Develop Bugs

[6039] - ***GUIDE*** - How to return the fastboot commands on already upgraded device

Your warranty is void. I'm not responsible if your device is hard bricked by using the procedure below. The method described below has been tested on 6039Y, 6039S, 6039H (with the archives for 6039Y) and 6039K (with the 6039S archive) and is confirmed that it works.
What to expect on successful completion:
- you will have access to the fastboot commands (removed by the latest upgrade).
- you should be able to check for OTA updates and to download them, but you will not be able to install them.
What's needed:
-------------------
1. I hate when I must say this ... but ... a Windows PC.
2. QPST version 2.7.422 (you can find it on the net as 2.7 build 422). This is a link to one such version (found through Google). If there are problems with this link please let me know. I will try to find another one (you can do it yourself too).
3. Drivers in order the device to be recognized when is in Download mode. Install Mobile Upgrade Q 4.8.7 the necessary drivers are installed with it. It can be downloaded from here.
4. The files from the archives below. Please use the archive which is especially for your device ... in theory if you use the archive for different device (e.g. the archive for 6039S on 6039Y (with the standard partitions)) you should have a repartitioned device at the end, and only the resize2fs command should be enough to start to utilize the whole memory chip ... but you will loose the possibility to sweat a little bit when do the repartitioning by following the guide for it .
- 6039Y (8GB stock partition sizes) (md5sum: 860789bedb63da5c5976c24825c29d47)
- 6039Y (repartitioned by following the repartitioning guide) (md5sum: c2f8ff3cfc683e46fbf5d797103de71b)
- 6039S (md5sum: dfd04067230b5709729c70cac61ffd52)
How to proceed:
--------------------
1. Install all the necessary software.
2. Unpack the downloaded archive for your device.
3. Power off the device. Connect it with the USB cable to the PC. Wait the battery symbol to disappear and hold both volume keys and the power button. You should see a red screen with a warning sign and a scheme. Then hold the volume up button. The display will stay lit but nothing will be shown on it from now on until the end of the procedure.
4. When the device is in Download mode under the windows device manager -> Ports (COM & LPT) you should see Android HS-USB QDLoader 9008 (COMXX)
5. Open the windows explorer and find the installation folder of QPST (mine is under Program Files (x86)\Qualcomm\QPST). From the bin sub-directory start QFIL as administrator.
6. In QFIL the COM port number as seen under the windows device manager should be selected automatically.
7. The rest must be done from QFIL:
- Programmer path: _____ - Click on the Browse button against it and from the extracted archive select prog_emmc_firehose_8916.mbn
- Search Path: _____ - if the path is not selected automatically after the programmer selection click on the Browse button against it and select the folder where the archive has been extracted.
- Load XML - click on it and first select rawprogram0.xml from the archive, then the patch0.xml file.
- Click on the Download button. The process should finish quickly (few seconds ... up to a minute). If everything is OK the phone will be restarted automatically and the fastboot commands will be available again.
(If you feel unsure to proceed or not but your device is already in download mode ... disconnect the USB cable and hold both volume keys and the power button to restart it).
Screenshots from QFIL is possible to be provided later ...

Reserved....

Alright I guess I'll be the guinea pig here.... Few questions beforehand:
I currently have the 6039Y version without having repartitioned... Using the repartitionned one would directly give me a repartitionned memory? Did I understand that correctly?
Did I dream about you saying that you might have a way to fix hard bricks? Because I might very well brick mine with my usual luck
About the updates... If there were any later OTA updates (I know it's unlikely) would there be a way to apply them still?

Rorshan said:
Alright I guess I'll be the guinea pig here.... Few questions beforehand:
I currently have the 6039Y version without having repartitioned... Using the repartitionned one would directly give me a repartitionned memory? Did I understand that correctly?
Did I dream about you saying that you might have a way to fix hard bricks? Because I might very well brick mine with my usual luck
Click to expand...
Click to collapse
In theory yes, but is untested. Yes, hard bricks should be fixable with these tools and with slightly different files. But as this requires a full copy of the memory chip and for the moment I have such copy only from my device, I can recover only my device (or others which will become the same as mine ... this means radio, languages, apps etc. ).
About the updates... If there were any later OTA updates (I know it's unlikely) would there be a way to apply them still?
Click to expand...
Click to collapse
Yes, but modified
Edit: What do I do here? I guess a missing font file shouldn't bother me, but still I'd like some advice here
Click to expand...
Click to collapse
No idea ... try with ignore. I didn't have have any problems with mobile upgrade q.

petrov.0 said:
In theory yes, but is untested. Yes, hard bricks should be fixable with these tools and with slightly different files. But as this requires a full copy of the memory chip and for the moment I have such copy only from my device, I can recover only my device (or others which will become the same as mine ... this means radio, languages, apps etc. ).
Yes, but modified
No idea ... try with ignore. I didn't have have any problems with mobile upgrade q.
Click to expand...
Click to collapse
Untested doesn't sound nice... I guess I'll go with the normal way and worry about the repartition afterwards.
I cancelled the install and reinstalled with no issue
I guess this is it. Either way I'll come here to cry, be it from joy or sadness/anger
---------- Post added at 07:46 PM ---------- Previous post was at 07:26 PM ----------
Well I'm done and my phone resetted just fine... I freaked for a minute when it took a bit longer than usual for my phone to pick up signal.
And......
fastboot -i 0x1bbb devices
48fee072 fastboot
Click to expand...
Click to collapse
I haven't tried TWRP yet since I don't really know what version I should be using... Any idea @petrov.0 ?

Rorshan said:
Untested doesn't sound nice... I guess I'll go with the normal way and worry about the repartition afterwards.
I cancelled the install and reinstalled with no issue
I guess this is it. Either way I'll come here to cry, be it from joy or sadness/anger
---------- Post added at 07:46 PM ---------- Previous post was at 07:26 PM ----------
Well I'm done and my phone resetted just fine... I freaked for a minute when it took a bit longer than usual for my phone to pick up signal.
And......
I haven't tried TWRP yet since I don't really know what version I should be using... Any idea @petrov.0 ?
Click to expand...
Click to collapse
For normal use (flashing) the latest from 12.09.2015. For the repartitioning boot with the one from the repartitioning thread.

Thanks! I will try it now!
EDIT:
It all works

petrov.0 said:
For normal use (flashing) the latest from 12.09.2015. For the repartitioning boot with the one from the repartitioning thread.
Click to expand...
Click to collapse
Alright TWRP seems to work fine, I'm doing backups at the moment. Thank you so much! You're such a lifesaver. Quick last question... I think I'm going to root and repartition. Does it matter at all which I do first?

Rorshan said:
Alright TWRP seems to work fine, I'm doing backups at the moment. Thank you so much! You're such a lifesaver. Quick last question... I think I'm going to root and repartition. Does it matter at all which I do first?
Click to expand...
Click to collapse
This question is for the other thread ... but no, it doesn't matter.

Do you feel its safe to test this on 6039s?

xStealth said:
Do you feel its safe to test this on 6039s?
Click to expand...
Click to collapse
Well good question. The files for the S have been generated only on the base of the partition numbers (not their names) and their sizes ... they look the same as those on the Y but ... I think it's safe.

xStealth said:
Do you feel its safe to test this on 6039s?
Click to expand...
Click to collapse
Can further confirm that this worked on my 6039S. No bricking, and fastboot works as promised!
A BIG thanks petrov.0!

Bradlee22 said:
Can further confirm that this worked on my 6039S. No bricking, and fastboot works as promised!
A BIG thanks petrov.0!
Click to expand...
Click to collapse
He already did this. Read the first line from the first post.

petrov.0 said:
He already did this. Read the first line from the first post.
Click to expand...
Click to collapse
Oh, right on. I wasn't sure who had confirmed it at that point. Thanks again for all your work on this!

Update
The link and the md5sum in the first post for the repartitioned 6039Y have been updated as one of the files was missing from the archive. Thanks @kkkk2222 for finding the error.

Worked a treat, fantastic work folks.
http://www.modaco.com/news/android/you-can-turn-your-8gb-idol-3-47-into-a-16gb-really-r1521/
Used Parallels on a Mac, no problem!
P

@petrov.0
For those who end up stuck in bootloops(on both 6039's and 6045's) with factory recovery is there a way this method could be used to either 1) flash twrp to the device or 2) force the device into bootloader?
If a user can get to bootloader (and has fastboot) then they could attempt to fix their own issue.

famewolf said:
@petrov.0
For those who end up stuck in bootloops(on both 6039's and 6045's) with factory recovery is there a way this method could be used to either 1) flash twrp to the device or 2) force the device into bootloader?
If a user can get to bootloader (and has fastboot) then they could attempt to fix their own issue.
Click to expand...
Click to collapse
1. Yes, it should be possible by using the same tools with different files. But if they flash their system image backup this will lead to a big mess ... they will have a partially upgraded device. Probably if they use the fix permissions option or force the reinstall of SuperSU from the recovery this will be the end of the bootloops (these are unconfirmed speculations though). I need the gpt table from the device (6045) to generate the necessary files.
Code:
dd if=/dev/mmcblk0 of=<path to the sd_card>/gpt.bin bs=512 count=34
2. No.

petrov.0, first of all - thx for your great work. I have a theoretical question about QFIL and partition flashing. Is it necessary to flash all of this partitions in rawprogram0.xml:
sbl1.mbn
rpm.mbn
tz.mbn
hyp.mbn
aboot.mbn
gpt_main0.bin
gpt_backup0.bin
For working fastboot we need only aboot (emmc_appsboot) from previous firmware version (or i'm wrong?), if we short rawprogram0.xml only for aboot and gpt, like this:
Code:
<?xml version="1.0" ?>
<data>
<!--NOTE: This is an ** Autogenerated file **-->
<!--NOTE: Sector size is 512bytes-->
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="aboot.mbn" label="aboot" num_partition_sectors="2048" physical_partition_number="0" size_in_KB="1024.0" sparse="false" start_byte_hex="0xc18c000" start_sector="396384"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="aboot.mbn" label="abootbak" num_partition_sectors="2048" physical_partition_number="0" size_in_KB="1024.0" sparse="false" start_byte_hex="0xc28c000" start_sector="398432"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="gpt_main0.bin" label="PrimaryGPT" num_partition_sectors="34" physical_partition_number="0" size_in_KB="17.0" sparse="false" start_byte_hex="0x0" start_sector="0"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="gpt_backup0.bin" label="BackupGPT" num_partition_sectors="33" physical_partition_number="0" size_in_KB="16.5" sparse="false" start_byte_hex="(512*NUM_DISK_SECTORS)-16896." start_sector="NUM_DISK_SECTORS-33."/>
</data>
Phone doesn't brick after flashing?
p.s. And another one question. Do you know where the testpoint on 6039Y located? After several my experiments (not with your files, i was bricked it by myself i have bricked phone. There is no download mode (9008 com port not appears in my case), only turned on LED on front panel. Any actions with holding both volume buttons and power button doesn't get success, i think in this case testpoint will help. But i don't know where is it. If somebody need - i can attach photo of PCB.

petrov.0 said:
1. Yes, it should be possible by using the same tools with different files. But if they flash their system image backup this will lead to a big mess ... they will have a partially upgraded device. Probably if they use the fix permissions option or force the reinstall of SuperSU from the recovery this will be the end of the bootloops (these are unconfirmed speculations though). I need the gpt table from the device (6045) to generate the necessary files.
Code:
dd if=/dev/mmcblk0 of=<path to the sd_card>/gpt.bin bs=512 count=34
2. No.
Click to expand...
Click to collapse
Code:
/mmcblk0 of=/storage/sdcard1/gpt.bin bs=512 count=34 <
dd: /dev/mmcblk0: No such file or directory
Now a cat of /proc/partitions shows 179 0 15267840 mmcblk0 so I have no idea why it says it's not found. [I can confirm none of the mmc* are under /dev. I have a find running to see where it says it is.....ok..for us it's in /dev/block/mmcblk0 ]
Just drop .zip off the end of the name..it's not actually zipped but couldn't upload a .bin.

partition.xml needed for unbricking hardbricked 5X devices!

Could somebody provide us with a full eMMC backup of a 16GB and 32GB model so that we can build partition.xml and extract rawprogram0.xml and patch0.xml from it to unbrick our devices with QFIL/QPST?
(this issue is rather specific, you cannot access the phone by ADB,fastboot or LGUP, but Windows recognizes it as Qualcomm HS-USB QDLoader 9008 so it's fixable with the appropriate files)

qb74 said:
Could somebody provide us with a full eMMC backup of a 16GB and 32GB model so that we can build partition.xml and extract rawprogram0.xml and patch0.xml from it to unbrick our devices with QFIL/QPST?
(this issue is rather specific, you cannot access the phone by ADB,fastboot or LGUP, but Windows recognizes it as Qualcomm HS-USB QDLoader 9008 so it's fixable with the appropriate files)
Click to expand...
Click to collapse
I have no idea to make such a backup since I cannot access the device's emmc in Linux.
I've used this method on another phone but there I could access the emmc directly as external storage by using a key combo on boot.
Skickat från min Nexus 5X via Tapatalk

Nicktheprofessor said:
I have no idea to make such a backup since I cannot access the device's emmc in Linux.
I've used this method on another phone but there I could access the emmc directly as external storage by using a key combo on boot.
Skickat från min Nexus 5X via Tapatalk
Click to expand...
Click to collapse
here
it's for another chipset, but the same process applies for all chipsets.

qb74 said:
here
it's for another chipset, but the same process applies for all chipsets.
Click to expand...
Click to collapse
Can't help you with that one then since I'm running Linux on all my machines. Too bad, I wouldn't mind having a complete backup.
Skickat från min Nexus 5X via Tapatalk

Maybe the people with Linux machines and free time would wanna try this?
https://androidforums.com/threads/guide-how-to-create-partition-xml-gpt.1125433/

gogozombiii said:
Maybe the people with Linux machines and free time would wanna try this?
https://androidforums.com/threads/guide-how-to-create-partition-xml-gpt.1125433/
Click to expand...
Click to collapse
@Nicktheprofessor Try checking this out, if you got the time! You would help the community out a ton!

qb74 said:
@Nicktheprofessor Try checking this out, if you got the time! You would help the community out a ton!
Click to expand...
Click to collapse
I'll need an OTG storage device to do this. I can backup the entire thing using dd but it can't be written to the internal storage (for obvious reasons, it would then backup the backup and the backup of the backup and so on).
If I could access it on the computer or send it to the computer then that would work but I'm not aware of any way to do that without storing it locally first (which, as previously mentioned, is impossible to do).
[EDIT] I wonder if it's possible to use adb root pull from TWRP to pull /dev/mmcblk0, I'll try that after cleaning it up. If that works then it's a piece of cake to do this on any phone. [/EDIT]

qb74 said:
Could somebody provide us with a full eMMC backup of a 16GB and 32GB model so that we can build partition.xml and extract rawprogram0.xml and patch0.xml from it to unbrick our devices with QFIL/QPST?
(this issue is rather specific, you cannot access the phone by ADB,fastboot or LGUP, but Windows recognizes it as Qualcomm HS-USB QDLoader 9008 so it's fixable with the appropriate files)
Click to expand...
Click to collapse
OK, so I managed to do a complete backup via adb pull /dev/mmcblk0
For future reference, this is the easiest way:
From a fastboot boot twrp:
adb root
adb pull /dev/mmcblk0 emmc.img
Now, that's 13GB worth of data that you don't need, I can give you a part table on this (using part) or whatever you need but It's a bit too big to upload as is.
I can run an emulator and mount it as is and that works too but all I can extract from there is data.
Now, shutting down your device and inserting your USB cable while holding vol + AND vol- seems to mount emmc as portable storage, that should mean that you can dd the entire thing right onto the device?

Nicktheprofessor said:
OK, so I managed to do a complete backup via adb pull /dev/mmcblk0
For future reference, this is the easiest way:
From a fastboot boot twrp:
adb root
adb pull /dev/mmcblk0 emmc.img
Now, that's 13GB worth of data that you don't need, I can give you a part table on this (using part) or whatever you need but It's a bit too big to upload as is.
I can run an emulator and mount it as is and that works too but all I can extract from there is data.
Now, shutting down your device and inserting your USB cable while holding vol + AND vol- seems to mount emmc as portable storage, that should mean that you can dd the entire thing right onto the device?
Click to expand...
Click to collapse
Maybe? Not entirely sure if the dd method could work since this kind of hardbrick literally bricks your phone if you don't have the right files. Great job on the backup though! Mind telling me the steps for dd-ing the entire thing onto my device?
Or better, create partition.xml and extract & upload rawprogram0.xml and patch0.xml so that I can use myself as a test dummy.
its a guide for linux systems, hopefully you can help us get one step closer to fixing our devices!

qb74 said:
Maybe? Not entirely sure if the dd method could work since this kind of hardbrick literally bricks your phone if you don't have the right files. Great job on the backup though! Mind telling me the steps for dd-ing the entire thing onto my device?
Or better, create partition.xml and extract & upload rawprogram0.xml and patch0.xml so that I can use myself as a test dummy.
its a guide for linux systems, hopefully you can help us get one step closer to fixing our devices!
Click to expand...
Click to collapse
Yeah, that doesn't help since it's made for extracting a partition.xml from a .KDZ where these partition files exist.
In a copy of your disk that doesn't exist, there isn't a file to copy and paste into that.
I can do the partition table and partition sectors if you want that but without knowing what is actually needed (as in the source code in the tool used to fix the device) I can't really help.
I'll check if i can put a device in that state and see what happens with the emmc connection.

Nicktheprofessor said:
Yeah, that doesn't help since it's made for extracting a partition.xml from a .KDZ where these partition files exist.
In a copy of your disk that doesn't exist, there isn't a file to copy and paste into that.
I can do the partition table and partition sectors if you want that but without knowing what is actually needed (as in the source code in the tool used to fix the device) I can't really help.
I'll check if i can put a device in that state and see what happens with the emmc connection.
Click to expand...
Click to collapse
Get the partition table and partition sectors, that's a start! (even though I got no clue how to continue after that )
Do you mean the source code of QPST/QFIL? That's a rather impossible task though

qb74 said:
Get the partition table and partition sectors, that's a start! (even though I got no clue how to continue after that )
Do you mean the source code of QPST/QFIL? That's a rather impossible task though
Click to expand...
Click to collapse
I'm talking about the source code of the programming tool but I might not need that either if i can just examine it on my own and I have one of those devices on hand come tuesday.
I'm fairly confident that I can build a programmer to rewrite the emmc with whatever I want it to if i can just get a hold of the system calls.
Do you want to work together on this? It seems to me that it would be worthwhile even in the long run as QC are unlikely to change this procedure.

Nicktheprofessor said:
I'm talking about the source code of the programming tool but I might not need that either if i can just examine it on my own and I have one of those devices on hand come tuesday.
I'm fairly confident that I can build a programmer to rewrite the emmc with whatever I want it to if i can just get a hold of the system calls.
Do you want to work together on this? It seems to me that it would be worthwhile even in the long run as QC are unlikely to change this procedure.
Click to expand...
Click to collapse
Absolutely! Even though I don't have the necessary knowledge with Android/Linux, I do have basic Windows knowledge. I'd be glad to help out the community as a whole!

bump!

qb74 said:
Could somebody provide us with a full eMMC backup of a 16GB and 32GB model so that we can build partition.xml and extract rawprogram0.xml and patch0.xml from it to unbrick our devices with QFIL/QPST?
(this issue is rather specific, you cannot access the phone by ADB,fastboot or LGUP, but Windows recognizes it as Qualcomm HS-USB QDLoader 9008 so it's fixable with the appropriate files)
Click to expand...
Click to collapse
i just found for the nexus 5x the lg tot firmware u can use it to make the partition.xml
lg h791 16g
drive.google.com/uc?id=0B89Fk5GHkvZqb3I3bV9rTksxZFE&export=download
lg h791 32g
cloud.mail.ru/public/G1bp/vhoVk1MwW
i used BoardDiag to extract the frimware
drive.google.com/file/d/0Bw1P9EP0d9nZY0FUall1VWVvc0k/view
and here is how to build partition.xml and extract rawprogram0.xml and patch0.xml from it
youtube.com/watch?v=BmAuzbG9re4
now we need prog emmc firehose 8992.mbn to use with QFIL/QPST
i hope u can find a solution i'm stuck with a dead nexus 5x for the moment

do you need h798 16G version dd image? if you need I can dump to you
---------- Post added at 09:17 AM ---------- Previous post was at 08:40 AM ----------
Nicktheprofessor said:
OK, so I managed to do a complete backup via adb pull /dev/mmcblk0
For future reference, this is the easiest way:
From a fastboot boot twrp:
adb root
adb pull /dev/mmcblk0 emmc.img
Now, that's 13GB worth of data that you don't need, I can give you a part table on this (using part) or whatever you need but It's a bit too big to upload as is.
I can run an emulator and mount it as is and that works too but all I can extract from there is data.
Now, shutting down your device and inserting your USB cable while holding vol + AND vol- seems to mount emmc as portable storage, that should mean that you can dd the entire thing right onto the device?
Click to expand...
Click to collapse
adb pull /dev/mmcblk0 emmc.img
this command does not work
first there no device /dev/mmcblk0 but in /dev/block/mmcblk0 second adb pull /dev/block/mmcblk0 emmc.img does not work.
F:\BaiduNetdiskDownload>adb pull /dev/mmcblk0 emmc.img
adb: error: remote object '/dev/mmcblk0' does not exist

youxiaojie said:
do you need h798 16G version dd image? if you need I can dump to you
---------- Post added at 09:17 AM ---------- Previous post was at 08:40 AM ----------
adb pull /dev/mmcblk0 emmc.img
this command does not work
first there no device /dev/mmcblk0 but in /dev/block/mmcblk0 second adb pull /dev/block/mmcblk0 emmc.img does not work.
F:\BaiduNetdiskDownload>adb pull /dev/mmcblk0 emmc.img
adb: error: remote object '/dev/mmcblk0' does not exist
Click to expand...
Click to collapse
You need to reboot to a TWRP (or whatever recovery that supports unencrypted storage) that supports unencrypted devices before you attempt it.
You have to do this through fastboot boot recovery.img and not through flashing it. You are correct about /dev/block/mmcblk0 though. My apologies for the confusion caused by that.

I got it
Nicktheprofessor said:
You need to reboot to a TWRP (or whatever recovery that supports unencrypted storage) that supports unencrypted devices before you attempt it.
You have to do this through fastboot boot recovery.img and not through flashing it. You are correct about /dev/block/mmcblk0 though. My apologies for the confusion caused by that.
Click to expand...
Click to collapse
after formatting data partition, I removed whole disk encrypt and success run "adb pull /dev/block/mmcblk0 emmc.img" command.
https://pan.baidu.com/s/1bpcvqV1
and do I used "adb push emmc.img /dev/block/mmcblk0" to recover whole emmc when my phone soft bricked?

youxiaojie said:
after formatting data partition, I removed whole disk encrypt and success run "adb pull /dev/block/mmcblk0 emmc.img" command.
https://pan.baidu.com/s/1bpcvqV1
and do I used "adb push emmc.img /dev/block/mmcblk0" to recover whole emmc when my phone soft bricked?
Click to expand...
Click to collapse
file is not working, getting a error when unzipping it

qb74 said:
file is not working, getting a error when unzipping it
Click to expand...
Click to collapse
https://mega.nz/#!Oo9DxJyL!rzFl_s2ie1frCr79TpYTYKoeXNwg78d5dc-a71bkInE
try this again

LG V30 Unbrick guide (Qualcomm EDL 9008 Mode, Hardbirck, with no download mode)

If you try this method, I nor anybody else is responsible for any further damage done to your phone.
Models Confirmed : V300L
We currently have firehose for V30.
Therefore, we can program UFS flash memory in 9008 mode.
It requires rawprogram?.xml(s) and patch?.xml(s) to program it.
It's easy to generate rawprogram?.xml(s) from kdz file, but generate patch?.xml(s) is not easy. (Unfortunately, I couldn't have time to generate patch?.xml(s)).
I have edited kdztools to generate rawprogram?.xml(s) easily (You can generate it by using "-r" argument. Currently, generate patch?.xml(s) is not supported. I'll add it soon).
I used patch?.xml(s) in post. it works well, but boot loop in the LG Logo.
However, it was possible to enter download mode.
------------------- GUIDE -------------------​1. Download rawprogram?.xml patch?.xml with images from link. (It uses V300L30h000906.kdz)
2. Download firehose (prog_ufs_firehose_8998_lgev30.elf) from link.
<< Linux >>
3. Build qdl or download pre-built binary
4. Extract zip or tar.gz files 1, 2, 3 in any folder.
5. Run
Code:
$ ./qdl --storage ufs prog_ufs_firehose_8998_lgev30.elf rawprogram0.xml patch0.xml rawprogram1.xml patch1.xml rawprogram2.xml patch2.xml rawprogram3.xml patch3.xml rawprogram4.xml patch4.xml rawprogram5.xml patch5.xml rawprogram6.xml patch6.xml
in the terminal.
6. If LG logo shows, enter to the download mode.
<< Windows >>
3-6. You can program by QFIL similar as qdl.
7. Connect to any Windows PC with LGUP (must support Android Pie).
8. Flash kdz with ChipErase. (IMPORTANT)
9. If it boots successfully, your device has unbricked.

you can create rawprogramer and patch.xml with this program
I have already tried it on lg v10 kdz with successful.
after extract kdz :
1-open qualcomtool 2.4 and go to EMMC tabe.
2-clic browse and select primarygpt_0.bin
3- select all partitions and click exract partition
4- click extract firmware
you will find every things you need in extracted folder.
you can edid rowprogramer.xml with notepad ++ .
edit : tryed with lg v30 kdz not work
(gpt not present when select file)

Thank you for your work

download problem
quickwshell said:
If you try this method, I nor anybody else is responsible for any further damage done to your phone.
Models Confirmed : V300L
We currently have firehose for V30.
Therefore, we can program UFS flash memory in 9008 mode.
It requires rawprogram?.xml(s) and patch?.xml(s) to program it.
It's easy to generate rawprogram?.xml(s) from kdz file, but generate patch?.xml(s) is not easy. (Unfortunately, I couldn't have time to generate patch?.xml(s)).
I have edited kdztools to generate rawprogram?.xml(s) easily (You can generate it by using "-r" argument. Currently, generate patch?.xml(s) is not supported. I'll add it soon).
I used patch?.xml(s) in post. it works well, but boot loop in the LG Logo.
However, it was possible to enter download mode.
------------------- GUIDE -------------------​1. Download rawprogram?.xml patch?.xml with images from link. (It uses V300L30h000906.kdz)
2. Download firehose (prog_ufs_firehose_8998_lgev30.elf) from link.
<< Linux >>
3. Build qdl or download pre-built binary
4. Extract zip or tar.gz files 1, 2, 3 in any folder.
5. Run
Code:
$ ./qdl --storage ufs prog_ufs_firehose_8998_lgev30.elf rawprogram0.xml patch0.xml rawprogram1.xml patch1.xml rawprogram2.xml patch2.xml rawprogram3.xml patch3.xml rawprogram4.xml patch4.xml rawprogram5.xml patch5.xml rawprogram6.xml patch6.xml
in the terminal.
6. If LG logo shows, enter to the download mode.
<< Windows >>
3-6. You can program by QFIL similar as qdl.
7. Connect to any Windows PC with LGUP (must support Android Pie).
8. Flash kdz with ChipErase. (IMPORTANT)
9. If it boots successfully, your device has unbricked.
Click to expand...
Click to collapse
thank you so much,but can't download zip from this website,if you can offer other download way,such as google,mega,onedrive,i will apreciate it so much,thanks for your work

Johoneycn said:
thank you so much,but can't download zip from this website,if you can offer other download way,such as google,mega,onedrive,i will apreciate it so much,thanks for your work
Click to expand...
Click to collapse
Sorry for the late reply
mega. nz/#!zCZBkC4D!Vxo9wrd1c9vsZgCfQIrLelcp3unTY7sJAqMXjANvzjQ is V30_UNBRICK.zip
and mega. nz/#!PLIBzQ6L!JKtfq_RH2iFgcQckkRi_LtZGt9u2zaO2YF6x8dtHL6A is a firehose.

It is a shame we resort to such lengths for this. Shame on vendors. It is like pure gold or diamonds when we come across a programmer...

Hi, @quickwshell, could you see this: Help! bootloop per 5 sec, cannot enter rec, download or fastboot. Does the problem I'm facing now is what your method targeting to?

@quickwshell
Thank you so much for sharing firehorse for v30 and this solution. I have LS998 bricked bootloop after interrupting upgrade as @zacox123. I tried your files posted but still phone cant get download mode. Now Im trying to create rawprogram.xml and patch.xml from specific firmware model ls998 but I want to know what partitions are necesary just for getting download mode and then try to upgrade for usb mode.
Could you please help me?
thanks in advance

Pulian said:
@quickwshell
Thank you so much for sharing firehorse for v30 and this solution. I have LS998 bricked bootloop after interrupting upgrade as @zacox123. I tried your files posted but still phone cant get download mode. Now Im trying to create rawprogram.xml and patch.xml from specific firmware model ls998 but I want to know what partitions are necesary just for getting download mode and then try to upgrade for usb mode.
Could you please help me?
thanks in advance
Click to expand...
Click to collapse
How did you do with your phone? Have you made your phone into 9008 mode? Did you use the correct tool?
I have not processed my problem yet. But I read some other posts introducing that, use qpst or miracle box or any similar tools with the edl file provided by @quickwshell to flash in twrp directly, instead of getting download mode back. Maybe you can have a trial.

I was converting my lg [email protected] for unlocking. I have tools for flashing and I did it before with others phones. Accidently flashing process was interrupted and phone got that condition, no download mode. Now I'm using testpoint connection and UMT (tool for repair Qualcomm Phones) for trying to recover download mode. I suppose you can use QFIL for programming after we have correct rawprogramer.xml and patch.xml. Let me finish my test and I'll post results.
Pd: bootloader is not unlocked and I don't know if I can write twrp and it'll work.
Could you share links referring this topic and phone? Thanks.

Well, it definitely worked :good:.
Partitions extracted from us998 firmware
. Now I'm flashing again.
Pd: sorry for inverted picture. I make it from cellphone without edition

Do we need any special process before the computer work, @quickwshell and @Pulian? Is any special cable or teardown work needed? I have never used 9008 before but see other brands like xiaomi cannot simply enter 9008 mode directly.
---------- Post added at 04:27 PM ---------- Previous post was at 04:08 PM ----------
Pulian said:
Well, it definitely worked :good:.
Partitions extracted from us998 firmware
. Now I'm flashing again.
Pd: sorry for inverted picture. I make it from cellphone without edition
Click to expand...
Click to collapse
I see octoplus in your pic. Could you please share your tools and detailed steps? I have never tried 9008, so I hope some extra hand-by-hand instructions. Thanks.
The post I read is from an Android community app, and I'm afraid I cannot provide a link to it. And the author of that post said he had not tested yet, just some common sense and rough idea. I'd hear more from you, afterwards you have succeeded.

Thanks again @quickwshell. Firehorse file is the most important think for starting.
1. I extracted files partitions from firmware KDZ using this software https://forum.xda-developers.com/showthread.php?t=2600575
2.. I used testpoint for getting EDL (QUALCOM 9008) connection. https://forum.xda-developers.com/showpost.php?p=78573920&postcount=2
3. I tried firmware posted here without success (Maybe it works on others). So I wrote critical partitions extracted from my specific firmware (US998) using UMT box and I didnt need to create .xml files because this tool can read and detect internal partitions.
4. I got download mode and just write firmware by USB using octoplusbox. Phone Alive!!
I think every step here can be replaced using diferent software. good luck!

nate0 said:
It is a shame we resort to such lengths for this. Shame on vendors. It is like pure gold or diamonds when we come across a programmer...
Click to expand...
Click to collapse
yes,i think so too, lg is too bad on the software

Pulian said:
Thanks again @quickwshell. Firehorse file is the most important think for starting.
1. I extracted files partitions from firmware KDZ using this software https://forum.xda-developers.com/showthread.php?t=2600575
2.. I used testpoint for getting EDL (QUALCOM 9008) connection. https://forum.xda-developers.com/showpost.php?p=78573920&postcount=2
3. I tried firmware posted here without success (Maybe it works on others). So I wrote critical partitions extracted from my specific firmware (US998) using UMT box and I didnt need to create .xml files because this tool can read and detect internal partitions.
4. I got download mode and just write firmware by USB using octoplusbox. Phone Alive!!
I think every step here can be replaced using diferent software. good luck!
Click to expand...
Click to collapse
After getting download mode back, do we need chiperase like @quickwshell mentioned? I don't know if octoplusbox did it before writing firmware and I suppose most people would still use LGUP for firmware writing. Did you lose s/n, imei, etc. after phone booting? If not, I guess partition dl should be OK.

I didnt touch imei and security partitions. My phone worked after flashing without problems.

Pulian said:
Thanks again @quickwshell. Firehorse file is the most important think for starting.
1. I extracted files partitions from firmware KDZ using this software https://forum.xda-developers.com/showthread.php?t=2600575
2.. I used testpoint for getting EDL (QUALCOM 9008) connection. https://forum.xda-developers.com/showpost.php?p=78573920&postcount=2
3. I tried firmware posted here without success (Maybe it works on others). So I wrote critical partitions extracted from my specific firmware (US998) using UMT box and I didnt need to create .xml files because this tool can read and detect internal partitions.
4. I got download mode and just write firmware by USB using octoplusbox. Phone Alive!!
I think every step here can be replaced using diferent software. good luck!
Click to expand...
Click to collapse
I searched a lot for UMT Box and it seems like one has to collect it with the dongle or else it's not gonna work. Getting frustrated here Are there any way other than umt? Can you or anyone suggest?

moyedchowdhury said:
I searched a lot for UMT Box and it seems like one has to collect it with the dongle or else it's not gonna work. Getting frustrated here Are there any way other than umt? Can you or anyone suggest?
Click to expand...
Click to collapse
use cracked miracle box

seloka180 said:
use cracked miracle box
Click to expand...
Click to collapse
THANKS FOR COMING BACK. Mine is a LS998 converted into US998.
I'm So disappointed right now. Past few days have been unbearable. Even my Blood pressure is getting high
I'll describe what happened so that the situation is understood and you could suggest accordingly.
*I unlocked bootloader by wtf method.
*Tried several roms.
*Decided to stay on LOS 17.1 Q [Nearly got f*****g everything]
*Flushed a module via magisk which offered pixel boot animation(actually was searching for smartpixel to turn off 50% pixels)
*Rebooted and the device stuck into bootloop
*Rebooted into fastboot mode and reinstalled twrp and reboot- No luck
*Used a guide to wipe different partitions via fastboot and then reinstall twrp. Success but still boot stuck.
*Tried to go into download mode by pressing volume up while connecting USB, went into the mode but "waiting for any connection..." showed and was not detected by device mgr.
*Thought relocking the bootloader might get me into download mode.(That's when I burnt my luck I guess...)
*Did lock the bootloader.
*Aaaand still not detected in device manager.
*Moreover, now showing that Your device has failed a routine security check and will not boot!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
*Opened the back and test pointed motherboard, detected in 9008 mode
*Tried QFIL with V30_Unbrick.zip, sahara error.
*Tried a bunch of other tools most of them were so old that they didn't even have the firehose for this model.
Please someone help.

seloka180 said:
use cracked miracle box
Click to expand...
Click to collapse
Can't thank you enough mate! Used it and miracle did happen. I even tried to use it before but after you said it, I tried hard this time. Searched here and there, then took some risk and started to do things like this way -
I had V30_UNBRICK.zip unzipped in a folder with firehose and xml files.
*Disable defender or any other antivirus. (Normally not recommended, but it's the first thing I do when doing these things, also I have an extra laptop where I do all these which doesn't have any private or necessary files, never had any problem though).
*Also, disable driver signature enforcement on Windows(https://windowsreport.com/driver-signature-enforcement-windows-10/)
1. I searched and found Miracle box Thunder v2.93 with loader (No box needed)
2. Select Qualcomm, then flashing and Write Flash.
3. Untick the auto button beside firehose.
4. Under "write flash"
see this image
i. Select firehose, this doesn't recognize the .elf file so renamed it to .mbn (finger was crossed) and it worked!
ii. There are six rawprogram?.xml and patch?.xml (Here, ? = 1, 2, 3....6), I only used rawprogram0.xml and
iii. patch0.xml
5. Got everything ready and then detached the phone from cable.
6. Pressed the start button right after entering into Testpoint EDL Mode. The process starts and failed after a while due to missing files. Then I matched which files were present corresponding to the lines in the xml file, after that deleted all the extra lines(i. e. file was not present in the V30_UNBRICK.zip) from rawprogram0.xml and saved the file (patch0.xml was untouched). I used Notepad++ for editing.
7. Again detached the phone, detached battery, reattached battery, pressed the start button right after I shorted the edl test points, even before the device was detected in the device manager, no delay.
8. The process was completed, files flashed. These files were flashed so that we can now flash proper kdz with download mode. Do not turn on the phone. Or else you'll get into bootloop.
9. Detached the battery, shorted power button for a while(skip if you don't understand), reattached the battery.
10. Pressed volume up and inserted USB cable. Not detected first time. Detached and reattached with pressing volume up button hard this time.
11. witnessed one of the happiest moment seeing it was detected as an LG device in device manager. Wasn't 100% sure yet.
12. Flashed chiperase(important) with patched LGUP in dev mode. And it was done.
13. I will upload the XML file, you can use it with the existing files inside V30_UNBRICK.zip.
the xml file here
Before doing all that I spent five horrific days searching for a solution and almost ordered a motherboard from Aliexpress with a price tag of $100. I tried to be as elaborative as possible so that whoever next encounter the issue don't have to go through what I experienced past few days. If you're reading this and having a problem understanding anything, read again, repeat 10 times, then repeat more 10 times(worked for me), still no solution? knock me here (also: [email protected]). I could help you(with v 30, g6) remotely if I have time, no charges, donate if you will and if you don't I'll still be happy to help. Keep flashing, peace.
---------- Post added at 05:36 AM ---------- Previous post was at 04:57 AM ----------
quickwshell said:
If you try this method, I nor anybody else is responsible for any further damage done to your phone.
Models Confirmed : V300L
We currently have firehose for V30.
Therefore, we can program UFS flash memory in 9008 mode.
It requires rawprogram?.xml(s) and patch?.xml(s) to program it.
It's easy to generate rawprogram?.xml(s) from kdz file, but generate patch?.xml(s) is not easy. (Unfortunately, I couldn't have time to generate patch?.xml(s)).
I have edited kdztools to generate rawprogram?.xml(s) easily (You can generate it by using "-r" argument. Currently, generate patch?.xml(s) is not supported. I'll add it soon).
I used patch?.xml(s) in post. it works well, but boot loop in the LG Logo.
However, it was possible to enter download mode.
------------------- GUIDE -------------------​1. Download rawprogram?.xml patch?.xml with images from link. (It uses V300L30h000906.kdz)
2. Download firehose (prog_ufs_firehose_8998_lgev30.elf) from link.
<< Linux >>
3. Build qdl or download pre-built binary
4. Extract zip or tar.gz files 1, 2, 3 in any folder.
5. Run
Code:
$ ./qdl --storage ufs prog_ufs_firehose_8998_lgev30.elf rawprogram0.xml patch0.xml rawprogram1.xml patch1.xml rawprogram2.xml patch2.xml rawprogram3.xml patch3.xml rawprogram4.xml patch4.xml rawprogram5.xml patch5.xml rawprogram6.xml patch6.xml
in the terminal.
6. If LG logo shows, enter to the download mode.
<< Windows >>
3-6. You can program by QFIL similar as qdl.
7. Connect to any Windows PC with LGUP (must support Android Pie).
8. Flash kdz with ChipErase. (IMPORTANT)
9. If it boots successfully, your device has unbricked.
Click to expand...
Click to collapse
Thank you, Your post helped me to understand a lot of things. Without whome I'd be having an expensive brick which can't even be used to build anything.
This is the way I recovered. So posting it here for people might get help.
seloka180 said:
use cracked miracle box
Click to expand...
Click to collapse
Can't thank you enough mate! Used it and miracle did happen. I even tried to use it before but after you said it, I tried hard this time. Searched here and there, then took some risk and started to do things like this way -
I had V30_UNBRICK.zip unzipped in a folder with firehose and xml files.
*Disable defender or any other antivirus. (Normally not recommended, but it's the first thing I do when doing these things, also I have an extra laptop where I do all these which doesn't have any private or necessary files, but never had any problems).
*Also, disable driver signature enforcement on Windows(https://windowsreport.com/driver-sig...nt-windows-10/)
1. I searched and found Miracle box Thunder v2.93 with loader (No box needed)
2. Select Qualcomm, then flashing and Write Flash.
3. Untick the auto button beside firehose.
4. Under "write flash"
see this image
i. Select firehose, this doesn't recognize the .elf file so renamed it to .mbn (finger was crossed) and it worked!
ii. There are six rawprogram?.xml and patch?.xml (Here, ? = 1, 2, 3....6), I only used rawprogram0.xml and
iii. patch0.xml
5. Got everything ready and then detached the phone from cable.
6. Pressed the start button right after entering into Testpoint EDL Mode. The process starts and failed after a while due to missing files. Then I matched which files were present corresponding to the lines in the xml file, after that deleted all the extra lines(i. e. file was not present in the V30_UNBRICK.zip) from rawprogram0.xml and saved the file (patch0.xml was untouched). I used Notepad++ for editing.
7. Again detached the phone, detached battery, reattached battery, pressed the start button right after I shorted the edl test points, even before the device was detected in the device manager, no delay.
8. The process was completed, files flashed. These files were flashed so that we can now flash proper kdz with download mode.
9. Detached the battery, shorted power button for a while(skip if you don't understand), reattached the battery.
10. Pressed volume up and inserted USB cable. Not detected first time. Detached and reattached with pressing volume button hard this time.
11. witnessed one of the happiest moment seeing it was detected as an LG device in device manager. Wasn't 100% sure yet.
12. Flashed chiperase(important) with patched LGUP in dev mode. And it was done.
13. I will upload the XML file, you can use it with the existing files inside V30_UNBRICK.zip.
the xml file here
Before doing all that I spent five horrific days searching for a solution and almost ordered a motherboard from Aliexpress with a price tag of $100. I tried to be as elaborative as possible so that whoever next encounter the issue don't have to go through what I experienced past few days. If you're reading this and having a problem understanding anything, read again, repeat 10 times, then repeat more 10 times(worked for me). Keep flashing, peace.

[CLOSED](removed for now)

*deleted*

I can, Help me

Nice, I sent you a pm !

Edited the first post to add instructions on how to try that unlock method yourself.
Please leave a feedback if you're having trouble with a step, or if you succeed.
If you manage to convert from locked sim and locked bootloader to fully unlocked on international rom, please report if you still have working phone signal, and if you can use sim cards from other carriers.

Has anyone else tried this i would try it but i only have a daily driver so i don't wanna do it and break my phone or certain features on my phone.

somebody tried? @Superboy58 you resolved the problem with the modem?

I think there is no problem with the modem, but I lost it because I used Msm tool in SMT mode.
As you can see, there is no use of smt mode in the steps I provided.
If the modem doesn't work after following these steps, you can still flash original TMobile rom and you will be in 100% original state.

Superboy58 said:
I think there is no problem with the modem, but I lost it because I used Msm tool in SMT mode.
As you can see, there is no use of smt mode in the steps I provided.
If the modem doesn't work after following these steps, you can still flash original TMobile rom and you will be in 100% original state.
Click to expand...
Click to collapse
your methor very difficult for me ?

@heocon77 I sent you a PM sometimes ago asking if you wanted help to follow the steps.
PM me your email or telegram username and we'll do the unlock procedure on your phone.

Oh how awesome! I just got a 7t tmo to upgrade from my daily driver 3t. I was about to return it because of the invalid imei issue but if this works I'll likely keep it!
Thanks in advance and wish me luck. will report back if it works

Today I will try, Hope, thanks you superboy58

It may have to do with the fact I'm using windows, while I was able to read from the partition I couldn't write to it.
Here's some output
Code:
>> G:\__________________Phone\edl-master> python edl.py w abl_a abl.elf --memory=ufs --loader=G:\__________________Phone\edl-master\Loaders\000a50e100514985_2acf3a85fde334e2_FHPRG.bin --vid=05c6 --pid=9008
Qualcomm Sahara / Firehose Client (c) B.Kerler 2018-2020.
__main__ - Using loader G:\__________________Phone\edl-master\Loaders\000a50e100514985_2acf3a85fde334e2_FHPRG.bin ...
__main__ - Waiting for the device
__main__ - Device detected :)
__main__ - Mode detected: firehose
Library.firehose - Chip serial num: xxxxxxxxxxxxxxxxxxx
Library.firehose -
root - Couldn't detect MaxPayloadSizeFromTargetinBytes
Library.firehose - Couldn't detect TargetName
Library.firehose - TargetName=Unknown
Library.firehose - MemoryName=UFS
Library.firehose - Version=1
__main__ - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest,gethwversion,getrfversion,getprjversion,setprojmodel,demacia,sha256init,sha256final,eraseuserdata
Library.firehose -
Writing abl.elf to physical partition 4, sector 89478, sectors 291
Progress: |--------------------------------------------------| 0.0% CompleteLibrary.firehose - Error:[False, {'value': 'NAK', 'rawmode': 'false'}, bytearray(b'<?xml version="1.0" encoding="UTF-8" ?>\n<data>\n<response value="NAK" rawmode="false" />\n</data>')]
Error writing abl.elf to sector 89478.

LG G710EAW partitions corrupted. Permanently Locked!!

I hard bricked an LG G7 ThinQ G710EAW by flashing the wrong firmware (T-Mobile) onto it via LGUP. It now goes into EDL mode after shorting test points, but I'm unable to revive it by following this unbrick thread. Loading up the partition images via Partition Manager in QFIL "succeeds", but it doesn't revive my phone. Doesn't get me to fastboot. Still nothing on screen.
I also tried the rawprogram*.xml option using the XMLs in that thread, but QFIL keeps erroring out that the partition sizes defined in the XML are different from what it sees on the device.
The OP for the thread seems to not be active any longer.
Can someone here please help me understand how to recover my phone?

Anyone? Happy to donate for help as well.

Bumping up this thread.

If I had another EAW motherboard, would it help unbrick my motherboard? Wondering how I can fix my phone

So, I was able to finally figure this all out, recover my LG G710EAW and bring it back to life! It was a mix of information from many threads. No boxes, and no payment to anyone. All free.
The OP of this thread is active but has completely stopped responding to his thread and to his DMs - he's likely uninterested in a 4-5 year old phone at this point. In his first post he mentioned creating rawprogram* XMLs by hand, and it taking hour+ to do so. However, I'm unsure why it took him that long and in the end the files don't even work for QFIL since the sector size in the XMLs (512B) is different from device sector size (4096B). Nevertheless, I was able to flash these via command line 'edl' which ignored the sector size, but it didn't recover the device.
Generating rawprogram XMLs is easy if you can figure out how to run this Python program mentioned in this thread. However, the files attached there no longer work in 2022, the links are dead, and Python 2.7 is a dinosaur. Someone in that thread mentioned a different, fixed, repo but it didn't work with Python 2.7 for the 'undz' part. After a lot of head banging, I tried Python3 and 'undz' worked.
Here are the steps:
- Download the firmware for your model in KDZ format
- Install QPST
- Install Python3.x
- Run: pip3 install setuptools zstandard
- Download ZIP for kdztools from the repo: https://github.com/ErickG233/kdztools (or the attachment)
- Unzip kdztools and CD into that directory kdztools-master. This version is bug-fixed and also generates rawprogram files for us.
- Copy the firmware KDZ into kdztools-master directory
- Run: python3 unkdz.py -f G710EAW30e_00_0916.kdz -x. This creates a DZ file in a new `kdzextracted` folder
- Move the extracted DZ file from the kdzextracted folder back one level up, into kdztools-master dir
- Run: python3 undz.py -f G71030q_00_user-signed-ARB0_OPEN_ESA_DS_OP_0916.dz -c
- This creates a dzextracted folder here with all the files needed to recover your phone. Now all we need are the rawprogram XMLs.
- Run: python3 undz.py -f G71030q_00_user-signed-ARB0_OPEN_ESA_DS_OP_0916.dz -r. This will create all the rawprogram XMLs you need to flash. No patch files are created, but that is OK.
- In my case, QFIL complained it couldn't find file "PrimaryGPT_0.bin", so I copied file gpt_main0.bin_0 and renamed the copy gpt_main0.bin_0_copy > PrimaryGPT_0.bin
- Load your phone into EDL mode. If you want to use test points, see the image in this thread.
- Load QFIL. Use the ELF programmer file from any of the threads linked thus far. Select flat build. Load all rawprogram XMLs generated previously. Hit cancel when it asks for patch file XMLs.
- Hit Download.
This will recover your phone so it's able to boot and all. However, in my case, the phone had lost serial number and IMEI numbers (dual SIM) as well.
- To restore your IMEI numbers, you will need your QCN file or a backup of your FSG (fsg.img) partition from before bricking. In my case, I had flashed, via LGUP, T-Mobile firmware on my Indian phone. I then dumped all the partitions using command line EDL. I have not used QCN method since it seems to require a lot of steps to put the phone into diagnostics mode. I had a backup of the FSG partition, so I used that instead.
- If you have a backup of your FSG partition, load QFIL > Partition Manager. Erase modemst1 modemst2 and fsg partitions. Then, load the backup FSG.img file onto FSG partition. Restart phone.
- Now, if you have the serial number from your bill or box, see this thread to restore it. Pay extra attention to the Firehose configuration section, or else, it may create some issues. It's best to restore S/N after restoring IMEI in my experience, but this could just be some randomness or bad Firehose config during S/N restore.

This happiness was short-lived. When I was flashing all these KDZ via QFIL and LGUP trying to get my IMEIs back, I once saw "This phone is permanently locked and cannot be unlocked". That seems to have taken out my second SIM slot.
Now, after a fresh QFIL flash (with erase before download), my first SIM slot is also dead.
Neither of the SIM slots work now.
This has been so frustrating!

urover said:
This happiness was short-lived. When I was flashing all these KDZ via QFIL and LGUP trying to get my IMEIs back, I once saw "This phone is permanently locked and cannot be unlocked". That seems to have taken out my second SIM slot.
Now, after a fresh QFIL flash (with erase before download), my first SIM slot is also dead.
Neither of the SIM slots work now.
This has been so frustrating!
Click to expand...
Click to collapse
Any luck in recovering the phone ??