Hello. To whoever who has blew up the IMEI's on their Moto G by command "fastboot erase all". Please note i have not yet found the solution but am working on it. I need help. Here is the status:
1. PDS partition does not determine IMEI!
As you know PDS is actually at /dev/block/mmcblk0p26 or /dev/block/platform/msm_sdc.1/by-name/pds. When the phone boot it mounts this partition at /pds. After blowng up my IMEI, this partition was still mounting at /pds and had data untouched in it. So this partition is really not important. Also i read on another thread, people with backup also cud not restore their IMEI.
2.When giving command "fastboot erase all", the following partitions are erased, potential IMEI storage locations:
a. hob (located at /dev/block/platform/msm_sdcc.1/by-name/hob)
b. dhob (located at /dev/block/platform/msm_sdcc.1/by-name/dhob)
c. fsc (located at /dev/block/platform/msm_sdcc.1/by-name/fsc)
There are other partitions erased as well such as fsg,modemst1, modemst2 etc. But these partitions are restored when we flash stock ROM. So they can be took out of picture.
3. What i need help with
Now i tried to determine the file system of hob,dhob,pds and fsc but was unable to find it. Tried to format these with "make_ext4fs", no luck. Now i need some one who has rooted Moto G with intact IMEI who can extract and send these partitions so that i can test accordingly.
I am sorry there is no solution here till now, but i am trying my best to convert this "tablet" back into phone.
Thanks.
UPDATE
skyguy126 has worked really hard on this thing and is near achieving the result. Any help is greatly needed. Thanks. Please check his posts to get you up to date.
Click to expand...
Click to collapse
DISCLAIMER
Changing or messing up with IMEI may be banned in your area or country of residence. Please check with your local regulations before attempting to modify the IMEI and related information of your phone. I take no responsibility whatsoever for your attempts to change any such information. This thread does not support in anyway to deliberately modify the identity of the phone. But we do to try and recover any lost information. Thanks.
Click to expand...
Click to collapse
Filesystem info:
/dev/block/platform/msm_sdc.1/by-name/pds = ext3
/dev/block/platform/msm_sdcc.1/by-name/hob = unknown, not mounted
/dev/block/platform/msm_sdcc.1/by-name/dhob = unknown, not mounted
/dev/block/platform/msm_sdcc.1/by-name/fsc = unknown, not mountedIt's possible those partitions are mounted and unmounted during bootup.
I did try mounting them: http://forum.xda-developers.com/showthread.php?t=1012622
More partition tools here: http://forum.xda-developers.com/showthread.php?t=520582
lost101 said:
Filesystem info:
/dev/block/platform/msm_sdc.1/by-name/pds = ext3
/dev/block/platform/msm_sdcc.1/by-name/hob = unknown, not mounted
/dev/block/platform/msm_sdcc.1/by-name/dhob = unknown, not mounted
/dev/block/platform/msm_sdcc.1/by-name/fsc = unknown, not mountedIt's possible those partitions are mounted and unmounted during bootup.
I did try mounting them: http://forum.xda-developers.com/showthread.php?t=1012622
More partition tools here: http://forum.xda-developers.com/showthread.php?t=520582
Click to expand...
Click to collapse
Ok lost101, thats great info.. So right now there is no way to read those hob,dhob and fsc partitions. Another dead end possibly. I tried with parted also, they are unreadable.
UPDATE I managed to format hob to ext2. Possibly its filesystem?(Need confirmation). Though dhob could not be formatted. Reason: "Too small 524"
Unsure if it's at all helpful, but here are the file-sizes of the partitions.
I'm also interested to know where the bootloader is stored. When flashing motoboot.img the command is: fastboot motoboot motoboot.img - so specifying the destination as a partition called 'motoboot.' But it would appear this partition is only available in fastboot mode, unless it's merely a pointer for /dev/block/platform/msm_sdcc.1/by-name/sbl1.
EDIT: Obviously not 'sbl1' since motoboot.img is almost 2mb.
lost101 said:
Unsure if it's at all helpful, but here are the file-sizes of the partitions.
I'm also interested to know where the bootloader is stored. When flashing motoboot.img the command is: fastboot motoboot motoboot.img - so specifying the destination as a partition called 'motoboot.' But it would appear this partition is only available in fastboot mode, unless it's merely a pointer for /dev/block/platform/msm_sdcc.1/by-name/sbl1.
EDIT: Obviously not 'sbl1' since motoboot.img is almost 2mb.
Click to expand...
Click to collapse
Yes i tried to erase moto boot: permission denied. Meanwhile i was taking a look on all init files in /etc. There's this file init.mmi.rc. It mounts /fsg and /persist, but sets permission to 0660 exactly to partitions we are pursuing i.e (hob,dhob). Following is the specific command:
exec /system/bin/chown -L root:radio /dev/block/platform/msm_sdcc.1/by-name/hob
exec /system/bin/chown -L root:radio /dev/block/platform/msm_sdcc.1/by-name/dhob
Its defining permission for root and "radio". And why does radio need to access hob and dhob? For IMEI?(Just a guess).
Also maybe radio then sets the baseband accordingly after reading hob and dhob. Because all those with 0 IMEI's have baseband version with 00y,01y at the end instead of 00R or 01P. Why is that? Even after flashing 01P baseband, it was still showing 01y. What does 01y signify? Please look into it if u have time. I am continously working. Hope we reach somewhere.
Another weird thing is that Via fast boot imei is correctly showed then when phone boots is 0
Confirm about baseband. Tried everything still 00y
I tried also flashing pds from a working moto g with no luck
@TeamMex has stated that the Bootloader (BL) is stored in a partition "untouchable by user." It would appear there is no way to make an .img dump (and flash it back via fastboot or other means) as a way to downgrade BL version. Currently the only way to flash to that partition is in BL mode - unless some other tools exist? I have not explored 'BP Tools' and 'QCOM' options on BL screen.
I would assume the same may not be true for IMEI, since that information (partition) is accessible at all times.
lost101 said:
@TeamMex has stated that the Bootloader (BL) is stored in a partition "untouchable by user." It would appear there is no way to make an .img dump (and flash it back via fastboot or other means) as a way to downgrade BL version. Currently the only way to flash to that partition is in BL mode - unless some other tools exist? I have not explored 'BP Tools' and 'QCOM' options on BL screen.
I would assume the same may not be true for IMEI, since that information (partition) is accessible at all times.
Click to expand...
Click to collapse
Some info relatd with Imei have part in PDS if you cant mount pds baseband are unrecognized and not (IMEI, not baseband, not signal, not serial number,not mac adress, etc...) You can think of it as that is a bridge connecting the software to the hardware, to recognize the serial, imei etc.
You can make backup of pds using TWRP
PS: All custom rom (Not stock ) have a fake PDS
PS2: OP
Bad bad bad , have you erased the rom (the one with the sensitive information from your phone)
You never make a fastboot erase all :| NEVER
now you can't obtain anymore your imei [Maybe if you send your phone to motorola they can repair it.)
Edit:
More info
/dev/block/platform/msm_sdcc.1/by-name/hob = unknown, not mounted <-- RAM related
/dev/block/platform/msm_sdcc.1/by-name/dhob = unknown, not mounted <-- not idea
/dev/block/platform/msm_sdcc.1/by-name/fsc = unknown, not mounted <-- not idea too
cheer.s
I have suggested the 'IMEI Backup Script' include other partitions: http://forum.xda-developers.com/showthread.php?p=56454537
@TeamMex, do you think with all those partitions backed up, someone could recover from 'fastboot erase all'?
lost101 said:
I have suggested the 'IMEI Backup Script' include other partitions: http://forum.xda-developers.com/showthread.php?p=56454537
@TeamMex, do you think with all those partitions backed up, someone could recover from 'fastboot erase all'?
Click to expand...
Click to collapse
Nope, he can't recover it.
you can't recover information only touchable via fastboot.
you can recover that info only if you have a some issues related with the PDS making a new rom
but if you make erase all you can't recover it.
Belive me I'm try to recover that info on moto G of friend.
TeamMex said:
Nope, he can't recover it.
you can't recover information only touchable via fastboot.
you can recover that info only if you have a some issues related with the PDS making a new rom
but if you make erase all you can't recover it.
Belive me I'm try to recover that info on moto G of friend.
Click to expand...
Click to collapse
Bummer. I guess that's the end of the story.
Return To Manufacturer (RTM) is the only solution for: fastboot erase all.
surfino said:
Another weird thing is that Via fast boot imei is correctly showed then when phone boots is 0
Confirm about baseband. Tried everything still 00y
I tried also flashing pds from a working moto g with no luck
Click to expand...
Click to collapse
Hello surfino. As i said earlier PDS is not important. That doesnt help with IMEI 0 problem. You can move on from that. But one thing. Did you "fastboot erase all" your Moto G? Because my IMEI is not displayed in fastboot. You can help by figuring out way to read hob and dhob partitions. They are most suspected to contain IMEI data. HOB and DHOB are at /dev/block/platform/msm_sdcc.1/by-name/hob and /dev/block/platform/msm_sdcc.1/by-name/dhob.
Thankyou.
lost101 said:
@TeamMex has stated that the Bootloader (BL) is stored in a partition "untouchable by user." It would appear there is no way to make an .img dump (and flash it back via fastboot or other means) as a way to downgrade BL version. Currently the only way to flash to that partition is in BL mode - unless some other tools exist? I have not explored 'BP Tools' and 'QCOM' options on BL screen.
I would assume the same may not be true for IMEI, since that information (partition) is accessible at all times.
Click to expand...
Click to collapse
I used BP Tools with QC Diag Driver and read NV partitions. Too bad. I tried to write NV #550 supposedly IMEI field, but to no avail. It seems Moto G does not support writing IMEI like that. Tried same with DFS. It gave BAD_PARAMETER error, meaning NV partition does not support inserting IMEI with that method.
TeamMex said:
Some info relatd with Imei have part in PDS if you cant mount pds baseband are unrecognized and not (IMEI, not baseband, not signal, not serial number,not mac adress, etc...) You can think of it as that is a bridge connecting the software to the hardware, to recognize the serial, imei etc.
You can make backup of pds using TWRP
PS: All custom rom (Not stock ) have a fake PDS
PS2: OP
Bad bad bad , have you erased the rom (the one with the sensitive information from your phone)
You never make a fastboot erase all :| NEVER
now you can't obtain anymore your imei [Maybe if you send your phone to motorola they can repair it.)
Edit:
More info
/dev/block/platform/msm_sdcc.1/by-name/hob = unknown, not mounted <-- RAM related
/dev/block/platform/msm_sdcc.1/by-name/dhob = unknown, not mounted <-- not idea
/dev/block/platform/msm_sdcc.1/by-name/fsc = unknown, not mounted <-- not idea too
cheer.s
Click to expand...
Click to collapse
Yes bro, i "fastboot erase all" 'd my Moto G. I learnt it the hard way. But i dont think hob and dhob are ram related because as i said earlier radio is chown'ing it in init file. And regarding corrupting PDS partition, my wifi bluetooth and gps are working fine even after formatting PDS completely. Though my WIFI stopped working when i formatted /persist.
PS: i took it to Motorola center. They said to replace the SOC completely! That sucks. And i gotta pay like half the amount i bought it for.
lost101 said:
Bummer. I guess that's the end of the story.
Return To Manufacturer (RTM) is the only solution for: fastboot erase all.
Click to expand...
Click to collapse
So guess thats it. Looks i have to buy a new phone then. I dont understand why Motorola would put such sensitive information to such easy access. Thats really bad on their part. Plus they have not simplfied the IMEI recovery process like samsung has. Anyways, thanks for your help man!
rootr said:
So guess thats it. Looks i have to buy a new phone then. I dont understand why Motorola would put such sensitive information to such easy access. Thats really bad on their part. Plus they have not simplfied the IMEI recovery process like samsung has. Anyways, thanks for your help man!
Click to expand...
Click to collapse
You have to remember Motorola don't talk about Fastboot on their site, or even make Firmware Images available to the public. The Motorola Firmware Images linked to on XDA are provided by a third party. Fastboot is intended for use by engineers only. Sorry for your loss.
rootr said:
Yes bro, i "fastboot erase all" 'd my Moto G. I learnt it the hard way. But i dont think hob and dhob are ram related because as i said earlier radio is chown'ing it in init file. And regarding corrupting PDS partition, my wifi bluetooth and gps are working fine even after formatting PDS completely. Though my WIFI stopped working when i formatted /persist.
PS: i took it to Motorola center. They said to replace the SOC completely! That sucks. And i gotta pay like half the amount i bought it for.
Click to expand...
Click to collapse
hob are symlinked partition only xD
Yes I did fastboot erase all
And with fastboot getvar imei it currently display my imei. That's what I don't understand
Would doing a JTAG dump help at all, since it dumps the entire nand chip? Just a suggestion...
Someone with an intact imei could try this.
---------- Post added at 02:01 AM ---------- Previous post was at 01:35 AM ----------
surfino said:
Yes I did fastboot erase all
And with fastboot getvar imei it currently display my imei. That's what I don't understand
Click to expand...
Click to collapse
If it correctly showed imei, reflash stock frimware from fastboot. This might restore it!
So, this is the tale:
- Tried to go back to stock (I had CM), but I failed hard.
- Went back to CM, no signal, WTF.
- Did a "fastboot getvar all", doesnt show IMEI
- Boot to CM, of course, *#06# shows an empty IMEI
- Said to myself, you ****ed up pal.
- Read thousand posts, tried almost everything.
- I give up, I have a ****ing tablet.
- Then I read this pal in the forum with similar case, he said "I flashed stock rom without sim card on"
- I thro, why the hell not? this **** is dead anyway.
- I download "exactly" the same stock rom for my phone, before I flashed a different version.
- **** works, my IMEI is back and I cant believe it.
Since then (1 week) has been working as normal.
Related
Phone: Cherry Mobile Titan (Rebrand of Konka w990/Spice-mi 500/Axioo Picopad GEW)
Processor: MTK6577
Hello guys, this is my first post as I could no longer find any solution on the internet. Hoping some experts could help
I accidentally formatted the NVRAM of my phone using SP Flash Tool. The new update didn't have the option not to format it. Now my IMEI's are lost. Although it is still possible to restore them using some methods. But none of the methods I have found were permanent. A simple wipe/data factory reset from CWM Recovery removes it instantly. Is there a way I could restore the NVRAM, or at least make the restoration methods permanent?
Thanks in advance guys!
EDIT: I tried flashing all available ROMs (SP Flash Tool Based / Flashable Zips) but still it shows an invalid IMEI. I also tried restoring a backup of my stock ROM to no avail.
ToldarkenHansam said:
Phone: Cherry Mobile Titan (Rebrand of Konka w990/Spice-mi 500/Axioo Picopad GEW)
Processor: MTK6577
Hello guys, this is my first post as I could no longer find any solution on the internet. Hoping some experts could help
I accidentally formatted the NVRAM of my phone using SP Flash Tool. The new update didn't have the option not to format it. Now my IMEI's are lost. Although it is still possible to restore them using some methods. But none of the methods I have found were permanent. A simple wipe/data factory reset from CWM Recovery removes it instantly. Is there a way I could restore the NVRAM, or at least make the restoration methods permanent?
Thanks in advance guys!
EDIT: I tried flashing all available ROMs (SP Flash Tool Based / Flashable Zips) but still it shows an invalid IMEI. I also tried restoring a backup of my stock ROM to no avail.
Click to expand...
Click to collapse
I'm in same case. I accidently damage my nvram ;
i have a complet backup made with mtkdroid tools (nvram included)
but sp flash tool doent give option to restore this part? how to restore?
the same problem for me. The phone is fully working, but it is very annoying to restore imei and delete wifi network (NVRAM WARNING err...) after each new ROM. And also I cannot sell this phone to anybody in the future.
No solution for this problem?
somebody can write commenttt???
---------- Post added at 07:54 AM ---------- Previous post was at 07:48 AM ----------
hey guys .at this picture error how can i solve this error?
h t t p : / /u1306.hizliresim.com/1b/l/p975s.jpg
first, you`ll need to root your device. refer to here:
http://forum.xda-developers.com/showthread.php?t=2332783
follow the tutorial step by step, if you brick your device i will laugh at you. if you got questions, ask them before doing random stuff.
if you got it rooted, you can recover your IMEI with different software. i will link one in this post later.
for questions - use this thread or PM me.
ToldarkenHansam said:
Phone: Cherry Mobile Titan (Rebrand of Konka w990/Spice-mi 500/Axioo Picopad GEW)
Processor: MTK6577
Hello guys, this is my first post as I could no longer find any solution on the internet. Hoping some experts could help
I accidentally formatted the NVRAM of my phone using SP Flash Tool. The new update didn't have the option not to format it. Now my IMEI's are lost. Although it is still possible to restore them using some methods. But none of the methods I have found were permanent. A simple wipe/data factory reset from CWM Recovery removes it instantly. Is there a way I could restore the NVRAM, or at least make the restoration methods permanent?
Thanks in advance guys!
EDIT: I tried flashing all available ROMs (SP Flash Tool Based / Flashable Zips) but still it shows an invalid IMEI. I also tried restoring a backup of my stock ROM to no avail.
Click to expand...
Click to collapse
I think your phone is dead. Is the phone detected when you plug it in to your pc via USB?
phone isn't dead. root it first, recovering imei is easy then. cannot explain more, im on smartphone right now.
sent from my Star N9770 using XDA App
so, here is a tool to generate the IMEI`s of your smartphone. you will usually find them in the back of your device. push the generated file to /data/nvram/md/NVRAM/NVD_IMEI/ and DON'T FORGET TO SET FULL RWX rights. (with ADB, cd to the mentined folder and set MP0B_001 with chmod to mode 777, in root explorer just check every box for read write and execute. otherwise phone cannot read the IMEI.
What a lame answers. Especially ones suggesting to root phone.
They guy clearly told he is able to restore MP0B_001 in phone, but its SOFT-IMEI and is lost after wipe/factory reset.
@ Original question by ToldarkenHansam, which is kinda outdated, but considering lame answers here:
To restore HARD-IMEI in NVRAM hidden partition use SN Write Tool or Maui META 3G. They are able to write hard IMEI and calibration to NVRAM partition.
@ kokabunga - if you have nvram.bin backup you can easily resore it with SP Flash Tool. Just open your scatter file with any text editor, find a __NODL_NVRAM section and remove __NODL_ part from it. Reopen scatter in SP Flash Tool and you'll be able to check NVRAM partition.
It might not be able to upload it without other parts selected. But you can you Options->Write memory, then manually enter start address, which will be show on download/upgrade page near NVRAM and length (your nvram.bin length) - that will always work. Be careful to write correct address thou.
Sidenote: all suggested methods before only touch SOFT-IMEI, stored in /data/nvram/md/NVRAM/NVD_IMEI/MP0B_001. Its lost with any wipe/reset, because whole /data partition are formatted. Then the whole /data/nvram directory (if it's empty) are restored from hidden NVRAM partition on EMMC. If you've corrupted your NVRAM when it won't restore correct IMEI ofc. With all methods mentioned above (i.e. replacing MP0B_001, echoing to pttycmd1, using mtkdroidtools, mobileuncletools and others) will only edit MP0B_001, i.e. soft copy of IMEI, which will be lost again with next hardware reset. Sure you restore your IMEI that way every time you wipe/reset/upgrade firmware. But its more solid to fix your IMEI partition with SN Write Tool / Maui META 3G so it will be correctly restored automatically from NVRAM at every wipe/etc.
EDIT: @Chrizzly92 this software are very outdate. It generates 24 byte MP0B_001 file, used by old MT6573/6513 platforms. Newer 6575/6577 uses 120 bytes MP0B_001 which are different. If you put 24 byte MP0B_001 generated instead from imei.c software, your phone will be buggy and will be constantly loosing IMEI every few hours until reboot. It's better to use MtkDroidTools or terminal method (echoing to /dev/pttycmd1) to correctly restore 120 byte IMEI file.
n9770, mt6577, no problem at all with the generated files.
sent from my Star N9770 using XDA App
same thing happened to me.. only sn write tool maybe able to do the job..I have also lost wifi mac address..now getting nv110 error..
but I need database and modem files for xolo a700 can anyone help?
NStorm said:
What a lame answers. Especially ones suggesting to root phone.
They guy clearly told he is able to restore MP0B_001 in phone, but its SOFT-IMEI and is lost after wipe/factory reset.
@ Original question by ToldarkenHansam, which is kinda outdated, but considering lame answers here:
To restore HARD-IMEI in NVRAM hidden partition use SN Write Tool or Maui META 3G. They are able to write hard IMEI and calibration to NVRAM partition.
@ kokabunga - if you have nvram.bin backup you can easily resore it with SP Flash Tool. Just open your scatter file with any text editor, find a __NODL_NVRAM section and remove __NODL_ part from it. Reopen scatter in SP Flash Tool and you'll be able to check NVRAM partition.
It might not be able to upload it without other parts selected. But you can you Options->Write memory, then manually enter start address, which will be show on download/upgrade page near NVRAM and length (your nvram.bin length) - that will always work. Be careful to write correct address thou.
Sidenote: all suggested methods before only touch SOFT-IMEI, stored in /data/nvram/md/NVRAM/NVD_IMEI/MP0B_001. Its lost with any wipe/reset, because whole /data partition are formatted. Then the whole /data/nvram directory (if it's empty) are restored from hidden NVRAM partition on EMMC. If you've corrupted your NVRAM when it won't restore correct IMEI ofc. With all methods mentioned above (i.e. replacing MP0B_001, echoing to pttycmd1, using mtkdroidtools, mobileuncletools and others) will only edit MP0B_001, i.e. soft copy of IMEI, which will be lost again with next hardware reset. Sure you restore your IMEI that way every time you wipe/reset/upgrade firmware. But its more solid to fix your IMEI partition with SN Write Tool / Maui META 3G so it will be correctly restored automatically from NVRAM at every wipe/etc.
EDIT: @Chrizzly92 this software are very outdate. It generates 24 byte MP0B_001 file, used by old MT6573/6513 platforms. Newer 6575/6577 uses 120 bytes MP0B_001 which are different. If you put 24 byte MP0B_001 generated instead from imei.c software, your phone will be buggy and will be constantly loosing IMEI every few hours until reboot. It's better to use MtkDroidTools or terminal method (echoing to /dev/pttycmd1) to correctly restore 120 byte IMEI file.
Click to expand...
Click to collapse
Greetings NStorm i try your method i already got one backup with MTKDROID TOOLS so i can use the NVRAM.BIN , i already modify scatter file and try to write memory but i only receive red bar, no yellow or green, so i think it not work at all, any suggestions also sorry for my bad english im from Mexico, ohhh i forgot i already have a full backup from all the files in the smartphone do you know if i can FLASH the Full Backup back? or a CWM restore or other kind of solution?
foox2k said:
Greetings NStorm i try your method i already got one backup with MTKDROID TOOLS so i can use the NVRAM.BIN , i already modify scatter file and try to write memory but i only receive red bar, no yellow or green, so i think it not work at all, any suggestions also sorry for my bad english im from Mexico, ohhh i forgot i already have a full backup from all the files in the smartphone do you know if i can FLASH the Full Backup back? or a CWM restore or other kind of solution?
Click to expand...
Click to collapse
NStorm, thanks for your awesome explanation.
I do not fully understand the nvbin flashing part.
I also have a backup I believe, but I am unsure.
I do have a proper nvram backup, so the proper files that are overwritten on flash.
With SP flash tool I get error 8038 when trying to flash.
Firmware upgrade is not working either even with all partitions.
I tried to remove __NODL__ from the nvram to fix it, but no luck.
Can you explain how to make that imei file and flash it with dd command or anything?
Would be awesome to get this problem fixed!
thank you
[update]guess what, you can do it with mtk droid tools 2.4.8 too!
I tried that before, but I used a backup I made after the issue.
Found an older one and it seems to work![/update]
guys..for permanent nvram, imei error or invalid use sn write tools.
mine solve a long ago..please read this: http://forum.xda-developers.com/showthread.php?t=2206421
http://forum.xda-developers.com/showthread.php?t=2197378&page=3
btw use a complete sn write tool
well works for me ,after factory reset everthing still as writen..
my phone mtk 6577 chipset based
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Phone is Dead (canvas 2)
ToldarkenHansam said:
Phone: Cherry Mobile Titan (Rebrand of Konka w990/Spice-mi 500/Axioo Picopad GEW)
Processor: MTK6577
Hello guys, this is my first post as I could no longer find any solution on the internet. Hoping some experts could help
I accidentally formatted the NVRAM of my phone using SP Flash Tool. The new update didn't have the option not to format it. Now my IMEI's are lost. Although it is still possible to restore them using some methods. But none of the methods I have found were permanent. A simple wipe/data factory reset from CWM Recovery removes it instantly. Is there a way I could restore the NVRAM, or at least make the restoration methods permanent?
Thanks in advance guys!
EDIT: I tried flashing all available ROMs (SP Flash Tool Based / Flashable Zips) but still it shows an invalid IMEI. I also tried restoring a backup of my stock ROM to no avail.
Click to expand...
Click to collapse
i have selected "whole format" option in format tab in sp tools. but doing this my phone got dead. pls help me
Revived your ZTE V793 now!
Ok guys..
I'll share to you my ROM for flashing using SP Flash Tools application.
Note: I'll not take any responsibility for any damage, warranty void to your phone
1. Download SP Flas Tools - find it in xda or Google..
2. Download this ROM : This is backup ROM porting to my android device kindly remove in-necessary applications. As it's ready to flash via SP FLASH Tools so basically it'll be straight forward thing. Link here :
HTML:
[URL="http://www.4shared.com/archive/iBNm1jxI/V793_Files_to_FlashTool.html"]V793[/URL]
Password :
[email protected]
3. Extract the file using 7zip. Then extract the ZIP file inside.
4. Open SP_Flash_Tools.. select the extracted files earlier and select the scatter file.
5. Everything will be pick automatically.
6. Take your phone battery. Press start and wait "Searching" and connect your Phone (without battery) using USB.
7. Make sure you have the driver. Installed the driver if necessary.
8. Wait until you get "Doughnut" OK button. Warning : Never disconnect the cable during this operation as it'll brick your phone forever.
9. Once, OK. please disconnect your cable. Put the battery into the phone.
10. Make sure the battery at-least 80% before you perform the CWM steps.
Good Luck! If you need any further guide please revert here.. I'll try to create another 'empty' ROM after this if there is a request. Thanks.
---------- Post added at 04:23 AM ---------- Previous post was at 04:15 AM ----------
rohitjaiswal said:
i have selected "whole format" option in format tab in sp tools. but doing this my phone got dead. pls help me
Click to expand...
Click to collapse
Hi there..
before perform any update please... and please backup your ROM.. that's the reason "MTKdroidtools" being develop.
Use the application to gain "temp" root to able you to get the image files.
Then create SP Flash ready files from the backup image files.
If you don't have the backup ROM don't be hesitate to search it in google and XDA forum.. if your phone is "unique" please ask your friend. Loan the phone for a few minutes to make a backup images.
NStorm said:
What a lame answers. Especially ones suggesting to root phone.
They guy clearly told he is able to restore MP0B_001 in phone, but its SOFT-IMEI and is lost after wipe/factory reset.
@ Original question by ToldarkenHansam, which is kinda outdated, but considering lame answers here:
To restore HARD-IMEI in NVRAM hidden partition use SN Write Tool or Maui META 3G. They are able to write hard IMEI and calibration to NVRAM partition.
@ kokabunga - if you have nvram.bin backup you can easily resore it with SP Flash Tool. Just open your scatter file with any text editor, find a __NODL_NVRAM section and remove __NODL_ part from it. Reopen scatter in SP Flash Tool and you'll be able to check NVRAM partition.
It might not be able to upload it without other parts selected. But you can you Options->Write memory, then manually enter start address, which will be show on download/upgrade page near NVRAM and length (your nvram.bin length) - that will always work. Be careful to write correct address thou.
Sidenote: all suggested methods before only touch SOFT-IMEI, stored in /data/nvram/md/NVRAM/NVD_IMEI/MP0B_001. Its lost with any wipe/reset, because whole /data partition are formatted. Then the whole /data/nvram directory (if it's empty) are restored from hidden NVRAM partition on EMMC. If you've corrupted your NVRAM when it won't restore correct IMEI ofc. With all methods mentioned above (i.e. replacing MP0B_001, echoing to pttycmd1, using mtkdroidtools, mobileuncletools and others) will only edit MP0B_001, i.e. soft copy of IMEI, which will be lost again with next hardware reset. Sure you restore your IMEI that way every time you wipe/reset/upgrade firmware. But its more solid to fix your IMEI partition with SN Write Tool / Maui META 3G so it will be correctly restored automatically from NVRAM at every wipe/etc.
EDIT: @Chrizzly92 this software are very outdate. It generates 24 byte MP0B_001 file, used by old MT6573/6513 platforms. Newer 6575/6577 uses 120 bytes MP0B_001 which are different. If you put 24 byte MP0B_001 generated instead from imei.c software, your phone will be buggy and will be constantly loosing IMEI every few hours until reboot. It's better to use MtkDroidTools or terminal method (echoing to /dev/pttycmd1) to correctly restore 120 byte IMEI file.
Click to expand...
Click to collapse
i have imei problem , i have tried all of ways to write/restore/repair imei but failed. i have radio problem. System/dev/radio/pttycmd1
Radio is empty. there is no pttycmd1 so i can't writ imei . please tell how i can restore pttycmd1 or whole radio restore on my device ?
is it possible ? please please reply me soon. thanks,
[email protected]:crying:
Solution of NVRAM.img and no-services Lenovo S820
javedsipra said:
i have imei problem , i have tried all of ways to write/restore/repair imei but failed. i have radio problem. System/dev/radio/pttycmd1
Radio is empty. there is no pttycmd1 so i can't writ imei . please tell how i can restore pttycmd1 or whole radio restore on my device ?
is it possible ? please please reply me soon. thanks,
[email protected]:crying:
Click to expand...
Click to collapse
Solution of NVRAM.img and no-services Lenovo S820...thanks
foox2k said:
Greetings NStorm i try your method i already got one backup with MTKDROID TOOLS so i can use the NVRAM.BIN , i already modify scatter file and try to write memory but i only receive red bar, no yellow or green, so i think it not work at all, any suggestions also sorry for my bad english im from Mexico, ohhh i forgot i already have a full backup from all the files in the smartphone do you know if i can FLASH the Full Backup back? or a CWM restore or other kind of solution?
Click to expand...
Click to collapse
if you have CWM backup so you can install CWM on your phone and make a backup of current OS, then put the CWM backup in it and restore it.
if you have MTK Droid tools backup then you first make a flash able backup by choosing MD5 file from the backup. then it makes a new folder !file_to_flashtools . this is your flash able backup with scatter file.
Open MTK flashtools and select the scatter file and choose download or upgrade firmware which you like. connect the PC with battery or without battery , choose the options for battery.
make sure your android adb interface driver and preloader driver and cdc drivers are installed ?
how to install drivers ?
on your phone and select development and check debugging option and connect with PC. PC install drivers automatically if you have windows 7 . stop that process and install drivers manually . second time switch off your device put the battery out for 15 sec and put it again but no phone on. just off mode. connect with pc and install its preloader driver. Now press the power button continuously on phone device its ask for CDC drivers. install it and now your drivers are done.
for further detail contact on [email protected]
NStorm said:
What a lame answers. Especially ones suggesting to root phone.
They guy clearly told he is able to restore MP0B_001 in phone, but its SOFT-IMEI and is lost after wipe/factory reset.
@ Original question by ToldarkenHansam, which is kinda outdated, but considering lame answers here:
To restore HARD-IMEI in NVRAM hidden partition use SN Write Tool or Maui META 3G. They are able to write hard IMEI and calibration to NVRAM partition.
@ kokabunga - if you have nvram.bin backup you can easily resore it with SP Flash Tool. Just open your scatter file with any text editor, find a __NODL_NVRAM section and remove __NODL_ part from it. Reopen scatter in SP Flash Tool and you'll be able to check NVRAM partition.
It might not be able to upload it without other parts selected. But you can you Options->Write memory, then manually enter start address, which will be show on download/upgrade page near NVRAM and length (your nvram.bin length) - that will always work. Be careful to write correct address thou.
Sidenote: all suggested methods before only touch SOFT-IMEI, stored in /data/nvram/md/NVRAM/NVD_IMEI/MP0B_001. Its lost with any wipe/reset, because whole /data partition are formatted. Then the whole /data/nvram directory (if it's empty) are restored from hidden NVRAM partition on EMMC. If you've corrupted your NVRAM when it won't restore correct IMEI ofc. With all methods mentioned above (i.e. replacing MP0B_001, echoing to pttycmd1, using mtkdroidtools, mobileuncletools and others) will only edit MP0B_001, i.e. soft copy of IMEI, which will be lost again with next hardware reset. Sure you restore your IMEI that way every time you wipe/reset/upgrade firmware. But its more solid to fix your IMEI partition with SN Write Tool / Maui META 3G so it will be correctly restored automatically from NVRAM at every wipe/etc.
EDIT: @Chrizzly92 this software are very outdate. It generates 24 byte MP0B_001 file, used by old MT6573/6513 platforms. Newer 6575/6577 uses 120 bytes MP0B_001 which are different. If you put 24 byte MP0B_001 generated instead from imei.c software, your phone will be buggy and will be constantly loosing IMEI every few hours until reboot. It's better to use MtkDroidTools or terminal method (echoing to /dev/pttycmd1) to correctly restore 120 byte IMEI file.
Click to expand...
Click to collapse
your method of writing memory manually worked for me to bring back my /dev/radio folder and its contents, still cwmr write my imei though
Coolpad Rogue 3320A - Stock 5.1.1 Build No. 5.1.157.00.T2.150810.LMY47V
Fastboot Flashable Recovery, Kernel, Modem & Misc. Firmware Images
Disclaimer You flash these images at your own risk. I am not responsible for bricked or otherwise inoperable devices as a result of flashing any of the files provided herein.
These partition images will help you recover a soft bricked device in the event you have missing or corrupt partitions. Additionally, in the event you are having signal or connectivity issues, flashing the modem/radio firmware could resolve those problems. I have provided all partition images for the 3320A with the exception of /system and /userdata. The stock /boot and /recovery images are always good to have in case you ever need them. At a minimum, save these images to external storage in case of future need. I will provide a full /system image in future at request.
WARNING Flashing bootloader or bootloader dependent partitions can result in a hard bricked device. Please do not flash bootloader type partitions unless you are well versed in this area. Tampering with these particular partitions is best left for developers and experts. I will clearly label any bootloader type partitions, in hopes that it will alleviate any confusion.
INSTRUCTIONS:
Install Minimal ADB and Fastboot on your PC or Laptop. The installation files can be found here on XDA Forums. Install the USB Drivers for your Coolpad Rogue 3320A. (The drivers are pre-installed on the device itself. If you are able to boot up, connect your 3320A to your PC and look in your PC's directory for an installation option.) Place the .img files you need on an external SD card or in internal storage. With your device powered off, boot into Recovery Mode by holding power and +volume simultaneously until the Coolpad logo appears -- then let off of power but continue to hold +volume until the stock recovery screen appears. Use your volume button to scroll down to Bootloader and press power to select. When the Fastboot screen appears, connect your device to your PC with a suitable micro USB syncing cable and press +Volume. In your Minimal ADB and Fastboot directory open a command window (Shift and Right Click).Type: fastboot devices If you are properly connected, your device serial number will be displayed in your command window under connected devices. If your serial number doesn't appear, repeat the above steps, ensure your USB drivers are installed correctly, and try changing USB ports on your PC or trying a different cable. Once you are connected properly, the rest is simple: I have named each partition image synonymous to its corresponding partition. In other words, the name of the file is also the name of your device's partition to be flashed.
EXAMPLE If you are flashing the "carrier" partition, you simply type fastboot flash carrier carrier.img Again, I will label each partition as to the type (e.g. recovery, bootloader, modem firmware, etc.)
DOWNLOAD LINK:
https://drive.google.com/folderview?id=0B7-zQU1VihD3eXE1SjBIby02Rmc
PARTITION NAME / TYPE
tz - "Trust Zone" Bootloader Dependent Partition
tzbak - Allotted Partition Backup of tz
ssd - Firmware Partition
sec - Firmware Partition
sbl1 - Secondary Bootloader
sbl1bak - Allotted Partition Backup of sbl1
rpm - Primary Bootloader
recovery - Stock Recovery Image
persist - Firmware Partition
params - Firmware Partition
panic - Firmware Partition
pad - Firmware Partition
oem - Manufacturer/Device ID Partition
modem - Radio Firmware
modemst1 - Radio Firmware
modemst2 - Radio Firmware
misc - Carrier/Region ID Partition
keystore - Firmware Partition
fsg - Radio Firmware
fsc - Firmware Partition
devinfo - Manufacturer/Device Info Partition
ddr - Radio Firmware
config - Carrier Specific Info Partition
boot - Stock Kernel/Ramdisk
aboot - Application Bootloader Partition
Hopefully this guide will help you restore your device from an inoperable state or restore connectivity from problems originating from damaged/corrupt partitions.
Relaying A Message from MotoJunkie01
Relaying A Message from MotoJunkie01
I apologize for not being in closer contact. I have some pressing issues going on and, coupled with work, man I've been tied up something awful. I'm going to need to drop off XDA for a month or better to get my personal issues attended to. I need a huge favor from you.
My little threads I have started, if you could go on and explain I'll be gone for a month or so. I'd appreciate it.
I've Not enough time to even do that.
So if anyone needs a reply I'd figure sometime in July, and I hope you all will understand and allow this time for MotoJunkie01 to attend to his personal matters. Signed: ResistanceIsFutile
Link not working
Your above link does not work. Also I have no idea why you are trying to share images. Fast boot only pushes zip files
Gamesmedic said:
Your above link does not work. Also I have no idea why you are trying to share images. Fast boot only pushes zip files
Click to expand...
Click to collapse
Sorry about the broken link. I just added a new working link with all listed firmware images.
You are obviously extremely confused about the purpose & function of fastboot commands. Allow me to educate you a bit. First, contrary to your statement, fastboot does not "push" files. And it most certainly does not push "zip files." In fact fastboot cannot be used to manipulate zip archives at all. . If you go back and read the thread, fastboot is used primarily, and as a preferred method by many, to flash firmware images to your device. (.img, .bin, mbn, etc) The firmware images in my link can be flashed to the Coolpad Rogue, via fastboot, to restore the partitions to pure stock/factory condition, in the event of a soft brick, bootloop, corrupt OS, etc.
I hope this clears your confusion some, before you hard brick a device trying to "push zip files" with fastboot.
Sim unlock
would this help to do a sim unlock
rachinda said:
would this help to do a sim unlock
Click to expand...
Click to collapse
No. SIM unlocking involves an entirely separate procedure. I am not even sure a SIM unlocking procedure is available apart from using a remote unlocking service or requesting an unlock code through the carrier directly. This thread is merely a source for stock firmware partitions for devices which are stuck in boot loop, soft bricked, poor or lost cellular service, connectivity issues, etc.
Hey,
You may have noticed that after flashing some ROM, your phone might restart every thirty seconds. This happenes if you use the factory_flash script, which also deletes your IMEI. Here I will provide 2 solutions on how to restore the persist partition.
Method one: Fastboot
1. Extract persist.img from official Xiaomi ROM:
http://en.miui.com/download-333.html
It is located in the images folder.
2. Download Minimal ADB and Fastboot:
https://xiaomifirmware.com/download-link/?dlm-dp-dl=7270
3. Put your phone into fastboot: Volume Up + Power.
4. Connect it with your pc
5. Open command prompt and execute:
fastboot flash persist (path to persist.img)
6. Reboot your device
Method 2: TWRP:
1. Extract persist.img from official ROM:
http://en.miui.com/download-333.html
2. Download Minimal ADB and Fastboot:
https://xiaomifirmware.com/download-link/?dlm-dp-dl=7270
3. Download TWRP for Mi A1:
https://forum.xda-developers.com/mi-a1/development/recovery-twrp-3-1-1-0-touch-recovery-t3688472
4. Put your phone into fastboot and flash TWRP using:
fastboot flash recovery (path to twrp)
¡Sometimes you might get remote: error: partition table not found. In this case, use fastboot flash boot_a (path to twrp)!
5. Holding Volume +, execute fastboot reboot. KEEP HOLDING THE BUTTON UNTIL YOU SEE THE TWRP SCREEN!
6. If you are on a Mac, use Android file transfer to put persist.img into root of phone storage(not in any folder). If on windows, use file explorer.
7. Reboot again to twrp.
8. Go to advanced—>terminal.
9. Exécute
dd if=/sdcard/persist.img of=/dev/block/mmcblk0p27
10. Go to reboot—>system.
11. If your phone is stuck on the android loading screen, reboot back to fast boot, and use mi flash with clean all except storage to return normal boot image.
12. Like this thread.
Don’t hesitate to write in the comment in the case of an error.
Can anyone confirm if is XiaomiFirmware a legit/official site of Xiaomi?
Sent from my Mi A1
SmallTarzan said:
Can anyone confirm if is XiaomiFirmware a legit/official site of Xiaomi?
Sent from my Mi A1
Click to expand...
Click to collapse
I doubt that cuz of the photos that are put on tutorials, but you could get precise inststructions and real downloads.
CoolPlushBear said:
I doubt that cuz of the photos that are put on tutorials, but you could get precise inststructions and real downloads.
Click to expand...
Click to collapse
"precise instructions" as "tested and working instructions"
"real downloads" as "official downloads"
Am I right?
SmallTarzan said:
"precise instructions" as "tested and working instructions"
"real downloads" as "official downloads"
Am I right?
Click to expand...
Click to collapse
The download links redirect to the official Xiaomi Bigota download servers, and the instructions are usually supposed to work, but ususally, not all are tested.
CoolPlushBear said:
The download links redirect to the official Xiaomi Bigota download servers, and the instructions are usually supposed to work, but ususally, not all are tested.
Click to expand...
Click to collapse
I wouldn't try it myself.
SmallTarzan said:
I wouldn't try it myself.
Click to expand...
Click to collapse
Why not? Remember that the only way to actually break a phone is to smash it against something. All of the instructions there seem logical.
CoolPlushBear said:
Why not? Remember that the only way to actually break a phone is to smash it against something. All of the instructions there seem logical.
Click to expand...
Click to collapse
It's not about whether the instructions are logical or not.
It's about whether the files are safe or aren't.
Take a look at this:
(Check the attachment section)
You state that the files are being downloaded from official Xiaomi servers. However, as you can see, they aren't.
I'm not going to argue about the source or safety of these files, but I hardly believe that they are official - therefore, theoretically not safe.
SmallTarzanself said:
It's not about whether the instructions are logical or not.
It's about whether the files are safe or aren't.
Take a look at this:
(Check the attachment section)
You state that the files are being downloaded from official Xiaomi servers. However, as you can see, they aren't.
I'm not going to argue about the source or safety of these files, but I hardly believe that they are official - therefore, theoretically not safe.
Click to expand...
Click to collapse
I highly doubt that they are not safe, since I tried out the persist image myself. If you would like though, I can provide some from Bigota download server.
it worked for me - tried everything for the past 2 days then this is just the solution ive been searching for
thanks a ton man!!!! :laugh:
Just so y'all know, this can get you into trouble with federal agencies in many countries because this is the kind of crap terrorists do to mask their devices (MAC spoofing).
You really should have at least a warning in the thread.
Get persist.img from official fastboot ROM instead, it will surely have a safe "engineering registered" MAC (or none at all).
CosmicDan said:
Just so y'all know, this can get you into trouble with federal agencies in many countries because this is the kind of crap terrorists do to mask their devices (MAC spoofing).
You really should have at least a warning in the thread.
Get persist.img from official fastboot ROM instead, it will surely have a safe "engineering registered" MAC (or none at all).
Click to expand...
Click to collapse
You are right, and although I doubt that federal agencies will get you into trouble, I changed the link to the official rom.
CoolPlushBear said:
You are right, and although I doubt that federal agencies will get you into trouble, I changed the link to the official rom.
Click to expand...
Click to collapse
Good man
But remember - history's greatest blunders all started with ignoring doubts
Can confirm this works.
Just did it, and it worked perfectly.
The instructions are slightly wrong though.
Power + Volume DOWN is fastboot, not volume up.
Anyone got this error while trying to flash persist.img ? I'm kinda stuck :
$ fastboot flash persist persist.img
target reported max download size of 534773760 bytes
sending 'persist' (4744 KB)...
OKAY [ 0.140s]
writing 'persist'...
FAILED (remote: Error: This image isn't allow download
)
finished. total time: 0.160s
Click to expand...
Click to collapse
EDIT : I tried the twrp option and now I have random reboot + wifi does not activate at all.
Que20 said:
Anyone got this error while trying to flash persist.img ? I'm kinda stuck :
EDIT : I tried the twrp option and now I have random reboot + wifi does not activate at all.
Click to expand...
Click to collapse
I have the same error in Fastboot mode. I'll not try TWRP now that i've read your post.
Que20 said:
Anyone got this error while trying to flash persist.img ? I'm kinda stuck :
EDIT : I tried the twrp option and now I have random reboot + wifi does not activate at all.
Click to expand...
Click to collapse
I had the same problem i couldn't connect to wifi after dumping persist.img, i fixed by using the tool from this thread: https://forum.xda-developers.com/mi-a1/how-to/tool-persist-resurrector-v1-0-0-0-t3781095
mardrest said:
I had the same problem i couldn't connect to wifi after dumping persist.img, i fixed by using the tool from this thread: https://forum.xda-developers.com/mi-a1/how-to/tool-persist-resurrector-v1-0-0-0-t3781095
Click to expand...
Click to collapse
Problem is the guy say :
If you have flashed someone else's persist image -
You CANNOT use this tool since you have destroyed the last chance to repair original Wi-Fi MAC.
Click to expand...
Click to collapse
So I dont know if I should try it.
Plus it doesn't have a unix version. And I don't have a Windows computer around...
EDIT : I feel like force flashing the persist through TWRP was a really bad idea... :/
I'm now stuck, I can't use the phone. I have no MAC Address.
EDIT2: HELP! T_T
Que20 said:
Problem is the guy say :
So I dont know if I should try it.
Plus it doesn't have a unix version. And I don't have a Windows computer around...
EDIT : I feel like force flashing the persist through TWRP was a really bad idea... :/
I'm now stuck, I can't use the phone. I have no MAC Address.
EDIT2: HELP! T_T
Click to expand...
Click to collapse
Another option is to manually edit wlan_mac.bin located in /persist with hex editor, if its blank you must put 3 times an mac adress changing the last digit 1 + or 1 - like f4 f5 db ef ed 34 f4 f5 db ef ee f4 f5 db e0 (numbers from 0-9 and a-f) save and restart phone. Must be 18 bytes file.
PD. Mac adress has 12 digits/numbers.
This is Generic guide for Unbricking or Downgrading Huawei devices with Kirin 960 CPU. Most probably very similar steps can be done for Kirin 970, but i don't have device to test. At the end i did attach my files, that i used for CMR-W09.
This WILL WORK even if you have Black Screen with permanent Fastboot - this is common issue for those, who tried to downgrade from EMUI 9 to EMUI 8. Yes, this is also unbrickable!
Have Fun!
1. Prerequisites
- Linux installed on your PC/laptop or as Virtual Machine, with fastboot tool on it
- Board Software for your device – you can find on easy-firmware.com (about $15 for pass and reach collection) or gem-flash.com (has cheap $3 pass but less firmwares in collection)
HiKey_IDT linux tool – can be found there https://github.com/96boards-hikey/tools-images-hikey960/
- Knowledge about test point location to interrupt CPU loading routine – ask google or look on this forum
http://forum.gsmhosting.com/vbb/f1022/huawei-test-point-gallery-2291781/index17.html
- Opened device – you need access to motherboard
2. Booting device in force update mode
Small intro. Hisilicon Kirin CPUs has special mode, when they are interrupting normal boot process and opening COM port on USB to accept commands. You have chance to load your own binaries directly to device RAM before boot process will continue (still, this images has to be signed by Huawei private key)
- Disconnect battery connector from motherboard
- Short test point to ground (any big metal shield on board will work for that)
- Having test point shorted – connect USB cable. Run “lsusb” command – you should see device “USB SER” in devices
- Open folder with Board Software. Find xml file with model name in name, for ex. “CMR-W09-BD_1.0.0.19_Download.xml”. In that xml file – check section for “bootloaderimage” – you will find paths and memory addresses for all needed boot stages. Keep that open.
- Find all three boot img files – copy them to Linux machine. Note: For me, this three files didn’t work. But I found files with same names in other folder of Board Software – and that did a trick. You have to experiment a little bit.
- Go to folder, where you have HiKey_IDT tools downloaded. Copy three boot files from Board Software to same folder as hikey_idt. Edit “config” file – you should specify correct address and file name – according to Board Software
- Check “dmesg” command output – look for GSM Modem connected messages – you will see port name attached – like ttyUSB0
- Run next command “./hikey_idt -c config -p /dev/ttyUSB0”. You should see information about loaded all boot stages, with “Finish downloading” message after each. If you did everything fine – in 5-15 seconds you will have your device ready for downgrade/unbrick/killing_your_cat
- To verify that everything is fine – run “fastboot devices” command. If it will show device with proper serial number in output – you are fine to continue
3. Fixing your device
On that step – you have special fastboot booted, that has no security/validation on it. You can unbrick your device, or kill it. Do all steps carefully.
- Flash proper partition table information. You can take it from OTA package (from inside of UPDATE.APP) – normally, it has name HISIUFS_GPT. Run “fastboot flash ptable HISIUFS_GPT.img”
- Flash other partitions one by one. Skip files CRC.img, SHA256RSA.img, CURVER.img, VERLIST.img, PACKAGE_TYPE.img and HISIUFS_GPT.img (it was already flashed on previous step). To flash this files, run “fastboot flash” with partition name and image file name after it – for ex. “fastboot flash recovery_vendor RECOVERY_VENDOR.img”. Note: Partition names should be written in lowercase. You can see partition names in Huawei Update Extractor, as extracted image files sometimes has shortened names.
- Run few more commands to cleanup things around:
Code:
fastboot erase misc
fastboot erase modemnvm_factory
fastboot erase bootfail_info
fastboot erase dfx
fastboot erase rrecord
fastboot erase patch
- Flash few more files – from Board Software:
Code:
fastboot flash splash2 splash2.img
fastboot erase userdata
fastboot flash userdata userdata.img
fastboot erase version
fastboot flash version version.img
fastboot flash reserved4 gpu_test_data_all_v2.bin (may be different for other devices – look into XML file from Board Software package for any “reserved” partitions)
- Remove USB cable, connect battery back and boot your device. Most probably your device will boot now! Or at least it will try
4. Final steps
- Make factory reset from stock recovery!
- Make 3-button flash of same or newer firmware just after restoring device!
- Make backup of your NVME and OEMINFO! Use next commands for that:
Code:
dd if=/dev/block/platform/hi_mci.0/by-name/oeminfo of=/storage/emulated/0/oeminfo.img
dd if=/dev/block/bootdevice/by-name/nvme of=/storage/emulated/0/nvme.bak
Above commands are for adb shell with root. If you will do that under TWRP – you can use “of=/sdcard” in dd commands
Note: If your device is in bootloop, but runs recovery/eRecovery fine. If recovery is showing error during factory reset – maybe, you have screwed your nvme during previous upgrades/downgrades. In that case – make NVME backup using TWRP, take nvme.img from Board software package. Using any HEX editor – open both files, and copy all variable values from your backup to nvme.img from Board – manually. After doing that – repeat all steps from beginning until getting forced fastboot mode, and flash this image with “fastboot flash nvme”
P.S. In above links you may find lovely-prepared files for CMR-W09 tablet with region C432 for recovering to b161 firmware (includes recovery.sh script to flash everything in one command) - it can be used to get $4 unlock code with DC Unlocker.
HiKey_IDT => https://drive.google.com/open?id=1EdNfHVc8japoVSe2k4iTWdyp5JyPa1LR
Recovery Files for CMR-W09 C432 B161 => https://drive.google.com/open?id=1YgwwwFITjbJ8vIepcCt0O5w_RRJcKV8F
Board Software for CMR-W09 => https://drive.google.com/open?id=1w3mfVt8ObsViiv5ov3cUAog-M8hHMaSF
Testpoint location on Mediapad 10.8 (should be same on both Pro and non-Pro)
Reserved
Damn! I sent my tablet to a repair center two days ago...
Thank you for this great guide!
crckmc said:
Damn! I sent my tablet to a repair center two days ago...
Thank you for this great guide!
Click to expand...
Click to collapse
Nah, i'm not looking for fast ways! Decided that i can do it by my own ))) Btw, service center will not even try to repair your tablet - they will replace whole logic board or whole tablet.
For me It gives errors, I used my own device board fw.
Which device do you use? Did you boot it with testpoint?
If it is any of M5/M5 Pro (even if it is 8.4") - you can use files that i attached - hikey_idt is preconfigured. For other kirin960 devices that may need different boot files from own board
goodwin_c said:
Which device do you use? Did you boot it with testpoint?
If it is any of M5/M5 Pro (even if it is 8.4") - you can use files that i attached - hikey_idt is preconfigured. For other kirin960 devices that may need different boot files from own board
Click to expand...
Click to collapse
Booted with testpoint, and I used the Huawei P10 (It's a kirin960) and used my own boot files from the board fw. From what I know, I did a wrong downgrade, I did not know about the xloader thing going on, I had B386 installed, and tried do downgrade to B369a, different xloaders both of them. Now the screen is black, can't get into fastboot this way, I used DC-Phoenix too, managed to get somehow into fastboot, but these flashing errors still happened saying partition lenght get error, my logicboard may be already damaged tho.
yoghurt13 said:
Booted with testpoint, and I used the Huawei P10 (It's a kirin960) and used my own boot files from the board fw. From what I know, I did a wrong downgrade, I did not know about the xloader thing going on, I had B386 installed, and tried do downgrade to B369a, different xloaders both of them. Now the screen is black, can't get into fastboot this way, I used DC-Phoenix too, managed to get somehow into fastboot, but these flashing errors still happened saying partition lenght get error, my logicboard may be already damaged tho.
Click to expand...
Click to collapse
But the first - try hikey_idt with my files (it is preconfigured in attached archive). If it will be still throwing errors (i had same errors with wrong boot files) - take own files from your board. But not from "bootloaderimg" or "fastbootimage" folders - i got success with files from "update_nv_bootloader_block" folder of my board software package.
Next step - after you will boot board with hikey_idt and willl have fastboot loaded (screen will be still black - this is normal) - you will have to write partition table to device eMMC. For that - extract HISIUFS_GPT.img from UPDATE.APP and flash it as "ptable" - run "fastboot flash ptable HISIUFS_GPT.img". If that will go without errors - you can flash other images one by one.
What linux should i have? It's not possible under windows?
lukastob said:
What linux should i have? It's not possible under windows?
Click to expand...
Click to collapse
Any distro that you like - will work for you. If you are newbie - you can take Ubuntu for ex. Also, virtual machine with linux will be totally fine - just you should check everytime that USB is passed from host to VM. And no - i don't know about alternative tool for hikey_idt under WIndows, and service version of IDT - is bad-bad-bad. So, Linux is your choice.
Good jobs man ))) thanks from all users for testpoint
Well I managed to get into the special fastboot, and I could flash a few thing, but at least 5 images fail the verification, including Xloader, It's strage, as the Xloader still tries to verify things.
yoghurt13 said:
Well I managed to get into the special fastboot, and I could flash a few thing, but at least 5 images fail the verification, including Xloader, It's strage, as the Xloader still tries to verify things.
Click to expand...
Click to collapse
Try to flash xloader from OTA, not from board. From UPDATE.APP. Did you flash ptable in that mode?
goodwin_c said:
Try to flash xloader from OTA, not from board. From UPDATE.APP. Did you flash ptable in that mode?
Click to expand...
Click to collapse
I was doing that, I tried the ota xloader, and I tried the board sec_xloader too, they did not work, both of them has verification errors. Flashing DTS, fastboot, trustfirmware gives this error FAILED (remote: 'image verification error'). And yes, I flashed the Ptable too.
yoghurt13 said:
I was doing that, I tried the ota xloader, and I tried the board sec_xloader too, they did not work, both of them has verification errors. Flashing DTS, fastboot, trustfirmware gives this error FAILED (remote: 'image verification error'). And yes, I flashed the Ptable too.
Click to expand...
Click to collapse
from which folder did you take boot files for hikey_idt? maybe, you could try to take older board firmware? Or try to flash files from "fastbootimage" folder of your board.
goodwin_c said:
from which folder did you take boot files for hikey_idt? maybe, you could try to take older board firmware? Or try to flash files from "fastbootimage" folder of your board.
Click to expand...
Click to collapse
I literally have only 1 board firmware version the VTR-AL00, and I tried those stuff already, only your hikey-idt preconfigured got it into fastboot, after that I tried to flash my own board fw stuff onto it. So this whole thing might not work in my case.
yoghurt13 said:
I literally have only 1 board firmware version the VTR-AL00, and I tried those stuff already, only your hikey-idt preconfigured got it into fastboot, after that I tried to flash my own board fw stuff onto it. So this whole thing might not work in my case.
Click to expand...
Click to collapse
Can you share somewhere files from your board? i'll look into it.
goodwin_c said:
Can you share somewhere files from your board? i'll look into it.
Click to expand...
Click to collapse
Yeah, I'll upload the thing, I'll PM you the link.
Okay, I somehow managed to get it to work, found the perfect rom for the reset, BUT, the thing is, I lost my IMEI number from the phone, is there any way to reset it?
Amazing, thank you for this
---------- Post added at 10:02 PM ---------- Previous post was at 10:00 PM ----------
yoghurt13 said:
Yeah, I'll upload the thing, I'll PM you the link.
Click to expand...
Click to collapse
I think because of the relocked bootloader
This phone can only fastboot, but without authorization to pc, I tried turning to recovery/normal start, it does nothing but blinks(screen light turns on and off). I can't factory reset nor can I get the firmware to factory reset. any help would be greatly appreciated!!
You probably have wiped a partition ( especially that where adbd is located ): re-flash phone's Stock ROM.
that emmc is weared-out and therefore either the emmc controller or kernel decided to provide block device ro (before it finally dies on wear-leveling)
use a drilling machine through emmc chip to destroy user data
jwoegerbauer said:
You probably have wiped a partition ( especially that where adbd is located ): re-flash phone's Stock ROM.
Click to expand...
Click to collapse
How am I supposed to do so? I don't have the stock rom...
seems it's Mediatek SoC you can just dump stock ROM off the phone itself.
It's now easy to bypass MediaTek's SP Flash Tool authentication
A group of developers has created a Python utility to bypass the authentication routine of MediaTek SP Flash Tool. Check it out now!
www.xda-developers.com
I personally prefer mtkclient cmd line for linux (python) it's maybe not that easy to setup but it's easy in usage. it even provides a simple gui. for readback ROM device needs to be powered off and usb disconnected (as usual for Mediatek devices). plug in usb cable when PC is ready for preloader mode, then "rl": Read all partitions from flash to a directory
Code:
python3 mtk rl /path/to/outdir
Note: Android partitions are mounted ro it's unlikely ROM itself is damaged (if not forcefully modified). "only" userdata + cache partitions are writeable to Android, formatting userdata partition is "same" as factory reset.