Develop Bugs

[GUIDE] Flashing a different customization on the XQ-AT51 with FlashTool

You can find out your current customization by dialling *#*#SERVICE#*#* -> Service info -> Software Info -> Customization Version. This guide explains how to flash another official Sony firmware of different customization onto your Xperia 1 II XQ-AT51. You do NOT need to unlock your bootloader to do this.
Download and install FlashTool from http://www.flashtool.net
On Windows you will then need to install the Flashmode and Fastboot drivers.
On Linux you do not need to install drivers, but you do need to set some udev rules.
On Windows you will first need to reboot Windows with driver signature enforcement disabled to do this. Then install the Flashmode and Fastboot drivers from the installed C:\FlashTool\drivers\Flashtool-drivers.exe:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Open Flashtool and let the device database sync
This may fail on Windows if you have Windows Defender Antivirus Real-time protection running -- disable Windows Defender Antivirus Real-time protection in Windows settings:
Click on the XperiFirm icon to get a list of official Sony firmwares:
Select the XQ-AT51 on the left, and the select the particular Customization you would like. Then click on the box below "Available Firmware" to start downloading:
Once the Firmware has downloaded, close XperiFirm and then let FlashTool do some processing on the downloaded firmware to create a .ftf file of the firmware in your C:\Users\<username>\.flashTool\firmwares folder.
This step is no longer needed as the FlashTool database has now been updated. This step is temporary and will not be required once the FlashTool devices database has been updated for the XQ-AT51.
Download the .fsc file and .properties file and unzip them into a new folder in C:\Users\<username>\.flashTool\mydevices\XQ_AT51 . Rename the .fsc file to "58.0.fsc" to use it with more firmware versions. Then in FlashTool's menu choose Devices->Manage->Import -- this will give an error, but ignore.
Now click on the Flash button and choose Flashmode.
Set up the Firmware Selector window as follows - this setup will erase all data on your phone. Then click Flash:
When prompted, power off your phone and then hold down the volume down key on your phone and connect a USB cable from the phone to your computer (do NOT use the UCB24 USB C - USB C cable that comes with the phone -- the UCB24 is for charging only and does not work -- you need to use a quality USB C - USB A cable or try the UCB32 instead). Keep the volume down key held until the notification light turns green. The flashing process will now be prepared.
When you get a prompt saying "A FSC script is found. Do you want to use it?" choose yes. An error of "those data are not in the fsc script: persist, reset-non-secure-adb" is entirely normal, so choose Yes, and let the flashing commence. If you get a prompt asking you to select a partition, select the top option for 128GB storage and the bottom for 256GB storage -- if unsure click cancel. If you get "ERROR:null" then repair your phone with Xperia Companion first.
Flashing will be complete when you see "Sync status : OKAY".
If you are worried as to whether the flashing worked or not, you can always then do a software repair using the Xperia Companion software. Please check your storage after flashing - some users are reporting that they only are seeing 128 GB of storage instead of 256 GB - please repair with Xperia Companion if you see this and report in the comments below.

I bought the phone from O2UK with the O2 firmware and managed to successfully flash it to the 1321-7192 Customized UK firmware with FlashTool. I now have VoLTE and WiFi-Calling on Vodafone UK .
FlashTool settings:
Here is the before and after Software Info in the *#*#SERVICE#*#* menu:
Here is the before and after in the *#*#4636#*#* Phone Information menu:
EDIT: I turned off and on again the WiFi Calling setting in My Vodafone and now Wi-Fi calling is also provisioned!:
UPDATE: After the 58.0.A.3.88 update on Vodafone with Customized UK, I no longer see Wi-Fi calling as being provisioned, nor do I get the Wi-Fi Calling menu option in network settings. However, Wi-Fi calling is actually still working and still turns on automatically when I get low cellular network strength.

brocnical said:
FlashTool settings:
Here is the before and after Software Info in the *#*#SERVICE#*#* menu:
Here is the before and after in the *#*#4636#*#* Phone Information menu:
Click to expand...
Click to collapse
Does this unlock the ability to have dual sim? I know you would still need a different sim tray. but if the phone will support dual sim after flashing that would make a huge difference for me.

Fatmonk8 said:
Does this unlock the ability to have dual sim? I know you would still need a different sim tray. but if the phone will support dual sim after flashing that would make a huge difference for me.
Click to expand...
Click to collapse
No idea. Are there not more hardware differences than just the SIM tray?

brocnical said:
No idea. Are there not more hardware differences than just the SIM tray?
Click to expand...
Click to collapse
I have no idea, On my OnePlus 7 Pro the only difference was the software and the sim tray, converted it to in global software and replaced the sim tray and dual sim worked.
Hoping its the same for this phone too.

I've managed to do this, but seems like I am only seeing 128GB of storage now? Is that normal, I didn't check before.

kasiopc said:
I've managed to do this, but seems like I am only seeing 128GB of storage now? Is that normal, I didn't check before.
Click to expand...
Click to collapse
No, that is not normal:
You should only have 128GB on the Japanese models. Did you flash a Japanese firmware?

brocnical said:
No, that is not normal:
You should only have 128GB on the Japanese models. Did you flash a Japanese firmware?
Click to expand...
Click to collapse
Customized UK 58.0.A.3.31, and used your files provided above.
---------- Post added at 07:46 PM ---------- Previous post was at 07:21 PM ----------
Works fine now after running Software repair on Xperia Companion. Stayed on the generic firmware as well.

I've gone to try this and Flashtool can't see any downloaded firmwares. In your screenshot the left panel has the model tree, mine is blank. The location is correct as I can see the files there in Explorer. Same both my computer's. Odd.

sidneylopsides said:
I've gone to try this and Flashtool can't see any downloaded firmwares. In your screenshot the left panel has the model tree, mine is blank. The location is correct as I can see the files there in Explorer. Same both my computer's. Odd.
Click to expand...
Click to collapse
Did you download the .properties file to the exact folder specifed and did you do a Devices->Manage->Import?

Got it, I missed the bit about renaming the FSC to 58.
Don't remember having to do this when I used to use this!

brocnical said:
Did you download the .properties file to the exact folder specifed and did you do a Devices->Manage->Import?
Click to expand...
Click to collapse
Hey,
I saw your post here: https://forum.xda-developers.com/showthread.php?p=82876277#post82876277
here: https://forum.xda-developers.com/showpost.php?p=82876571&postcount=2
and here: https://forum.xda-developers.com/showpost.php?p=82896159&postcount=2
where each post refers the other in 3 different threads.
Considering that you have already put the effort to write these, would you mind to aggregate this information in a single post, possibly the first post of this thread and rename it to a guide?

stsdema28 said:
Hey,
I saw your post here: https://forum.xda-developers.com/showthread.php?p=82876277#post82876277
here: https://forum.xda-developers.com/showpost.php?p=82876571&postcount=2
and here: https://forum.xda-developers.com/showpost.php?p=82896159&postcount=2
where each post refers the other in 3 different threads.
Considering that you have already put the effort to write these, would you mind to aggregate this information in a single post, possibly the first post of this thread and rename it to a guide?
Click to expand...
Click to collapse
Done.
I have also made a pull request in the FlashTool devices db so that we won't have to do the .fsc and .properties bit in the future.

I have two quick (hopefully related) questions.
1. Has anyone tried to flash XQ-AT51 firmware on XQ-AT52? Obviously, I know Dual SIM may be impacted, but does it work? Any other issues?
2. Is there a CSC version of XQ-AT51 software for USA yet? I couldn't find it on XperiFirm.
Thank you so much!

KlausWillSeeYouNow said:
1. Has anyone tried to flash XQ-AT51 firmware on XQ-AT52? Obviously, I know Dual SIM may be impacted, but does it work? Any other issues?
Thank you so much!
Click to expand...
Click to collapse
I would like to know this too, we might have an answer soon enough since it looks like some people have ordered the 1 ii from wandamobile which basically ships the HK dual sim version.

I'm getting an issue when I'm flashing either the Customized UK rom or the O2 one where it gets stuck installing dsp.000, have you seen this before?
If I exclude dsp.sin from the flash it completes fine but the screen resolution is really basic so I'm assuming its the display drivers. Running a repair from the Sony Companion after the flash fails.
Stuck! Can anyone help? TIA
Code:
26/037/2020 07:37:06 - INFO - (CommandFlasher.java:719) - signature status : OKAY
26/037/2020 07:37:06 - INFO - (CommandFlasher.java:722) - erase:dsp_a
26/037/2020 07:37:06 - DEBUG - (USBFlash.java:85) - Reading packet from phone
26/037/2020 07:37:06 - DEBUG - (USBFlash.java:93) - IN : [email protected]
26/037/2020 07:37:06 - INFO - (CommandFlasher.java:726) - erase status : OKAY
26/037/2020 07:37:06 - INFO - (CommandFlasher.java:732) - sending dsp.000
26/037/2020 07:37:06 - INFO - (CommandFlasher.java:735) - download:04000000
26/037/2020 07:37:06 - DEBUG - (USBFlash.java:85) - Reading packet from phone
26/037/2020 07:37:06 - DEBUG - (USBFlash.java:93) - IN : [email protected]

electric0ant said:
I would like to know this too, we might have an answer soon enough since it looks like some people have ordered the 1 ii from wandamobile which basically ships the HK dual sim version.
Click to expand...
Click to collapse
Agreed 100%. I would like to flash the USA firmware from the XQ-AT51 on my XQ-AT52, but (a) I don't know if it's advisable to do that, and would like to hear from someone who has; and (b) it doesn't appear that there is USA firmware yet for the XQ-AT51!
Hope we get our answer soon.

Apologies if its a noob question but if I flash different region software, will I loose DRM keys?

No

Ok managed to fix my issue, In the end I swapped the cable I was using which didn't occur to me as parts of the flash worked so assumed connectivity was ok.
I originally used the USB C - USB C cable that came with the phone. Swapped that to a USB C - USB A cable and the flash completed successfully!
Massive sense of relief after many hours of messing around with it! Hopefully this might help someone in the future

Help unlock huawei HWD14

no way to putt NCK , no information on internet , Putty erro, DC unlocker not support .if found NCK how do i use that ? firmware update?? but where? this is real challenging for me
tks
ATI
Manufacturer: Huawei Technologies Co., Ltd.
Model: HWD14
Revision: 11.232.03.10.824
IMEI: 3528980453****
+GCAP: +CGSM
OK
AT^NVRDEX=50503,0,128
ERROR

Anandasri2 said:
no way to putt NCK , no information on internet , Putty erro, DC unlocker not support .if found NCK how do i use that ? firmware update?? but where? this is real challenging for me
tks
ATI
Manufacturer: Huawei Technologies Co., Ltd.
Model: HWD14
Revision: 11.232.03.10.824
IMEI: 3528980453****
+GCAP: +CGSM
OK
AT^NVRDEX=50503,0,128
ERROR
Click to expand...
Click to collapse
Found modem : M9625E-1
Model : Huawei HWD15
IMEI : 352898045xxxxxx
Serial NR. : N7SDW1431700xxxx
Firmware : 11.232.03.10.824
Dashboard version : 22.001.26.06.824
SIM Lock status : Locked (Card lock)
Wrong codes entered : 0 (unlock attempts left : 10)
sorry, this modem not supported !

Anandasri2 said:
Found modem : M9625E-1
DC unlocker
Model : Huawei HWD15
IMEI : 352898045xxxxxx
Serial NR. : N7SDW1431700xxxx
Firmware : 11.232.03.10.824
Dashboard version : 22.001.26.06.824
SIM Lock status : Locked (Card lock)
Wrong codes entered : 0 (unlock attempts left : 10)
sorry, this modem not supported !
Click to expand...
Click to collapse
CardLock_UnLock-e58xx/HUAWEI MODEM Code Writer not working ether for NCK enter may be Firmware block ..!

Anandasri2 said:
CardLock_UnLock-e58xx/HUAWEI MODEM Code Writer not working ether for NCK enter may be Firmware block ..!
Click to expand...
Click to collapse
only firmware online is "easy-firmware" looks scam to me cuss it's paid and suspicious .
HWD14_11.232.03.30.824_22.001.26.06.824
HWD14TCPU-V100R001B232D03SP30C824_Firmware_05012FPY.zip
Date: 26-09-2018  | Size: 270.65 MB
found something working but got error
"CardLock_UnLock-e58xx " code writer detect this device but when enter NCK its got error, may be due to firmware block
For NCK used old V1 algo cuss imei# start we 35XXXXXXXXXXX
but non of attempts count according to DC unlocker still remain 10 chances
if not found any solution soon i will try to update it by Web UI built in using auto update, but still hesitate to do cuss it may more difficult to unlock
*i tried using puty telnet /Serial commands but no success
++++++++++++++++++++++++++++++++++++++++
1.at^sfm=1
2.at^reset
3.AT^NVWREX=8268,0,12,1,0,0,0,2,0,0,0,A,0,0,0
4.at^sfm=0
5.at^reset
+++++++++++++++++++++++++++++++++++
atc ati
atc at^nvwrex=8268,0,12,1,0,0,0,2,0,0,0,a,0,0,0
+++++++++++++++++++++++++++++++++++=
ATI
ATI
AT^NVRDEX=50503,0,128
++++++++++++++++++++++++++++++++++++
if i found any progress i will update , also if some one can help much appreciate...!:angel:
tks,

Anandasri2 said:
only firmware online is "easy-firmware" looks scam to me cuss it's paid and suspicious .
HWD14_11.232.03.30.824_22.001.26.06.824
HWD14TCPU-V100R001B232D03SP30C824_Firmware_05012FPY.zip
Date: 26-09-2018  | Size: 270.65 MB
found something working but got error
"CardLock_UnLock-e58xx " code writer detect this device but when enter NCK its got error, may be due to firmware block
For NCK used old V1 algo cuss imei# start we 35XXXXXXXXXXX
but non of attempts count according to DC unlocker still remain 10 chances
if not found any solution soon i will try to update it by Web UI built in using auto update, but still hesitate to do cuss it may more difficult to unlock
*i tried using puty telnet /Serial commands but no success
++++++++++++++++++++++++++++++++++++++++
1.at^sfm=1
2.at^reset
3.AT^NVWREX=8268,0,12,1,0,0,0,2,0,0,0,A,0,0,0
4.at^sfm=0
5.at^reset
+++++++++++++++++++++++++++++++++++
atc ati
atc at^nvwrex=8268,0,12,1,0,0,0,2,0,0,0,a,0,0,0
+++++++++++++++++++++++++++++++++++=
ATI
ATI
AT^NVRDEX=50503,0,128
++++++++++++++++++++++++++++++++++++
if i found any progress i will update , also if some one can help much appreciate...!:angel:
tks,
Click to expand...
Click to collapse
working this command
but
ATI
> AT ^ CARDLOCK?
^ CARDLOCK: 1,10,0
when enter
AT ^ CARDLOCK = "Xx NCK CodeXXX" nothings happen so i realize this is firmware block ...
so i have to find modified firmware for do this so if any one have access to easy-firmware. com resource and get "HWD14_11.232.03.30.824_22.001.26.06.824 HWD14TCPU-V100R001B232D03SP30C824_Firmware_05012FPY.zip" pls share with me : so at least give a try ..

Anandasri2 said:
working this command
but
ATI
> AT ^ CARDLOCK?
^ CARDLOCK: 1,10,0
when enter
AT ^ CARDLOCK = "Xx NCK CodeXXX" nothings happen so i realize this is firmware block ...
so i have to find modified firmware for do this so if any one have access to easy-firmware. com resource and get "HWD14_11.232.03.30.824_22.001.26.06.824 HWD14TCPU-V100R001B232D03SP30C824_Firmware_05012FPY.zip" pls share with me : so at least give a try ..
Click to expand...
Click to collapse
+++++++++++++++++++++ DAY 5 ++++++++++++++++++++++++++++
finally found way to download original Firmware , with all revision
HWD14_UPDATE_11.232.03.10.824_22.001.26.06.824.ZIP English/Japanese
HWD14_UPDATE_11.232.03.30.824_22.001.26.06.824.ZIP English/Japanese
bit of research i realize ZIP is a compressed bin file, not a compressed package.. also i know nothing abut these files so i have to dig more to learn how to handle those file may it's impossible but still i don't
know :laugh:
now i have
*firmware file
*Hi links drivers to enable COM port

Anandasri2 said:
+++++++++++++++++++++ DAY 5 ++++++++++++++++++++++++++++
finally found way to download original Firmware , with all revision
HWD14_UPDATE_11.232.03.10.824_22.001.26.06.824.ZIP English/Japanese
HWD14_UPDATE_11.232.03.30.824_22.001.26.06.824.ZIP English/Japanese
bit of research i realize ZIP is a compressed bin file, not a compressed package.. also i know nothing abut these files so i have to dig more to learn how to handle those file may it's impossible but still i don't
know :laugh:
now i have
*firmware file
*Hi links drivers to enable COM port
Click to expand...
Click to collapse
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
working with some tools in linux (binwalk... ect ) but still no luck if some one can mod this firmware pls let me know i will send the link ... cuss it's long way to go learn Reverse Engineering :silly:

Anandasri2 said:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
working with some tools in linux (binwalk... ect ) but still no luck if some one can mod this firmware pls let me know i will send the link ... cuss it's long way to go learn Reverse Engineering :silly:
Click to expand...
Click to collapse
FM file links
http://update.hicloud.com:8180/TDS/..._UPDATE_11.232.03.10.824_22.001.26.06.824.ZIP
http://update.hicloud.com:8180/TDS/..._UPDATE_11.232.03.30.824_22.001.26.06.824.ZIP

Anandasri2 said:
FM file links
http://update.hicloud.com:8180/TDS/..._UPDATE_11.232.03.10.824_22.001.26.06.824.ZIP
http://update.hicloud.com:8180/TDS/..._UPDATE_11.232.03.30.824_22.001.26.06.824.ZIP
Click to expand...
Click to collapse
doesn't work because the file is corrupted looks like it's faking about corrupt cuss looks suspicious to me ,i think archive is good but they don't need open it easily:laugh: still looking forward
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Anandasri2 said:
doesn't work because the file is corrupted looks like it's faking about corrupt cuss looks suspicious to me ,i think archive is good but they don't need open it easily:laugh: still looking forward
Click to expand...
Click to collapse

Question how to unlock the bootloader ?

how to unlock the bootloader, I read about some program "indeepth test", but did not find it on this phone

You need to wait till realme/Oppo releases the app specific to this phone. If you google the app, you will find plenty of sites say that the app for realme 3 or X will work but just a waste of time. Has to be for this phone
Though I am looking into a possible way to root device without unlocking bootloader.

Sorry for the stupid question, but I'm not even able to enter fastboot mode: pressing Volume Up + Power buttons simply reboots the system and sending "adb reboot bootloader" gives me a terminal message ending with "the serial is not match, fastboot_unlock_verify fail"...
What's wrong?

As per my my previous comment. Realme releases an apk file that then allows you to unlock the bootloader
While the bootloader is locked on any android devices, you will not be able to boot to fastboot.
I have managed to flash a magisk patched boot.img file by other means but wasn't successful, ass need to patch Vbmeta and can't do that without fastboot or two(or equivalent).
The apk they release is called deep testing. If you go on realme forums they are generally pretty open and quick to release. The app Is pretty much the equivalent of applying to Sony on the xperia's the app does the unlocking et
If I can find a way to get pasted the red state boot screen iI will defiantly post the instructions and all files etc

@smiley.raver
Hello, I bought this device and have been using it for exactly 1 week,
I searched the internet and found this article, but I'm not sure if the article is Trustworthy, can you check it?

MrMiyamo said:
@smiley.raver
Hello, I bought this device and have been using it for exactly 1 week,
I searched the internet and found this article, but I'm not sure if the article is Trustworthy, can you check it?
Click to expand...
Click to collapse
Ok i found this one too, and it is looks more trustworthy .
Well, i believe to you, so i will wait your response.

MrMiyamo said:
Ok i found this one too, and it is looks more trustworthy .
Well, i believe to you, so i will wait your response.
Click to expand...
Click to collapse
That will be the method, though realme still have not released the unlock tool for this device.
If you check the realme community forums, and see h bootloader unlock for this device on a periodical basis realme will eventually release it, just not sure on their time frames. This is only my second realme device of which the first one I once the c3 had already been out for a while and unlock tool was already released.
Once it has been. I will create. Thread with the process and attach the files here in xda

@smiley.raver
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Should we wait realme or look at this?
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com

MrMiyamo said:
@smiley.raver
View attachment 5426883
Should we wait realme or look at this?
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
I am checked the tool and i have couldn't done anythink so far.

Sorry have been flat out at home doing renovations
I will have a look at it sometime over the next couple of days.

smiley.raver said:
Sorry have been flat out at home doing renovations
I will have a look at it sometime over the next couple of days.
Click to expand...
Click to collapse
Yes, i am also will look at it in a few days,
I will install a linux distro on my laptop and try again,
BTW we should look at this video for referance;

MrMiyamo said:
@smiley.raver
View attachment 5426883
Should we wait realme or look at this?
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
I have had a read through. Getting to brom bootloader and bypassing da was the way I was attempting it I am curious as to what is different between his magisk all and the app release he does.
I haven't had a look at the other one yet. WL do that tomorrow

smiley.raver said:
I have had a read through. Getting to brom bootloader and bypassing da was the way I was attempting it I am curious as to what is different between his magisk all and the app release he does.
I haven't had a look at the other one yet. WL do that tomorrow
Click to expand...
Click to collapse
I installed a linux distro today and tried again, i get same result as on windows.
If you get the same result, we'll assume it's caused by the device.
In this case, there is nothing left except creating a new issue on the github repo.

@
MrMiyamo are you successfully booting into the brom bootloader? as the instructions on github are only saying to power + vol up or down - when it is power + vol up + vol down and then plug in usb. I have just had to reinstall windows so i will give this a go as just installed python.​
give me a few hours to play around and see what i can do - i maybe able to do it the way i was doing it with the magisk app released on github page

@MrMiyamo while phone is turned on - push an hold power + vol + + vol - and continue to hold while it reboots, continue holding while you see at bottom of the screen rebooting to recovery - continue holding the keys down and plug usb in with other end connected to the computer
mind you im getting stuck at the da sync - try doing same process on linux - as i havent installed it yet and awaiting for it to download
C:\mtkclient>python mtk rl out
Capstone library is missing (optional).
Keystone library is missing (optional).
MTK Flash/Exploit Client V1.42 (c) B.Kerler 2020-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Device detected
Preloader - CPU: MT6765(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0x0
Preloader - SBC enabled: False
Preloader - SLA enabled: False
Preloader - DAA enabled: False
Preloader - SWJTAG enabled: False
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - BROM mode detected.
Preloader - ME_ID: BA8A36E4EDC2EC489BA44EEA0F809354
Preloader - SOC_ID: 5A9501C1148E3B36CD3B173E1EBE166257EBA2069333EFF7A1CE20EAD189884F
Main - Device is unprotected.
Main - Device is in BROM mode. Trying to dump preloader.
PLTools - Loading payload from C:\mtkclient\mtkclient\config\..\payloads\mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: C:\mtkclient\mtkclient\config\..\payloads\mt6765_payload.bin
Port - Device detected
DAXFlash - Uploading stage 1...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
DAXFlash - Successfully received DA sync

@smiley.raver
I am run "sudo mtk rl out" and it looks like does the job, it currently dumping all partitions.
Edit:
Ok, i did something stupidly and installed linux system on 24 GB partition
so I had to stop the process before it complete,
It's probably fine as long as we don't want a backup, but I'll install the system on a 64gb partition and look again later.

MrMiyamo said:
@smiley.raver
I am run "sudo mtk rl out" and it looks like does the job, it currently dumping all partitions.
Click to expand...
Click to collapse
thats awesome - so it appears to be a windows issue - i will create the issue on github soon - we have progress
also i found out that it only needs to be phone switched off and vol + & vol - held while plugging in usb
with that working -then the rest of the instrcutinos should work - so give it a try - i just finished downlaoding linux- so i will be a little while off trying it
i think i know what the windows issue is - its not picking up vcom drivers in the transition from bootloader to vcom - so therefor it stalls -

I am edited my message, can you check it?

@smiley.raver
BTW my phone has a pending OTA update, i keep to not update since i worry about that method will not work.
Can i apply OTA update without worry?
Else how can i remove pending update files?

smiley.raver said:
thats awesome - so it appears to be a windows issue - i will create the issue on github soon - we have progress
also i found out that it only needs to be phone switched off and vol + & vol - held while plugging in usb
Click to expand...
Click to collapse
MrMiyamo said:
@smiley.raver
BTW my phone has a pending OTA update, i keep to not update since i worry about that method will not work.
Can i apply OTA update without worry?
Else how can i remove pending update files?
Click to expand...
Click to collapse
while your phone is not updated - lets leave it like that - as mine is latest firmware - hence we maybe getting to different issues.,
this way we can attack 2 different firmware versions. yep saw your editted mesage - i had to install another hdd to install just for the moment ...
but at least the mtk rl command worked and got further then I did on windows - im about halfway through linux install (just have to remember how to use the bloody thing now haha)

General *Root* Turn off shutter sound for pixel 6 pro japan ver.

*** Please follow the laws and regulations of the corresponding country or region ***
thanks for @HarryShan
I'm not living in Japan and use other country SIM card always shutter sound.
Pixel 6 Pro has a Model ID GF5KQ for Japan
G8VOU for US
they are same hardware
changing Model ID can control Gcam shutter sound
Model ID storage in /dev/block/by-name/devinfo for pixel 6 and 6 pro
run a adb shell to changing or using terminal
1.shell into phone
adb shell
Click to expand...
Click to collapse
2.change to root
$su
Click to expand...
Click to collapse
3.copy devinfo to img
#dd if=/dev/block/by-name/devinfo of=/sdcard/devinfo.img
Click to expand...
Click to collapse
4.changing Model ID with hex editer
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
5.save and flash back
# dd if=/sdcard/Mod_devinfo.img of=/dev/block/by-name/devinfo
Click to expand...
Click to collapse
6.reboot and enjoy it.
In theory, it should be possible to use “fastboot flash devinfo xxx.img”
But it should be necessary to repackage the img file before .
Please tell me if there is a systemless method , thanks

This Is Why In Japan A Phone’s Camera Shutter Sound Cannot Be Muted​
You know that annoying “passht” camera shutter sound your phone makes whenever you take a picture? Well, in Japan, you can’t mute it, not even if you switch to mute mode! Here’s why.
Back in early 2000, when Kyocera VP-210 was launched, Japan became the first country to sell camera equipped phones. These phones also had the ability to send photos via email (pretty astonishing for 2000, isn’t it?). When users started to get used to them and learned how to attach pictures to an email, a big problem started to emerge: as any citizen of a civilized society would do, people started using their camera to take up-skirt photos of women, especially in crowded places like trains!
By 2001, this was already a matter of online discussion and, because no legal provision has been taken by the government, wireless carriers took it upon themselves. In order to prevent secret filming and ensure privacy, carriers made it a requirement that all phones sold in Japan must be customized for the market so that all built-in cameras cannot be muted.
Phone producers and Japanese wireless carriers have cooperated ever since so that all phones make a distinct sound whenever you use the camera.
This Is Why In Japan A Phone's Camera Shutter Sound Cannot Be Muted
Tap on the pic to find out.
theuijunkie.com

@iCassius
You can use my Magisk module.
Basically you only need to "setprop audio.camerasound.force false" and overlay to disable force sound.
GitHub - AndroPlus-org/magisk-module-pixel6: Google Pixel 6シリーズ以降向けのMagiskモジュールです。
Google Pixel 6シリーズ以降向けのMagiskモジュールです。. Contribute to AndroPlus-org/magisk-module-pixel6 development by creating an account on GitHub.
github.com

miravision said:
This Is Why In Japan A Phone’s Camera Shutter Sound Cannot Be Muted​
You know that annoying “passht” camera shutter sound your phone makes whenever you take a picture? Well, in Japan, you can’t mute it, not even if you switch to mute mode! Here’s why.
Back in early 2000, when Kyocera VP-210 was launched, Japan became the first country to sell camera equipped phones. These phones also had the ability to send photos via email (pretty astonishing for 2000, isn’t it?). When users started to get used to them and learned how to attach pictures to an email, a big problem started to emerge: as any citizen of a civilized society would do, people started using their camera to take up-skirt photos of women, especially in crowded places like trains!
By 2001, this was already a matter of online discussion and, because no legal provision has been taken by the government, wireless carriers took it upon themselves. In order to prevent secret filming and ensure privacy, carriers made it a requirement that all phones sold in Japan must be customized for the market so that all built-in cameras cannot be muted.
Phone producers and Japanese wireless carriers have cooperated ever since so that all phones make a distinct sound whenever you use the camera.
This Is Why In Japan A Phone's Camera Shutter Sound Cannot Be Muted
Tap on the pic to find out.
theuijunkie.com
Click to expand...
Click to collapse
while I'm not Japanese, I do find these articles somewhat annoying as they sort of paint a negative image of Japanese people in general. yeah, of course there are perverts in Japan that do this, but as many as there are Japanese perverts, there are that many if not more in other countries as well.

Do you know if this can be done to enable the mmWave on GLU0G European model?

Other question: updating firmware will not overwrite that memory block, right?

gpvecchi said:
Do you know if this can be done to enable the mmWave on GLU0G European model?
Click to expand...
Click to collapse
Idont think so ,These 2 versions should be different hardware scales
this partition will not flash with update package
it only record your mac addr bt addr and etc
so be careful

Yeah. It's a first world problem. When I try to take a picture of my kids while they're asleep the shutter awakens them. There are several camera apps in the store (s) that don't make the shutter sound if you're interested.
I'm thankful for the sound tbh. People at times try to record my kids on the trains( Japanese with natural blonde hair) usually I just tell them to stop and they do.
My kids aren't a tourist attraction for your amusement...

AndroPlus said:
@iCassius
You can use my Magisk module.
Basically you only need to "setprop audio.camerasound.force false" and overlay to disable force sound.
GitHub - AndroPlus-org/magisk-module-pixel6: Google Pixel 6シリーズ以降向けのMagiskモジュールです。
Google Pixel 6シリーズ以降向けのMagiskモジュールです。. Contribute to AndroPlus-org/magisk-module-pixel6 development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
how exactly to do this, sorry but i am a newbie

iCassius said:
*** Please follow the laws and regulations of the corresponding country or region ***
thanks for @HarryShan
I'm not living in Japan and use other country SIM card always shutter sound.
Pixel 6 Pro has a Model ID GF5KQ for Japan
G8VOU for US
they are same hardware
changing Model ID can control Gcam shutter sound
Model ID storage in /dev/block/by-name/devinfo for pixel 6 and 6 pro
run a adb shell to changing or using terminal
1.shell into phone
2.change to root
3.copy devinfo to img
4.changing Model ID with hex editer
View attachment 5467843
5.save and flash back
6.reboot and enjoy it.
View attachment 5467819
In theory, it should be possible to use “fastboot flash devinfo xxx.img”
But it should be necessary to repackage the img file before .
Please tell me if there is a systemless method , thanks
Click to expand...
Click to collapse
was able to the above but still the Camera Sound option still not appear in the Camera settings

noyalas said:
was able to the above but still the Camera Sound option still not appear in the Camera settings
Click to expand...
Click to collapse
it is now working, thanks @iCassius

iCassius said:
*** Please follow the laws and regulations of the corresponding country or region ***
thanks for @HarryShan
I'm not living in Japan and use other country SIM card always shutter sound.
Pixel 6 Pro has a Model ID GF5KQ for Japan
G8VOU for US
they are same hardware
changing Model ID can control Gcam shutter sound
Model ID storage in /dev/block/by-name/devinfo for pixel 6 and 6 pro
run a adb shell to changing or using terminal
1.shell into phone
2.change to root
3.copy devinfo to img
4.changing Model ID with hex editer
View attachment 5467843
5.save and flash back
6.reboot and enjoy it.
View attachment 5467819
In theory, it should be possible to use “fastboot flash devinfo xxx.img”
But it should be necessary to repackage the img file before .
Please tell me if there is a systemless method , thanks
Click to expand...
Click to collapse
I tried this method on my 6 pro and it's stuck in a bootloop! can anyone help me?
I tried to reinstall the stock rom again but fastboot is as far as I can get. I can't boot into fastbootd to complete the flashing process.
I still have the original devinfo.img and I don't know how to restore it using fastboot. I tried fastboot flash devinfo devinfo.img but I get file size error.
please help

unbricked my phone.
you should have added "bs=8192 count=1" to your dd command.
now because of your half baked guideeven though I unbricked, wifi isn't working.

mohamed.sakhiri said:
unbricked my phone.
you should have added "bs=8192 count=1" to your dd command.
now because of your half baked guideeven though I unbricked, wifi isn't working.
Click to expand...
Click to collapse
Try the Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you may not have to manually unlock the bootloader - the "site" will do that on its own). You may have to choose the option to Force Flash All Partitions, which will also wipe your phone.

roirraW edor ehT said:
Try the Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you may not have to manually unlock the bootloader - the "site" will do that on its own). You may have to choose the option to Force Flash All Partitions, which will also wipe your phone.
Click to expand...
Click to collapse
nope that did not work, unfortunately.

mohamed.sakhiri said:
nope that did not work, unfortunately.
Click to expand...
Click to collapse
I would pursue the warranty possibility ASAP, if you can. Then, if they let you RMA it, use the flash tool once more, but this time check the box for both Wipe and for Re-lock the Bootloader.
I apologize for the bad news.

roirraW edor ehT said:
I would pursue the warranty possibility ASAP, if you can. Then, if they let you RMA it, use the flash tool once more, but this time check the box for both Wipe and for Re-lock the Bootloader.
I apologize for the bad news.
Click to expand...
Click to collapse
Unfortunately I can't send it back even if they agree, custom fees are insane here.
Do you own a pixel 6 pro? If so, can you please send me a backup of your devinfo partition?

mohamed.sakhiri said:
Unfortunately I can't send it back even if they agree, custom fees are insane here.
Do you own a pixel 6 pro? If so, can you please send me a backup of your devinfo partition?
Click to expand...
Click to collapse
Right, I saw your post in the other thread. Like I said, you should stick to a single thread - now you've got three threads going about the subject.
No, I don't own a Pixel 6 Pro, my wife and I traded ours in, which Google received today.

mohamed.sakhiri said:
I tried this method on my 6 pro and it's stuck in a bootloop! can anyone help me?
I tried to reinstall the stock rom again but fastboot is as far as I can get. I can't boot into fastbootd to complete the flashing process.
I still have the original devinfo.img and I don't know how to restore it using fastboot. I tried fastboot flash devinfo devinfo.img but I get file size error.
please help
Click to expand...
Click to collapse
This partition is record of hardware information
So I think you did something wrong while modifying this partition
You can post the information about the failure when you flash the system partition
To facilitate better analysis of the reasons
In addition, if you stay on the google logo interface all the time,
you can check whether the computer system device currently has an adb or fastboot connection to confirm where the device boot stays.

iCassius said:
This partition is record of hardware information
So I think you did something wrong while modifying this partition
You can post the information about the failure when you flash the system partition
To facilitate better analysis of the reasons
In addition, if you stay on the google logo interface all the time,
you can check whether the computer system device currently has an adb or fastboot connection to confirm where the device boot stays.
Click to expand...
Click to collapse
It is solved by now.
[SOLVED] Bricked my Pixel 6 Pro
Hello, Today I messed up, I tried to change my Pixel 6 Pro's model from US version to global, so I edit the devinfo.img and pushed it successfully using adb, the same steps shared in some articles on xda. Now it won't boot again, it's stuck on...
forum.xda-developers.com

Development One+_TooL with Grayed out Oem_Unlock (Bootloader Unlock) enabler & Engineer Decrypt

Here is my latest version of My Oneplus Tool . This tool can do almost everything for you. I have added a method to switch the Oem_Unlock switch on Sim locked devices. It will ungray the switch so you can flip it and bootloader unlock. It still has all the other tools like the engineer mode decrypt, to enable the app. Also lots of hidden SECRETS like every oneplus device has a hidden copy of busybox already installed . and this will access it. Plus this has a long list of dialer codes .There are lots of tools like scrcpy and a windows file explorer for your device. I have also added lots of fastboot adb commands. Please feel free to let me know if anything can be added. I been notifided this has been reported as a virus, it is only a .bat file converted to exe. please scan for yourself.
One+_TooL.7z | by Ju5t3nc4s3 for /e/OS supported models
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
www.androidfilehost.com
Please donate for the cause.
Donate to Ju5t3nc4s3
Help support Ju5t3nc4s3 by donating or sharing with your friends.
www.paypal.com
I have now made this ungray method usless LoL I have a working method that lets u flash msm and boot direct to bootloader and unlock without the need for a oem unlock token from oneplus , even works if ur still sim locked.

any guidance？
better with an instruction。
thx for sharing。

Thank very much. This is awesome !
But like werichard559 said, better with instructions. Otherwise you will get Many Many Many questions....

its self explained in the tool. its just written in bash and packed with everything like adb tools into a exe.
has a menu with items.

Interesting, MS Windows and Linux?

galaxys said:
Interesting, MS Windows and Linux?
Click to expand...
Click to collapse
exe on linux? Nah, you could decompile and pull the scripts

Only reason for the exe is to have all the file together. Nice and neat.And unlike all the others that want you to post your IMEI to the NET to do the engineer mode decrypt . I wrote this so the decryption is done in shell on the phone.

Ju5t3nC4s3 said:
Only reason for the exe is to have all the file together. Nice and neat.And unlike all the others that want you to post your IMEI to the NET to do the engineer mode decrypt . I wrote this so the decryption is done in shell on the phone.
Click to expand...
Click to collapse
Engineer mode from dialer? Did you just script to edit the config file in mnt/vendor/persist/engineermode/engineermode_config ? We appreciate your work. Work smarter not harder

Zeus0fyork said:
Engineer mode from dialer? Did you just script to edit the config file in mnt/vendor/persist/engineermode/engineermode_config ? We appreciate your work. Work smarter not harder
Click to expand...
Click to collapse
To disable the incryption? ,and enable engineer mode? Yes the config is edited ,can only be done with root . Or a very long process. I released a shell command to do this few months back.It just uses a sed cmd. Now to generate the code on the device in shell to enter . That wasn't easy, had a heck of a time finding a cmd that would get the correct hash I needed for a crc32b . And to have it enter that code for u on the screen,it just had to be done. Lol . I have loads of dialer codes still I haven't added to the tool. A lot I'm not sure what they even do yet ,like *#632# no clue. There is a completely extra app that is also decrypted with the engineer mode. OpEngMode or TmoEngMode for TMobile.

This has all can together just from the data mining and the need for the tools for the reversing of the simlock . I been working on it now for some time and have discovered many other vulnerablitys. I have unlocked some devices,but never 1 the same. Before I released this I descoverd how to flip the oem_unlock switch under the greyed out area.and was able to unpack a msm download and mod to repack it. So after flash the switch is on. By 1 bit I found in one of the partitions. Recently I have located some code just like the engineer mode qr for the sim unlock. And there is a couple RSA private keys with it.I also located a dialer code to skip setupwizard. And another code that gives u all USB access like adb ,diag , all with out verification.

Ju5t3nC4s3 said:
This has all can together just from the data mining and the need for the tools for the reversing of the simlock . I been working on it now for some time and have discovered many other vulnerablitys. I have unlocked some devices,but never 1 the same. Before I released this I descoverd how to flip the oem_unlock switch under the greyed out area.and was able to unpack a msm download and mod to repack it. So after flash the switch is on. By 1 bit I found in one of the partitions. Recently I have located some code just like the engineer mode qr for the sim unlock. And there is a couple RSA private keys with it.I also located a dialer code to skip setupwizard. And another code that gives u all USB access like adb ,diag , all with out verification.
Click to expand...
Click to collapse
what u mean by 'some code just like the engineer mode qr for the sim unlock'
now iam having touble to sim unlock my TMO OP9,could u pls help me out?

There is no method to sim_unlock other then official service.

Ju5t3nC4s3 said:
There is no method to sim_unlock other then official service.
Click to expand...
Click to collapse
oh,really sad to hear that.
still merry christmas.
thx for ur shares.

I have been working on reversing the OnePlus sim_lock now for over a year. Every device after the Op6 they made a change that if you erase the efs to reset it, You will lose total access to the sim card. It looks to be a key needed by the sim in the SFS path , same location as the simlock fuse.

Ju5t3nC4s3 said:
Here is my latest version of My Oneplus Tool . This tool can do almost everything for you. I have added a method to switch the Oem_Unlock switch on Sim locked devices. It will ungray the switch so you can flip it and bootloader unlock. It still has all the other tools like the engineer mode decrypt, to enable the app. Also lots of hidden SECRETS like every oneplus device has a hidden copy of busybox already installed . and this will access it. Plus this has a long list of dialer codes .There are lots of tools like scrcpy and a windows file explorer for your device. I have also added lots of fastboot adb commands. Please feel free to let me know if anything can be added.
Downloads for : OnePlus /e/OS supported models | AndroidFileHost.com | Download GApps, Roms, Kernels, Themes, Firmware and more. Free file hosting for all Android developers.
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
www.androidfilehost.com
Click to expand...
Click to collapse
What problem can be? androidfilehost said no mirrors found/ ((((

I'll upload to Gdive in a bit also. Android file host does this. Lots of time u just need to wait a bit to get it to work.

Ju5t3nC4s3 said:
I'll upload to Gdive in a bit also. Android file host does this. Lots of time u just need to wait a bit to get it to work.
Click to expand...
Click to collapse
I will be glad to Gdrive link. I waited all day, got to the computer. And hosting broke me off. lol

P
020982 said:
I will be glad to Gdrive link. I waited all day, got to the computer. And hosting broke me off. lol
Click to expand...
Click to collapse
One+_TooL.exe
drive.google.com

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Still sim locked and no unlock.bin, thank you good sir

? What are u trying to show ,,u can check the sim lock in *#808#.