something, but entering "ta update" gets me nothing new. If I leave it empty, I get shown two "services", but they both seem to be complete stock re-flashings, so no dice.
Click to expand...
Click to collapse
Interesting. Is that with the phone connected? If so, are you sure that it's not already updated, (have you had it since new)? I did it while on 270, (or maybe sooner), and there were a couple of options to update rom, but I didn't update, and there was also a 'ta update' option.

levone1 said:
Interesting. Is that with the phone connected? If so, are you sure that it's not already updated, (have you had it since new)? I did it while on 270, (or maybe sooner), and there were a couple of options to update rom, but I didn't update, and there was also a 'ta update' option.
Click to expand...
Click to collapse
Yup, right after I connect the phone. It's recognized immediately as well, so I'm not sure there's anything I could have mucked up in that regard
I've had the phone since August 2014, so well before the bootloader upgrade was made public. I have no idea whether this might have been part of some CM update or something? I doubt it, but I don't know enough about these things to assess that to any reasonable degree.
At any rate, I know that I've done nothing with the phone's bootloader besides unlocking it after getting the phone. So if it was updated somehow in the meantime, it must have been someone very sneaky (and none of my friends, that's for sure - my limited experience makes me the "smartphone nerd" among them).
I will add this: In order to backup the TA partition back in the day, I did have to flash numerous official stock firmware downgrades to get to the point where I could use a root exploit to even get at the TA partition. Perhaps that got something mixed up, I dunno. But that's kinda what I'm trying to figure out - whether there's any point in going back to stock (completely, mind - including the TA partition), and if this might work then. I could then just unlock the bootloader again and go back to CM with a proper recovery partition, not the current workaround.
What's the "270" that you mean? One of the official Sony firmwares I posted earlier?

tinuthir said:
Yup, right after I connect the phone. It's recognized immediately as well, so I'm not sure there's anything I could have mucked up in that regard
I've had the phone since August 2014, so well before the bootloader upgrade was made public. I have no idea whether this might have been part of some CM update or something? I doubt it, but I don't know enough about these things to assess that to any reasonable degree.
At any rate, I know that I've done nothing with the phone's bootloader besides unlocking it after getting the phone. So if it was updated somehow in the meantime, it must have been someone very sneaky (and none of my friends, that's for sure - my limited experience makes me the "smartphone nerd" among them).
I will add this: In order to backup the TA partition back in the day, I did have to flash numerous official stock firmware downgrades to get to the point where I could use a root exploit to even get at the TA partition. Perhaps that got something mixed up, I dunno. But that's kinda what I'm trying to figure out - whether there's any point in going back to stock (completely, mind - including the TA partition), and if this might work then. I could then just unlock the bootloader again and go back to CM with a proper recovery partition, not the current workaround.
What's the "270" that you mean? One of the official Sony firmwares I posted earlier?
Click to expand...
Click to collapse
Yes. I can't remember if it was the last 5.0 or the first 5.1. Anyway, I'm not sure why it's not showing. I would try maybe connecting in fastboot mode, and see if anything changes, or flash a newer fw, and see... It does say on Sony development site to flash fw first - http://developer.sonymobile.com/201...for-a-range-of-unlocked-xperia-devices-video/ Hope that helps.

no "TA update"
levone1 said:
Yes. I can't remember if it was the last 5.0 or the first 5.1. Anyway, I'm not sure why it's not showing. I would try maybe connecting in fastboot mode, and see if anything changes, or flash a newer fw, and see... It does say on Sony development site to flash fw first - http://developer.sonymobile.com/201...for-a-range-of-unlocked-xperia-devices-video/ Hope that helps.
Click to expand...
Click to collapse
Hi,
After flashing my z3 "TA update (open device) doesn't appear. According to this post new bootloader is included on all stock firmware > .200 but doesn't contain recovery image.
So after flashing the stock 24.x.x.x.200 and flashing recovery via 'fastboot flash recovery recovery.img' my phone boot the recovery without problem.
Hope this information can help.
P.S.: FOTAKernel recovery should be compatible (under some conditions) with this boot process according to my tests on z3 and some forum reads.

Hi tinuthir,
I have the same problem and also see only the two services you mentioned in your initial post. Have you found any solution yet how to install the "Open Devices" bootloader?
Regards
Tobias

Hi Tobias, I have not yet tried it. Basically, I'm too scared to use the NAND backup (which I make daily anyway)
I'm fairly sure that, with the NAND backup, not too much can go horribly wrong. But I'd need to make sure I either have a backup phone in case I do run into problems (this is currently not the case). Then, what I would do is this:
NAND backup
Restore TA partition/stock software that was originally on the phone
See whether the "open device" is now available via official Sony tool
Flash latest firmware via official Sony tool (regardless whether it says "open device" or not)
See whether the "open device" is now available via official Sony tool
Flash recovery
Flash NAND backup
As I said, the only reason I haven't done this yet is because I can't find the time to make sure I can run troubleshooting in case there are any issues... And because I'm a little wary of touching a running system

Just started the process, finally was courageous enough. The old saying is true: Never touch a running system
Restoring the TA partition soft-bricked my phone. Am now trying to reset the phone by using the official Sony PC Companion software. We'll see what's up then.

Sony PC Companion didn't work. Instead, what apparently happened is that the bootloader, recovery, and OS didn't like being confronted with the restored backup partition - at all. Can't use the Flashtool to re-unlock, can't use Emma to flash new software, because the phone's locked...
Using the command line got the phone unlocked again, standard procedure as detailed here: *ttps://talk.sonymobile.com/t5/Android-development/Unable-to-unlock-bootloader/td-p/461477
Now I can re-flash and do whatever I like. Glad I had my NAND!

tinuthir said:
So my question to you all is this: Do I need to flash a complete stock ROM (losing my data, etc.) in order to make the new bootloader possible on amami? And if so, should I restore the TA partition I backed up in the very beginning before doing any of that? Or is what I'm trying to do pointless? If it's not pointless, is there a way to update the bootloader without wiping the phone?
Click to expand...
Click to collapse
Sorry I'm too late.
After reading some posts about new bootloader and some ta partition analysis bootloaders versions and TA partitions should never mix: they are incompatible.
Did you backup your ta partition after upgrading bootloader?
I am currently trying to help someone with a bad bootloader (supposed s1) on the phone, and maybe there is a way to reflash full emmc in a 'serial' way. I try to find quickly this time
Otherwise, maybe if you are able to access flashmode you can reflash your ta-with-upgraded-bootloader with it?
If you don't have ta backup after the upgrade, and your phone is still bricked, fell free to contact me, maybe we can found another solution based on this thread.
Good luck!
P.S. I try to write a guide about bootloader upgrade.

Root without wipe?

Time to retire my TMO G8, but I've been using it unrooted for years, because it wasnt available when i first got the phone. Ive been out of the scene since the G6, so im not sure what a lot of the common tools are, TWRP i know, but whats a firehose? Basically, I want to be able to take a full backup of my app data, ideally using titanium backup, but ill take what i can get, as long as it dosent involve a device wipe. do i have any options?

ZeikHunter said:
Time to retire my TMO G8, but I've been using it unrooted for years, because it wasnt available when i first got the phone. Ive been out of the scene since the G6, so im not sure what a lot of the common tools are, TWRP i know, but whats a firehose? Basically, I want to be able to take a full backup of my app data, ideally using titanium backup, but ill take what i can get, as long as it dosent involve a device wipe. do i have any options?
Click to expand...
Click to collapse
So, look at this thread for discussion re backup non root device. It's in the Sammy forums but much of it is relevant to any non root device.
I'd ask though, what did you plan on using root for? You need Magisk to get root, and normally when it's installed data has to be wiped and you flash dm-verity to now have unencrypted data partition. If you don't do that, data will remain encrypted and inaccessible (except by the device of course).
a 'firehose' file is used by qfil to access the low level / partitions of the device. It's a signed file specific for an individual device. It's a somewhat rare thing to have, as it gives you pretty much full access to the device, without root.
but using qfil to backup your user data partition, would result in a huge file, maybe like 80 gig or so, and, it's encrypted, so it basically doesn't have any value to do that?