Related
Hi! I need some serious help. I accidentally bricked my phone while updating the Bootloader.
It's a Samsung Galaxy S3 SGH-T999L (T-Mobile, but it works with my Vodaphone SIM)
Absolutely nothing on the screen, no boot, no recovery mode (just installed CWM), no download mode. Just a red LED when plugged in via USB.
Device Manager shows this: "QHSUSB_DLOAD"
I live in Egypt so there's no such thing as 'insurance' or 'warranty'.
I tried the instructions here: http://forum.xda-developers.com/showthread.php?t=2439367
Didn't work.
Is this the end? Or is there yet hope for it?
Need to know the details of what you flashed and what steps you followed.
Sent from my SGH-T999 using Tapatalk
DocHoliday77 said:
Need to know the details of what you flashed and what steps you followed.
Sent from my SGH-T999 using Tapatalk
Click to expand...
Click to collapse
I just installed the CWM custom recovery via Android Toolkit, and was preparing to flash Cyanogen. It said that an S3 needed a Bootloader update to install Cyanogen versions greater than 10.1, So I followed the links and I think I accidentally flashed the Bootloader for SGH-T999 (not the T999L).
CWM said it succeeded, rebooted the phone (did not fix root when it asked), and it just never turned on since (it's been a while)
P.s: Idk if this even matters when its as deep as the Bootloader, but the phone had been rooted for months before.
Oh, and I found this and am downloading the latest T999L in case I need it if ODIN can help: http://forum.xda-developers.com/showthread.php?t=2439367
And from yet more Google I found these drivers, but it won't let me post outside links
But Device Manager says "Driver is not intended for this platform."
That's all I got so far, will keep looking for a good driver and check this thread as often as I can
This is gonna probably sound stupid, but I tried an emergency recovery with Kies, but it needed me to get it in Recovery Mode.
No change so far. Any help finding the right drivers would be very helpful.
Kygies27 said:
This is gonna probably sound stupid, but I tried an emergency recovery with Kies, but it needed me to get it in Recovery Mode.
No change so far. Any help finding the right drivers would be very helpful.
Click to expand...
Click to collapse
YAY! Found working drivers here: http://forum.xda-developers.com/showthread.php?t=1536354&page=4
By: richardlibeau
ATTACHED FILES
File Type: zip QHSUSB_Drivers_(x64).zip - [Click for QR Code] (72.3 KB, 568 views)
File Type: rar qhsusb_dload_Drivers.rar - [Click for QR Code] (56.0 KB, 584 views)
More Google (Where is everybody?)
Found this: http://forum.gsmhosting.com/vbb/f824/karbonn-a9-dead-qualcomm-hs-usb-qdloader-9008-how-fix-1740061/
It seems if I can just find the corresponding hex files, etc, this could work.
Or I could somehow reprogram my CPU and make things even worse...
I'm really stuck now.
P.s: I've ofc by now seen nearly everyone go for a JTAG repair. I will check the shops around here when they open, but I don't know if they can do anything about it.
Jtag should be able to repair that kind of brick. Unfortunately, when its due to flashing a different devices firmware, our device methods won't usually work.
You can try the d ebrick method we have posted in development, but just don't expect much. (You never know though, you might get lucky).
I doubt following this instructions will work as they are for a different device. Big risk to try it imo. Might make it non-recoverable by any means. (The process might work, I don't know, but you'd likely need specific files for your device).
Jtag is probably your best option. And in the future, stay away from the toolkit! Its bricked a number of devices and the dev just ignores support requests, even from those who buy it...
Sent from my SGH-T999 using Tapatalk
DocHoliday77 said:
Jtag should be able to repair that kind of brick. Unfortunately, when its due to flashing a different devices firmware, our device methods won't usually work.
You can try the d ebrick method we have posted in development, but just don't expect much. (You never know though, you might get lucky).
I doubt following this instructions will work as they are for a different device. Big risk to try it imo. Might make it non-recoverable by any means. (The process might work, I don't know, but you'd likely need specific files for your device).
Jtag is probably your best option. And in the future, stay away from the toolkit! Its bricked a number of devices and the dev just ignores support requests, even from those who buy it...
Sent from my SGH-T999 using Tapatalk
Click to expand...
Click to collapse
Yeah, shops open soon so hopefully I can see what can be done.
I figured not to bother with the qualcomm tools, messing with things I didn't quite understand was how I got in this trouble in the first place.
But just to clarify something, the Android Toolkit wasn't what bricked it, I tried to install the firmware from a .zip on my SDcard viz CWM recovery, but it was the wrong one (I was so damn sure I was T999, not T999L).
Thank you guys for all the help, I'll post if the guy fixes it!
I know, I only mentioned it because you mentioned using it. Just warning you for the future is all.
Good luck!
Hey guy's,
Hopefully This is in the right place. Please assist in anyway you possibly can. This phone is not a brick, but it might aswell be. I have tried literally every kind of reset unbrick guide I can find for the past 2 months, and nothing works.
From what I can tell it is a driver issue, but even installing the meta mediatek preloader, and drivers does not seem to work. I have tried a fresh install of windows 8.1, windows 7, and xp. nothing works. I can not install the adb drivers for this device, because the phone will not even boot into recover. Recovery is corupted or something. I do have an mtkdroidtools backup, but can not flash it with sp flash because it always gives the error "THIS IS A SECURE BASEBAND CHIP PLEASE LOAD AUTHENICATION FILE". I've worked with kirito9 which was a big help in understanding a few things, but we could not get it sorted. I will stop talking now, and post something useful.
BTW:mobile upgrade tool s does not work either. I get terminal read failure.
As of now im on windows 8.1 with drivers installed. I have posted a couple of videos to show whats going on. Hopefully they will help. I can post some logs, but I honestly dont know which ones you would want, I have a lot of them, and have tried so many things I dont know where to begin again. In the zip file there is 2 videos, and the original mtk.log.
I forgot to mention that, this all started when I wanted to root, and install a custom recovery. I believe I used the guide on here but cant remember seeing as it was a while ago. Also the phone does not vibrate at all. Like I said I have a backup, but I dont remember much about it I dont know how reliable it is, and if I read back with sp flash or not. I believe I had to right? idk. thanks in advance.
https://drive.google.com/file/d/0B_DyVUIoGhqBSXlhbkNhdVNCR1k/view?usp=sharing
Wow I cant believe nobody has run into this problem. That or you guy's are just busy which I totally understand.. I'm just really frustrated. I think I am going to try to return it to t-mobile. You gotta know when your defeated, and this is it. This phone has been a nightmare.... I just hate giving up. I broke it, and I wanted to fix it.
Anyway if this was in the wrong lace to post please let me know. thanks.
I called t-mobile, and told them it didnt work. They asked the normal questions, and agreed to replace it. The guy said they are going to check it out to verify condition. Once they play with it enough to power it on they will see the flash error.
Is this something to worry about? also, is there a way to make sure it doesnt power on? I know thats shady, I just cant afford the deductible right now seeing as i'm out of work at the moment.
TireIron431 said:
I called t-mobile, and told them it didnt work. They asked the normal questions, and agreed to replace it. The guy said they are going to check it out to verify condition. Once they play with it enough to power it on they will see the flash error.
Is this something to worry about? also, is there a way to make sure it doesnt power on? I know thats shady, I just cant afford the deductible right now seeing as i'm out of work at the moment.
Click to expand...
Click to collapse
Hey man, I cant really help with unbricking it. Mediatek chips are not my strong point but i just wanted to say logically if the recovery is corrputed and the rom is corrupted and the bootloader is not playing ball then unless the chips have a write counter/modification check then you should be okay I reckon.
Good luck though
I still have it because I wanted to at least make it boot ok, but to no avail. I got the replacement and made a good back up with mtk droid, but I still get the error.
The phone is an Identical copy of my last one, and still no go. I even tried to flash it with the new phone, I get the same error. so I guess im a monkey, and cant do it right. If it's doing the same thing with the new phone as it is with the bricked one, than its me right?
I did notice that I cant create a scatter file with the create scatter button(its greyed out) I can only make one through the firmware.info.
This is the phone info from both phones.
Hardware : MT6581
Model : ALCATEL ONE TOUCH 4037T
Build number : ALPS.KK1.MP1.V2.10
Build date UTC : 20140918-073410
Android v : 4.4.2
Baseband v: MOLY.WR8.W1315.MD.WG.MP.V34.P13, 2014/09/18 15:26
Kernel v : 3.4.67 ([email protected]) (gcc version 4.7 (GCC) ) #1 SMP Mon Sep 8 10:47:59 CST 2014
Uboot build v : ----- should be root shell
LCD Driver IC : 0-nt35512_dsi_vdo_tdt_lcm_drv
From what I have read this is actually a 6572 chip. Is this correct? I was just thinking that maybe droid tools wasn't reading it right, or backing it up right. Droid tools creats a 6582 scatter file, but my phone says 6581, and I saw 6572. Which one is it? I cant find or make a 6581, so I do not know what to do. I have tried both phones with all of the different drivers, with the different scatters, and I always get error 5000 secure baseband chip.
Hello TireIron, in these moments I am passing through the same despair that you suffered with your telephone, I have done the same steps exactly than for the ones that you passed, although with less results, not even I have been able to find the scatter of the device to use sp flash tool.I have done the same steps you passed for, although with less results, not even I have been able to find the scatter of the device to use sp flash tool.
I don't know, if at the end you could solve the problem and recovering the telephone, if so, what solution did you find? I would thank you for if you shared the solution.
Thanks from the start.
danymt87 said:
Hello TireIron, in these moments I am passing through the same despair that you suffered with your telephone, I have done the same steps exactly than for the ones that you passed, although with less results, not even I have been able to find the scatter of the device to use sp flash tool.I have done the same steps you passed for, although with less results, not even I have been able to find the scatter of the device to use sp flash tool.
I don't know, if at the end you could solve the problem and recovering the telephone, if so, what solution did you find? I would thank you for if you shared the solution.
Thanks from the start.
Click to expand...
Click to collapse
Your issue is you flashed with the secure bootloader still active, as to why your having issues flashing it back... I've been searching around for a Custom Recovery/ROM, I'll check back in if I find anything on Disabling the Secure Bootloader, as I see it your not going to be able to restore (even to STOCK) without Unlocking the Bootloader/ And/Or Reactivating it upon re-flash.... So far no luck on finding a way to disable it, but just started a couple hours ago....
Mike
UPDATE:
ok Upon more searching it appears at the moment you need an NCK BOX...
https://www.google.com/search?q=unl...-8#newwindow=1&q=disable+secure+boot+on+4037t
http://www.ebay.vn/mo-ta-san-pham-281534386171.html
It seems that few ever talk about the ZE500CL variant of the zenfone 2. I've read a whole lot of posts on rooting, unlocking the bootloader, and installing TWRP, but most do not even mention this variant.
I started this thread to collect some information about this device. I would like to know from those who have this device, what has worked for you so far, and what hasn't? I'm especially interested in finding out the 3 things mentioned above.
I've only recently bought the device, and I only rooted it (though I did first get one bootloop already). The method that worked for me is described in this thread: http://forum.xda-developers.com/zenfone2/general/root-ze500cl-z00d-t3116531
The OP of the thread linked above also said that the second method on this thread: http://forum.xda-developers.com/zenfone2/general/root-newbie-root-instructions-zenfone-2-t3114063 works as well.
Btw, make sure the drivers are installed, else the computer won't be able to recognize the device when it is in bootloader mode.
Installing Xposed works as well using the ADB method mentioned in the thread linked below:
http://forum.xda-developers.com/zenfone2/general/guide-to-install-xposed-installer-t3116476
I can add any info you find to the device index in the general section for the 500CL.
Djalaal said:
I've only recently bought the device, and I only rooted it (though I did first get one bootloop already). The method that worked for me is described in this thread: http://forum.xda-developers.com/zenfone2/general/root-ze500cl-z00d-t3116531
The OP of the thread linked above also said that the second method on this thread: http://forum.xda-developers.com/zenfone2/general/root-newbie-root-instructions-zenfone-2-t3114063 works as well.
Btw, make sure the drivers are installed, else the computer won't be able to recognize the device when it is in bootloader mode.
Click to expand...
Click to collapse
How did you fix/handle the bootloop?
Do you know if it is possible to update the phone after rooting it?
cmendonc2 said:
I can add any info you find to the device index in the general section for the 500CL.
Click to expand...
Click to collapse
Sure, that post is much more likely to be noticed than this one. Although I might not find out much. I'm a lot less daring without custom recovery. Hence this thread.
crisbal said:
How did you fix/handle the bootloop?
Do you know if it is possible to update the phone after rooting it?
Click to expand...
Click to collapse
Well, seeing that I do not have a custom recovery (bootloader is still locked), I had to do it the hard way, reflash stock rom. Good news is, apparently your userdata (installed apps+settings and internal memory) is not wiped in the process.
First, you gotta download the rom. Get it from http://forum.xda-developers.com/zenfone2/general/index-asus-zenfone-2-wip-t3149748. Although I got mine here: http://www.asus-zenfone.com/2015/03/asus-zenfone-2-stock-rom-ze500cl-ze550ml-ze551ml.html, which is the old version.
Second, go into recovery mode (from bootloader mode), and use adb sideload ("apply update from ADB") to flash the .zip downloaded before. This is described under "Flashing Zenfone 2 via ADB" on this thread: http://forum.xda-developers.com/zenfone2/general/asus-zenfone-2-flashing-recovery-mode-t3096596
Btw, the bootloop was caused by a mistake I made, not the rooting process.
any news update in our bootloader? hope someone could work for that..
How to get rid off couldn't add widget?
crisbal said:
Do you know if it is possible to update the phone after rooting it?
Click to expand...
Click to collapse
After more than a week of feeling unsure to update mine to WW_12.16.5.118, updating it today after finish uninstalling SuperSU. This is what I have done.
1 - uninstall SuperSU from SuperSU setting - reboot.
2 - update firmware.
3 - re-root using Temporary_CWM method as describe here
Chinaphonearena said:
Method 2: Root through temporary CWM
This is a temporary CWM with the primary purpose of injecting SuperSU onto your Asus Zenfone 2. It doesn't permanently replace recovery. This process looks long, but really is bam 1,2,3 done. Just laid out step by step for the newbie.
link removed due to post count limitation
Unzip the package
Copy SuperSU.zip to the base of your SD card
Enable USB debugging (Settings > Phone info > Tap build 7x > Back button > Developer options > USB debugging)
If you don't already have ADB drivers installed, you may need to [post count restriction] and install them (most PCs have them already, but trying installing these if you're having trouble getting your PC to issue commands to the phone via USB)
With your phone on, attach it to PC via USB
Run 'cai_dat_CWM.bat' from the CWM package
In the black command window that opens, type ACCEPT
Type T4
Phone will reboot into fastboot and you'll see commands being issued from the PC cmd window copying the temporary recovery
You may see some funked up images on your display for a bit. Remove the USB cable and within 30 seconds should then see it booted into CWM
Select install update
Navigate to SuperSU.zip and install
Bam, done.
Click to expand...
Click to collapse
4 - Success!!! now my phone are rooted and all rooted apps installed previously are working.
Note: Previously (before updating FOTA) I also root my ZE500CL using Temporary_CWM since One Click root method aren't working for me.
Recover from bootfreeze while fully stock
Well, after getting a bootfreeze being on a fully (old version) stock ze500cl (Z00D), I figured out something useful. How to recover from a bootfreeze with locked bootloader, non rooted stock rom, without loosing what was saved on your internal storage.
Given that you have not messed with system files (since you aren't rooted), I'm assuming you got either corrupted userdata files or your internal storage is so full, the phone fails to even boot. I had the latter. If system files are the problem, this method might (or probably?) not work. The trick is to use tethered TWRP for backing up your internal storage.
1: Download CWM_Zenfone_2_Intel.zip here: https://www.mediafire.com/folder/w70w7r1a65840/Zenfone_2 (gotten from source 1)
2: Download Recovery.zip here: https://drive.google.com/folderview...T0xRMVRkcTg3MHdlc1o0cVFBc3RPeTQ&usp=drive_web (gotten from source 2)
3: Extract the zip from Step 1.
4: Go to the FB_RecoveryLauncher folder you have extracted, and replace the recovery.zip there with the one downloaded in Step 2.
5: Boot into your stock recovery and connect your phone to the computer. Make sure you have adb and the phone's drivers installed (gotten from source 3).
6. Run the cai_dat_CWM.bat script and you should boot into temporary TWRP recovery after a minute or so.
7. Use TWRP to copy your sdcard folder (internal storage) into your ext_sdcard folder (external storage/microsd) for the sake of backing it up.
8a. In the case of having too full internal storage, simply delete some things in there, and you should be able to boot it again.
8b. Not tested, but in case of corrupted userdata, a factory reset is probably necessary, and will solve the bootfreeze issue.
source 1: http://forum.xda-developers.com/zenfone2/general/root-newbie-root-instructions-zenfone-2-t3114063 (method 2)
source 2: http://forum.xda-developers.com/zenfone2/development/alpha-tethered-twrp-asus-zenfone-2-t3123532
source 3: http://forum.xda-developers.com/zenfone2/general/asus-zenfone-2-flashing-recovery-mode-t3096596
@cmendonc2 , if you want, you can add this to your index.
Djalaal said:
It seems that few ever talk about the ZE500CL variant of the zenfone 2. I've read a whole lot of posts on rooting, unlocking the bootloader, and installing TWRP, but most do not even mention this variant.
I started this thread to collect some information about this device. I would like to know from those who have this device, what has worked for you so far, and what hasn't? I'm especially interested in finding out the 3 things mentioned above.
Click to expand...
Click to collapse
Thank you so much for providing this thread. Found it after hours of scouring the internet in search of help after somehow getting my phone locked in boot-loop. There isn't much support for the ZE500CL, but I will be posting on some blogs while I begin work on mine, and I will reference others to this thread and the few others I've found. Thanks again! :good:
Xanathide said:
Thank you so much for providing this thread. Found it after hours of scouring the internet in search of help after somehow getting my phone locked in boot-loop. There isn't much support for the ZE500CL, but I will be posting on some blogs while I begin work on mine, and I will reference others to this thread and the few others I've found. Thanks again! :good:
Click to expand...
Click to collapse
Sorry, was out of town for 3 months. Glad to be of help. You know where the thanks button is .
I should note that the this phone is now the daily driver of both my parents so I stopped tinkering with it, although I left one of them rooted (and the other not lol). So don't expect more updates from me sadly.
Djalaal said:
Sorry, was out of town for 3 months. Glad to be of help. You know where the thanks button is .
I should note that the this phone is now the daily driver of both my parents so I stopped tinkering with it, although I left one of them rooted (and the other not lol). So don't expect more updates from me sadly.
Click to expand...
Click to collapse
That's quite alright, I've had my fun with Z00D, got myself a LG V10 to break now
I dont ask for directions...
This is my first time asking questions as I have always been able to reverse-engineer (R-E) or as the hacker in swordfish would say "the code just comes to me". Ive been around computers since my dad took me to work at UT and commands were issued with punch out cards....I've been a long time android self taught enthusiast turned professional. ITT Alum etc. I research, I surf, I R-E, and I try every possible option etc...only this has me stumped. And this is the first android that has stumped me. I double checked everything but I keep getting this error in BBQLinux: I followed all pre-update instructions to the T.
fw: ATT_12.16.10.92
adb sideload
This package is not for ATT (WW)
E: Error in /sideload/package.zip
(Status 7)
yes I did with root cmd line, yes cd to zip file location, yes I verified correct fw, even tried different fw zips ZE500CL downloaded officially and from here.
I greatly appreciate any help and I do apologize for "asking for directions"
Computer John dba Austin Computer Techs
cuervo233 said:
This is my first time asking questions as I have always been able to reverse-engineer (R-E) or as the hacker in swordfish would say "the code just comes to me". Ive been around computers since my dad took me to work at UT and commands were issued with punch out cards....I've been a long time android self taught enthusiast turned professional. ITT Alum etc. I research, I surf, I R-E, and I try every possible option etc...only this has me stumped. And this is the first android that has stumped me. I double checked everything but I keep getting this error in BBQLinux: I followed all pre-update instructions to the T.
fw: ATT_12.16.10.92
adb sideload
This package is not for ATT (WW)
E: Error in /sideload/package.zip
(Status 7)
yes I did with root cmd line, yes cd to zip file location, yes I verified correct fw, even tried different fw zips ZE500CL downloaded officially and from here.
I greatly appreciate any help and I do apologize for "asking for directions"
Computer John dba Austin Computer Techs
Click to expand...
Click to collapse
?? Is that att ota youre trying to sideload? Att doesn't have fw, ze500cl does. But just unlock your bootloader, flash twrp, then install whatever, cm, aicp, custom stock or straight stock. http://forum.xda-developers.com/showthread.php?p=64991762
Sent from my MotoG3 using Tapatalk
Cool, I didn't read anywhere about unlocking BL first otherwise Ida made that "turn at the first light". We will ULO thru Asus and continue on our journey. These little Asus trinkets are little buggers being Intel based. Only line of Android devices that have ever stumped me. I am much obliged, fellow XDA brethren. Much obliged.
After pondering a little I came to this conclusion:
UL BL is basically the first step one should take when doing any kind of flashing of internal partitions be it a boot.img, recovery.img, FW etc... at least for the higher end devices. I don't recall having to do that for my sm-n900t recently. Does it only apply for flashing back to stock and not custom roms? Although I didn't have to UL BL first when I heim-dall/Odin flashed my note3 back to stock rom after being boot-looped. Cause once I did that I was able to try out a majority of custom roms available for it whether flashed thru HD/fastboot, Odin, via twrp update zip, or adb sideload. Hmmm, I might understand once I think it thru and look at all the different variables.
Good day gentlemen.
Be vewy vewy quiet, I'm hunting androids...
:good:
@cuervo233 Yes most devices you have to unlock the bootloader first. But there are some devices that already come unlocked. And then there are even some that have bootloaders that cannot be unlocked due to carrier restrictions. In order to get custom recovery to boot you must unlock the bootloader or it must come unlocked. With a custom recovery you can Flash the stock zip file from the Asus website or a custom ROM have fun
Sent from my MotoG3 using Tapatalk
Thank you. I was able to ULBL, flash TWRP, flash to ww 118, root, and now its time to explore the neat wonderful world of custom ROMs. This was by far the hardest yet. Next in line is the cricket Stylo which was also giving me hell, but now I dont think I should have any problem getting it done. I'll keep ya'll posted.:good:
Lg stylo should have way more development, have fun brother. Remember tmobile phones( cricket, walmart family mobile, and metro pcs) you can easily unlock the bootloader . att on the other hand usually has locked down bl.
Sent from my MotoG3 using Tapatalk
Hello guys!
After much research on the internet about unbrick for Moto Z2 Force, after many forums, tutorials, tools, blankflash, etc., I've came to the conclusion: I've not found anyone who has managed to recover a Moto Z2 Force from a hardbrick with a locked bootloader.
Many are hopeful that it is possible to do so, but I believe it is no more than a fairy tale.
If you succeeded, please help others to get it too.
andrecesarvieira said:
Hello guys!
After much research on the internet about unbrick for Moto Z2 Force, after many forums, tutorials, tools, blankflash, etc., I've came to the conclusion: I've not found anyone who has managed to recover a Moto Z2 Force from a hardbrick with a locked bootloader.
Many are hopeful that it is possible to do so, but I believe it is no more than a fairy tale.
If you succeeded, please help others to get it too.
Click to expand...
Click to collapse
My second Z2 kept bricking and locking itself. My only saving Grace was I was able to unlock it since I had the unlock code still and since it wouldn't boot, it would accept the unlock code. It is a slot ab issue where if your phone never took an OTA (I flash all to Oreo and tried flashing DU and AOSP before taking an OTA to open slot B). This caused the phone to lock itself and go a little nuts. But it was unlocked then locked due to slot issues, so it shouldn't count. Maybe my story is a fairy tale ... No... I remember spending the hour trying to figure out why this thing wouldn't install an AOSP rom but my other would just fine, then facepalm when I figured I just needed to take an OTA.
This person had a locked bootloader and we were able to sort through and get it back to good. Maybe yours is a little worse off, idk, but the gist should be the same. I'm not sure what you've tried. whether you can load os, etc. Here is a link to the thread where we finally got it sorted, it's a little hit and miss, but maybe it'll get you going in the right direction.
https://forum.xda-developers.com/z2-force/help/help-help-help-deep-cable-flash-cable-t3925742
41rw4lk said:
This person had a locked bootloader and we were able to sort through and get it back to good. Maybe yours is a little worse off, idk, but the gist should be the same. I'm not sure what you've tried. whether you can load os, etc. Here is a link to the thread where we finally got it sorted, it's a little hit and miss, but maybe it'll get you going in the right direction.
https://forum.xda-developers.com/z2-force/help/help-help-help-deep-cable-flash-cable-t3925742
Click to expand...
Click to collapse
Alas this person had a different problem from me. It sounds like they had something of a pseudo-lock that just needed a nudge to get the kernel to recognize the OEM unlock had been authorized.
The above thread may prove useful to people who have had issues with locked bootloader but who have access to the system.
I do not have access to the system. fastboot oem blankflash command is "restricted" for me. Yet it still classifies both slots as bootable, it just refuses to boot them, which is not enough to trigger any emergency download apparently. It seems this person never succeeded in doing that, because they found an easier way.
I'm really trying to figure out if buying a cable would be worth it, but I have doubts. I was able to access my usb hub and manually short the pin using a voltmeter and some wire to find which traces were connected -- exactly mimicking the action of most "deepflash" cables.
No dice.
That, and I read that the MSM8998 doesn't use the same programmer as other qualcomm androids, possibly uses an older one, and I haven't found any reference to which one. I think blankflash should be possible on these phones, but triggering edl seems impossible from my position, since I have no adb but I do have a basically useless bootloader, which aggressively overrides edl. :angel:
Basically the way I see this, my bootloader thinks its serving a purpose: fending off modified system files, which I unwittingly made its only function when I locked it. It is forbidden from handing over the power of my z force to a patched OS. Since the bootloader exists, and is technically able to boot, it's just not allowed, edl will never be activated because it utterly defeats android security. edl is the backdoor that opens when everything else is completely gone or unintelligible. Is that accurate? :cyclops:
I am beginning to accept that my phone was not meant to be rooted really in the sense that, yes, its Linux and you can, but it's basically been booby trapped by Lenovo and if you fall for the logic I did at first, and try relocking it at the first sign of strange behavior, you have to buy a new phone. Exactly what they want.
Hi
I'm new to the forum but have been doing a fair amount of research. I am stuck now though and would like a bit of help.
My situation is that I have a Xperia XA1 ultra (I know I should post in that device specific forum but not much seems to be happening there) I have a very specific problem that I have treated like a forensics problem.
The phone is locked by a pattern which has been guessed by another person so many times that the gatekeeper only allows one entry per day provided the phone is charged otherwise the timer resets.
It has not been rooted and ADB is disabled.
I have connected to it through fastboot and what I can gather is that it is running Android Oreo.
The system details are as follows:
Product: XA1 Ultra G3221
Build Number: 48.1.A.0.129
Chipset: Mediatek MT6757 Helio P20
Bootloader: Locked
My research has led me to the possibility of loading a recovery image into the RAM of the phone and accessing ADB that way. I tried this with a TWRP image but obviously it didn't work. There is a company called Cellebrite that claims to be able to load it's own boot/recovery image into the bootloader and gain entry that way, however the license is something like £10,000. I'm definitely not a commercial customer.
The final option for me would be to dump the memory via JTAG or chipoff, the contents would be encrypted but I found a blog where somebody had managed to find the location of the gesture.key file while the system was encrypted. I can't remember what the site was called though, it took me ages to find last time.
My main questions are does Sony sign the boot image with it's own keys or does it use the standard Android Verified Boot?
Does Sony reuse the same keys for signing across devices? Likely not but maybe
Is there a way to send specific instructions to the RAM via fastboot?
Does anybody know of an exploit that could be used?
Is there a way to extract the boot.img and recover the Sony keys?
If there any other docs, resources or ways to get the data that could help, I will gladly read and/or try them. I think this forum is probably the biggest resource one though but after a while the specific information needed gets harder to find.
The main thing is that I don't unlock the bootloader and flash anything. It's all got to be live and non data damaging.
I tried MTPwn on the off chance that it would work but nope, it was a no go.
If there was a way to utilise the mediatek exploit to gain entry from fastboot that would be excellent, or to use fastboot to dump the memory.
Thanks for reading, I hope someone can help.
Your thread was quite confusing at first as I wasn't sure what to look for exactly :/
That being said, you have your phone locked and you want to unlock it. However you don't want to flash or reset your device, you don't have root permission, you don't have debugger mode on and you don't want to unlock the bootloader, correct?
Basically you're asking for the impossible...
All I can think of is FROST attack. See article for details and source code.
You can also send your device to your nearest Sony service center and they can probably fix it with no memory loss.
Other than that, you MUST hard reset your phone if you want it back.
However should you come to your mind and realize the reality of the situation where you shouldn't be picky about it then you can start with flashing custom recovery. Or using third-party programs like dr.fone.
XDHx86 said:
Your thread was quite confusing at first as I wasn't sure what to look for exactly :/
That being said, you have your phone locked and you want to unlock it. However you don't want to flash or reset your device, you don't have root permission, you don't have debugger mode on and you don't want to unlock the bootloader, correct?
Basically you're asking for the impossible...
All I can think of is FROST attack. See article for details and source code.
You can also send your device to your nearest Sony service center and they can probably fix it with no memory loss.
Other than that, you MUST hard reset your phone if you want it back.
However should you come to your mind and realize the reality of the situation where you shouldn't be picky about it then you can start with flashing custom recovery. Or using third-party programs like dr.fone.
Click to expand...
Click to collapse
Thanks for getting back to me, yes I realise it is asking for the impossible. I'll have a research around that article and see if I can find some information on how to write the program to dump the contents over USB. I tried Dr Fone but that only gave me the option of a hard reset.
My current line of attack is an exploit over USB called OATmeal, whereby a Raspberry Pi is used over OTG with a filesystem label of "../../data", it allows the filesystem of the phone to be mounted and data written off. It is a little complex and so I am struggling a bit with getting it to work. The team over at Project Zero have a good write-up of it so I'm following that and the POC at exploit-db to guide me through it.
I think I will be able to get the USB part to work but I'm not sure if I have to write a Java file to automatically run when /data is mounted, or if that's even possible.
Forenzo said:
My current line of attack is an exploit over USB called OATmeal
Click to expand...
Click to collapse
Not to make you frustrated, but this is an old exploit and I highly doubt it'd work on your device, unless your device security patch is older than 9-2018.
And you can't rollback on your security patch.
You should really consider flashing TWRP or other custom recovery. You have no other option.
XDHx86 said:
Not to make you frustrated, but this is an old exploit and I highly doubt it'd work on your device, unless your device security patch is older than 9-2018.
And you can't rollback on your security patch.
You should really consider flashing TWRP or other custom recovery. You have no other option.
Click to expand...
Click to collapse
Fortunately the device hasn't been updated since around 2-2018 or 3-2018 so any exploit I can find from then onwards that I can use will be great. I really do get that the only realistic option is to unlock the bootloader and flash the recovery but the data needs to be recovered and I absolutely don't want to wipe it.
If I can't do it then it will gather dust until the end of time...
It seems that no matter what I say you won't realize the situation you are in.
I can only suggest to NEVER mess with the phone circuits or the motherboard. No matter which stupid yoututbe tutorial you saw. Those guys are douchebags who only know how to get views and don't care for whatever you/they do to your device.
Needless to say messing with the circuits or the motherboard require dexterity and experience which I'm positive you don't have.
As I said before if you send it to an authorized service center, then they can help you with it without memory loss.
Sending you device to a service center isn't an insult or an act of low self esteem. Service centers exist for a reason, and they're basically geeks who are too passionate about electronics and decided to make a living out of it.
Or maybe you can somehow use the EDL mode on the phone.
In Qualcomm devices the EDL mode is locked and can only be accessed by an authorized person who have the security code of your device. I don't know if it even exist in MTK devices.
Should you actually manage to boot into EDL mode - Assuming it exists and is unlocked - then BEWARE: EDL mode is very low level and any command can directly affect the kernel or compromise the system. Don't use commands you're not sure what do they do.
You can use EDL mode to recover the data from the phone then wipe it clean, then restore the data.
You cannot access memory with EDL mode, but you can access the current image on your device. And from which you can get the key file.
EDL mode is a very very powerful tool (Much more powerful than debugging, fastboot, or anything you may know of) as it doesn't need unlocked bootloader to use it and through which you can do anything to your device including flashing other ROMs.
Good luck on your impossible quest. Make sure to post updates should you find yourself stuck.