Database Info

floating point arithmetic? - hack job workaround now included

is there a way to do floating point arithmetic in terminal?...or would bc binary need to be included since busybox does not have it? as of now you get a syntax error if using fp numbers in expression..or 0 when using division and result is a floating point.
Code:
# echo $(( 1 + 1 ))
echo $(( 1 + 1 ))
2
# echo $(( 1.0 + 1.0 ))
echo $(( 1.0 + 1.0 ))
arith: syntax error: " 1.0 + 1.0 "
# echo $(( 1 / 2 ))
echo $(( 1 / 2 ))
0

sh/bash has no native support for floating point math, so your solution must involve a binary executable. You can either use bc, or you can write a very simple C program and compile it for this platform....
i.e.,
Code:
//math.c
#include <stdlib.h>
#include <stdio.h>
int main (int argc, char ** argv){
float a = atof(argv[1]);
char op = argv[2][0];
float b = atof(argv[3]);
if (op == '+') printf("%f\n",a+b);
else if (op == '-') printf("%f\n",a-b);
else if (op == 'x') printf("%f\n",a*b);
else if (op == '/') printf("%f\n",a/b);
return 0;
}
$ ./math 1.5 + 2
3.500000
$ ./math 1.5 x 2
3.000000
$ ./math 1.5 - 2
-0.500000
$ ./math 1.5 / 2
0.750000
Oh and FYI, don't forget you can use variables in there, i.e.
$ A=1.5
$ B=2
$ OP=/
$./math $A $OP $B
0.750000

Is this the appropriate forum?

jdstankosky said:
Is this the appropriate forum?
Click to expand...
Click to collapse
Sorry, are you a moderator? :/
And yes, since this is a development matter, I'd say it falls within the DEVELOMPENT section..

lbcoder said:
sh/bash has no native support for floating point math, so your solution must involve a binary executable. You can either use bc, or you can write a very simple C program and compile it for this platform....
i.e.,
Code:
//math.c
#include <stdlib.h>
#include <stdio.h>
int main (int argc, char ** argv){
float a = atof(argv[1]);
char op = argv[2][0];
float b = atof(argv[3]);
if (op == '+') printf("%f\n",a+b);
else if (op == '-') printf("%f\n",a-b);
else if (op == 'x') printf("%f\n",a*b);
else if (op == '/') printf("%f\n",a/b);
return 0;
}
$ ./math 1.5 + 2
3.500000
$ ./math 1.5 x 2
3.000000
$ ./math 1.5 - 2
-0.500000
$ ./math 1.5 / 2
0.750000
Oh and FYI, don't forget you can use variables in there, i.e.
$ A=1.5
$ B=2
$ OP=/
$./math $A $OP $B
0.750000
Click to expand...
Click to collapse
thanks for the info. very helpful.

script workaround
i have constructed a workaround for doing fp math for determining partition sizes.
it's not pretty, but it gets the job done.
basically, it goes like this:
1. check to see if the number passed to the function is an integer
2. if not, i search the string for a "."
3. if the search turns up a "." (and units in GB) i break the number into two whole numbers (the integer portion..before the decimal, and the fraction portion after the decimal).
4. do the appropriate math on the integer section.
5. do the appropriate math on the fraction section, then divide by 10^#of digits after the decimal place.
6. add the two numbers together and voila! a hack job, floating point calculation.
Code:
ValidateSizeArg() {
# check for zero-length arg to protect expr length
[ -z "$1" ] && ShowError "zero-length argument passed to size-validator"
SIZEMB=
ARGLEN=`expr length $1`
SIZELEN=$(($ARGLEN-1))
SIZEARG=`expr substr $1 1 $SIZELEN`
SIZEUNIT=`expr substr $1 $ARGLEN 1`
# check if SIZEARG is an integer
if [ $SIZEARG -eq $SIZEARG 2> /dev/null ] ; then
# look for G
[ "$SIZEUNIT" == "G" ] && SIZEMB=$(($SIZEARG * 1024))
# look for M
[ "$SIZEUNIT" == "M" ] && SIZEMB=$SIZEARG
# no units on arg
[ -z "$SIZEMB" ] && SIZEMB=$1
# check if SIZEARG is a floating point number, GB only
elif [ `expr index "$SIZEARG" .` != 0 ] && [ "$SIZEUNIT" == "G" ] ; then
INT=`echo "$SIZEARG" | cut -d"." -f1`
FRAC=`echo "$SIZEARG" | cut -d"." -f2`
SIGDIGITS=`expr length $FRAC`
[ -z "$INT" ] && INT=0
INTMB=$(($INT * 1024))
FRACMB=$((($FRAC * 1024) / (10**$SIGDIGITS)))
SIZEMB=$(($INTMB + $FRACMB))
# it's not a valid size
else
ShowError "$1 is not a valid size"
fi
# return valid argument in MB
FUNC_RET=$SIZEMB
}

I was a basic/qbasic/gwbasic programmer in my younger days (like 12-14 yrs old)...
I feel ashamed that I have no idea of what this stuff is anymore. Thank God for guys like you.

mkbootimg created boot.img creation discrepenacy

Hi,
I have noticed a discrepancy which I am unable to understand and appreciate if someone can provide a clarification in case they have noticed the same issue. I tried to split (using unmkbootimg) boot.img (from Xiaomi Mi MAX update ROMs) and merged it back (using mkbootimg) and found that the newly made boot.img was smaller by 1354 bytes. Appreciate your reply if I am missing anything.
% ls -l boot.img ../boot.img
-rw-rw-r-- 1 skanduru skanduru 12924234 Jan 1 2009 ../boot.img
-rw-rw-r-- 1 skanduru skanduru 12922880 Jan 15 01:07 boot_new.img
% cat output.txt
# kernel written to 'kernel' (10172221 bytes)
# ramdisk written to 'ramdisk.cpio.gz' (2746601 bytes)
# To rebuild this boot image, you can use the command:
mkbootimg --base 0 --pagesize 2048 --kernel_offset 0x80008000 --ramdisk_offset 0x81000000 --second_offset 0x80f00000 --tags_offset 0x80000100 --cmdline
'console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=qcom msm_rtb.filter=0x237 ehci-hcd.park=3 androidboot.bootdevice=7824900.sdhci
lpm_levels.sleep_disabled=1 earlyprintk ramoops_memreserve=4M' --kernel kernel --ramdisk ramdisk.cpio.gz -o boot_new.img
A bindiff of the two images shows that the original boot.img has some stuff (1354 bytes) appended at the bottom which makes the difference. The net result is the boot_new.img doesn't boot up. Just wondering if someone has seen this issue.

boot image to try
The link to boot.img image to try out mkbootimg issue. We can see that @C53000, the original boot.img has extra stuff (1374 bytes).
Image can be downloaded from (Couldn't update it in the previous query)
s000 DOT tinyupload DOT com/?file_id=42124441031490820660

skanduru said:
The link to boot.img image to try out mkbootimg issue. We can see that @C53000, the original boot.img has extra stuff (1374 bytes).
Image can be downloaded from (Couldn't update it in the previous query)
s000 DOT tinyupload DOT com/?file_id=42124441031490820660
Click to expand...
Click to collapse
Could be an issue with Xiaomi image as it doesn't specify second_bootloader size, but appends it. Tried this change and it works. Not sure if it might be the case for potentially other manufacturer's boot.img. Posting it if it could be of some use.
--- a/mkbootimg/unmkbootimg.c
+++ b/mkbootimg/unmkbootimg.c
@@ -80,6 +80,30 @@ int usage(void)
return 1;
}
+int maybe_fix_second_image_size(boot_img_hdr *hdr, void *file_data)
+{
+ int offset = ((hdr->kernel_size + hdr->ramdisk_size
+ + 2*hdr->page_size - 1) / hdr->page_size) * hdr->page_size;
+ char *second_image = ((char *)file_data + offset);
+ u_int16_t *s = (u_int16_t *) second_image;
+ int is_second_image_true = 0;
+
+ if (s[0]) {
+ /*
+ * Second_image does exist ! Calculate the size and fix the
+ * size in hdr.
+ */
+ int size = 0;
+ while (s[0]) {
+ size += 2;
+ s++;
+ }
+ hdr->second_size = size;
+ is_second_image_true = 1;
+ }
+ return is_second_image_true;
+}
+
int main(int argc, char **argv)
{
void *file_data = 0;
@@ -160,7 +184,13 @@ int main(int argc, char **argv)
hdr->ramdisk_size);
}
- if(hdr->second_size != 0) {
+ /*
+ * Even though the second_size is 0, some vendors may place secondary
+ * image there, for ex. Xiaomi. In such a case do calculate the size
+ * based on termination with a null.
+ * XXX: Temp fix.
+ */
+ if(hdr->second_size != 0 || maybe_fix_second_image_size(hdr, file_data)) {
offset = ((hdr->kernel_size + hdr->ramdisk_size
+ 2*hdr->page_size - 1) / hdr->page_size) * hdr->page_size;
if (save_file(second_fn, &((char *)file_data)[offset],

How To Open tumbdata3 file?

I have tumbdata3 file. How can I recover or extract images in it?

xeeks said:
I have tumbdata3 file. How can I recover or extract images in it?
Click to expand...
Click to collapse
You probably mean ".THUMBDATA3-xxxx" which provides the "android thumbnail index".
If you want to extract single images as jpg files, I have bad news for you - its not possible.

How about with this code?
#!s/usr/bin/python
"""extract files from Android thumbdata3 file"""
f=open('thumbdata3.dat','rb')
tdata = f.read()
f.close()
ss = '\xff\xd8'
se = '\xff\xd9'
count = 0
start = 0
while True:
x1 = tdata.find(ss,start)
if x1 < 0:
break
x2 = tdata.find(se,x1)
jpg = tdata[x1:x2+1]
count += 1
fname = 'extracted%d03.jpg' % (count)
fw = open(fname,'wb')
fw.write(jpg)
fw.close()
start = x2+2

LS.xD said:
You probably mean ".THUMBDATA3-xxxx" which provides the "android thumbnail index".
If you want to extract single images as jpg files, I have bad news for you - its not possible.
Click to expand...
Click to collapse
Is there anyway to view it?

xeeks said:
How about with this code?
#!s/usr/bin/python
"""extract files from Android thumbdata3 file"""
f=open('thumbdata3.dat','rb')
tdata = f.read()
f.close()
ss = '\xff\xd8'
se = '\xff\xd9'
count = 0
start = 0
while True:
x1 = tdata.find(ss,start)
if x1 < 0:
break
x2 = tdata.find(se,x1)
jpg = tdata[x1:x2+1]
count += 1
fname = 'extracted%d03.jpg' % (count)
fw = open(fname,'wb')
fw.write(jpg)
fw.close()
start = x2+2
Click to expand...
Click to collapse
Where did you find it?

LS.xD said:
Where did you find it?
Click to expand...
Click to collapse
Google Search. My question is does it work?

Lg d3 d850 autoboot

I spent some time trying to figure out how to make my old G3 autoboot on charger so I could use it like a navigator in a car.
So here you go:
Patient: LG G3 D850 MM 6.0 30A
Requirements: rooted device.
in a nutshell - add following bold lines into the section [INIT|_CHARGING] of the /system/vendor/etc/chargerimages/chargerlogo.ini
[INIT_CHARGING]
POWER_OFF = NOT_CONNECTED_BL_LOW
REBOOT = NOT_CONNECTED_BL_NOT_LOW
NOT_BOOT_CHARGING = CHARGING_BL_LOW
NOT_BOOT_CHARGING = NOT_CHARGING_BL_LOW
NORMAL_CHARGING = CHARGING_BL_MID
NORMAL_CHARGING = NOT_CHARGING_BL_MID
FULL_CHARGING = CHARGING_BL_MAX
FULL_CHARGING = CHARGING_FULL
FULL_CHARGING = NOT_CHARGING_BL_MAX
WARNING_TEMPERATURE_BL_LOW = COLD_OVERHEAT_BL_LOW
WARNING_TEMPERATURE_BL_NOT_LOW = COLD_OVERHEAT_BL_NOT_LOW
INSERT_BATTERY = NOT_EXIST_BATTERY
WIRELESS_NOT_BOOT_CHARGING = CHARGING_WIRELESS_BL_LOW
REBOOT = CHARGING_WIRELESS_BL_NOT_LOW
INVALID_BATTERY = INVAILD_BATTERY_BL_LOW
INVALID_BATTERY = INVAILD_BATTERY_BL_NOT_LOW
DUMMY_BATTERY = DUMMY_BATTERY_BL_NONE
REBOOT = CHARGING_BL_LOW
REBOOT = CHARGING_BL_MID
REBOOT = CHARGING_BL_MAX
REBOOT = CHARGING_FULL
REBOOT = AUTOBOOT
More detailed steps:
adb pull /system/vendor/etc/chargerimages/chargerlogo.ini ./chargerlogo.ini
add the lines into chargerlogo.ini
adb push ./chargerlogo.ini /sdcard/chargerlogo.ini
adb shell
adb su
mount -o rw,remount,rw /system
cp /sdcard/chargerlogo.ini /system/vendor/etc/chargerimages/chargerlogo.ini
reboot
btw, if you are not familiar with all that stuff, you can just simulate event 'NOT_CONNECTED_BL_NOT_LOW' to power it up without touching power button:
- power on the car.
- wait 2-3 sec for static battery logo appeared.
- power off the car for 2-3 secs and you can power on/start engine right after that.
- LG will start in a few seconds.

Corund said:
I spent some time trying to figure out how to make my old G3 autoboot on charger so I could use it like a navigator in a car.
So here you go:
Patient: LG G3 D850 MM 6.0 30A
Requirements: rooted device.
in a nutshell - add following bold lines into the section [INIT|_CHARGING] of the /system/vendor/etc/chargerimages/chargerlogo.ini
[INIT_CHARGING]
POWER_OFF = NOT_CONNECTED_BL_LOW
REBOOT = NOT_CONNECTED_BL_NOT_LOW
NOT_BOOT_CHARGING = CHARGING_BL_LOW
NOT_BOOT_CHARGING = NOT_CHARGING_BL_LOW
NORMAL_CHARGING = CHARGING_BL_MID
NORMAL_CHARGING = NOT_CHARGING_BL_MID
FULL_CHARGING = CHARGING_BL_MAX
FULL_CHARGING = CHARGING_FULL
FULL_CHARGING = NOT_CHARGING_BL_MAX
WARNING_TEMPERATURE_BL_LOW = COLD_OVERHEAT_BL_LOW
WARNING_TEMPERATURE_BL_NOT_LOW = COLD_OVERHEAT_BL_NOT_LOW
INSERT_BATTERY = NOT_EXIST_BATTERY
WIRELESS_NOT_BOOT_CHARGING = CHARGING_WIRELESS_BL_LOW
REBOOT = CHARGING_WIRELESS_BL_NOT_LOW
INVALID_BATTERY = INVAILD_BATTERY_BL_LOW
INVALID_BATTERY = INVAILD_BATTERY_BL_NOT_LOW
DUMMY_BATTERY = DUMMY_BATTERY_BL_NONE
REBOOT = CHARGING_BL_LOW
REBOOT = CHARGING_BL_MID
REBOOT = CHARGING_BL_MAX
REBOOT = CHARGING_FULL
REBOOT = AUTOBOOT
More detailed steps:
adb pull /system/vendor/etc/chargerimages/chargerlogo.ini ./chargerlogo.ini
add the lines into chargerlogo.ini
adb push ./chargerlogo.ini /sdcard/chargerlogo.ini
adb shell
adb su
mount -o rw,remount,rw /system
cp /sdcard/chargerlogo.ini ./chargerlogo.ini
reboot
btw, if you are not familiar with all that stuff, you can just simulate event 'NOT_CONNECTED_BL_NOT_LOW' to power it up without touching power button:
- power on the car.
- wait 2-3 sec for static battery logo appeared.
- power off the car for 2-3 secs and you can power on/start engine right after that.
- LG will start in a few seconds.
Click to expand...
Click to collapse
Nice....
I have had to do similar to my tablets I run in my cars dash

was looking for this, could only find nexus and Samsung devices. Thanks a million

Corund said:
I spent some time trying to figure out how to make my old G3 autoboot on charger so I could use it like a navigator in a car.
So here you go:
Patient: LG G3 D850 MM 6.0 30A
Requirements: rooted device.
in a nutshell - add following bold lines into the section [INIT|_CHARGING] of the /system/vendor/etc/chargerimages/chargerlogo.ini
[INIT_CHARGING]
POWER_OFF = NOT_CONNECTED_BL_LOW
REBOOT = NOT_CONNECTED_BL_NOT_LOW
NOT_BOOT_CHARGING = CHARGING_BL_LOW
NOT_BOOT_CHARGING = NOT_CHARGING_BL_LOW
NORMAL_CHARGING = CHARGING_BL_MID
NORMAL_CHARGING = NOT_CHARGING_BL_MID
FULL_CHARGING = CHARGING_BL_MAX
FULL_CHARGING = CHARGING_FULL
FULL_CHARGING = NOT_CHARGING_BL_MAX
WARNING_TEMPERATURE_BL_LOW = COLD_OVERHEAT_BL_LOW
WARNING_TEMPERATURE_BL_NOT_LOW = COLD_OVERHEAT_BL_NOT_LOW
INSERT_BATTERY = NOT_EXIST_BATTERY
WIRELESS_NOT_BOOT_CHARGING = CHARGING_WIRELESS_BL_LOW
REBOOT = CHARGING_WIRELESS_BL_NOT_LOW
INVALID_BATTERY = INVAILD_BATTERY_BL_LOW
INVALID_BATTERY = INVAILD_BATTERY_BL_NOT_LOW
DUMMY_BATTERY = DUMMY_BATTERY_BL_NONE
REBOOT = CHARGING_BL_LOW
REBOOT = CHARGING_BL_MID
REBOOT = CHARGING_BL_MAX
REBOOT = CHARGING_FULL
REBOOT = AUTOBOOT
More detailed steps:
adb pull /system/vendor/etc/chargerimages/chargerlogo.ini ./chargerlogo.ini
add the lines into chargerlogo.ini
adb push ./chargerlogo.ini /sdcard/chargerlogo.ini
adb shell
adb su
mount -o rw,remount,rw /system
cp /sdcard/chargerlogo.ini /system/vendor/etc/chargerimages/chargerlogo.ini
reboot
btw, if you are not familiar with all that stuff, you can just simulate event 'NOT_CONNECTED_BL_NOT_LOW' to power it up without touching power button:
- power on the car.
- wait 2-3 sec for static battery logo appeared.
- power off the car for 2-3 secs and you can power on/start engine right after that.
- LG will start in a few seconds.
Click to expand...
Click to collapse
When i try to copy i always get an error saying "tmp-mksh: /sdcard/chargerlogo.ini: not found" even though when i do a ls i see the file sitting there
127|[email protected]:/ $ ls -l /sdcard/
ls -l /sdcard/
drwxrwx--- root sdcard_r 2014-12-31 19:08 Alarms
drwxrwx--x root sdcard_r 2017-12-10 20:12 Android
drwxrwx--- root sdcard_r 2018-12-11 08:46 AutoGuard
drwxrwx--- root sdcard_r 2014-12-31 19:08 DCIM
drwxrwx--- root sdcard_r 2018-12-30 03:02 Download
drwxrwx--- root sdcard_r 2014-12-31 19:08 LGBackup
drwxrwx--- root sdcard_r 2014-12-31 19:08 Movies
drwxrwx--- root sdcard_r 2014-12-31 19:08 Music
drwxrwx--- root sdcard_r 2014-12-31 19:08 Notifications
drwxrwx--- root sdcard_r 2017-12-25 08:32 Pictures
drwxrwx--- root sdcard_r 2014-12-31 19:08 Podcasts
drwxrwx--- root sdcard_r 2014-12-31 19:09 Ringtones
drwxrwx--- root sdcard_r 2017-12-21 01:16 Tasker
drwxrwx--- root sdcard_r 2018-11-16 02:00 WhatsApp
drwxrwx--- root sdcard_r 2017-12-23 01:55 backups
-rwxrwx--- root sdcard_r 2925 2018-12-30 09:37 chargerlogo.ini
drwxrwx--- root sdcard_r 2017-12-10 07:13 media
drwxrwx--- root sdcard_r 2017-12-10 07:13 smartconfig

Corund said:
I spent some time trying to figure out how to make my old G3 autoboot on charger so I could use it like a navigator in a car.
So here you go:
Patient: LG G3 D850 MM 6.0 30A
Requirements: rooted device.
in a nutshell - add following bold lines into the section [INIT|_CHARGING] of the /system/vendor/etc/chargerimages/chargerlogo.ini
[INIT_CHARGING]
POWER_OFF = NOT_CONNECTED_BL_LOW
REBOOT = NOT_CONNECTED_BL_NOT_LOW
NOT_BOOT_CHARGING = CHARGING_BL_LOW
NOT_BOOT_CHARGING = NOT_CHARGING_BL_LOW
NORMAL_CHARGING = CHARGING_BL_MID
NORMAL_CHARGING = NOT_CHARGING_BL_MID
FULL_CHARGING = CHARGING_BL_MAX
FULL_CHARGING = CHARGING_FULL
FULL_CHARGING = NOT_CHARGING_BL_MAX
WARNING_TEMPERATURE_BL_LOW = COLD_OVERHEAT_BL_LOW
WARNING_TEMPERATURE_BL_NOT_LOW = COLD_OVERHEAT_BL_NOT_LOW
INSERT_BATTERY = NOT_EXIST_BATTERY
WIRELESS_NOT_BOOT_CHARGING = CHARGING_WIRELESS_BL_LOW
REBOOT = CHARGING_WIRELESS_BL_NOT_LOW
INVALID_BATTERY = INVAILD_BATTERY_BL_LOW
INVALID_BATTERY = INVAILD_BATTERY_BL_NOT_LOW
DUMMY_BATTERY = DUMMY_BATTERY_BL_NONE
REBOOT = CHARGING_BL_LOW
REBOOT = CHARGING_BL_MID
REBOOT = CHARGING_BL_MAX
REBOOT = CHARGING_FULL
REBOOT = AUTOBOOT
More detailed steps:
adb pull /system/vendor/etc/chargerimages/chargerlogo.ini ./chargerlogo.ini
add the lines into chargerlogo.ini
adb push ./chargerlogo.ini /sdcard/chargerlogo.ini
adb shell
adb su
mount -o rw,remount,rw /system
cp /sdcard/chargerlogo.ini /system/vendor/etc/chargerimages/chargerlogo.ini
reboot
btw, if you are not familiar with all that stuff, you can just simulate event 'NOT_CONNECTED_BL_NOT_LOW' to power it up without touching power button:
- power on the car.
- wait 2-3 sec for static battery logo appeared.
- power off the car for 2-3 secs and you can power on/start engine right after that.
- LG will start in a few seconds.
Click to expand...
Click to collapse
Could you please upload the "chargerimages" folder? After having flashed a ROM I do not have it :/

Folder location
Hi, I cant find this folder. My current ROM is Lingeage OS 16 android 9. Are you Know where to look tis folder? Many thanks

Thanks for sollution.
My LG G2 Mini now AutoBoot after plug charger
I use ES File Explorer to edit "chargerlogo.ini" and after save it's work perfect.

Hi. I have modified the chargerlogo.ini. Works well after battery charge is less than 100%
When the battery is at 100% the autoboot does not work.
Could someone help me to solve this problem?
Thank you
Alexander

Corund said:
I spent some time trying to figure out how to make my old G3 autoboot on charger so I could use it like a navigator in a car.
So here you go:
Patient: LG G3 D850 MM 6.0 30A
Requirements: rooted device.
in a nutshell - add following bold lines into the section [INIT|_CHARGING] of the /system/vendor/etc/chargerimages/chargerlogo.ini
[INIT_CHARGING]
POWER_OFF = NOT_CONNECTED_BL_LOW
REBOOT = NOT_CONNECTED_BL_NOT_LOW
NOT_BOOT_CHARGING = CHARGING_BL_LOW
NOT_BOOT_CHARGING = NOT_CHARGING_BL_LOW
NORMAL_CHARGING = CHARGING_BL_MID
NORMAL_CHARGING = NOT_CHARGING_BL_MID
FULL_CHARGING = CHARGING_BL_MAX
FULL_CHARGING = CHARGING_FULL
FULL_CHARGING = NOT_CHARGING_BL_MAX
WARNING_TEMPERATURE_BL_LOW = COLD_OVERHEAT_BL_LOW
WARNING_TEMPERATURE_BL_NOT_LOW = COLD_OVERHEAT_BL_NOT_LOW
INSERT_BATTERY = NOT_EXIST_BATTERY
WIRELESS_NOT_BOOT_CHARGING = CHARGING_WIRELESS_BL_LOW
REBOOT = CHARGING_WIRELESS_BL_NOT_LOW
INVALID_BATTERY = INVAILD_BATTERY_BL_LOW
INVALID_BATTERY = INVAILD_BATTERY_BL_NOT_LOW
DUMMY_BATTERY = DUMMY_BATTERY_BL_NONE
REBOOT = CHARGING_BL_LOW
REBOOT = CHARGING_BL_MID
REBOOT = CHARGING_BL_MAX
REBOOT = CHARGING_FULL
REBOOT = AUTOBOOT
More detailed steps:
adb pull /system/vendor/etc/chargerimages/chargerlogo.ini ./chargerlogo.ini
add the lines into chargerlogo.ini
adb push ./chargerlogo.ini /sdcard/chargerlogo.ini
adb shell
adb su
mount -o rw,remount,rw /system
cp /sdcard/chargerlogo.ini /system/vendor/etc/chargerimages/chargerlogo.ini
reboot
btw, if you are not familiar with all that stuff, you can just simulate event 'NOT_CONNECTED_BL_NOT_LOW' to power it up without touching power button:
- power on the car.
- wait 2-3 sec for static battery logo appeared.
- power off the car for 2-3 secs and you can power on/start engine right after that.
- LG will start in a few seconds.
Click to expand...
Click to collapse
Hello,
I reopen the post because I try to autoboot my Lg g2 mini on charger. I have add:
REBOOT = CHARGING_BL_LOW
REBOOT = CHARGING_BL_MID
REBOOT = CHARGING_BL_MAX
REBOOT = CHARGING_FULL
after "DUMMY_BATTERY = DUMMY_BATTERY_BL_NONE" but smartphone doesn't autoboot when charger is plug.
My question is: I just need to insert
REBOOT = CHARGING_BL_LOW
REBOOT = CHARGING_BL_MID
REBOOT = CHARGING_BL_MAX
REBOOT = CHARGING_FULL
in the file chargerlogo.ini, or I need to do something else?
This steps how and where can i use it? Otherwise: what they are for and where I need to use them?
adb pull /system/vendor/etc/chargerimages/chargerlogo.ini ./chargerlogo.ini
add the lines into chargerlogo.ini
adb push ./chargerlogo.ini /sdcard/chargerlogo.ini
adb shell
adb su
mount -o rw,remount,rw /system
cp /sdcard/chargerlogo.ini /system/vendor/etc/chargerimages/chargerlogo.ini
reboot
Thanks

Pumpkin_PL said:
Thanks for sollution.
My LG G2 Mini now AutoBoot after plug charger
I use ES File Explorer to edit "chargerlogo.ini" and after save it's work perfect.
Click to expand...
Click to collapse
Hi, you added just this'?
REBOOT = CHARGING_BL_LOW
REBOOT = CHARGING_BL_MID
REBOOT = CHARGING_BL_MAX
REBOOT = CHARGING_FULL
because my lg g2 mini doesn't boot automatically after charger. Any suggestion? Thanks

marco0608 said:
Hi, you added just this'?
REBOOT = CHARGING_BL_LOW
REBOOT = CHARGING_BL_MID
REBOOT = CHARGING_BL_MAX
REBOOT = CHARGING_FULL
because my lg g2 mini doesn't boot automatically after charger. Any suggestion? Thanks
Click to expand...
Click to collapse
Yes, work now. I don't know because I didn't try yet, but I think that you can try to stop charge at 99%.

Stock ROM or Update Zip for Verizon Ellipsis 8 (QTAQZ3)

I'm sorry if this isn't the best spot to post this. I haven't found a forum dedicated to this device.
I'm looking for a direct download of the stock ROM, or at least the update zip for Android 5.1.1 (or perhaps any update zip), for the Verizon Ellipsis 8 (QTAQZ3). I have soft bricked it (doesn't get past the Verizon splash/loading screen). I want to attempt to unbrick it & am not having success finding many resources. It does not have a custom recovery installed & I have not found a successful way to unbrick it yet.
It is not under warranty. I am the second owner, it was given to me (I managed to brick it within a few hours of receiving it). I have tried the following:
Launching recovery & reformatting to factory defaults & cache (multiple times).
Restarting in safe mode by holding volume down with power (does the same thing, doesn't get past splash screen).
Removing back of device & disconnecting battery (for at least an hour or more).
I'm not sure what else to do other than try to flash the original stock ROM or try re-installing the 5.1.1 update via sideload in the recovery menu. But I haven't been able to find any direct downloads for the aforementioned. If anyone has either of these, or knows where I can get one of them, I would really appreciate a link. I have looked around on Verizon's support website. I understand that the manufacturer of the device is Quanta Computer (I can't post links yet: quantatw dot com), But I couldn't find any information on this specific device from their site.
Edit: I have also read through some threads here on the XDA forums, but haven't found a working solution. I manged to brick it by using Kingo Root.
Edit: On another note, I have gone into the recovery & selected "apply update from ADB", which brings up the prompt "Now send the package you want to apply to the device with 'adb sideload <filename>'...". However, ADB on my system (Linux) is not recognizing the device:
Code:
$ adb devices
List of devices attached
$ adb shell
error: device '(null)' not found
When it is stuck on the boot/splash screen, my system recognizes it as "QTAQZ3", but cannot mount it (and ADB still does not recognize it). The error reported is "Unable to mount QTAQZ3, Unable to open MTP device '[usb:002,x]'". Though, I cannot seem to find its file under /dev.
Edit: Ah, just found its device file /dev/libmtp-2-2, which is a symlink to /dev/bus/usb/002/x ("x" changes every time I plug it in or restart it).
Code:
$ lsusb
...
Bus 002 Device x: ID 0408:3882 Quanta Computer, Inc.
...
Edit: I forgot about another thing I tried. I found this comment on Reddit: "Whats worked for me is when you do the factory reset and its stuck on that splash screen is to hold the power and both volume buttons until it turns off and then power it back on." Did not work for me though.

i have platform and firmware,test ok!

ChinaHeart said:
i have platform and firmware,test ok!
Click to expand...
Click to collapse
Can you make the firmware available?

Please I have the same problem, I tried to upgrade the system with the ota to android marshmallow but I was rooted and boom.....softbrick. There is a lot of people with the same problem

AntumDeluge said:
I'm looking for a direct download of the stock ROM, or at least the update zip for Android 5.1.1 (or perhaps any update zip), for the Verizon Ellipsis 8 (QTAQZ3). I have soft bricked it (doesn't get past the Verizon splash/loading screen). I want to attempt to unbrick it & am not having success finding many resources. It does not have a custom recovery installed & I have not found a successful way to unbrick it yet
Click to expand...
Click to collapse
I have a QTAQZ3 currently running 4.2.2. I captured the OTA url and downloaded an update bin file. I'm not exactly sure how bins compare to flashable zips, nor do I know what to do with a bin file. It seems as though this file has been hard to come by. I am hoping that by posting it, someone with the right know-how can help us fix all these bricked tablets.
https://drive.google.com/open?id=1LmyrA3eGcVL3sCMB3okBdsoqA0Gv5RZE

I've done some digging around to look for flash tools for devices that use Marvell processors. This tablet uses the Marvell PXA1088LTE. I found a download tool that is supposed to be for Marvell devices, but I've never used anything quite like it before. I've included a link to the package below. Upon installing the drivers, I was able to get my computer to recognize the device as a WTPTP device with a PXA1088 processor. The flash tool, however, uses .blf files that I've never seen before. I downloaded some firmware for a device (HiSense X8T) with the same processor as our device. I found that the program MATLAB was the only program I have access to that was able to read .blf files. The .blf for this other device looks like this inside:
Code:
[BLF_Version]
Blf_Version_Number = V2.1.0
[UE_Options]
UE_Boot_Option = 0
[Flash_Properties]
Max_Upload_Split_Size = 0x20000000
Max_FBF_Split_Size = 0x40000000
Flash_Family = eMMC
Spare_Area_Size = 0
Data_Area_Size = 0
FBF_Sector_Size = 4096
[Flash_Options]
ProductionMode = 0
Skip_Blocks_Number =
Erase_All_Flash = 0
Reset_BBT = 0
[TIM_Configuration]
Number_of_Images = 15
Number_of_Keys = 0
Boot_Flash_Signature = 0x4D4D4308
Processor_Type = PXA1920
OEM_UniqueID = 0x4f524312
Issue_Date = 0x20130115
Version = 0x00030400
Trusted = 0
[Reserved_Data]
CUST
1st Custom Value = 0x00000000
End_CUST
End_Reserved_Data
[Extended_Reserved_Data]
Consumer_ID
CID = TBRI
PID = DDR1
End_Consumer_ID
DDR_Initialization
DDR_PID = DDR1
DDROperations
DDR_INIT_ENABLE = 0x00000001
DDR_MEMTEST_ENABLE = 0x00000000
End_DDROperations
Instructions
WRITE = <0xD42828E8,0x00000003>
WRITE = <0xC0100010,0x000D0001> ;DDR_MEM_ADDR_MAP0
WRITE = <0xC0100014,0x200D0001> ;DDR_MEM_ADDR_MAP1
WRITE = <0xC0100020,0x0000A430> ;DDR_SDRAM_CFG0
WRITE = <0xC0100024,0x0000A430> ;DDR_SDRAM_CFG1
WRITE = <0xC0100050,0x900450A1> ;DDR_SDRAM_CTRL1
WRITE = <0xC0100054,0x00000000> ;DDR_SDRAM_CTRL2
WRITE = <0xC0100058,0x20808115> ;DDR_SDRAM_CTRL4
WRITE = <0xC0100060,0x03000000> ;DDR_SDRAM_CTRL7
WRITE = <0xC0100064,0x04040000> ;DDR_SDRAM_CTRL13
WRITE = <0xC0100080,0x4CDA0065> ;DDR_SDRAM_TIMING1
WRITE = <0xC0100084,0x94860345> ;DDR_SDRAM_TIMING2
WRITE = <0xC0100088,0x2038381B> ;DDR_SDRAM_TIMING3
WRITE = <0xC010008C,0x302AFC9C> ;DDR_SDRAM_TIMING4
WRITE = <0xC0100090,0x20110144> ;DDR_SDRAM_TIMING5
WRITE = <0xC0100094,0x0242418F> ;DDR_SDRAM_TIMING6
WRITE = <0xC0100098,0x00008801> ;?DDR_SDRAM_TIMING7
WRITE = <0xC0100100,0x000FF1FC> ;?EXCLUSIVE_MONITOR_CTRL
WRITE = <0xC0100220,0x00004455> ;DDR_PHY_CTRL3
WRITE = <0xC0100230,0x13300AA9> ;DDR_PHY_CTRL7
WRITE = <0xC0100234,0x03300AA0> ;DDR_PHY_CTRL8
WRITE = <0xC0100238,0x000000AA> ;DDR_PHY_CTRL9
WRITE = <0xC010023C,0x0011311C> ;DDR_PHY_CTRL10
WRITE = <0xC0100240,0x00300008> ;DDR_PHY_CTRL11
WRITE = <0xC0100248,0xF0218000> ;DDR_PHY_CTRL13
WRITE = <0xC010024C,0x80000000> ;DDR_PHY_CTRL14
WRITE = <0xC0100300,0x00000000> ;DDR_PHY_DATA_BYTE_SEL
WRITE = <0xC0100304,0x00400003> ;DDR_PHY_DLL_CTRL
WRITE = <0xC0100300,0x00000001> ;DDR_PHY_DATA_BYTE_SEL
WRITE = <0xC0100304,0x00400003> ;DDR_PHY_DLL_CTRL
WRITE = <0xC0100300,0x00000002> ;DDR_PHY_DATA_BYTE_SEL
WRITE = <0xC0100304,0x00400003> ;DDR_PHY_DLL_CTRL
WRITE = <0xC0100300,0x00000003> ;DDR_PHY_DATA_BYTE_SEL
WRITE = <0xC0100304,0x00400003> ;DDR_PHY_DLL_CTRL
WRITE = <0xC010024C,0x20000000> ;DDR_PHY_CTRL14
WRITE = <0xC010024C,0x40000000> ;DDR_PHY_CTRL14
WRITE = <0xC010023C,0x0010311C> ;DDR_PHY_CTRL10
WRITE = <0xC0100380,0x00000100> ;DDR_PHY_WL_SEL
WRITE = <0xC0100384,0x00050002> ;DDR_PHY_WL_CTRL0
WRITE = <0xC0100380,0x00000101> ;DDR_PHY_WL_SEL
WRITE = <0xC0100384,0x00050002> ;DDR_PHY_WL_CTRL0
WRITE = <0xC0100380,0x00000102> ;DDR_PHY_WL_SEL
WRITE = <0xC0100384,0x00050002> ;DDR_PHY_WL_CTRL0
WRITE = <0xC0100380,0x00000103> ;DDR_PHY_WL_SEL
WRITE = <0xC0100384,0x00050002> ;DDR_PHY_WL_CTRL0
WRITE = <0xC0100380,0x00000200> ;DDR_PHY_WL_SEL
WRITE = <0xC0100384,0x00050002> ;DDR_PHY_WL_CTRL0
WRITE = <0xC0100380,0x00000201> ;DDR_PHY_WL_SEL
WRITE = <0xC0100384,0x00050002> ;DDR_PHY_WL_CTRL0
WRITE = <0xC0100380,0x00000202> ;DDR_PHY_WL_SEL
WRITE = <0xC0100384,0x00050002> ;DDR_PHY_WL_CTRL0
WRITE = <0xC0100380,0x00000203> ;DDR_PHY_WL_SEL
WRITE = <0xC0100384,0x00050002> ;DDR_PHY_WL_CTRL0
WRITE = <0xC0100380,0x00000100> ;DDR_PHY_WL_SEL
WRITE = <0xC0100388,0x00000005> ;DDR_PHY_WL_CTRL1
WRITE = <0xC010038C,0x00000002> ;DDR_PHY_WL_CTRL2
WRITE = <0xC0100380,0x00100100> ;DDR_PHY_WL_SEL
WRITE = <0xC0100388,0x00000005> ;DDR_PHY_WL_CTRL1
WRITE = <0xC010038C,0x00000000> ;DDR_PHY_WL_CTRL2
WRITE = <0xC0100380,0x00200100> ;DDR_PHY_WL_SEL
WRITE = <0xC0100388,0x00000005> ;DDR_PHY_WL_CTRL1
WRITE = <0xC010038C,0x00000002> ;DDR_PHY_WL_CTRL2
WRITE = <0xC0100380,0x00000200> ;DDR_PHY_WL_SEL
WRITE = <0xC0100388,0x00000005> ;DDR_PHY_WL_CTRL1
WRITE = <0xC010038C,0x00000002> ;DDR_PHY_WL_CTRL2
WRITE = <0xC0100380,0x00100200> ;DDR_PHY_WL_SEL
WRITE = <0xC0100388,0x00000005> ;DDR_PHY_WL_CTRL1
WRITE = <0xC010038C,0x00000000> ;DDR_PHY_WL_CTRL2
WRITE = <0xC0100380,0x00200200> ;DDR_PHY_WL_SEL
WRITE = <0xC0100388,0x00000005> ;DDR_PHY_WL_CTRL1
WRITE = <0xC010038C,0x00000002> ;DDR_PHY_WL_CTRL2
WRITE = <0xC0100160,0x00000001> ;DDR_USER_INIT_CMD0
WAIT_FOR_BIT_SET = <0xC0100008,0x00000001,0x00001000>
WRITE = <0xC0100164,0x0302003F> ;DDR_USER_INIT_CMD1
WRITE = <0xC0100164,0x03020001> ;DDR_USER_INIT_CMD1
WRITE = <0xC0100164,0x03020002> ;DDR_USER_INIT_CMD1
WRITE = <0xC0100164,0x03020003> ;DDR_USER_INIT_CMD1
WRITE = <0xC0100160,0x03001000> ;DDR_USER_INIT_CMD0
WAIT_FOR_BIT_SET = <0xC0100004,0x00000010,0x00001000>
PP_TABLEHEADER = <0xC01001C8,0xC01001CC,0xC01001C0> ;DDR_TABLEHEADER FOR PRODUCT POINT
PP_WRITE = <0x80000000,0x0002024C,0x00000000> ;Table0 for DCLK resume from stop ([email protected])
PP_WRITE = <0x20000000,0x0000024C,0x00000020> ;Table1 for DCLK resume from stop ([email protected])
PP_WRITE = <0x40000000,0x0000024C,0x00000021>
PP_WRITE = <0x80000000,0x0002024C,0x00000022>
PP_WRITE = <0x20802115,0x00000058,0x00000040> ;DDR 156MHZ table
PP_WRITE = <0x488A0065,0x00000080,0x00000041>
PP_WRITE = <0x42330155,0x00000084,0x00000042>
PP_WRITE = <0x20161612,0x00000088,0x00000043>
PP_WRITE = <0x302A643D,0x0000008C,0x00000044>
PP_WRITE = <0x20070082,0x00000090,0x00000045>
PP_WRITE = <0x00F0E49C,0x00000094,0x00000046>
PP_WRITE = <0x00004455,0x00000220,0x00000047>
PP_WRITE = <0x13300AA9,0x00000230,0x00000048>
PP_WRITE = <0x03300AA0,0x00000234,0x00000049>
PP_WRITE = <0x000000AA,0x00010238,0x0000004A>
PP_WRITE = <0x80000000,0x0000024C,0x0000004B>
PP_WRITE = <0x00000000,0x00000300,0x0000004C>
PP_WRITE = <0x00400003,0x00000304,0x0000004D>
PP_WRITE = <0x00000001,0x00000300,0x0000004E>
PP_WRITE = <0x00400003,0x00000304,0x0000004F>
PP_WRITE = <0x00000002,0x00000300,0x00000050>
PP_WRITE = <0x00400003,0x00000304,0x00000051>
PP_WRITE = <0x00000003,0x00000300,0x00000052>
PP_WRITE = <0x00400003,0x00000304,0x00000053>
PP_WRITE = <0x40000000,0x0000024C,0x00000054>
PP_WRITE = <0x00000002,0x00020068,0x00000055>
PP_WRITE = <0x00000000,0x00000000,0x00000056>
PP_WRITE = <0x20806115,0x00000058,0x00000060> ;DDR 312MHZ table
PP_WRITE = <0x4CD40065,0x00000080,0x00000061>
PP_WRITE = <0x74650295,0x00000084,0x00000062>
PP_WRITE = <0x202C2C1B,0x00000088,0x00000063>
PP_WRITE = <0x302AC47A,0x0000008C,0x00000064>
PP_WRITE = <0x200E0103,0x00000090,0x00000065>
PP_WRITE = <0x01D1C538,0x00000094,0x00000066>
PP_WRITE = <0x00004455,0x00000220,0x00000067>
PP_WRITE = <0x13300AA9,0x00000230,0x00000068>
PP_WRITE = <0x03300AA0,0x00000234,0x00000069>
PP_WRITE = <0x000000AA,0x00010238,0x0000006A>
PP_WRITE = <0x80000000,0x0000024C,0x0000006B>
PP_WRITE = <0x00000000,0x00000300,0x0000006C>
PP_WRITE = <0x00400003,0x00000304,0x0000006D>
PP_WRITE = <0x00000001,0x00000300,0x0000006E>
PP_WRITE = <0x00400003,0x00000304,0x0000006F>
PP_WRITE = <0x00000002,0x00000300,0x00000070>
PP_WRITE = <0x00400003,0x00000304,0x00000071>
PP_WRITE = <0x00000003,0x00000300,0x00000072>
PP_WRITE = <0x00400003,0x00000304,0x00000073>
PP_WRITE = <0x40000000,0x0000024C,0x00000074>
PP_WRITE = <0x00000002,0x00020068,0x00000075>
PP_WRITE = <0x00000000,0x00000000,0x00000076>
PP_WRITE = <0x20808115,0x00000058,0x00000080> ;400MHZ DDR table
PP_WRITE = <0x4CDA0065,0x00000080,0x00000081>
PP_WRITE = <0x94860345,0x00000084,0x00000082>
PP_WRITE = <0x2038381B,0x00000088,0x00000083>
PP_WRITE = <0x302AFC9C,0x0000008C,0x00000084>
PP_WRITE = <0x20110144,0x00000090,0x00000085>
PP_WRITE = <0x0242418F,0x00000094,0x00000086>
PP_WRITE = <0x00004455,0x00000220,0x00000087>
PP_WRITE = <0x13300AA9,0x00000230,0x00000088>
PP_WRITE = <0x03300AA0,0x00000234,0x00000089>
PP_WRITE = <0x000000AA,0x00010238,0x0000008A>
PP_WRITE = <0x00000000,0x00000300,0x0000008B>
PP_WRITE = <0x00000618,0x00000304,0x0000008C>
PP_WRITE = <0x00000001,0x00000300,0x0000008D>
PP_WRITE = <0x00000618,0x00000304,0x0000008E>
PP_WRITE = <0x00000002,0x00000300,0x0000008F>
PP_WRITE = <0x00000618,0x00000304,0x00000090>
PP_WRITE = <0x00000003,0x00000300,0x00000091>
PP_WRITE = <0x00000618,0x00000304,0x00000092>
PP_WRITE = <0x20000000,0x0000024C,0x00000093>
PP_WRITE = <0x40000000,0x0000024C,0x00000094>
PP_WRITE = <0x80000000,0x0000024C,0x00000095>
PP_WRITE = <0x00000002,0x00020068,0x00000096>
PP_WRITE = <0x00000000,0x00000000,0x00000097>
PP_WRITE = <0x03020001,0x00000164,0x000000E0>
PP_WRITE = <0x03020002,0x00000164,0x000000E1>
PP_WRITE = <0x03020003,0x00000164,0x000000E2>
PP_WRITE = <0x00000000,0x00020068,0x000000E3>
PP_WRITE = <0x00000000,0x00000000,0x000000E4>
End_Instructions
End_DDR_Initialization
Image_Maps
NUM_MAPS = 3
1_Image_Map_Info
1_Image_ID = 0x54494D31
1_Image_Type = PRIMARYIMAGE
1_Flash_Address_Lo = 0x0000200000
1_Flash_Address_Hi = 0x00000000
1_Partition = 0x0
1_End_Image_Map_Info
2_Image_Map_Info
2_Image_ID = 0x54494D32
2_Image_Type = RECOVERYIMAGE
2_Flash_Address_Lo = 0x0000280000
2_Flash_Address_Hi = 0x00000000
2_Partition = 0x0
2_End_Image_Map_Info
3_Image_Map_Info
3_Image_ID = 0x54494D33
3_Image_Type = CPIMAGE
3_Flash_Address_Lo = 0x0000300000
3_Flash_Address_Hi = 0x00000000
3_Partition = 0x00000000
3_End_Image_Map_Info
End_Image_Maps
End_Extended_Reserved_Data
[Image_List]
1_Image_Enable = 1
1_Image_Tim_Included = 1
1_Image_Image_ID = 0x54494D48
1_Image_Next_Image_ID = 0x4F424D49
1_Image_Path = ntim_helan_lte.bin
1_Image_Flash_Entry_Address = 0x0000000000
1_Image_Load_Address = 0xD1000000
1_Image_Type = RAW
1_Image_ID_Name = TIMH
1_Image_Erase_Size =
1_Image_Partition_Number = 1
1_Image_Size_To_CRC_in_bytes = 0
1_Image_Hash_Algorithm_ID = SHA-160
1_Image_Image_Size_To_Hash_in_bytes = 0xFFFFFFFF
2_Image_Enable = 1
2_Image_Tim_Included = 1
2_Image_Image_ID = 0x4F424D49
2_Image_Next_Image_ID = 0x50475054
2_Image_Path = obm.bin
2_Image_Flash_Entry_Address = 0x0000020000
2_Image_Load_Address = 0xD1002000
2_Image_Type = RAW
2_Image_ID_Name = OBMI
2_Image_Erase_Size =
2_Image_Partition_Number = 1
2_Image_Size_To_CRC_in_bytes = 0
2_Image_Hash_Algorithm_ID = SHA-160
2_Image_Image_Size_To_Hash_in_bytes = 0xFFFFFFFF
3_Image_Enable = 1
3_Image_Tim_Included = 0
3_Image_Image_ID = 0x50475054
3_Image_Next_Image_ID = 0x52424C49
3_Image_Path = primary_gpt_4g
3_Image_Flash_Entry_Address = 0x0000000000
3_Image_Load_Address = 0xFFFFFFFF
3_Image_Type = RAW
3_Image_ID_Name = PGPT
3_Image_Erase_Size =
3_Image_Partition_Number = 0
3_Image_Size_To_CRC_in_bytes = 0
3_Image_Hash_Algorithm_ID =
3_Image_Image_Size_To_Hash_in_bytes =
4_Image_Enable = 0
4_Image_Tim_Included = 0
4_Image_Image_ID = 0x52424C49
4_Image_Next_Image_ID = 0x4F534C52
4_Image_Path = ReliableData.bin
4_Image_Flash_Entry_Address = 0x0000080000
4_Image_Load_Address = 0xFFFFFFFF
4_Image_Type = RAW
4_Image_ID_Name = RBLI
4_Image_Erase_Size =
4_Image_Partition_Number = 0
4_Image_Size_To_CRC_in_bytes = 0
4_Image_Hash_Algorithm_ID =
4_Image_Image_Size_To_Hash_in_bytes =
5_Image_Enable = 1
5_Image_Tim_Included = 3
5_Image_Image_ID = 0x4F534C52
5_Image_Next_Image_ID = 0x5A494D52
5_Image_Path = u-boot.bin
5_Image_Flash_Entry_Address = 0x0000400000
5_Image_Load_Address = 0x09000000
5_Image_Type = RAW
5_Image_ID_Name = OSLR
5_Image_Erase_Size = 0x00100000
5_Image_Partition_Number = 0
5_Image_Size_To_CRC_in_bytes = 0
5_Image_Hash_Algorithm_ID = SHA-160
5_Image_Image_Size_To_Hash_in_bytes = 0xFFFFFFFF
6_Image_Enable = 1
6_Image_Tim_Included = 0
6_Image_Image_ID = 0x5A494D52
6_Image_Next_Image_ID = 0x4F534C4F
6_Image_Path = recovery.img
6_Image_Flash_Entry_Address = 0x0000500000
6_Image_Load_Address = 0x01400000
6_Image_Type = RAW
6_Image_ID_Name = ZIMR
6_Image_Erase_Size =
6_Image_Partition_Number = 0
6_Image_Size_To_CRC_in_bytes = 0
6_Image_Hash_Algorithm_ID = SHA-160
6_Image_Image_Size_To_Hash_in_bytes = 0xFFFFFFFF
7_Image_Enable = 1
7_Image_Tim_Included = 2
7_Image_Image_ID = 0x4F534C4F
7_Image_Next_Image_ID = 0x5A494D47
7_Image_Path = u-boot.bin
7_Image_Flash_Entry_Address = 0x0000F00000
7_Image_Load_Address = 0x09000000
7_Image_Type = RAW
7_Image_ID_Name = OSLO
7_Image_Erase_Size = 0x00100000
7_Image_Partition_Number = 0
7_Image_Size_To_CRC_in_bytes = 0
7_Image_Hash_Algorithm_ID = SHA-160
7_Image_Image_Size_To_Hash_in_bytes = 0xFFFFFFFF
8_Image_Enable = 1
8_Image_Tim_Included = 0
8_Image_Image_ID = 0x5A494D47
8_Image_Next_Image_ID = 0x53595359
8_Image_Path = boot.img
8_Image_Flash_Entry_Address = 0x0001000000
8_Image_Load_Address = 0x00107FC0
8_Image_Type = RAW
8_Image_ID_Name = ZIMG
8_Image_Erase_Size =
8_Image_Partition_Number = 0
8_Image_Size_To_CRC_in_bytes = 0
8_Image_Hash_Algorithm_ID = SHA-160
8_Image_Image_Size_To_Hash_in_bytes = 0xFFFFFFFF
9_Image_Enable = 1
9_Image_Tim_Included = 0
9_Image_Image_ID = 0x53595359
9_Image_Next_Image_ID = 0x41524249
9_Image_Path = system.img
9_Image_Flash_Entry_Address = 0x0002000000
9_Image_Load_Address = 0xFFFFFFFF
9_Image_Type = SPARSE
9_Image_ID_Name = SYSY
9_Image_Erase_Size =
9_Image_Partition_Number = 0
9_Image_Size_To_CRC_in_bytes = 0
9_Image_Hash_Algorithm_ID =
9_Image_Image_Size_To_Hash_in_bytes =
10_Image_Enable = 1
10_Image_Tim_Included = 4
10_Image_Image_ID = 0x41524249
10_Image_Next_Image_ID = 0x47524249
10_Image_Path = HL_LTG_DL_DKB.bin
10_Image_Flash_Entry_Address = 0x0034A00000
10_Image_Load_Address = 0xFFFFFFFF
10_Image_Type = RAW
10_Image_ID_Name = ARBI
10_Image_Erase_Size =
10_Image_Partition_Number = 0
10_Image_Size_To_CRC_in_bytes = 0
10_Image_Hash_Algorithm_ID = SHA-160
10_Image_Image_Size_To_Hash_in_bytes = 0xFFFFFFFF
11_Image_Enable = 1
11_Image_Tim_Included = 4
11_Image_Image_ID = 0x47524249
11_Image_Next_Image_ID = 0x52464249
11_Image_Path = HL_DL_M09_Y0_AI_SKL_Flash.bin
11_Image_Flash_Entry_Address = 0x0035500000
11_Image_Load_Address = 0xFFFFFFFF
11_Image_Type = RAW
11_Image_ID_Name = GRBI
11_Image_Erase_Size =
11_Image_Partition_Number = 0
11_Image_Size_To_CRC_in_bytes = 0
11_Image_Hash_Algorithm_ID = SHA-160
11_Image_Image_Size_To_Hash_in_bytes = 0xFFFFFFFF
12_Image_Enable = 1
12_Image_Tim_Included = 4
12_Image_Image_ID = 0x52464249
12_Image_Next_Image_ID = 0x4E564D49
12_Image_Path = Skylark_LTG.bin
12_Image_Flash_Entry_Address = 0x00359C0000
12_Image_Load_Address = 0xFFFFFFFF
12_Image_Type = RAW
12_Image_ID_Name = RFBI
12_Image_Erase_Size =
12_Image_Partition_Number = 0
12_Image_Size_To_CRC_in_bytes = 0
12_Image_Hash_Algorithm_ID = SHA-160
12_Image_Image_Size_To_Hash_in_bytes = 0xFFFFFFFF
13_Image_Enable = 1
13_Image_Tim_Included = 0
13_Image_Image_ID = 0x4E564D49
13_Image_Next_Image_ID = 0x55535259
13_Image_Path = nvm.img
13_Image_Flash_Entry_Address = 0x0036A00000
13_Image_Load_Address = 0xFFFFFFFF
13_Image_Type = SPARSE
13_Image_ID_Name = NVMI
13_Image_Erase_Size =
13_Image_Partition_Number = 0
13_Image_Size_To_CRC_in_bytes = 0
13_Image_Hash_Algorithm_ID =
13_Image_Image_Size_To_Hash_in_bytes =
14_Image_Enable = 1
14_Image_Tim_Included = 0
14_Image_Image_ID = 0x55535259
14_Image_Next_Image_ID = 0x53475054
14_Image_Path = userdata_4g.img
14_Image_Flash_Entry_Address = 0x0059A00000
14_Image_Load_Address = 0xFFFFFFFF
14_Image_Type = SPARSE
14_Image_ID_Name = USRY
14_Image_Erase_Size =
14_Image_Partition_Number = 0
14_Image_Size_To_CRC_in_bytes = 0
14_Image_Hash_Algorithm_ID =
14_Image_Image_Size_To_Hash_in_bytes =
15_Image_Enable = 1
15_Image_Tim_Included = 0
15_Image_Image_ID = 0x53475054
15_Image_Next_Image_ID = 0x54494D31
15_Image_Path = secondary_gpt_4g
15_Image_Flash_Entry_Address = 0xFFFFFFFFFF
15_Image_Load_Address = 0xFFFFFFFF
15_Image_Type = RAW
15_Image_ID_Name = SGPT
15_Image_Erase_Size =
15_Image_Partition_Number = 0
15_Image_Size_To_CRC_in_bytes = 0
15_Image_Hash_Algorithm_ID =
15_Image_Image_Size_To_Hash_in_bytes =
I thought we may be able to edit the files and create a flashable file for this program. I initially attempted to edit the .blf file to flash backup images I have gathered from a working QTAQZ3 (running 4.2.2). The flash caused the program to crash with no results. I then attempted to flash the blf file for the HS X8T (likely not advised, but the tablet is already broken, so it was worth a shot). This flash actually responded with program errors and output this log here:
Code:
Getting type of Device
Get Device Type
---
Platform ready status: 0
Getting Version...
---
Platform ready status: 0
Version: 3307
Date: 1152013
Processor: HEL4E
Version: 3307
Date: 01152013
Processor: HELN
Open an BootLoader Device
Get type of device successfully
Enter BootLoader Thread
Enter WTPTPDownload
Begin ParseTim
ParseTim opened TIM file: C:\Users\nehem\Downloads\ONTIM_Marvell_MultiDL 1.3.0.61\temp\FBF_Ntimheader.bin, 54494D48
Number of Images listed in TIM: 2
TIM image ID list:
Begin OpenUsbPort
Original Preamble Mode
Begin DownloadImage:
---
Platform ready status: 0
DownLoading file: C:\Users\nehem\Downloads\ONTIM_Marvell_MultiDL 1.3.0.61\temp\FBF_Ntimheader.bin
---
Platform ready status: 0
Return flag in Dataheader CMD: 4,FDSwitch is 1
*******NOTE:: Fast Download is NOW activated!
uiRemainingBytes is 0....
Last Data
ReadDownloadFileThread return....
Read USB in data command
Download data finished
---
Platform ready status: 0
Begin DownloadImage:
Sending Preamble...
---
Platform ready status: 0
Getting Version...
---
Platform ready status: 0
Version: 3307
Date: 1152013
Processor: HEL4E
---
Platform ready status: 0
DownLoading file: C:\Users\nehem\Downloads\ONTIM_Marvell_MultiDL 1.3.0.61\temp\FBF_h.bin
Return flag in Dataheader CMD: 4,FDSwitch is 1
*******NOTE:: Fast Download is NOW activated!
uiRemainingBytes is 681132032....
ReadDownloadFileThread return....
Last Data
Read USB in data command
Download data finished
---
Platform ready status: 0
Enter Burning flash....
WTPTP Notification: Platform is busy 0x1
WTPTP Notification: Platform is busy ,Notification code is :0x1
WTPTP Error: InvalidSecureBootMethodError : Errorcode is 0x63
GetWtpMessage failed
Abnormal Termination in BootLoader
close BootLoader USB handle
BootLoader Thread Completed!
I'm really hoping that someone with the right knowledge might be able to decipher what's going on here.
Link for flash tool: https://drive.google.com/file/d/1Gb_erExHXMmEzWHl01qRxUdCuX_ggSQj/view?usp=sharing

njmcinty said:
I've done some digging around to look for flash tools for devices that use Marvell processors. This tablet uses the Marvell PXA1088LTE. I found a download tool that is supposed to be for Marvell devices, but I've never used anything quite like it before. I've included a link to the package below. Upon installing the drivers, I was able to get my computer to recognize the device as a WTPTP device with a PXA1088 processor.
Click to expand...
Click to collapse
Good idea/good work on this. I hadn't thought to look for a flash tool for similar devices (though I haven't tried all that hard to unbrick my tablet).
The flash tool, however, uses .blf files that I've never seen before. I downloaded some firmware for a device (HiSense X8T) with the same processor as our device.
Click to expand...
Click to collapse
Can you share the link to this firmware?
I found that the program MATLAB was the only program I have access to that was able to read .blf files. The .blf for this other device looks like this inside:
Code:
Boot_Flash_Signature = 0x4D4D4308
Processor_Type = PXA1920
OEM_UniqueID = 0x4f524312
Issue_Date = 0x20130115
Version = 0x00030400
Click to expand...
Click to collapse
It's likely just a plaintext file - just a coincidence that MATLAB wanted to digest it without complaining (guessing this is on Windows?). Anyway, it looks like it just specifies how/where to load the various images contained in the firmware you downloaded. It is may be possible to hack it to work with different firmware, but I'm worried a bit about the bits that I snipped out from above - if that Boot_Flash_Signature or the UniqueID is generated from something that is flashed on the device, it might be difficult/impossible to hack a file that will play nice with the QTAQZ3.
I initially attempted to edit the .blf file to flash backup images I have gathered from a working QTAQZ3 (running 4.2.2).
Click to expand...
Click to collapse
Do you have those backup files available? Those will be necessary in order to figure out how to hack up the blf file to properly flash the image (if that is indeed possible).
I then attempted to flash the blf file for the HS X8T (likely not advised, but the tablet is already broken, so it was worth a shot). This flash actually responded with program errors and output this log here:
Code:
Enter Burning flash....
WTPTP Notification: Platform is busy 0x1
WTPTP Notification: Platform is busy ,Notification code is :0x1
WTPTP Error: InvalidSecureBootMethodError : Errorcode is 0x63
GetWtpMessage failed
Abnormal Termination in BootLoader
close BootLoader USB handle
BootLoader Thread Completed!
Click to expand...
Click to collapse
This is somewhat promising, in that it looks like it attempted to flash, but that the system was busy. Was your device spinning at the Verizon boot screen, or sitting at the Factory Reset menu that you get when you power on while holding the volume button? If it was actually trying to boot (i.e. sitting at the Verizon screen) then that may be why this returned busy.

I must say, I never expected to hear back from anyone of this post. By now, if anyone was really that attached to their old verizon tablet, they could have bought another off ebay for $30. Nevertheless, it is nice to see there is another person who hasn't COMPLETELY given up hope on their device.
Can you share the link to this firmware?
Click to expand...
Click to collapse
Yes, eventually. It's actually on my old computer at my parent's house. I thought I had it backed-up on my OneDrive, but I do not. I'll be visiting again shortly, so I will grab it then and upload it. I would share the link to the site I originally downloaded it from, but my feverous googling escapade is no longer in my retrievable browser history.
It is may be possible to hack it to work with different firmware, but I'm worried a bit about the bits that I snipped out from above - if that Boot_Flash_Signature or the UniqueID is generated from something that is flashed on the device, it might be difficult/impossible to hack a file that will play nice with the QTAQZ3.
Click to expand...
Click to collapse
Completely valid concerns. I remember there being another device that used a similar hardware set (HP CoolPad or something, found firmware repair videos on YouTube). In the videos, people were using the same flash tool, with very similar files. The blf file from the two devices only had minor differences (eMMc size, RAM... ) if I recall correctly. If interested, I can look into those videos again. I may have made a spreadsheet at some point indicating differences in the two, but I'll have to look for it. To address your concern, I cannot recall if these identifiers were the same or different.
Do you have those backup files available?
Click to expand...
Click to collapse
Same answer as above, I'll grab them next time I am home. I can't recall what method I used to pull them, but I remember it being a pain with this device, so I hope the images I have are valid. If not, With guidance, I may be able to acquire more as I still have the working tablet.
Was your device spinning at the Verizon boot screen, or sitting at the Factory Reset menu that you get when you power on while holding the volume button?
Click to expand...
Click to collapse
Interesting question, more interesting answer: neither. If I recall correctly, to get to the stock recovery on this device, you held power and volume up. To get the device to be recognized as the WTPTP device, I had to either hold the volume down button and plug in the USB OR hold the power and the volume down, then plug in USB. Both of these may have worked, but my memory fails me. The device screen did not light up or change when I entered this mode. There was only a chime on my PC indicating a device was connected, and a listing for WTPTP device in Device Manager.
I'll work on getting the requested files, but until then, it may be helpful for me to review what I've done already. I also found some GitHub pages from that mention these devices or similar ones.
https://github.com/android-Marvell: This may contain helpful tools. I may have tried playing around with this, but I'm not a programmer and barely know what GitHub is lol.
https://github.com/jonthn4411/aabs: This is a fork of another page I found that appears to be gone know. Has information that looks like it might relate to our SoC.
PS: According to this press briefing, it looks like our SoC (PXA1088LTE) is commonly called PXA1920, so if you see any differences, this may be why.

njmcinty said:
I must say, I never expected to hear back from anyone of this post. By now, if anyone was really that attached to their old verizon tablet, they could have bought another off ebay for $30. Nevertheless, it is nice to see there is another person who hasn't COMPLETELY given up hope on their device.
Click to expand...
Click to collapse
I have been periodically checking for new info on this thing since I softbricked it in 2017 - this is the only actual promising thread I've seen the whole time... Unfortunately, I recently moved and can't locate my bricked tablet right now - honestly I may have thrown it away during the move because I've burned so much time trying to fix it. If I don't end up finding it, I'll likely burn $30+ to grab a couple non-bricked ones to play with (they weren't nearly that cheap/readily available when I bricked mine, IIRC). At this point I'm willing to shell out the cash just to claim victory over the stupid thing.
Yes, eventually. It's actually on my old computer at my parent's house. I thought I had it backed-up on my OneDrive, but I do not. I'll be visiting again shortly, so I will grab it then and upload it. I would share the link to the site I originally downloaded it from, but my feverous googling escapade is no longer in my retrievable browser history.
...
Same answer as above, I'll grab them next time I am home. I can't recall what method I used to pull them, but I remember it being a pain with this device, so I hope the images I have are valid. If not, With guidance, I may be able to acquire more as I still have the working tablet.
Click to expand...
Click to collapse
Sounds good - no rush obviously (doubt anybody else cares at this point), but it would be good to have a valid image/descriptor file to try to tear apart.
Completely valid concerns. I remember there being another device that used a similar hardware set (HP CoolPad or something, found firmware repair videos on YouTube). In the videos, people were using the same flash tool, with very similar files. The blf file from the two devices only had minor differences (eMMc size, RAM... ) if I recall correctly. If interested, I can look into those videos again. I may have made a spreadsheet at some point indicating differences in the two, but I'll have to look for it. To address your concern, I cannot recall if these identifiers were the same or different.
Click to expand...
Click to collapse
The videos could certainly be helpful. Let me know if you find those. Even if those fields are somehow generated from something on the device, we might be able to coax the flash tool into divulging the information we need - it has to know where to find the stuff, after all.
Interesting question, more interesting answer: neither. If I recall correctly, to get to the stock recovery on this device, you held power and volume up. To get the device to be recognized as the WTPTP device, I had to either hold the volume down button and plug in the USB OR hold the power and the volume down, then plug in USB. Both of these may have worked, but my memory fails me. The device screen did not light up or change when I entered this mode. There was only a chime on my PC indicating a device was connected, and a listing for WTPTP device in Device Manager.
Click to expand...
Click to collapse
Good to know! The flash failing with "device busy" makes me want to think the device wasn't in the correct state or something, but, depending on the complexity of the executable (and my ability to remember how to live-debug on Windows) we might be able to glean some more information about what's going on by tearing into the flashing program.
I'll work on getting the requested files, but until then, it may be helpful for me to review what I've done already. I also found some GitHub pages from that mention these devices or similar ones.
<URL removed>: This may contain helpful tools. I may have tried playing around with this, but I'm not a programmer and barely know what GitHub is lol.
Click to expand...
Click to collapse
Well, you seem to be more capable than many who dabble with this stuff, so I'd take that as a point of pride, despite not being a programmer I'm quite well acquainted with banging on low-level hardware stuff, so hopefully with a little more research and hackery we can get closer to a solution.
<URL removed>: This is a fork of another page I found that appears to be gone know. Has information that looks like it might relate to our SoC.
PS: According to <URL removed> press briefing, it looks like our SoC (PXA1088LTE) is commonly called PXA1920, so if you see any differences, this may be why.
Click to expand...
Click to collapse
Cool - I'll take a look at those, and maybe get a couple tablets ordered. Even if I can't get a bricked one (odd to think about wanting a bricked tablet), having a working one could very well lead to a way to unbrick them. I wish I'd seen this thread back in January, because I certainly would've kept better track of the tablet if I had
---------- Post added at 05:04 PM ---------- Previous post was at 04:39 PM ----------
If I don't end up finding it, I'll likely burn $30+ to grab a couple non-bricked ones to play with (they weren't nearly that cheap/readily available when I bricked mine, IIRC). At this point I'm willing to shell out the cash just to claim victory over the stupid thing.
Click to expand...
Click to collapse
Just ordered two tablets - one working, one with a boot loop. They were depressingly close in price for the one being damaged and non-working, but whatever. If I defeat the thing it will be worth it.

njmcinty said:
I have a QTAQZ3 currently running 4.2.2. I captured the OTA url and downloaded an update bin file. I'm not exactly sure how bins compare to flashable zips, nor do I know what to do with a bin file. It seems as though this file has been hard to come by. I am hoping that by posting it, someone with the right know-how can help us fix all these bricked tablets.
https://drive.google.com/open?id=1LmyrA3eGcVL3sCMB3okBdsoqA0Gv5RZE
Click to expand...
Click to collapse
Hi there. I'm new. Great post and questions. I too have bricked my tablet and trying to find resolution. I just downloaded your bin file. Thank you so much. Can you provide a site or pdf instruction on how to install on my tablet.

TheJokerscousin said:
Can you provide a site or pdf instruction on how to install on my tablet.
Click to expand...
Click to collapse
Unfortunately, if you look closely at the previous replies, we haven't figured out a way to install the OTA update binary onto a bricked tablet - in fact, I'm not sure if there is one. I've been waiting for the full backup that njmcinty mentioned, but they haven't gotten back about that yet. I do have a functional tablet available, along with 2 bricked ones to test on. I haven't taken the time yet to try to back up my functional one as I believe the process to do so could lead to it being bricked as well...

bxlentpartyon said:
Unfortunately, if you look closely at the previous replies, we haven't figured out a way to install the OTA update binary onto a bricked tablet - in fact, I'm not sure if there is one. I've been waiting for the full backup that njmcinty mentioned, but they haven't gotten back about that yet. I do have a functional tablet available, along with 2 bricked ones to test on. I haven't taken the time yet to try to back up my functional one as I believe the process to do so could lead to it being bricked as well...
Click to expand...
Click to collapse
Thank you. I apologize but The thread was long and I just signed up. If I come across anything I'll post. Thanks again.

Thank you @TheJokerscousin! This was the bump I needed to get these files uploaded. Sorry for the delay, I grabbed them and just never got around to uploading them! I'll include the link below. If there are any other files necessary, there's a chance I missed something, but I can add it to the upload. Sounds like we may have company as far as people interested in fixing these tablets. I'm going to try and look through my earlier notes to see if I can pick up where I left off months ago....
14.92 GB folder on MEGA
20 files
mega.nz

Thanks for uploading this! I'm downloading it now, hopefully it will prove useful.
FYI, I hadn't looked at this stuff in a while, but I did hack around a bit on Friday and I have a couple ideas (or starts at ideas, at least) to try to get a backup or OTA update flashed to the device.
I'm busy today, but I'll try and come back and list the stuff I did try, and what progress I make (if any) at some point later this week.

I may try an organize some of those files a little more cleanly. When I grabbed them, I just started dragging and dropping. The mess may be a little hard to navigate. One thing I am still looking for is a firmware I have for a device (HS-X8T). I should have it soon, and I'll add it to the drop. If I recall correctly, that Lenovo A788T device, who's firmware I included in the dump, uses the same processor as well.

No worries on the organization - I can tell what's what for the most part. I played with this a lot yesterday, and was able to get the phone tablet recognized on a Windows machine that I cobbled together, but I couldn't get the Marvell flash program to detect the phone tablet.
The Windows machine I was using totally sucks, so it was painful to try to troubleshoot the issue further. I'm gonna set up a better one this weekend and hopefully learn a little bit more.
Thanks again for providing the files. Maybe with another hundred or so hours of effort we'll be able to save a few people $30, haha.

bxlentpartyon said:
No worries on the organization - I can tell what's what for the most part. I played with this a lot yesterday, and was able to get the phone tablet recognized on a Windows machine that I cobbled together, but I couldn't get the Marvell flash program to detect the phone tablet.
The Windows machine I was using totally sucks, so it was painful to try to troubleshoot the issue further. I'm gonna set up a better one this weekend and hopefully learn a little bit more.
Thanks again for providing the files. Maybe with another hundred or so hours of effort we'll be able to save a few people $30, haha.
Click to expand...
Click to collapse
Any progress? I'm a bit out of my depth but obviously have the same issue. It's not a disaster if this never gets resolved as mentioned but it's always alluring when something is broken that needs fixed like this.

UmpquaRiver said:
Any progress? I'm a bit out of my depth but obviously have the same issue. It's not a disaster if this never gets resolved as mentioned but it's always alluring when something is broken that needs fixed like this.
Click to expand...
Click to collapse
I had played with this quite a bit a couple weeks ago, but I sort of hit a wall. I was able to get the Marvell flash tool that you provided to recognize my tablet and attempt to flash it, but I ended up hitting the exact same error that you were seeing (not super surprising).
After doing some investigation, I think that the error occurs because the flash tool sees that the previous boot had failed, so it considers the tablet to be in an invalid state for flashing. I gathered this from a Marvell document written about a similar SOC to the one used in the tablets in question.
Anyway, at this point, I think this is going to require some more significant hackery to get working. We either need to somehow trick the tool into thinking that the tablet is in a valid state (which may not even work), or we need to somehow get the tablet to write a valid boot state to its NVRAM, which would hopefully achieve the same effect. I'm writing this off the top of my head, so my wording/terminology might not be dead on. The point is, tablets stuck in a boot loop don't appear to want to flash with this tool, at least not without banging on them to some degree.
I haven't given up on this, but I also haven't had any time to work on it recently. I've got some ideas on how to move forward, but they involve tearing apart the flash tool binary and trying to get an idea of how it works, which is apparently fairly difficult on Windows. I'm pretty skilled at this sort of thing on Linux, but there seem to be very few freely available tools for this kind of stuff on Windows, and many of them are clunky, at best... I'm going to try to spend some time on this again sometime soon.

bxlentpartyon said:
I had played with this quite a bit a couple weeks ago, but I sort of hit a wall. I was able to get the Marvell flash tool that you provided to recognize my tablet and attempt to flash it, but I ended up hitting the exact same error that you were seeing (not super surprising).
After doing some investigation, I think that the error occurs because the flash tool sees that the previous boot had failed, so it considers the tablet to be in an invalid state for flashing. I gathered this from a Marvell document written about a similar SOC to the one used in the tablets in question.
Anyway, at this point, I think this is going to require some more significant hackery to get working. We either need to somehow trick the tool into thinking that the tablet is in a valid state (which may not even work), or we need to somehow get the tablet to write a valid boot state to its NVRAM, which would hopefully achieve the same effect. I'm writing this off the top of my head, so my wording/terminology might not be dead on. The point is, tablets stuck in a boot loop don't appear to want to flash with this tool, at least not without banging on them to some degree.
I haven't given up on this, but I also haven't had any time to work on it recently. I've got some ideas on how to move forward, but they involve tearing apart the flash tool binary and trying to get an idea of how it works, which is apparently fairly difficult on Windows. I'm pretty skilled at this sort of thing on Linux, but there seem to be very few freely available tools for this kind of stuff on Windows, and many of them are clunky, at best... I'm going to try to spend some time on this again sometime soon.
Click to expand...
Click to collapse
Any progress on this tablet?
I have the QTAZ3 and it's boot looped

Hello? Sorry plz, i not very good speak eng.. But, Have you made any progress in your search? It's just that there was also a problem that the above tablet simply does not pull version 5.1. So I was redirected here, from the 4PDA site. So I need at least a firmware version 4.4.4. Is there such a..?