Related
I have a Verizon LG G Pad 8.3 LTE and I flashed an incorrect KDZ file to it resulting in a dead tablet that connect as "Qualcomm HS-USB QDLoader 9008". I have read that a great program known as QPST may be the ticket to recovering the tablet but when extracting the KDZ to a .cab using LGExtract, I am running into issues. I get a corrupt file error when trying to extract the .cab and I get this after using many .kdz files believed to be for the VK810 that I have. Does anyone have experience with this procedure? The instructions I am following are as follows:
First download LGextract: Download
Extract it.Put you kdz file with extracted contentes.now open command prompt there and execute: lgextract -kdz xxx.kdz
It will create xxx.cab file there.
Use winrar or 7zip to extract it.
Now there will be folder named xxx containing two files namely : DZ_LGE730AT-00-V10x-xxx-XX-OCT-12-2012+0.dz and QCT_E730_20120928.dll.
Now download dzdecrypter : Download
Extract it and put your extracted files into xxx folder.
Again open command prompt and execute:dzdecrypt -x DZ_LGE730AT-00-V10x-xxx-XX-OCT-12-2012+0.dzive you
That will give you many files including recovery.img,boot.img,system.img.ext4 and some mbn files.
Now you can use ext2explore to extract content of system.img.ext4 which will have our /system folder. [/SIZE]
Any help at all would be appreciated! Also, I'm not looking for any sort of "warranty it to fix it" kinds of posts, I want to fix this myself and do not absolutely NEED the tablet so I am up to do whatever with it to experiment and hopefully fix it!
Bump
Anyone?
sk8boy204 said:
Anyone?
Click to expand...
Click to collapse
Maybe will help you :
http://forum.xda-developers.com/lg-g2/general/fix-unbrick-lg-g2-stuck-qualcomm-hs-usb-t2933830
bogdan109 said:
Maybe will help you :
http://forum.xda-developers.com/lg-g2/general/fix-unbrick-lg-g2-stuck-qualcomm-hs-usb-t2933830
Click to expand...
Click to collapse
Thank you, now just to find or build a .tot for the VK810.
Hello Everyone,
The following steps can be used to enable MMOS mode on the Alcatel Idol 4S with Windows 10:
1. download and install WPAK. It can be found at http://forum.xda-developers.com/attachment.php?attachmentid=3860780&d=1472659433
2. extract the files of the attached zip and put them in the same directory as "ffutool.exe".
3. Start your phone in Recovery mode (lightening bolt and gear), and connect it to the computer. (the Idol 4S, this is VolUp & Power.)
4. now open a command prompt as administrator and navigate to the path where WPAK is installed.
5. run the following command: "FFUTool.exe -setBootMode 1 ProfileName" Where "ProfileName" is one of the following:
a. "Default"
b. "Factory"
c. "FactoryFullOS"
6. wait for the device to reboot. While it is booting, the startup screen will say "Not For Resale."
To disable MMOS mode, perform the same steps as above, but replace the command used in step 4 with the following: "FFUTool.exe -setBootMode 0"
FactoryFullOS is useful immediately after a flash and before first boot because it will skip OOBE and let you just use the phone. This is good to install Interop Tools and make changes to the device before OOBE is run. Once you disable it after making changes, it will run OOBE. FactoryFullOS also enables the Qualcomm ports so you can use QPST and other Qualcomm tools to interact with the radio.
Here is a list of optional features that may be enabled only when Manufacturing Mode is enabled: https://docs.microsoft.com/en-us/windows-hardware/manufacture/mobile/optional-features-for-manufacturing-mode
NOTE: the "ProfileName" for other devices can be found at the following registry key: "HKEY_LOCAL_MACHINE\System\ControlSet001\Control\ManufacturingMode" The subkeys that are listed are the names that are used by FFUTool.exe. (There is no space between the M and the a, but the forum keeps adding one for some reason)
Thanks for sharing this. Could be getting closer at more development for this device. I have never used this mode for Windows phones, can you give anymore insight or details on this? Like how to add features manually or check for what is enabled already? I do see it opens the diag port like you said. So it could be possible to back up the qc partitions which is good.
@nate0 This mode is typically used by device manufacturers for the testing and debugging of retail devices. I think in WP 8 there was a hard-requirement to remove this from pure-retail devices. In Windows 10 Mobile, it is not required to remove these from retail images. I haven't played with it much myself, but it should let you do things that you couldn't normally do like editing the BCD store. If you expand the registry key that corresponds to the MMOS mode being used, it will show you the customizations that are taking place when that mode is used.
Thanks. I was actually able to dump a qcn file from the T-Mobile model last night.
This mode also works on the Madosma Q601. Have only used "setbootmode 1 factory" successfully.
I've been trying to enable US LTE bands on it. Dumped the nv memory prior and had to restore it after using qpst as I inadvertently blanked out the imei on accident. Good news is that I successfully restored the nv modem settings from the dumped qcn file which restored defaults and the imei.
new ffutool please
Could you please kindly help to upload a new version ffutool.exe and its dll ffucomponents.dll ?
My version was built on April 2014. which might too old to have the setbootmode option.
Thanks
Code:
PS D:\ffutool> .\ffutool.exe
Usage: FFUTool -flash <path to FFU file to apply to disk>
FFUTool -uefiflash <path to FFU, flashed from UEFI directly>
FFUTool -wim <path to WIM to boot from RAM>
FFUTool -skip
FFUTool -list
FFUTool -massStorage
FFUTool -clearId
FFUTool -serial
C:\Program Files (x86)\Windows Kits\10\Tools\bin\i386
Unhandled Exception: System.TypeInitializationException: The type initializer for 'FFUComponents.FFUManager' threw an exception. ---> System.IO.FileNotFoundException: Could not load file or assembly 'ufphostm, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
at FFUComponents.FFUManager..cctor()
--- End of inner exception stack trace ---
at FFUComponents.FFUManager.Start()
at Microsoft.Windows.ImageTools.FFUTool.Main(String[] args)
Code:
C:\Program Files (x86)\Windows Kits\10\tools\bin\i386>ffutool.exe -setBootMode 1 Factory
Logging SimpleIO to ETL file: C:\Users\XXX\AppData\Local\Temp\ffutool23024.etl
[Device 0]
Name : Nokia.MSM8926.P6204.1.1
ID : 00000011-728a-c92f-0000-000000000000
Type : SimpleIODevice
Failed to reset to specified boot mode. Error 2147483662At least one of the devices failed to execute the operation.
Failed on Lumia 640 LTE RM-1073
augustinionut said:
C:\Program Files (x86)\Windows Kits\10\Tools\bin\i386
Unhandled Exception: System.TypeInitializationException: The type initializer for 'FFUComponents.FFUManager' threw an exception. ---> System.IO.FileNotFoundException: Could not load file or assembly 'ufphostm, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
at FFUComponents.FFUManager..cctor()
--- End of inner exception stack trace ---
at FFUComponents.FFUManager.Start()
at Microsoft.Windows.ImageTools.FFUTool.Main(String[] args)
Click to expand...
Click to collapse
I am updating the first post with the two missing files. I don't know why they are missing!
i can't enter MMOS mode. when i try to enter factory mode, it just shows bluescreen on boot.
If you try this method, I nor anybody else is responsible for any further damage done to your phone.
Models Confirmed : V300L
We currently have firehose for V30.
Therefore, we can program UFS flash memory in 9008 mode.
It requires rawprogram?.xml(s) and patch?.xml(s) to program it.
It's easy to generate rawprogram?.xml(s) from kdz file, but generate patch?.xml(s) is not easy. (Unfortunately, I couldn't have time to generate patch?.xml(s)).
I have edited kdztools to generate rawprogram?.xml(s) easily (You can generate it by using "-r" argument. Currently, generate patch?.xml(s) is not supported. I'll add it soon).
I used patch?.xml(s) in post. it works well, but boot loop in the LG Logo.
However, it was possible to enter download mode.
------------------- GUIDE -------------------1. Download rawprogram?.xml patch?.xml with images from link. (It uses V300L30h000906.kdz)
2. Download firehose (prog_ufs_firehose_8998_lgev30.elf) from link.
<< Linux >>
3. Build qdl or download pre-built binary
4. Extract zip or tar.gz files 1, 2, 3 in any folder.
5. Run
Code:
$ ./qdl --storage ufs prog_ufs_firehose_8998_lgev30.elf rawprogram0.xml patch0.xml rawprogram1.xml patch1.xml rawprogram2.xml patch2.xml rawprogram3.xml patch3.xml rawprogram4.xml patch4.xml rawprogram5.xml patch5.xml rawprogram6.xml patch6.xml
in the terminal.
6. If LG logo shows, enter to the download mode.
<< Windows >>
3-6. You can program by QFIL similar as qdl.
7. Connect to any Windows PC with LGUP (must support Android Pie).
8. Flash kdz with ChipErase. (IMPORTANT)
9. If it boots successfully, your device has unbricked.
you can create rawprogramer and patch.xml with this program
I have already tried it on lg v10 kdz with successful.
after extract kdz :
1-open qualcomtool 2.4 and go to EMMC tabe.
2-clic browse and select primarygpt_0.bin
3- select all partitions and click exract partition
4- click extract firmware
you will find every things you need in extracted folder.
you can edid rowprogramer.xml with notepad ++ .
edit : tryed with lg v30 kdz not work
(gpt not present when select file)
Thank you for your work
download problem
quickwshell said:
If you try this method, I nor anybody else is responsible for any further damage done to your phone.
Models Confirmed : V300L
We currently have firehose for V30.
Therefore, we can program UFS flash memory in 9008 mode.
It requires rawprogram?.xml(s) and patch?.xml(s) to program it.
It's easy to generate rawprogram?.xml(s) from kdz file, but generate patch?.xml(s) is not easy. (Unfortunately, I couldn't have time to generate patch?.xml(s)).
I have edited kdztools to generate rawprogram?.xml(s) easily (You can generate it by using "-r" argument. Currently, generate patch?.xml(s) is not supported. I'll add it soon).
I used patch?.xml(s) in post. it works well, but boot loop in the LG Logo.
However, it was possible to enter download mode.
------------------- GUIDE -------------------1. Download rawprogram?.xml patch?.xml with images from link. (It uses V300L30h000906.kdz)
2. Download firehose (prog_ufs_firehose_8998_lgev30.elf) from link.
<< Linux >>
3. Build qdl or download pre-built binary
4. Extract zip or tar.gz files 1, 2, 3 in any folder.
5. Run
Code:
$ ./qdl --storage ufs prog_ufs_firehose_8998_lgev30.elf rawprogram0.xml patch0.xml rawprogram1.xml patch1.xml rawprogram2.xml patch2.xml rawprogram3.xml patch3.xml rawprogram4.xml patch4.xml rawprogram5.xml patch5.xml rawprogram6.xml patch6.xml
in the terminal.
6. If LG logo shows, enter to the download mode.
<< Windows >>
3-6. You can program by QFIL similar as qdl.
7. Connect to any Windows PC with LGUP (must support Android Pie).
8. Flash kdz with ChipErase. (IMPORTANT)
9. If it boots successfully, your device has unbricked.
Click to expand...
Click to collapse
thank you so much,but can't download zip from this website,if you can offer other download way,such as google,mega,onedrive,i will apreciate it so much,thanks for your work
Johoneycn said:
thank you so much,but can't download zip from this website,if you can offer other download way,such as google,mega,onedrive,i will apreciate it so much,thanks for your work
Click to expand...
Click to collapse
Sorry for the late reply
mega. nz/#!zCZBkC4D!Vxo9wrd1c9vsZgCfQIrLelcp3unTY7sJAqMXjANvzjQ is V30_UNBRICK.zip
and mega. nz/#!PLIBzQ6L!JKtfq_RH2iFgcQckkRi_LtZGt9u2zaO2YF6x8dtHL6A is a firehose.
It is a shame we resort to such lengths for this. Shame on vendors. It is like pure gold or diamonds when we come across a programmer...
Hi, @quickwshell, could you see this: Help! bootloop per 5 sec, cannot enter rec, download or fastboot. Does the problem I'm facing now is what your method targeting to?
@quickwshell
Thank you so much for sharing firehorse for v30 and this solution. I have LS998 bricked bootloop after interrupting upgrade as @zacox123. I tried your files posted but still phone cant get download mode. Now Im trying to create rawprogram.xml and patch.xml from specific firmware model ls998 but I want to know what partitions are necesary just for getting download mode and then try to upgrade for usb mode.
Could you please help me?
thanks in advance
Pulian said:
@quickwshell
Thank you so much for sharing firehorse for v30 and this solution. I have LS998 bricked bootloop after interrupting upgrade as @zacox123. I tried your files posted but still phone cant get download mode. Now Im trying to create rawprogram.xml and patch.xml from specific firmware model ls998 but I want to know what partitions are necesary just for getting download mode and then try to upgrade for usb mode.
Could you please help me?
thanks in advance
Click to expand...
Click to collapse
How did you do with your phone? Have you made your phone into 9008 mode? Did you use the correct tool?
I have not processed my problem yet. But I read some other posts introducing that, use qpst or miracle box or any similar tools with the edl file provided by @quickwshell to flash in twrp directly, instead of getting download mode back. Maybe you can have a trial.
I was converting my lg [email protected] for unlocking. I have tools for flashing and I did it before with others phones. Accidently flashing process was interrupted and phone got that condition, no download mode. Now I'm using testpoint connection and UMT (tool for repair Qualcomm Phones) for trying to recover download mode. I suppose you can use QFIL for programming after we have correct rawprogramer.xml and patch.xml. Let me finish my test and I'll post results.
Pd: bootloader is not unlocked and I don't know if I can write twrp and it'll work.
Could you share links referring this topic and phone? Thanks.
Well, it definitely worked :good:.
Partitions extracted from us998 firmware
. Now I'm flashing again.
Pd: sorry for inverted picture. I make it from cellphone without edition
Do we need any special process before the computer work, @quickwshell and @Pulian? Is any special cable or teardown work needed? I have never used 9008 before but see other brands like xiaomi cannot simply enter 9008 mode directly.
---------- Post added at 04:27 PM ---------- Previous post was at 04:08 PM ----------
Pulian said:
Well, it definitely worked :good:.
Partitions extracted from us998 firmware
. Now I'm flashing again.
Pd: sorry for inverted picture. I make it from cellphone without edition
Click to expand...
Click to collapse
I see octoplus in your pic. Could you please share your tools and detailed steps? I have never tried 9008, so I hope some extra hand-by-hand instructions. Thanks.
The post I read is from an Android community app, and I'm afraid I cannot provide a link to it. And the author of that post said he had not tested yet, just some common sense and rough idea. I'd hear more from you, afterwards you have succeeded.
Thanks again @quickwshell. Firehorse file is the most important think for starting.
1. I extracted files partitions from firmware KDZ using this software https://forum.xda-developers.com/showthread.php?t=2600575
2.. I used testpoint for getting EDL (QUALCOM 9008) connection. https://forum.xda-developers.com/showpost.php?p=78573920&postcount=2
3. I tried firmware posted here without success (Maybe it works on others). So I wrote critical partitions extracted from my specific firmware (US998) using UMT box and I didnt need to create .xml files because this tool can read and detect internal partitions.
4. I got download mode and just write firmware by USB using octoplusbox. Phone Alive!!
I think every step here can be replaced using diferent software. good luck!
nate0 said:
It is a shame we resort to such lengths for this. Shame on vendors. It is like pure gold or diamonds when we come across a programmer...
Click to expand...
Click to collapse
yes,i think so too, lg is too bad on the software
Pulian said:
Thanks again @quickwshell. Firehorse file is the most important think for starting.
1. I extracted files partitions from firmware KDZ using this software https://forum.xda-developers.com/showthread.php?t=2600575
2.. I used testpoint for getting EDL (QUALCOM 9008) connection. https://forum.xda-developers.com/showpost.php?p=78573920&postcount=2
3. I tried firmware posted here without success (Maybe it works on others). So I wrote critical partitions extracted from my specific firmware (US998) using UMT box and I didnt need to create .xml files because this tool can read and detect internal partitions.
4. I got download mode and just write firmware by USB using octoplusbox. Phone Alive!!
I think every step here can be replaced using diferent software. good luck!
Click to expand...
Click to collapse
After getting download mode back, do we need chiperase like @quickwshell mentioned? I don't know if octoplusbox did it before writing firmware and I suppose most people would still use LGUP for firmware writing. Did you lose s/n, imei, etc. after phone booting? If not, I guess partition dl should be OK.
I didnt touch imei and security partitions. My phone worked after flashing without problems.
Pulian said:
Thanks again @quickwshell. Firehorse file is the most important think for starting.
1. I extracted files partitions from firmware KDZ using this software https://forum.xda-developers.com/showthread.php?t=2600575
2.. I used testpoint for getting EDL (QUALCOM 9008) connection. https://forum.xda-developers.com/showpost.php?p=78573920&postcount=2
3. I tried firmware posted here without success (Maybe it works on others). So I wrote critical partitions extracted from my specific firmware (US998) using UMT box and I didnt need to create .xml files because this tool can read and detect internal partitions.
4. I got download mode and just write firmware by USB using octoplusbox. Phone Alive!!
I think every step here can be replaced using diferent software. good luck!
Click to expand...
Click to collapse
I searched a lot for UMT Box and it seems like one has to collect it with the dongle or else it's not gonna work. Getting frustrated here Are there any way other than umt? Can you or anyone suggest?
moyedchowdhury said:
I searched a lot for UMT Box and it seems like one has to collect it with the dongle or else it's not gonna work. Getting frustrated here Are there any way other than umt? Can you or anyone suggest?
Click to expand...
Click to collapse
use cracked miracle box
seloka180 said:
use cracked miracle box
Click to expand...
Click to collapse
THANKS FOR COMING BACK. Mine is a LS998 converted into US998.
I'm So disappointed right now. Past few days have been unbearable. Even my Blood pressure is getting high
I'll describe what happened so that the situation is understood and you could suggest accordingly.
*I unlocked bootloader by wtf method.
*Tried several roms.
*Decided to stay on LOS 17.1 Q [Nearly got f*****g everything]
*Flushed a module via magisk which offered pixel boot animation(actually was searching for smartpixel to turn off 50% pixels)
*Rebooted and the device stuck into bootloop
*Rebooted into fastboot mode and reinstalled twrp and reboot- No luck
*Used a guide to wipe different partitions via fastboot and then reinstall twrp. Success but still boot stuck.
*Tried to go into download mode by pressing volume up while connecting USB, went into the mode but "waiting for any connection..." showed and was not detected by device mgr.
*Thought relocking the bootloader might get me into download mode.(That's when I burnt my luck I guess...)
*Did lock the bootloader.
*Aaaand still not detected in device manager.
*Moreover, now showing that Your device has failed a routine security check and will not boot!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
*Opened the back and test pointed motherboard, detected in 9008 mode
*Tried QFIL with V30_Unbrick.zip, sahara error.
*Tried a bunch of other tools most of them were so old that they didn't even have the firehose for this model.
Please someone help.
seloka180 said:
use cracked miracle box
Click to expand...
Click to collapse
Can't thank you enough mate! Used it and miracle did happen. I even tried to use it before but after you said it, I tried hard this time. Searched here and there, then took some risk and started to do things like this way -
I had V30_UNBRICK.zip unzipped in a folder with firehose and xml files.
*Disable defender or any other antivirus. (Normally not recommended, but it's the first thing I do when doing these things, also I have an extra laptop where I do all these which doesn't have any private or necessary files, never had any problem though).
*Also, disable driver signature enforcement on Windows(https://windowsreport.com/driver-signature-enforcement-windows-10/)
1. I searched and found Miracle box Thunder v2.93 with loader (No box needed)
2. Select Qualcomm, then flashing and Write Flash.
3. Untick the auto button beside firehose.
4. Under "write flash"
see this image
i. Select firehose, this doesn't recognize the .elf file so renamed it to .mbn (finger was crossed) and it worked!
ii. There are six rawprogram?.xml and patch?.xml (Here, ? = 1, 2, 3....6), I only used rawprogram0.xml and
iii. patch0.xml
5. Got everything ready and then detached the phone from cable.
6. Pressed the start button right after entering into Testpoint EDL Mode. The process starts and failed after a while due to missing files. Then I matched which files were present corresponding to the lines in the xml file, after that deleted all the extra lines(i. e. file was not present in the V30_UNBRICK.zip) from rawprogram0.xml and saved the file (patch0.xml was untouched). I used Notepad++ for editing.
7. Again detached the phone, detached battery, reattached battery, pressed the start button right after I shorted the edl test points, even before the device was detected in the device manager, no delay.
8. The process was completed, files flashed. These files were flashed so that we can now flash proper kdz with download mode. Do not turn on the phone. Or else you'll get into bootloop.
9. Detached the battery, shorted power button for a while(skip if you don't understand), reattached the battery.
10. Pressed volume up and inserted USB cable. Not detected first time. Detached and reattached with pressing volume up button hard this time.
11. witnessed one of the happiest moment seeing it was detected as an LG device in device manager. Wasn't 100% sure yet.
12. Flashed chiperase(important) with patched LGUP in dev mode. And it was done.
13. I will upload the XML file, you can use it with the existing files inside V30_UNBRICK.zip.
the xml file here
Before doing all that I spent five horrific days searching for a solution and almost ordered a motherboard from Aliexpress with a price tag of $100. I tried to be as elaborative as possible so that whoever next encounter the issue don't have to go through what I experienced past few days. If you're reading this and having a problem understanding anything, read again, repeat 10 times, then repeat more 10 times(worked for me), still no solution? knock me here (also: [email protected]). I could help you(with v 30, g6) remotely if I have time, no charges, donate if you will and if you don't I'll still be happy to help. Keep flashing, peace.
---------- Post added at 05:36 AM ---------- Previous post was at 04:57 AM ----------
quickwshell said:
If you try this method, I nor anybody else is responsible for any further damage done to your phone.
Models Confirmed : V300L
We currently have firehose for V30.
Therefore, we can program UFS flash memory in 9008 mode.
It requires rawprogram?.xml(s) and patch?.xml(s) to program it.
It's easy to generate rawprogram?.xml(s) from kdz file, but generate patch?.xml(s) is not easy. (Unfortunately, I couldn't have time to generate patch?.xml(s)).
I have edited kdztools to generate rawprogram?.xml(s) easily (You can generate it by using "-r" argument. Currently, generate patch?.xml(s) is not supported. I'll add it soon).
I used patch?.xml(s) in post. it works well, but boot loop in the LG Logo.
However, it was possible to enter download mode.
------------------- GUIDE -------------------1. Download rawprogram?.xml patch?.xml with images from link. (It uses V300L30h000906.kdz)
2. Download firehose (prog_ufs_firehose_8998_lgev30.elf) from link.
<< Linux >>
3. Build qdl or download pre-built binary
4. Extract zip or tar.gz files 1, 2, 3 in any folder.
5. Run
Code:
$ ./qdl --storage ufs prog_ufs_firehose_8998_lgev30.elf rawprogram0.xml patch0.xml rawprogram1.xml patch1.xml rawprogram2.xml patch2.xml rawprogram3.xml patch3.xml rawprogram4.xml patch4.xml rawprogram5.xml patch5.xml rawprogram6.xml patch6.xml
in the terminal.
6. If LG logo shows, enter to the download mode.
<< Windows >>
3-6. You can program by QFIL similar as qdl.
7. Connect to any Windows PC with LGUP (must support Android Pie).
8. Flash kdz with ChipErase. (IMPORTANT)
9. If it boots successfully, your device has unbricked.
Click to expand...
Click to collapse
Thank you, Your post helped me to understand a lot of things. Without whome I'd be having an expensive brick which can't even be used to build anything.
This is the way I recovered. So posting it here for people might get help.
seloka180 said:
use cracked miracle box
Click to expand...
Click to collapse
Can't thank you enough mate! Used it and miracle did happen. I even tried to use it before but after you said it, I tried hard this time. Searched here and there, then took some risk and started to do things like this way -
I had V30_UNBRICK.zip unzipped in a folder with firehose and xml files.
*Disable defender or any other antivirus. (Normally not recommended, but it's the first thing I do when doing these things, also I have an extra laptop where I do all these which doesn't have any private or necessary files, but never had any problems).
*Also, disable driver signature enforcement on Windows(https://windowsreport.com/driver-sig...nt-windows-10/)
1. I searched and found Miracle box Thunder v2.93 with loader (No box needed)
2. Select Qualcomm, then flashing and Write Flash.
3. Untick the auto button beside firehose.
4. Under "write flash"
see this image
i. Select firehose, this doesn't recognize the .elf file so renamed it to .mbn (finger was crossed) and it worked!
ii. There are six rawprogram?.xml and patch?.xml (Here, ? = 1, 2, 3....6), I only used rawprogram0.xml and
iii. patch0.xml
5. Got everything ready and then detached the phone from cable.
6. Pressed the start button right after entering into Testpoint EDL Mode. The process starts and failed after a while due to missing files. Then I matched which files were present corresponding to the lines in the xml file, after that deleted all the extra lines(i. e. file was not present in the V30_UNBRICK.zip) from rawprogram0.xml and saved the file (patch0.xml was untouched). I used Notepad++ for editing.
7. Again detached the phone, detached battery, reattached battery, pressed the start button right after I shorted the edl test points, even before the device was detected in the device manager, no delay.
8. The process was completed, files flashed. These files were flashed so that we can now flash proper kdz with download mode.
9. Detached the battery, shorted power button for a while(skip if you don't understand), reattached the battery.
10. Pressed volume up and inserted USB cable. Not detected first time. Detached and reattached with pressing volume button hard this time.
11. witnessed one of the happiest moment seeing it was detected as an LG device in device manager. Wasn't 100% sure yet.
12. Flashed chiperase(important) with patched LGUP in dev mode. And it was done.
13. I will upload the XML file, you can use it with the existing files inside V30_UNBRICK.zip.
the xml file here
Before doing all that I spent five horrific days searching for a solution and almost ordered a motherboard from Aliexpress with a price tag of $100. I tried to be as elaborative as possible so that whoever next encounter the issue don't have to go through what I experienced past few days. If you're reading this and having a problem understanding anything, read again, repeat 10 times, then repeat more 10 times(worked for me). Keep flashing, peace.
First of all I want to thank @zogu without him, this guide would not be possible, This guide is for phones with Hard Brick, where the bootloader is destroyed and there are no tools that recognize the phone as odin
When you connect phones without a bootloader, Windows detects them as exynos9820 in device manager.
All of this is accomplished by trial / error method
I repaired my g975f and I have U3 and U8 files only for this model, but I will try to explain how to prepare files for any other model.
We have to use the same bootloader version that was previously on the phone, or if you're not sure, use the latest sboot.bin.
Plug in the phone and press and hold the power button.
Windows will detect the exynos9820 device, install the driver:
click manually,
com and lpt ports,
select the Driver Exynos USB Mode folder
Now we have to copy
WinDNWApi.dll
in:
C: \ Program Files \ Samsung \ Exynos USB Driver \ Drivers
There probably isn't this folder, just create it and copy the files.
Now we have to create the boot files.
Using lz4 1.9.2 we can unzip the sboot.bin.lz4 to sboot.bin and then be able to edit it, everything is explained in a guide inside the file
Download the last sboot.bin that was on your device
Now you have to extract the partitions from this file
In some hex editor, create 4 files and extract from sboot.bin
0x3000 is BL1 name> bl1
0x3000 ... 0x17000 is epbl
0x17000 ... 0x68000 is BL2
0x7e000 ... 0x7eb000 + 0x190000 = 0x1fe000 sboot
Dram_training do not need to be cut, it is not used in flashing
0x244000 ... 0x1BD000 is el3mon dram
Launch multiuploader.exe
Plug in the phone and press and hold the power button.
Search and find script.cfg
click start and the phone will go into odin mode.
Start odin and flash the firmware (in case of having split the stock rom sboot) or Combination (in case of having split the combination sboot)
the z-zip tool must be downloaded
Binary editor - Multidownload flash tool with files for sm-g975f u8 x32, x64,
https://drive.google.com/file/d/1GzgqNCCEE0e43CniitzuAxKcDax5QLaT/view?usp=sharing
link is restricted
Bro. Share file pls on your googledrive. We cantdownload it
Flar4eg said:
Bro. Share file pls on your googledrive. We cantdownload it
Click to expand...
Click to collapse
Excuse me, is that I uploaded the files to my google drive cloud and I detect a dll, or part of the flashtool as a virus, now I upload it again and put the link
https://mega.nz/file/eWRkiCwI#XP0yMOiBsfkUKIoxhKaZkLIgdhkwnEtiyVHqixMu8NI
multiuploader error: WinDNWApi.dll file could not be found.
Skyfall191299 said:
In some hex editor, create 4 files and extract from sboot.bin
0x3000 is BL1 name> bl1
0x3000 ... 0x17000 is epbl
0x17000 ... 0x68000 is BL2
0x7e000 ... 0x7eb000 + 0x190000 = 0x1fe000 sboot
Dram_training do not need to be cut, it is not used in flashing
0x244000 ... 0x1BD000 is el3mon dram
Click to expand...
Click to collapse
can anybody please explain how to make these files I have my Sboot.bin which was in the phone, I don't understand how to use hex editor. can some plz assist me, working on a750g. broke bootloader by flashing wrong firmware a750f after MDM bypass. software ver U1ARL3 for sboot
here is my sboot, can someone please create or show me how to create with hex https://drive.google.com/file/d/1CcEqe4MH__APK7H42aP3H2KGdqkAi-xx/view?usp=sharing
Skyfall191299 said:
https://mega.nz/file/eWRkiCwI#XP0yMOiBsfkUKIoxhKaZkLIgdhkwnEtiyVHqixMu8NI
Click to expand...
Click to collapse
getting error that el3mon_dram not found. can you help me?
Hello someone has the files ? The download link is inactive
The download link is inactive, please active or reupload please.
Skyfall191299 said:
First of all I want to thank @zogu without him, this guide would not be possible, This guide is for phones with Hard Brick, where the bootloader is destroyed and there are no tools that recognize the phone as odin
When you connect phones without a bootloader, Windows detects them as exynos9820 in device manager.
All of this is accomplished by trial / error method
I repaired my g975f and I have U3 and U8 files only for this model, but I will try to explain how to prepare files for any other model.
We have to use the same bootloader version that was previously on the phone, or if you're not sure, use the latest sboot.bin.
Plug in the phone and press and hold the power button.
Windows will detect the exynos9820 device, install the driver:
click manually,
com and lpt ports,
select the Driver Exynos USB Mode folder
Now we have to copy
WinDNWApi.dll
in:
C: \ Program Files \ Samsung \ Exynos USB Driver \ Drivers
There probably isn't this folder, just create it and copy the files.
Now we have to create the boot files.
Using lz4 1.9.2 we can unzip the sboot.bin.lz4 to sboot.bin and then be able to edit it, everything is explained in a guide inside the file
Download the last sboot.bin that was on your device
Now you have to extract the partitions from this file
In some hex editor, create 4 files and extract from sboot.bin
0x3000 is BL1 name> bl1
0x3000 ... 0x17000 is epbl
0x17000 ... 0x68000 is BL2
0x7e000 ... 0x7eb000 + 0x190000 = 0x1fe000 sboot
Dram_training do not need to be cut, it is not used in flashing
0x244000 ... 0x1BD000 is el3mon dram
Launch multiuploader.exe
Plug in the phone and press and hold the power button.
Search and find script.cfg
click start and the phone will go into odin mode.
Start odin and flash the firmware (in case of having split the stock rom sboot) or Combination (in case of having split the combination sboot)
the z-zip tool must be downloaded
Binary editor - Multidownload flash tool with files for sm-g975f u8 x32, x64,
https://drive.google.com/file/d/1GzgqNCCEE0e43CniitzuAxKcDax5QLaT/view?usp=sharing
Click to expand...
Click to collapse
good jod
im follwed to this instruction but all links not woriking
pla give me ur telegram or whtas app
and upload files to the new link plz
eldon301 said:
can anybody please explain how to make these files I have my Sboot.bin which was in the phone, I don't understand how to use hex editor. can some plz assist me, working on a750g. broke bootloader by flashing wrong firmware a750f after MDM bypass. software ver U1ARL3 for sboot
here is my sboot, can someone please create or show me how to create with hex https://drive.google.com/file/d/1CcEqe4MH__APK7H42aP3H2KGdqkAi-xx/view?usp=sharing
Click to expand...
Click to collapse
how to create with hex bro ?
links not woriking
link isn't working please fix
akbarshoxdedamirzayev said:
how to create with hex bro ?
Click to expand...
Click to collapse
Find the exact firmware that’s currently in the device, extract sboot from the firmware. You need to find correct location of bl1 bl2 el3 and others, names correspond to which is cut. You need 5 files from sboot. Am stuck on the forth file failing and I still don’t understand how to find them. What I did was follow others with exactly the same problem to see and understand how they got there’s and then tried it on my sboot. I am failing on part4 don’t even know how to make a cfg but from what I understand e for exynos and the number after so mine is e7885. Still not sure like I said
http://www.mediafire.com/file/sg5m2ti3k6a63z5/USB_Down_Load_32bit.zip/file download link
Skyfall191299 said:
First of all I want to thank @zogu without him, this guide would not be possible, This guide is for phones with Hard Brick, where the bootloader is destroyed and there are no tools that recognize the phone as odin
When you connect phones without a bootloader, Windows detects them as exynos9820 in device manager.
All of this is accomplished by trial / error method
I repaired my g975f and I have U3 and U8 files only for this model, but I will try to explain how to prepare files for any other model.
We have to use the same bootloader version that was previously on the phone, or if you're not sure, use the latest sboot.bin.
Plug in the phone and press and hold the power button.
Windows will detect the exynos9820 device, install the driver:
click manually,
com and lpt ports,
select the Driver Exynos USB Mode folder
Now we have to copy
WinDNWApi.dll
in:
C: \ Program Files \ Samsung \ Exynos USB Driver \ Drivers
There probably isn't this folder, just create it and copy the files.
Now we have to create the boot files.
Using lz4 1.9.2 we can unzip the sboot.bin.lz4 to sboot.bin and then be able to edit it, everything is explained in a guide inside the file
Download the last sboot.bin that was on your device
Now you have to extract the partitions from this file
In some hex editor, create 4 files and extract from sboot.bin
0x3000 is BL1 name> bl1
0x3000 ... 0x17000 is epbl
0x17000 ... 0x68000 is BL2
0x7e000 ... 0x7eb000 + 0x190000 = 0x1fe000 sboot
Dram_training do not need to be cut, it is not used in flashing
0x244000 ... 0x1BD000 is el3mon dram
Launch multiuploader.exe
Plug in the phone and press and hold the power button.
Search and find script.cfg
click start and the phone will go into odin mode.
Start odin and flash the firmware (in case of having split the stock rom sboot) or Combination (in case of having split the combination sboot)
the z-zip tool must be downloaded
Binary editor - Multidownload flash tool with files for sm-g975f u8 x32, x64,
https://drive.google.com/file/d/1GzgqNCCEE0e43CniitzuAxKcDax5QLaT/view?usp=sharing
Click to expand...
Click to collapse
Can you check the addresses and lenghts of the partitions cut out of sboot?
I think you've made a mistake.
Can give me the precise partition details?
Are you 100% positive that this is valid at least for most devices of the same chipset?
I'd like to try to make an automated script or a tool of some sort.
Also when I was dividing my A515F U5 sboot I've spotted some long breaks in data which I assumed were empty blocks at the end of partitions.
What confused me about it is that I didn't find those where you said partitions are ending.
Can you demonstrate graphically your partitions in a linear projection?
It’s been 3 years and still can’t get help with A750G hard brick. I guess XDA is not so friendly and helpful anymore.
The world is slowly dying. Peace to everyone who still cares
eldon301 said:
It’s been 3 years and still can’t get help with A750G hard brick. I guess XDA is not so friendly and helpful anymore.
The world is slowly dying. Peace to everyone who still cares
Click to expand...
Click to collapse
I'd like to help
NonStickAtom785 said:
I'd like to help
Click to expand...
Click to collapse
Hello my friend I am try to get life back into a A750G, it’s completely hard bricked showing exynos usb in device manager. Can i direct message you or should I keep it in the forums. I was falling on part 4 off the files needed to create, I didn’t even know if my cfg file was correct but I tried my best at understanding the creation of the files. Plz help my brothers
I hard bricked an LG G7 ThinQ G710EAW by flashing the wrong firmware (T-Mobile) onto it via LGUP. It now goes into EDL mode after shorting test points, but I'm unable to revive it by following this unbrick thread. Loading up the partition images via Partition Manager in QFIL "succeeds", but it doesn't revive my phone. Doesn't get me to fastboot. Still nothing on screen.
I also tried the rawprogram*.xml option using the XMLs in that thread, but QFIL keeps erroring out that the partition sizes defined in the XML are different from what it sees on the device.
The OP for the thread seems to not be active any longer.
Can someone here please help me understand how to recover my phone?
Anyone? Happy to donate for help as well.
Bumping up this thread.
If I had another EAW motherboard, would it help unbrick my motherboard? Wondering how I can fix my phone
So, I was able to finally figure this all out, recover my LG G710EAW and bring it back to life! It was a mix of information from many threads. No boxes, and no payment to anyone. All free.
The OP of this thread is active but has completely stopped responding to his thread and to his DMs - he's likely uninterested in a 4-5 year old phone at this point. In his first post he mentioned creating rawprogram* XMLs by hand, and it taking hour+ to do so. However, I'm unsure why it took him that long and in the end the files don't even work for QFIL since the sector size in the XMLs (512B) is different from device sector size (4096B). Nevertheless, I was able to flash these via command line 'edl' which ignored the sector size, but it didn't recover the device.
Generating rawprogram XMLs is easy if you can figure out how to run this Python program mentioned in this thread. However, the files attached there no longer work in 2022, the links are dead, and Python 2.7 is a dinosaur. Someone in that thread mentioned a different, fixed, repo but it didn't work with Python 2.7 for the 'undz' part. After a lot of head banging, I tried Python3 and 'undz' worked.
Here are the steps:
- Download the firmware for your model in KDZ format
- Install QPST
- Install Python3.x
- Run: pip3 install setuptools zstandard
- Download ZIP for kdztools from the repo: https://github.com/ErickG233/kdztools (or the attachment)
- Unzip kdztools and CD into that directory kdztools-master. This version is bug-fixed and also generates rawprogram files for us.
- Copy the firmware KDZ into kdztools-master directory
- Run: python3 unkdz.py -f G710EAW30e_00_0916.kdz -x. This creates a DZ file in a new `kdzextracted` folder
- Move the extracted DZ file from the kdzextracted folder back one level up, into kdztools-master dir
- Run: python3 undz.py -f G71030q_00_user-signed-ARB0_OPEN_ESA_DS_OP_0916.dz -c
- This creates a dzextracted folder here with all the files needed to recover your phone. Now all we need are the rawprogram XMLs.
- Run: python3 undz.py -f G71030q_00_user-signed-ARB0_OPEN_ESA_DS_OP_0916.dz -r. This will create all the rawprogram XMLs you need to flash. No patch files are created, but that is OK.
- In my case, QFIL complained it couldn't find file "PrimaryGPT_0.bin", so I copied file gpt_main0.bin_0 and renamed the copy gpt_main0.bin_0_copy > PrimaryGPT_0.bin
- Load your phone into EDL mode. If you want to use test points, see the image in this thread.
- Load QFIL. Use the ELF programmer file from any of the threads linked thus far. Select flat build. Load all rawprogram XMLs generated previously. Hit cancel when it asks for patch file XMLs.
- Hit Download.
This will recover your phone so it's able to boot and all. However, in my case, the phone had lost serial number and IMEI numbers (dual SIM) as well.
- To restore your IMEI numbers, you will need your QCN file or a backup of your FSG (fsg.img) partition from before bricking. In my case, I had flashed, via LGUP, T-Mobile firmware on my Indian phone. I then dumped all the partitions using command line EDL. I have not used QCN method since it seems to require a lot of steps to put the phone into diagnostics mode. I had a backup of the FSG partition, so I used that instead.
- If you have a backup of your FSG partition, load QFIL > Partition Manager. Erase modemst1 modemst2 and fsg partitions. Then, load the backup FSG.img file onto FSG partition. Restart phone.
- Now, if you have the serial number from your bill or box, see this thread to restore it. Pay extra attention to the Firehose configuration section, or else, it may create some issues. It's best to restore S/N after restoring IMEI in my experience, but this could just be some randomness or bad Firehose config during S/N restore.
This happiness was short-lived. When I was flashing all these KDZ via QFIL and LGUP trying to get my IMEIs back, I once saw "This phone is permanently locked and cannot be unlocked". That seems to have taken out my second SIM slot.
Now, after a fresh QFIL flash (with erase before download), my first SIM slot is also dead.
Neither of the SIM slots work now.
This has been so frustrating!
urover said:
This happiness was short-lived. When I was flashing all these KDZ via QFIL and LGUP trying to get my IMEIs back, I once saw "This phone is permanently locked and cannot be unlocked". That seems to have taken out my second SIM slot.
Now, after a fresh QFIL flash (with erase before download), my first SIM slot is also dead.
Neither of the SIM slots work now.
This has been so frustrating!
Click to expand...
Click to collapse
Any luck in recovering the phone ??