Hi everyone,
I'm currently using Hisense Pureshot aka HS-L671, using android Lollipop 5.0.2. It has Snapdragon 415 MSM8929, which is very similiar to Snapdragon 615 MSM8939, but with some missing feature (just like rip-off version of SD615). AFAIK currently there are only two phones use this SD415, the other one is Micromax Canvas Nitro 4G (E455) (3, if we count in the 5,5 inch variant of Pureshot+/HS-L695). That's why the documentation is still very scarce.
Edit : it seems there are several phones using this SoC now. I am currently researching about j7
Main Purpose
I post this thread for two main reasons :
1. To do full backup of my current phone, without root or modifiying any existing partitions (as I do below with my previous phone). This is to ensure I can revert back any modified phone to its original state, should we need to claim for RMA in case of hardware failure (not software). I know reverting to original state is possible to be done by flashing rooted stock ROM; then unroot afterward. But AFAIK, full unroot will leave trail of modified timestamp in /system partition. I don't want any trail of modification. (preferred if possible)
2. After backup, I will take the recovery.img and boot.img to compile TWRP in BBQLinux. Then flash it back to the phone. Boot up to TWRP and flash SuperSU.zip to obtain root access. Then I will proceed on a lot of modifications which require root. If number 1 cannot be done first, I have no problem if there is a way to obtain root first, then do the backup later using different tool.
Previous experience with SD200
Based on my experience with previous phone, Andromax C2 aka Hisense AD688G (1st gen), Android JB 4.3, Snapdragon 200 MSM8610; it can boot directly to Qualcomm MMC Storage Mode, which maybe known as Emergency Host DownLoad or Qualcomm HS-USB Diagnostics 9006 (CMIIW). To enter this mode, I need to turn off the phone, unplug the battery, holding down Power + Volume Down button, while connecting it to PC (Win 7 64 bit) via USB cable (I have installed qualcomm driver before). Then it will pop up a lot of prompt to format the drives, which I ignore all of them. In the device manager, it will be detected as Qualcomm MMC Storage. From there, I can proceed on backup every partition of the phone using HDDRaw copy, partition guru or emmc raw tool (preferred one). This can be done without root or any modification to the phone. Which is why this method of backup is preferred, since i can always start with "clean slate", should anything wrong happen (restore using the same method). And it doesn't leave trail of folder modification timestamp as it will be if I flash rooted stock ROM then unroot.
Power button + combination
Now, with the latest snapdragon family 410, 615, including 415 above, it seems there is no way to boot directly to the same Qualcomm MMC Storage / (as far as I read till now from tirta.agung thread). I have tried several combination, and the result is below.
Power : Turn on Phone
Power + Vol Up : nothing happen. If not followed by next action, Phone boot normally
Power + Vol Up, followed by holding vol down at the second logo : Enter safe mode
Power + Vol down : Enter firmware status (Official)
Power + Vol down, followed by holding Power : Enter Recovery mode
In the recovery menu, there is a menu to "Reboot to bootloader", which will boot the phone to Fastboot downloading mode.
Power + Vol Up + Vol Down : TF update
Combining with USB cable
Power + Plug in USB cable : Turn On Phone
Vol Up + Plug USB : Enter Fastboot downloading
Vol up + Vol down + Plug USB : TF Update. Seems like the USB become the power button
Vol Up + Power + Plug USB, Release Power button after vibrate : EngTest mode, diagnostic mode. In QPST will be detected as the diagnostic port, seems to be Hisense Proprietary one.
Unplug battery : Any combination of power button, vol up and vol down didn't give any response or vibration, nothing detected in device manager or usb deview.
Using adb, only 3 reboot choice : reboot, reboot recovery, reboot bootloader. Reboot edl don't work (wonder if anyone success at another phone)
Using fastboot, is similiar to adb : fastboot reboot and fastboot reboot bootloader. Reboot edl don't work either. Fastboot oem unlock do nothing as well.
Enter Qualcomm HS-USB QDLoader 9008
It seems the Engtest mode boot in android OS, as I can see the prompt asking for USB connection mode (MTP, CD ROM, charge only etc). And IDK if it is a bug, but every time I boot to this Engtest, the next reboot always remove all of my account (Google, whatsapp, mysmartfren (my ISP)). I need to add back, resync contact, resetting gmail and etc. Later, I discovered that i don't need this engtest anymore. As long as I have installed all driver : Qualcomm, Hisense and QPST; every time I connect the USB when the phone is on, it will detected as diagnostic mode.
From this diagnostic mode, I can switch the phone to Download mode (9008), by using eMMC software download (QPST) > Switch device to DLoad; or using EFS Pro - Qualcomm NV Tools > Change mode to Download Mode. Phone will reboot, screen off and vibrate a while. Diagnostic port now is closed and it will add a new port, Q/QCP-XXX - Sahara Memory Dump. Device manager will detect Qualcomm HS-USB QDLoader 9008.
From this mode, AFAIK I still need MPRG8929.hex and 8929_msmimage.mbn to boot it to 9006 mode. But the current available hex/bin and mbn only for 8974, 8916 and 8939 (8936 mbn). Looking to the build.prop and the lib folder of my phone, it seems to have a lot of similiarity with MSM8939. So i was thinking to use the MPRG and mbn from MSM8939. But I still haven't tried it yet, as i need more confirmation. This is my main phone, that's why i am very careful with it, my backup phone is too weak now for daily usage.
BTW, I am using latest WHQL qualcomm driver, version 2.1.0.5 and Hisense driver directly from the phone's CDROM iso. Using universal driver installer also give the same driver. QPST 2.7 build 425.1. Build 422 give me the same result. Main PC is Win 7 Ultimate 64 bit SP1. I have tested it in XP SP3, and give the same result, so not the WHQL driver signing problem.
TF Update
Someone point me out about TF Update file for HS-L965 (the 5.5 inch variant). This file supposed to be flashed through TF Update process (Power + Vol Up + Vol Down). I manage to download it and of course i don't flash it to my phone, since it is from different version. I try to extract out recovery.img and boot.img, by mounting it or open it from archive program. Disk Internal Linux reader can mount the bin properly and show up with 20 something partition, which is very similiar to what I see from qualcomm partitions. I try to open each partition, of course it fails, as it is not ext4 file system (even /system also fail). Try to create image from recovery, boot and system partition; and it manage to be extracted out. But the result is very different from the typical raw img. It doesn't contain proper file header for recovery, boot, and system .img. The hex header supposed to be "ANDROID". But all of the extracted img don't have it. If I unpack the boot.img and recovery.img, carliv unpacker also give no folder structured result, only compressed ram-disk. Try to use ext4unpacker also no luck. So any image extracted is useless, as they don't seems to have the correct file header (or maybe it is wrong reading from the linux reader).
I have spent this whole week trying to find the way to boot the phone to 9006 mode. I have googled a lot, have finisihed reading from 1st page to the last page
[PROJECT] Reviving Hard Bricked YU (QLoader 9008 Mode)
[R&D][QUALCOMM] Using QDL, EHostDL and DIAG interfaces & features
and some other thread. I might miss some info, partially because I sometimes read it in half drowsy state. So, I'll be glad to be pointed out the missing info.
Alternative root method
I have searched for the canvas nitro 4G rooting process, and there is no answer yet at http://forum.xda-developers.com/general/xda-assist/root-micromax-canvas-nitro-3-4g-e455-t3225783 and http://forum.xda-developers.com/android/help/how-to-root-micromax-canvas-nitro-4g-t3209976.
I also know about kingroot. But there are a lot of privacy issues with that program, so I want to stay away from it. From my friend, they said they've tried the latest version, but still fail to root. So I don't try it anymore. But if there is no other way, I might give it a shot as well. A lot of other root tools also fail to root this phone. So, flashing SuperSU.zip from TWRP, seems to be the only way to root it.
Question
From all information above, now here comes the questions :
1. Is there a way to enter 9006 Mode without doing any modification or flash programmer file in the latest qualcomm SoC ? (SD410, SD415, SD615, SD810 above)
2. What the MPRG and MBN really do when flashed to device? Do they stay at the emmc, means they replace some partition inside the Phone? Or they just stay at RAM and will be wiped out on the next reboot; so we need to flash it again if we want to enter 9006 from 9008?
3. What is the risk of using wrong MPRG and MBN file from different SoC? As I wanna try to use the ones from MSM8916 and MSM8939 (MSM8936). I have downloaded it already, but too scare to use it.
4. How we can know we are using the correct MPRG and MBN file? How they were created at first? Is it possible to create it from some partition in the phone?
5. How to extract the TF update .bin file properly? And how they were created at first? And it is possible to create it our self, without the need of any signature/certificate from the vendor?
Sorry if there are too many questions and this thread is very long. I don't expect all questions to be answered though. As long as the main purpose above is achieved, that's nice already.
If there is any additional info needed, I will provided it later.
Thanks in Advance.
Hi,
I am also looking for similar solution. Hope somebody comes up with one
Hii i want if there is any root solution for canvas nitro 4g
Have been using this phone for 3 months without any root solution. I will answer my own question
1. No other way found to enter 9006 diag mode
2. I checked at other MSM8916 phone, flashing the MPRG/MBN file means permanent modification, which cannot be reverted again.
3. Haven't tried, as afraid of point 2
4. Also give up, as point 2
5. Still not yet discover the way.
Until today, still no method for rooting SD415 based phone. Have tried :
1. Kingroot, always test the latest version, both PC and android app
2. iroot/vroot, both pc and android
3. Kingoroot, both pc and android
4. Pingpong
5. Towelroot (ofc failed)
6. Framaroot (also outdated)
7. Mobilego
8. Flashing SuperSu.zip, failed in zip signature verification (ofc as still using stock recovery)
Other option remain in compiling TWRP. But so far, I can't even finish compiling TWRP from Blade S6, always got error message.
If compiling keep getting error, I need to find way to extract out the stock recovery image, either from the phone itself (without root) or from the tf update .bin. Then i just only need to dirty port the TWRP from similiar phone, just by changing the recovery.fstab. Or I could just simply upload to CWM, to build the CWM recovery online.
Desmanto said:
Hi everyone,
I'm currently using Hisense Pureshot aka HS-L671, using android Lollipop 5.0.2. It has Snapdragon 415 MSM8929, which is very similiar to Snapdragon 615 MSM8939, but with some missing feature (just like rip-off version of SD615). AFAIK currently there are only two phones use this SD415, the other one is Micromax Canvas Nitro 4G (E455) (3, if we count in the 5,5 inch variant of Pureshot+/HS-L695). That's why the documentation is still very scarce.
Edit : it seems there are several phones using this SoC now. I am currently researching about j7
Main Purpose
I post this thread for two main reasons :
1. To do full backup of my current phone, without root or modifiying any existing partitions (as I do below with my previous phone). This is to ensure I can revert back any modified phone to its original state, should we need to claim for RMA in case of hardware failure (not software). I know reverting to original state is possible to be done by flashing rooted stock ROM; then unroot afterward. But AFAIK, full unroot will leave trail of modified timestamp in /system partition. I don't want any trail of modification. (preferred if possible)
2. After backup, I will take the recovery.img and boot.img to compile TWRP in BBQLinux. Then flash it back to the phone. Boot up to TWRP and flash SuperSU.zip to obtain root access. Then I will proceed on a lot of modifications which require root. If number 1 cannot be done first, I have no problem if there is a way to obtain root first, then do the backup later using different tool.
Previous experience with SD200
Based on my experience with previous phone, Andromax C2 aka Hisense AD688G (1st gen), Android JB 4.3, Snapdragon 200 MSM8610; it can boot directly to Qualcomm MMC Storage Mode, which maybe known as Emergency Host DownLoad or Qualcomm HS-USB Diagnostics 9006 (CMIIW). To enter this mode, I need to turn off the phone, unplug the battery, holding down Power + Volume Down button, while connecting it to PC (Win 7 64 bit) via USB cable (I have installed qualcomm driver before). Then it will pop up a lot of prompt to format the drives, which I ignore all of them. In the device manager, it will be detected as Qualcomm MMC Storage. From there, I can proceed on backup every partition of the phone using HDDRaw copy, partition guru or emmc raw tool (preferred one). This can be done without root or any modification to the phone. Which is why this method of backup is preferred, since i can always start with "clean slate", should anything wrong happen (restore using the same method). And it doesn't leave trail of folder modification timestamp as it will be if I flash rooted stock ROM then unroot.
Power button + combination
Now, with the latest snapdragon family 410, 615, including 415 above, it seems there is no way to boot directly to the same Qualcomm MMC Storage / (as far as I read till now from tirta.agung thread). I have tried several combination, and the result is below.
Power : Turn on Phone
Power + Vol Up : nothing happen. If not followed by next action, Phone boot normally
Power + Vol Up, followed by holding vol down at the second logo : Enter safe mode
Power + Vol down : Enter firmware status (Official)
Power + Vol down, followed by holding Power : Enter Recovery mode
In the recovery menu, there is a menu to "Reboot to bootloader", which will boot the phone to Fastboot downloading mode.
Power + Vol Up + Vol Down : TF update
Combining with USB cable
Power + Plug in USB cable : Turn On Phone
Vol Up + Plug USB : Enter Fastboot downloading
Vol up + Vol down + Plug USB : TF Update. Seems like the USB become the power button
Vol Up + Power + Plug USB, Release Power button after vibrate : EngTest mode, diagnostic mode. In QPST will be detected as the diagnostic port, seems to be Hisense Proprietary one.
Unplug battery : Any combination of power button, vol up and vol down didn't give any response or vibration, nothing detected in device manager or usb deview.
Using adb, only 3 reboot choice : reboot, reboot recovery, reboot bootloader. Reboot edl don't work (wonder if anyone success at another phone)
Using fastboot, is similiar to adb : fastboot reboot and fastboot reboot bootloader. Reboot edl don't work either. Fastboot oem unlock do nothing as well.
Enter Qualcomm HS-USB QDLoader 9008
It seems the Engtest mode boot in android OS, as I can see the prompt asking for USB connection mode (MTP, CD ROM, charge only etc). And IDK if it is a bug, but every time I boot to this Engtest, the next reboot always remove all of my account (Google, whatsapp, mysmartfren (my ISP)). I need to add back, resync contact, resetting gmail and etc. Later, I discovered that i don't need this engtest anymore. As long as I have installed all driver : Qualcomm, Hisense and QPST; every time I connect the USB when the phone is on, it will detected as diagnostic mode.
From this diagnostic mode, I can switch the phone to Download mode (9008), by using eMMC software download (QPST) > Switch device to DLoad; or using EFS Pro - Qualcomm NV Tools > Change mode to Download Mode. Phone will reboot, screen off and vibrate a while. Diagnostic port now is closed and it will add a new port, Q/QCP-XXX - Sahara Memory Dump. Device manager will detect Qualcomm HS-USB QDLoader 9008.
From this mode, AFAIK I still need MPRG8929.hex and 8929_msmimage.mbn to boot it to 9006 mode. But the current available hex/bin and mbn only for 8974, 8916 and 8939 (8936 mbn). Looking to the build.prop and the lib folder of my phone, it seems to have a lot of similiarity with MSM8939. So i was thinking to use the MPRG and mbn from MSM8939. But I still haven't tried it yet, as i need more confirmation. This is my main phone, that's why i am very careful with it, my backup phone is too weak now for daily usage.
BTW, I am using latest WHQL qualcomm driver, version 2.1.0.5 and Hisense driver directly from the phone's CDROM iso. Using universal driver installer also give the same driver. QPST 2.7 build 425.1. Build 422 give me the same result. Main PC is Win 7 Ultimate 64 bit SP1. I have tested it in XP SP3, and give the same result, so not the WHQL driver signing problem.
TF Update
Someone point me out about TF Update file for HS-L965 (the 5.5 inch variant). This file supposed to be flashed through TF Update process (Power + Vol Up + Vol Down). I manage to download it and of course i don't flash it to my phone, since it is from different version. I try to extract out recovery.img and boot.img, by mounting it or open it from archive program. Disk Internal Linux reader can mount the bin properly and show up with 20 something partition, which is very similiar to what I see from qualcomm partitions. I try to open each partition, of course it fails, as it is not ext4 file system (even /system also fail). Try to create image from recovery, boot and system partition; and it manage to be extracted out. But the result is very different from the typical raw img. It doesn't contain proper file header for recovery, boot, and system .img. The hex header supposed to be "ANDROID". But all of the extracted img don't have it. If I unpack the boot.img and recovery.img, carliv unpacker also give no folder structured result, only compressed ram-disk. Try to use ext4unpacker also no luck. So any image extracted is useless, as they don't seems to have the correct file header (or maybe it is wrong reading from the linux reader).
I have spent this whole week trying to find the way to boot the phone to 9006 mode. I have googled a lot, have finisihed reading from 1st page to the last page
[PROJECT] Reviving Hard Bricked YU (QLoader 9008 Mode)
[R&D][QUALCOMM] Using QDL, EHostDL and DIAG interfaces & features
and some other thread. I might miss some info, partially because I sometimes read it in half drowsy state. So, I'll be glad to be pointed out the missing info.
Alternative root method
I have searched for the canvas nitro 4G rooting process, and there is no answer yet at http://forum.xda-developers.com/general/xda-assist/root-micromax-canvas-nitro-3-4g-e455-t3225783 and http://forum.xda-developers.com/android/help/how-to-root-micromax-canvas-nitro-4g-t3209976.
I also know about kingroot. But there are a lot of privacy issues with that program, so I want to stay away from it. From my friend, they said they've tried the latest version, but still fail to root. So I don't try it anymore. But if there is no other way, I might give it a shot as well. A lot of other root tools also fail to root this phone. So, flashing SuperSU.zip from TWRP, seems to be the only way to root it.
Question
From all information above, now here comes the questions :
1. Is there a way to enter 9006 Mode without doing any modification or flash programmer file in the latest qualcomm SoC ? (SD410, SD415, SD615, SD810 above)
2. What the MPRG and MBN really do when flashed to device? Do they stay at the emmc, means they replace some partition inside the Phone? Or they just stay at RAM and will be wiped out on the next reboot; so we need to flash it again if we want to enter 9006 from 9008?
3. What is the risk of using wrong MPRG and MBN file from different SoC? As I wanna try to use the ones from MSM8916 and MSM8939 (MSM8936). I have downloaded it already, but too scare to use it.
4. How we can know we are using the correct MPRG and MBN file? How they were created at first? Is it possible to create it from some partition in the phone?
5. How to extract the TF update .bin file properly? And how they were created at first? And it is possible to create it our self, without the need of any signature/certificate from the vendor?
Sorry if there are too many questions and this thread is very long. I don't expect all questions to be answered though. As long as the main purpose above is achieved, that's nice already.
If there is any additional info needed, I will provided it later.
Thanks in Advance.[/QUOTE
you have the file which i need
MPRG8939 hex file and mbn
could you please give me these ?
Click to expand...
Click to collapse
hiii
my nokia xl black screen dead ..
when phone connect to pc qulicom port detect but mcc strge not dispying .. plzz help
sry for bad english
Desmanto said:
Hi everyone,
I'm currently using Hisense Pureshot aka HS-L671, using android Lollipop 5.0.2. It has Snapdragon 415 MSM8929, which is very similiar to Snapdragon 615 MSM8939, but with some missing feature (just like rip-off version of SD615). AFAIK currently there are only two phones use this SD415, the other one is Micromax Canvas Nitro 4G (E455) (3, if we count in the 5,5 inch variant of Pureshot+/HS-L695). That's why the documentation is still very scarce.
Edit : it seems there are several phones using this SoC now. I am currently researching about j7
Main Purpose
I post this thread for two main reasons :
1. To do full backup of my current phone, without root or modifiying any existing partitions (as I do below with my previous phone). This is to ensure I can revert back any modified phone to its original state, should we need to claim for RMA in case of hardware failure (not software). I know reverting to original state is possible to be done by flashing rooted stock ROM; then unroot afterward. But AFAIK, full unroot will leave trail of modified timestamp in /system partition. I don't want any trail of modification. (preferred if possible)
2. After backup, I will take the recovery.img and boot.img to compile TWRP in BBQLinux. Then flash it back to the phone. Boot up to TWRP and flash SuperSU.zip to obtain root access. Then I will proceed on a lot of modifications which require root. If number 1 cannot be done first, I have no problem if there is a way to obtain root first, then do the backup later using different tool.
Previous experience with SD200
Based on my experience with previous phone, Andromax C2 aka Hisense AD688G (1st gen), Android JB 4.3, Snapdragon 200 MSM8610; it can boot directly to Qualcomm MMC Storage Mode, which maybe known as Emergency Host DownLoad or Qualcomm HS-USB Diagnostics 9006 (CMIIW). To enter this mode, I need to turn off the phone, unplug the battery, holding down Power + Volume Down button, while connecting it to PC (Win 7 64 bit) via USB cable (I have installed qualcomm driver before). Then it will pop up a lot of prompt to format the drives, which I ignore all of them. In the device manager, it will be detected as Qualcomm MMC Storage. From there, I can proceed on backup every partition of the phone using HDDRaw copy, partition guru or emmc raw tool (preferred one). This can be done without root or any modification to the phone. Which is why this method of backup is preferred, since i can always start with "clean slate", should anything wrong happen (restore using the same method). And it doesn't leave trail of folder modification timestamp as it will be if I flash rooted stock ROM then unroot.
Power button + combination
Now, with the latest snapdragon family 410, 615, including 415 above, it seems there is no way to boot directly to the same Qualcomm MMC Storage / (as far as I read till now from tirta.agung thread). I have tried several combination, and the result is below.
Power : Turn on Phone
Power + Vol Up : nothing happen. If not followed by next action, Phone boot normally
Power + Vol Up, followed by holding vol down at the second logo : Enter safe mode
Power + Vol down : Enter firmware status (Official)
Power + Vol down, followed by holding Power : Enter Recovery mode
In the recovery menu, there is a menu to "Reboot to bootloader", which will boot the phone to Fastboot downloading mode.
Power + Vol Up + Vol Down : TF update
Combining with USB cable
Power + Plug in USB cable : Turn On Phone
Vol Up + Plug USB : Enter Fastboot downloading
Vol up + Vol down + Plug USB : TF Update. Seems like the USB become the power button
Vol Up + Power + Plug USB, Release Power button after vibrate : EngTest mode, diagnostic mode. In QPST will be detected as the diagnostic port, seems to be Hisense Proprietary one.
Unplug battery : Any combination of power button, vol up and vol down didn't give any response or vibration, nothing detected in device manager or usb deview.
Using adb, only 3 reboot choice : reboot, reboot recovery, reboot bootloader. Reboot edl don't work (wonder if anyone success at another phone)
Using fastboot, is similiar to adb : fastboot reboot and fastboot reboot bootloader. Reboot edl don't work either. Fastboot oem unlock do nothing as well.
Enter Qualcomm HS-USB QDLoader 9008
It seems the Engtest mode boot in android OS, as I can see the prompt asking for USB connection mode (MTP, CD ROM, charge only etc). And IDK if it is a bug, but every time I boot to this Engtest, the next reboot always remove all of my account (Google, whatsapp, mysmartfren (my ISP)). I need to add back, resync contact, resetting gmail and etc. Later, I discovered that i don't need this engtest anymore. As long as I have installed all driver : Qualcomm, Hisense and QPST; every time I connect the USB when the phone is on, it will detected as diagnostic mode.
From this diagnostic mode, I can switch the phone to Download mode (9008), by using eMMC software download (QPST) > Switch device to DLoad; or using EFS Pro - Qualcomm NV Tools > Change mode to Download Mode. Phone will reboot, screen off and vibrate a while. Diagnostic port now is closed and it will add a new port, Q/QCP-XXX - Sahara Memory Dump. Device manager will detect Qualcomm HS-USB QDLoader 9008.
From this mode, AFAIK I still need MPRG8929.hex and 8929_msmimage.mbn to boot it to 9006 mode. But the current available hex/bin and mbn only for 8974, 8916 and 8939 (8936 mbn). Looking to the build.prop and the lib folder of my phone, it seems to have a lot of similiarity with MSM8939. So i was thinking to use the MPRG and mbn from MSM8939. But I still haven't tried it yet, as i need more confirmation. This is my main phone, that's why i am very careful with it, my backup phone is too weak now for daily usage.
BTW, I am using latest WHQL qualcomm driver, version 2.1.0.5 and Hisense driver directly from the phone's CDROM iso. Using universal driver installer also give the same driver. QPST 2.7 build 425.1. Build 422 give me the same result. Main PC is Win 7 Ultimate 64 bit SP1. I have tested it in XP SP3, and give the same result, so not the WHQL driver signing problem.
TF Update
Someone point me out about TF Update file for HS-L965 (the 5.5 inch variant). This file supposed to be flashed through TF Update process (Power + Vol Up + Vol Down). I manage to download it and of course i don't flash it to my phone, since it is from different version. I try to extract out recovery.img and boot.img, by mounting it or open it from archive program. Disk Internal Linux reader can mount the bin properly and show up with 20 something partition, which is very similiar to what I see from qualcomm partitions. I try to open each partition, of course it fails, as it is not ext4 file system (even /system also fail). Try to create image from recovery, boot and system partition; and it manage to be extracted out. But the result is very different from the typical raw img. It doesn't contain proper file header for recovery, boot, and system .img. The hex header supposed to be "ANDROID". But all of the extracted img don't have it. If I unpack the boot.img and recovery.img, carliv unpacker also give no folder structured result, only compressed ram-disk. Try to use ext4unpacker also no luck. So any image extracted is useless, as they don't seems to have the correct file header (or maybe it is wrong reading from the linux reader).
I have spent this whole week trying to find the way to boot the phone to 9006 mode. I have googled a lot, have finisihed reading from 1st page to the last page
[PROJECT] Reviving Hard Bricked YU (QLoader 9008 Mode)
[R&D][QUALCOMM] Using QDL, EHostDL and DIAG interfaces & features
and some other thread. I might miss some info, partially because I sometimes read it in half drowsy state. So, I'll be glad to be pointed out the missing info.
Alternative root method
I have searched for the canvas nitro 4G rooting process, and there is no answer yet at http://forum.xda-developers.com/general/xda-assist/root-micromax-canvas-nitro-3-4g-e455-t3225783 and http://forum.xda-developers.com/android/help/how-to-root-micromax-canvas-nitro-4g-t3209976.
I also know about kingroot. But there are a lot of privacy issues with that program, so I want to stay away from it. From my friend, they said they've tried the latest version, but still fail to root. So I don't try it anymore. But if there is no other way, I might give it a shot as well. A lot of other root tools also fail to root this phone. So, flashing SuperSU.zip from TWRP, seems to be the only way to root it.
Question
From all information above, now here comes the questions :
1. Is there a way to enter 9006 Mode without doing any modification or flash programmer file in the latest qualcomm SoC ? (SD410, SD415, SD615, SD810 above)
2. What the MPRG and MBN really do when flashed to device? Do they stay at the emmc, means they replace some partition inside the Phone? Or they just stay at RAM and will be wiped out on the next reboot; so we need to flash it again if we want to enter 9006 from 9008?
3. What is the risk of using wrong MPRG and MBN file from different SoC? As I wanna try to use the ones from MSM8916 and MSM8939 (MSM8936). I have downloaded it already, but too scare to use it.
4. How we can know we are using the correct MPRG and MBN file? How they were created at first? Is it possible to create it from some partition in the phone?
5. How to extract the TF update .bin file properly? And how they were created at first? And it is possible to create it our self, without the need of any signature/certificate from the vendor?
Sorry if there are too many questions and this thread is very long. I don't expect all questions to be answered though. As long as the main purpose above is achieved, that's nice already.
If there is any additional info needed, I will provided it later.
Thanks in Advance.
Click to expand...
Click to collapse
Hi ,
i am wondering if we can enable Qualcomm MMC Storage 9006 mode over the adb mode if phone is rooted. Thanks
oakerzaw said:
you have the file which i need
MPRG8939 hex file and mbn
could you please give me these
Click to expand...
Click to collapse
The hex and mbn file seems to be device spesific. You should find the one for your device. I also don't have for my phone, as the vendor don't provide us the stock firmware. You can try to visit needrom to see whether someone have uploaded the ROM for you device.
bluffmaster said:
Hi ,
i am wondering if we can enable Qualcomm MMC Storage 9006 mode over the adb mode if phone is rooted. Thanks
Click to expand...
Click to collapse
No hope till date. I have tried for almost 3 month back then. Until i directly take the risk and port TWRP from other SD615 device using the kernel from other Hisense device. I think it is the only way to root the phone for latest qualcomm chipset. I use the same method to root another SD617 phone. 9006 need some kind of the hex/mbn file to force it to boot that mode. Most of the tool now use QFIL, which use 9008 mode, not 9006 mode anymore.
My ot-5042x one touch pop 2 is hard-bricked ...... I bought this phone second hand, I didn't have any info about the phone apart of the alto45 written in the mainboard.
Phone were running 4.4.2 maybe custom rom and there were wifi and data problem so I wanted to flash it but it were in emmc storage mode so I couldn't use mobile uprade q (otu) and when I tried to flash recovery twrp for the device recovery went white screen then I noticed that all ot-5042 firmware in the internet were 4.4.4 so I wanted to upgrade to solve wifi problem then I used a complete backup of all partition from 5042x with twrp to flash the partition in emmc raw tool and I could use twrp but the system.img were to big for the partition so I did not try to fix but I flashe a russian firmware for 5042d and the problem started...
Phone is now in soft-hardbrick mode... Native recovery, no adb (not authorized) , no fastboot, in qdl9008 mode and I can't switch to 9006 to write full backup, and has battery problem and not get past the thired logo and turn off and tells battery 0% but not charging and turn off even if plugged in the computer. I think bootldoader corrupted and the RPM too so there no power management in the phone..... The backup was from orange Roya so I can't use Mobile upgrade q.... I really want it to get in mmc storage mode again !!!!!
Qualcomm HS-USB QDLoader 9008 samsung shv e110s
upload
-APQ0860.hex <--------------qualcomm
-0860_msimage.mbn <-------------- Main
-rawprogram_16GB.xml
-patch0.xml
Hi Desmanto,
From which software and how to force phone to boot 9008 QD loader mode to 9006 Qualcomm mass storage mode,
I will appreciate if you share any tutorial or method. thanks
Regards
Bluffmaster
Desmanto said:
Hi everyone,
I'm currently using Hisense Pureshot aka HS-L671, using android Lollipop 5.0.2. It has Snapdragon 415 MSM8929, which is very similiar to Snapdragon 615 MSM8939, but with some missing feature (just like rip-off version of SD615). AFAIK currently there are only two phones use this SD415, the other one is Micromax Canvas Nitro 4G (E455) (3, if we count in the 5,5 inch variant of Pureshot+/HS-L695). That's why the documentation is still very scarce.
Edit : it seems there are several phones using this SoC now. I am currently researching about j7
Main Purpose
I post this thread for two main reasons :
1. To do full backup of my current phone, without root or modifiying any existing partitions (as I do below with my previous phone). This is to ensure I can revert back any modified phone to its original state, should we need to claim for RMA in case of hardware failure (not software). I know reverting to original state is possible to be done by flashing rooted stock ROM; then unroot afterward. But AFAIK, full unroot will leave trail of modified timestamp in /system partition. I don't want any trail of modification. (preferred if possible)
2. After backup, I will take the recovery.img and boot.img to compile TWRP in BBQLinux. Then flash it back to the phone. Boot up to TWRP and flash SuperSU.zip to obtain root access. Then I will proceed on a lot of modifications which require root. If number 1 cannot be done first, I have no problem if there is a way to obtain root first, then do the backup later using different tool.
Previous experience with SD200
Based on my experience with previous phone, Andromax C2 aka Hisense AD688G (1st gen), Android JB 4.3, Snapdragon 200 MSM8610; it can boot directly to Qualcomm MMC Storage Mode, which maybe known as Emergency Host DownLoad or Qualcomm HS-USB Diagnostics 9006 (CMIIW). To enter this mode, I need to turn off the phone, unplug the battery, holding down Power + Volume Down button, while connecting it to PC (Win 7 64 bit) via USB cable (I have installed qualcomm driver before). Then it will pop up a lot of prompt to format the drives, which I ignore all of them. In the device manager, it will be detected as Qualcomm MMC Storage. From there, I can proceed on backup every partition of the phone using HDDRaw copy, partition guru or emmc raw tool (preferred one). This can be done without root or any modification to the phone. Which is why this method of backup is preferred, since i can always start with "clean slate", should anything wrong happen (restore using the same method). And it doesn't leave trail of folder modification timestamp as it will be if I flash rooted stock ROM then unroot.
Power button + combination
Now, with the latest snapdragon family 410, 615, including 415 above, it seems there is no way to boot directly to the same Qualcomm MMC Storage / (as far as I read till now from tirta.agung thread). I have tried several combination, and the result is below.
Power : Turn on Phone
Power + Vol Up : nothing happen. If not followed by next action, Phone boot normally
Power + Vol Up, followed by holding vol down at the second logo : Enter safe mode
Power + Vol down : Enter firmware status (Official)
Power + Vol down, followed by holding Power : Enter Recovery mode
In the recovery menu, there is a menu to "Reboot to bootloader", which will boot the phone to Fastboot downloading mode.
Power + Vol Up + Vol Down : TF update
Combining with USB cable
Power + Plug in USB cable : Turn On Phone
Vol Up + Plug USB : Enter Fastboot downloading
Vol up + Vol down + Plug USB : TF Update. Seems like the USB become the power button
Vol Up + Power + Plug USB, Release Power button after vibrate : EngTest mode, diagnostic mode. In QPST will be detected as the diagnostic port, seems to be Hisense Proprietary one.
Unplug battery : Any combination of power button, vol up and vol down didn't give any response or vibration, nothing detected in device manager or usb deview.
Using adb, only 3 reboot choice : reboot, reboot recovery, reboot bootloader. Reboot edl don't work (wonder if anyone success at another phone)
Using fastboot, is similiar to adb : fastboot reboot and fastboot reboot bootloader. Reboot edl don't work either. Fastboot oem unlock do nothing as well.
Enter Qualcomm HS-USB QDLoader 9008
It seems the Engtest mode boot in android OS, as I can see the prompt asking for USB connection mode (MTP, CD ROM, charge only etc). And IDK if it is a bug, but every time I boot to this Engtest, the next reboot always remove all of my account (Google, whatsapp, mysmartfren (my ISP)). I need to add back, resync contact, resetting gmail and etc. Later, I discovered that i don't need this engtest anymore. As long as I have installed all driver : Qualcomm, Hisense and QPST; every time I connect the USB when the phone is on, it will detected as diagnostic mode.
From this diagnostic mode, I can switch the phone to Download mode (9008), by using eMMC software download (QPST) > Switch device to DLoad; or using EFS Pro - Qualcomm NV Tools > Change mode to Download Mode. Phone will reboot, screen off and vibrate a while. Diagnostic port now is closed and it will add a new port, Q/QCP-XXX - Sahara Memory Dump. Device manager will detect Qualcomm HS-USB QDLoader 9008.
From this mode, AFAIK I still need MPRG8929.hex and 8929_msmimage.mbn to boot it to 9006 mode. But the current available hex/bin and mbn only for 8974, 8916 and 8939 (8936 mbn). Looking to the build.prop and the lib folder of my phone, it seems to have a lot of similiarity with MSM8939. So i was thinking to use the MPRG and mbn from MSM8939. But I still haven't tried it yet, as i need more confirmation. This is my main phone, that's why i am very careful with it, my backup phone is too weak now for daily usage.
BTW, I am using latest WHQL qualcomm driver, version 2.1.0.5 and Hisense driver directly from the phone's CDROM iso. Using universal driver installer also give the same driver. QPST 2.7 build 425.1. Build 422 give me the same result. Main PC is Win 7 Ultimate 64 bit SP1. I have tested it in XP SP3, and give the same result, so not the WHQL driver signing problem.
TF Update
Someone point me out about TF Update file for HS-L965 (the 5.5 inch variant). This file supposed to be flashed through TF Update process (Power + Vol Up + Vol Down). I manage to download it and of course i don't flash it to my phone, since it is from different version. I try to extract out recovery.img and boot.img, by mounting it or open it from archive program. Disk Internal Linux reader can mount the bin properly and show up with 20 something partition, which is very similiar to what I see from qualcomm partitions. I try to open each partition, of course it fails, as it is not ext4 file system (even /system also fail). Try to create image from recovery, boot and system partition; and it manage to be extracted out. But the result is very different from the typical raw img. It doesn't contain proper file header for recovery, boot, and system .img. The hex header supposed to be "ANDROID". But all of the extracted img don't have it. If I unpack the boot.img and recovery.img, carliv unpacker also give no folder structured result, only compressed ram-disk. Try to use ext4unpacker also no luck. So any image extracted is useless, as they don't seems to have the correct file header (or maybe it is wrong reading from the linux reader).
I have spent this whole week trying to find the way to boot the phone to 9006 mode. I have googled a lot, have finisihed reading from 1st page to the last page
[PROJECT] Reviving Hard Bricked YU (QLoader 9008 Mode)
[R&D][QUALCOMM] Using QDL, EHostDL and DIAG interfaces & features
and some other thread. I might miss some info, partially because I sometimes read it in half drowsy state. So, I'll be glad to be pointed out the missing info.
Alternative root method
I have searched for the canvas nitro 4G rooting process, and there is no answer yet at http://forum.xda-developers.com/general/xda-assist/root-micromax-canvas-nitro-3-4g-e455-t3225783 and http://forum.xda-developers.com/android/help/how-to-root-micromax-canvas-nitro-4g-t3209976.
I also know about kingroot. But there are a lot of privacy issues with that program, so I want to stay away from it. From my friend, they said they've tried the latest version, but still fail to root. So I don't try it anymore. But if there is no other way, I might give it a shot as well. A lot of other root tools also fail to root this phone. So, flashing SuperSU.zip from TWRP, seems to be the only way to root it.
Question
From all information above, now here comes the questions :
1. Is there a way to enter 9006 Mode without doing any modification or flash programmer file in the latest qualcomm SoC ? (SD410, SD415, SD615, SD810 above)
2. What the MPRG and MBN really do when flashed to device? Do they stay at the emmc, means they replace some partition inside the Phone? Or they just stay at RAM and will be wiped out on the next reboot; so we need to flash it again if we want to enter 9006 from 9008?
3. What is the risk of using wrong MPRG and MBN file from different SoC? As I wanna try to use the ones from MSM8916 and MSM8939 (MSM8936). I have downloaded it already, but too scare to use it.
4. How we can know we are using the correct MPRG and MBN file? How they were created at first? Is it possible to create it from some partition in the phone?
5. How to extract the TF update .bin file properly? And how they were created at first? And it is possible to create it our self, without the need of any signature/certificate from the vendor?
Sorry if there are too many questions and this thread is very long. I don't expect all questions to be answered though. As long as the main purpose above is achieved, that's nice already.
If there is any additional info needed, I will provided it later.
Thanks in Advance.
Click to expand...
Click to collapse
Do you have any kind of rescue/qfil/qpst rom of your variant for unbrick from Qualcomm 9008 ? If yes :
If you are rooted, take a backup of your aboot partition, then " dd if=/dev/zero of=/dev/block/aboot(your partition number), or "fastboot erase aboot" will give you Qualcomm 9006 port.
Desmanto said:
Hi everyone,
I'm currently using Hisense Pureshot aka HS-L671, using android Lollipop 5.0.2. It has Snapdragon 415 MSM8929, which is very similiar to Snapdragon 615 MSM8939, but with some missing feature (just like rip-off version of SD615). AFAIK currently there are only two phones use this SD415, the other one is Micromax Canvas Nitro 4G (E455) (3, if we count in the 5,5 inch variant of Pureshot+/HS-L695). That's why the documentation is still very scarce.
Edit : it seems there are several phones using this SoC now. I am currently researching about j7
Main Purpose
I post this thread for two main reasons :
1. To do full backup of my current phone, without root or modifiying any existing partitions (as I do below with my previous phone). This is to ensure I can revert back any modified phone to its original state, should we need to claim for RMA in case of hardware failure (not software). I know reverting to original state is possible to be done by flashing rooted stock ROM; then unroot afterward. But AFAIK, full unroot will leave trail of modified timestamp in /system partition. I don't want any trail of modification. (preferred if possible)
2. After backup, I will take the recovery.img and boot.img to compile TWRP in BBQLinux. Then flash it back to the phone. Boot up to TWRP and flash SuperSU.zip to obtain root access. Then I will proceed on a lot of modifications which require root. If number 1 cannot be done first, I have no problem if there is a way to obtain root first, then do the backup later using different tool.
Previous experience with SD200
Based on my experience with previous phone, Andromax C2 aka Hisense AD688G (1st gen), Android JB 4.3, Snapdragon 200 MSM8610; it can boot directly to Qualcomm MMC Storage Mode, which maybe known as Emergency Host DownLoad or Qualcomm HS-USB Diagnostics 9006 (CMIIW). To enter this mode, I need to turn off the phone, unplug the battery, holding down Power + Volume Down button, while connecting it to PC (Win 7 64 bit) via USB cable (I have installed qualcomm driver before). Then it will pop up a lot of prompt to format the drives, which I ignore all of them. In the device manager, it will be detected as Qualcomm MMC Storage. From there, I can proceed on backup every partition of the phone using HDDRaw copy, partition guru or emmc raw tool (preferred one). This can be done without root or any modification to the phone. Which is why this method of backup is preferred, since i can always start with "clean slate", should anything wrong happen (restore using the same method). And it doesn't leave trail of folder modification timestamp as it will be if I flash rooted stock ROM then unroot.
Power button + combination
Now, with the latest snapdragon family 410, 615, including 415 above, it seems there is no way to boot directly to the same Qualcomm MMC Storage / (as far as I read till now from tirta.agung thread). I have tried several combination, and the result is below.
Power : Turn on Phone
Power + Vol Up : nothing happen. If not followed by next action, Phone boot normally
Power + Vol Up, followed by holding vol down at the second logo : Enter safe mode
Power + Vol down : Enter firmware status (Official)
Power + Vol down, followed by holding Power : Enter Recovery mode
In the recovery menu, there is a menu to "Reboot to bootloader", which will boot the phone to Fastboot downloading mode.
Power + Vol Up + Vol Down : TF update
Combining with USB cable
Power + Plug in USB cable : Turn On Phone
Vol Up + Plug USB : Enter Fastboot downloading
Vol up + Vol down + Plug USB : TF Update. Seems like the USB become the power button
Vol Up + Power + Plug USB, Release Power button after vibrate : EngTest mode, diagnostic mode. In QPST will be detected as the diagnostic port, seems to be Hisense Proprietary one.
Unplug battery : Any combination of power button, vol up and vol down didn't give any response or vibration, nothing detected in device manager or usb deview.
Using adb, only 3 reboot choice : reboot, reboot recovery, reboot bootloader. Reboot edl don't work (wonder if anyone success at another phone)
Using fastboot, is similiar to adb : fastboot reboot and fastboot reboot bootloader. Reboot edl don't work either. Fastboot oem unlock do nothing as well.
Enter Qualcomm HS-USB QDLoader 9008
It seems the Engtest mode boot in android OS, as I can see the prompt asking for USB connection mode (MTP, CD ROM, charge only etc). And IDK if it is a bug, but every time I boot to this Engtest, the next reboot always remove all of my account (Google, whatsapp, mysmartfren (my ISP)). I need to add back, resync contact, resetting gmail and etc. Later, I discovered that i don't need this engtest anymore. As long as I have installed all driver : Qualcomm, Hisense and QPST; every time I connect the USB when the phone is on, it will detected as diagnostic mode.
From this diagnostic mode, I can switch the phone to Download mode (9008), by using eMMC software download (QPST) > Switch device to DLoad; or using EFS Pro - Qualcomm NV Tools > Change mode to Download Mode. Phone will reboot, screen off and vibrate a while. Diagnostic port now is closed and it will add a new port, Q/QCP-XXX - Sahara Memory Dump. Device manager will detect Qualcomm HS-USB QDLoader 9008.
From this mode, AFAIK I still need MPRG8929.hex and 8929_msmimage.mbn to boot it to 9006 mode. But the current available hex/bin and mbn only for 8974, 8916 and 8939 (8936 mbn). Looking to the build.prop and the lib folder of my phone, it seems to have a lot of similiarity with MSM8939. So i was thinking to use the MPRG and mbn from MSM8939. But I still haven't tried it yet, as i need more confirmation. This is my main phone, that's why i am very careful with it, my backup phone is too weak now for daily usage.
BTW, I am using latest WHQL qualcomm driver, version 2.1.0.5 and Hisense driver directly from the phone's CDROM iso. Using universal driver installer also give the same driver. QPST 2.7 build 425.1. Build 422 give me the same result. Main PC is Win 7 Ultimate 64 bit SP1. I have tested it in XP SP3, and give the same result, so not the WHQL driver signing problem.
TF Update
Someone point me out about TF Update file for HS-L965 (the 5.5 inch variant). This file supposed to be flashed through TF Update process (Power + Vol Up + Vol Down). I manage to download it and of course i don't flash it to my phone, since it is from different version. I try to extract out recovery.img and boot.img, by mounting it or open it from archive program. Disk Internal Linux reader can mount the bin properly and show up with 20 something partition, which is very similiar to what I see from qualcomm partitions. I try to open each partition, of course it fails, as it is not ext4 file system (even /system also fail). Try to create image from recovery, boot and system partition; and it manage to be extracted out. But the result is very different from the typical raw img. It doesn't contain proper file header for recovery, boot, and system .img. The hex header supposed to be "ANDROID". But all of the extracted img don't have it. If I unpack the boot.img and recovery.img, carliv unpacker also give no folder structured result, only compressed ram-disk. Try to use ext4unpacker also no luck. So any image extracted is useless, as they don't seems to have the correct file header (or maybe it is wrong reading from the linux reader).
I have spent this whole week trying to find the way to boot the phone to 9006 mode. I have googled a lot, have finisihed reading from 1st page to the last page
[PROJECT] Reviving Hard Bricked YU (QLoader 9008 Mode)
[R&D][QUALCOMM] Using QDL, EHostDL and DIAG interfaces & features
and some other thread. I might miss some info, partially because I sometimes read it in half drowsy state. So, I'll be glad to be pointed out the missing info.
Alternative root method
I have searched for the canvas nitro 4G rooting process, and there is no answer yet at http://forum.xda-developers.com/general/xda-assist/root-micromax-canvas-nitro-3-4g-e455-t3225783 and http://forum.xda-developers.com/android/help/how-to-root-micromax-canvas-nitro-4g-t3209976.
I also know about kingroot. But there are a lot of privacy issues with that program, so I want to stay away from it. From my friend, they said they've tried the latest version, but still fail to root. So I don't try it anymore. But if there is no other way, I might give it a shot as well. A lot of other root tools also fail to root this phone. So, flashing SuperSU.zip from TWRP, seems to be the only way to root it.
Question
From all information above, now here comes the questions :
1. Is there a way to enter 9006 Mode without doing any modification or flash programmer file in the latest qualcomm SoC ? (SD410, SD415, SD615, SD810 above)
2. What the MPRG and MBN really do when flashed to device? Do they stay at the emmc, means they replace some partition inside the Phone? Or they just stay at RAM and will be wiped out on the next reboot; so we need to flash it again if we want to enter 9006 from 9008?
3. What is the risk of using wrong MPRG and MBN file from different SoC? As I wanna try to use the ones from MSM8916 and MSM8939 (MSM8936). I have downloaded it already, but too scare to use it.
4. How we can know we are using the correct MPRG and MBN file? How they were created at first? Is it possible to create it from some partition in the phone?
5. How to extract the TF update .bin file properly? And how they were created at first? And it is possible to create it our self, without the need of any signature/certificate from the vendor?
Sorry if there are too many questions and this thread is very long. I don't expect all questions to be answered though. As long as the main purpose above is achieved, that's nice already.
If there is any additional info needed, I will provided it later.
Thanks in Advance.
Click to expand...
Click to collapse
i have asus zenfone z010d model, accidenty i have replace emmcblk file using adb,,after that handset goes in diag mode 9006,,there are many partition shows in emmc...i give backup image from emmc using minitool and delete all partition from emmc......now handset connets in qd loader 9008 mode.......what should i do
jitendramohite said:
i have asus zenfone z010d model, accidenty i have replace emmcblk file using adb,,after that handset goes in diag mode 9006,,there are many partition shows in emmc...i give backup image from emmc using minitool and delete all partition from emmc......now handset connets in qd loader 9008 mode.......what should i do
Click to expand...
Click to collapse
Use qfil software and flash the firmware for your device using qfil software(firmware can be found in firmware27.net)
Did you ever have any success with this? I have Huawei Mediapad M3 8.0 lite, and I do not get enumeration of QUALCOMM Just:
Android Adapter Modem
DBadapter reserved interface (com6)
Android adapter PCUI (com5)
Android Composite ADB interface
Huawei HDB Interface
I want to do what you wanted to do get a clean dump of the firmware, so I can keep it for restoring as well as get a clean dump so I can create custom recovery so I can do some slight modifictions and create a standard img that I put onto several hundred tablets that we build into product.
jkindem said:
Did you ever have any success with this? I have Huawei Mediapad M3 8.0 lite, and I do not get enumeration of QUALCOMM Just:
Android Adapter Modem
DBadapter reserved interface (com6)
Android adapter PCUI (com5)
Android Composite ADB interface
Huawei HDB Interface
I want to do what you wanted to do get a clean dump of the firmware, so I can keep it for restoring as well as get a clean dump so I can create custom recovery so I can do some slight modifictions and create a standard img that I put onto several hundred tablets that we build into product.
Click to expand...
Click to collapse
Oh, I just realized, someone still replying to my thread. Sorry. My device has been broken for a long time, eMMC failure. And I never succeed to dump it. I ended up root it using some kind of semi ported TWRP from zte devices and successfull root it using SuperSU and make a full backup using TWRP. Then I proceed to make another small partition backup using Partition Backups. (I can use dd command, but using app is easier). To get back to original unrooted, I have got the stock ROM in TF update format from Needrom. Somehow, someone uploaded it when I request it. Maybe I just got lucky, since the vendor never upload the stock firmware for us.