Related
I installed the OTA update last night and it's just looping through the "alcatel one touch" and "smart move" screens. It's been like that for hours.
I need assistance in getting into recovery mode, and hopefully getting my files off the device.
I have downloaded android-studio and am about to install it to get adb and fastboot, and have downloaded the drivers for the idol 3. At this point when it's plugged in, my computer doesn't recognize the device.
If you did not have usb debugging enabled BEFORE the boot loop installing adb and fastboot now won't do you any good. Are you still able to get into recovery and is it twrp or the factory recovery? Without a direct way to get the phone into bootloader regretfully the only solution is to send it in for warranty repair (or replacement via your credit card if you paid that way under purchase protection)
Are you trying to remove the data to prevent access by others or because you need the data? Did you make any backups to external sd or copied to the pc?
I as well am stuck in bootloop. Was able to get into factory recovery and reset phone several times. Still no luck. I have a TWRP backup, but how to I do a temporary boot into it? Only option available in factory recovery was to sideload via ADB, but no luck using fastboot commands there. Phoned Alcatel and they have referred me back to Amazon. Amazon only wants to refund me, won't exchange! Of course I bought at the pre-order price. Any help would be greatly appreciated.
wrench588 said:
I as well am stuck in bootloop. Was able to get into factory recovery and reset phone several times. Still no luck. I have a TWRP backup, but how to I do a temporary boot into it? Only option available in factory recovery was to sideload via ADB, but no luck using fastboot commands there. Phoned Alcatel and they have referred me back to Amazon. Amazon only wants to refund me, won't exchange! Of course I bought at the pre-order price. Any help would be greatly appreciated.
Click to expand...
Click to collapse
The factory reset killed you....if you had usb debugging enabled prior and had not done a factory reset (which kills /data) you could have possibly gotten to an adb shell long enough to do an adb reboot bootloader. The problem is there's no way now to get you into bootloader....you can't get to it from recovery (factory).
If you purchased it by credit card you might see if their purchase protection (typically 60-90 days) allows a claim submission for a replacement....in this case they would cut you a check for the cost of a replacement after mailing in your old one. That's the only solution I see to remain at the $199 price.
You could also see if amazon will issue a $50 credit to your account in addition to return to allow for repurchase. Unlikely but possible.
Ok thanks for the input and advice. As a last ditch effort, is there a way to create or modify the twrp file as a "signed" zip file so that I could boot into it via stock recovery. This was how I rooted my old Galaxy S2, although it was a CWM recovery.
wrench588 said:
Ok thanks for the input and advice. As a last ditch effort, is there a way to create or modify the twrp file as a "signed" zip file so that I could boot into it via stock recovery. This was how I rooted my old Galaxy S2, although it was a CWM recovery.
Click to expand...
Click to collapse
Nothing so far has worked in that regard...in fact I created a update.zip using "zipme" to replace the build.prop that another user says the factory recovery refused to process.
Without a full factory rom to pull needed info in or the source code to compile one we can't do some of the things which would "save" the device.
wrench588 said:
...Only option available in factory recovery was to sideload via ADB, but no luck using fastboot commands there.
Click to expand...
Click to collapse
Strange ... the stock recovery of 6039y has an option for reboot to the bootloader.
petrov.0 said:
Strange ... the stock recovery of 6039y has an option for reboot to the bootloader.
Click to expand...
Click to collapse
Can you post a screenshot where the option is? I'm not doubting your word but perhaps he's looking in the wrong place? I'm back on TWRP so can't look in the stock recovery myself.
famewolf said:
Can you post a screenshot where the option is? I'm not doubting your word but perhaps he's looking in the wrong place? I'm back on TWRP so can't look in the stock recovery myself.
Click to expand...
Click to collapse
There is no option for screenshot while the phone is in the stock recovery. I need a camera to take a picture of the menu. I can do this later. The menu however looks like this:
Code:
reboot system now
apply update from ADB
apply update from sdcard
apply update from phone storage
wipe data/factory reset
wipe cache partition
reboot to bootloader
power down
view recovery log
petrov.0 said:
There is no option for screenshot while the phone is in the stock recovery. I need a camera to take a picture of the menu. I can do this later. The menu however looks like this:
Code:
reboot system now
apply update from ADB
apply update from sdcard
apply update from phone storage
wipe data/factory reset
wipe cache partition
reboot to bootloader
power down
view recovery log
Click to expand...
Click to collapse
If it's right off the main page like that then I can confirm it's not on the 6045. It's been one of the main issues with folks bricking their devices...if their rom gets messed up and they have factory recovery they have no way to get into bootloader to do anything to repair the device. Seems alcatel needs to add the reboot to bootloader to our recovery. I wonder where we could report that.
Is there a way to "lock" recovery so the updates cannot replace twrp? TWRP allows adb access and reboot to bootloader.
famewolf said:
If it's right off the main page like that then I can confirm it's not on the 6045. It's been one of the main issues with folks bricking their devices...if their rom gets messed up and they have factory recovery they have no way to get into bootloader to do anything to repair the device. Seems alcatel needs to add the reboot to bootloader to our recovery. I wonder where we could report that.
Is there a way to "lock" recovery so the updates cannot replace twrp? TWRP allows adb access and reboot to bootloader.
Click to expand...
Click to collapse
This is a snapshot from the recovery menu of 6039y.
The short answer of your question regarding the "lock" is ... no. If a longer explanation is needed ... this is from the update file, a link to which was provided by you:
Code:
if ! applypatch -c EMMC:/dev/block/bootdevice/by-name/recovery:18393344:f9062580503eb61b315a5d12c5c6b3bb133aa4b2; then
....etc.
what it does is to check the sha1 sum of the recovery partition and if the sha1 sum doesn't match to f9062580503eb61b315a5d12c5c6b3bb133aa4b2 will continue with an overwriting of the recovery partition and then will apply a patch. It can't be changed because the whole update will fail.
yep no bootloader
I've got reboot to boatloader on main page from stock recovery on my 6045k
Sent from hell
famewolf said:
Is there a way to "lock" recovery so the updates cannot replace twrp? TWRP allows adb access and reboot to bootloader.
Click to expand...
Click to collapse
Back to the "lock" question. Probably it is possible the OTA update to be slightly modified and then to be flashed through the TWRP recovery (there is an option in TWRP to skip the signature verification ... the verification will fail if the zip file is modified). But I prefer to wait for the OTA update of the 6039y, as I want to perform some tests with the upgrade.
ractar28 said:
I installed the OTA update last night and it's just looping through the "alcatel one touch" and "smart move" screens. It's been like that for hours.
I need assistance in getting into recovery mode, and hopefully getting my files off the device.
I have downloaded android-studio and am about to install it to get adb and fastboot, and have downloaded the drivers for the idol 3. At this point when it's plugged in, my computer doesn't recognize the device.
Click to expand...
Click to collapse
I am in the same boat as OP re the state my Idol 3 (6045i) is currently in. I also unchecked superuser but did not unroot completely before installing the update. I have not yet done a data wipe through recovery though. Unfortunately, back when I rooted the phone I did NOT check the box telling the phone to remember the computer/RSA key for future use. As a result, now when the phone is stuck at the white/animated Alcatel boot logo I can see the phone under adb devices, but it shows as unauthorized.
One thing that did seem odd, was browsing through stock recovery when trying to browse to apply an update from either phone storage or the SD card, no files are showing up at all. All it is showing is the folder root ( /.. ) in both instances and nothing else. Even after I attempted loading several system update and twrp images (in .zip and .img formats) on the SD card from my computer, once loaded in the phone none of the files show up through stock recovery. Is this SD card not compatible/formatted wrong or is something else going on?
Is there any current method to gaining access to the phone via adb manupulating the adbkey files in the $User$/Home/.android folder? I do currently have the adbkey files on my Mac from connecting the phone previously. I'm assuming these files are uniquely generated hashes?
That is ridiculous if the 6045k has bootloader access from recovery and 6045i does not. What would be the reasoning for this?
Nikola Jovanovic said:
I've got reboot to boatloader on main page from stock recovery on my 6045k
Sent from hell
Click to expand...
Click to collapse
Does the sha1 sum of your recovery happen to match f9062580503eb61b315a5d12c5c6b3bb133aa4b2 ? If so it could solve some issues but why do I suddenly think all 3 models have their own recovery?
---------- Post added at 08:47 AM ---------- Previous post was at 08:43 AM ----------
n3tnut said:
I am in the same boat as OP re the state my Idol 3 (6045i) is currently in. I also unchecked superuser but did not unroot completely before installing the update. I have not yet done a data wipe through recovery though. Unfortunately, back when I rooted the phone I did NOT check the box telling the phone to remember the computer/RSA key for future use. As a result, now when the phone is stuck at the white/animated Alcatel boot logo I can see the phone under adb devices, but it shows as unauthorized.
One thing that did seem odd, was browsing through stock recovery when trying to browse to apply an update from either phone storage or the SD card, no files are showing up at all. All it is showing is the folder root ( /.. ) in both instances and nothing else. Even after I attempted loading several system update and twrp images (in .zip and .img formats) on the SD card from my computer, once loaded in the phone none of the files show up through stock recovery. Is this SD card not compatible/formatted wrong or is something else going on?
Is there any current method to gaining access to the phone via adb manupulating the adbkey files in the $User$/Home/.android folder? I do currently have the adbkey files on my Mac from connecting the phone previously. I'm assuming these files are uniquely generated hashes?
That is ridiculous if the 6045k has bootloader access from recovery and 6045i does not. What would be the reasoning for this?
Click to expand...
Click to collapse
adb reboot bootloader won't work even with it showing unauthorized? If you can get into bootloader you can fix /system without messing up your /data (don't wipe data or you lose adb entirely...you may figure out how to add the correct hash if we can find how it's generated)
Here's some info on the hashes you might find useful taken from: http://nelenkov.blogspot.com/2013/02/secure-usb-debugging-in-android-422.html
Secure ADB implementation
The ADB host authentication functionality is enabled by default when the ro.adb.secure system property is set to 1, and there is no way to disable it via the system settings interface (which is a good thing). The device is initially in the OFFLINE state and only goes into the ONLINE state once the host has authenticated. As you may already know, hosts use RSA keys in order to authenticate to the ADB daemon on the device. Authentication is typically a three step process:
After a host tries to connect, the device sends and AUTH message of type TOKEN that includes a 20 byte random value (read from /dev/urandom).
The host responds with a SIGNATURE packet that includes a SHA1withRSA signature of the random token with one of its private keys.
The device tries to verify the received signature, and if signature verification succeeds, it responds with a CONNECT message and goes into the ONLINE state. If verification fails, either because the signature value doesn't match or because there is no corresponding public key to verify with, the device sends another AUTH TOKEN with a new random value, so that the host can try authenticating again (slowing down if the number of failures goes over a certain threshold).
Signature verification typically fails the first time you connect the device to a new host because it doesn't yet have the host key. In that case the host sends its public key in an AUTH RSAPUBLICKEY message. The device takes the MD5 hash of that key and displays it in the 'Allow USB debugging' confirmation dialog. Since adbd is a native daemon, the key needs to be passed to the main Android OS. This is accomplished by simply writing the key to a local socket (aptly named, 'adbd'). When you enable ADB debugging from the developer settings screen, a thread that listens to the 'adbd' socket is started. When it receives a message starting with "PK" it treats it as a public key, parses it, calculates the MD5 hash and displays the confirmation dialog (an activity actually, part of the SystemUI package). If you tap 'OK', it sends a simple simple "OK" response and adbd uses the key to verify the authentication message (otherwise it just stays offline). In case you check the 'Always allow from this computer' checkbox, the public key is written to disk and automatically used for signature verification the next time you connect to the same host. The allow/deny debugging functionality, along with starting/stopping the adbd daemon, is exposed as public methods of the UsbDeviceManager system service.
We've described the ADB authentication protocol in some detail, but haven't said much about the actual keys used in the process. Those are 2048-bit RSA keys and are generated by the local ADB server. They are typically stored in $HOME/.android as adbkey and adbkey.pub. On Windows that usually translates to %USERPOFILE%\.android, but keys might end up in C:\Windows\System32\config\systemprofile\.android in some cases (see issue 49465). The default key directory can be overridden by setting the ANDROID_SDK_HOME environment variable. If the ADB_VENDOR_KEYS environment variable is set, the directory it points to is also searched for keys. If no keys are found in any of the above locations, a new key pair is generated and saved. On the device, keys are stored in the /data/misc/adb/adb_keys file, and new authorized keys are appended to the same file as you accept them. Read-only 'vendor keys' are stored in the /adb_keys file, but it doesn't seem to exist on current Nexus devices. The private key is in standard OpenSSL PEM format, while the public one consists of the Base 64 encoded key followed by a `[email protected]` user identifier, separated by space. The user identifier doesn't seem to be used at the moment and is only meaningful on Unix-based OS'es, on Windows it is always '[email protected]'.
While the USB debugging confirmation dialog helpfully displays a key fingerprint to let you verify you are connected to the expected host, the adb client doesn't have a handy command to print the fingerprint of the host key. You might think that there is little room for confusion: after all there is only one cable plugged to a single machine, but if you are running a couple of VMs, thing can get a little fuzzy. Here's one of way of displaying the host key's fingerprint in the same format the confirmation dialog uses (run in $HOME/.android or specify the full path to the public key file):
awk '{print $1}' < adbkey.pub|openssl base64 -A -d -a \
|openssl md5 -c|awk '{print $2}'|tr '[:lower:]' '[:upper:]'
We've reviewed how secure ADB debugging is implemented and have shown why it is needed, but just to show that all of this solves a real problem, we'll finish off with a screenshot of what a failed ADB attack against an 4.2.2 device from another Android device looks like:
famewolf said:
adb reboot bootloader won't work even with it showing unauthorized? If you can get into bootloader you can fix /system without messing up your /data (don't wipe data or you lose adb entirely...you may figure out how to add the correct hash if we can find how it's generated)
Click to expand...
Click to collapse
Just tested using adb reboot bootloader again and this is the result: error: device unauthorized. Please check the confirmation dialog on your device.
Something else I tried was running fastboot commands in the narrow window that the phone initially boots (black screen with Android logo) but that didn't seem to work either. I tried:
fastboot reboot-bootloader
fastboot -i 0x1bbb reboot-bootloader
fastboot -i 0x1bbb devices
I noticed if you plug the phone into the computer via USB while the phone is off, it will briefly power on to the Android logo/black screen before flashing the battery status once and turning off. Is this an opportunity to send fastboot or adb commands to the phone?
I'll try messing with the adbkey stuff later when I have time to dig into it.
There is a tool from Alcatel (TCL) which can perform upgrades of the device from a Windows PC. You can try it if nothing else helps. There are two COM ports available under Windows when the device is powered off and the USB cable is connected to the phone. This tool use them to perform some checks on the device and probably will continue with an upgrade (it says that all of your data will be wiped after the upgrade etc. so there is a possibility to overwrite everything with a stock image) ... there are instructions how to work with it. The link is from the French support section of Alcatel. Despite that the program has support for 6039 and 6045 is not clear for which of their versions.
petrov.0 said:
There is a tool from Alcatel (TCL) which can perform upgrades of the device from a Windows PC. You can try it if nothing else helps. There are two COM ports available under Windows when the device is powered off and the USB cable is connected to the phone. This tool use them to perform some checks on the device and probably will continue with an upgrade (it says that all of your data will be wiped after the upgrade etc. so there is a possibility to overwrite everything with a stock image) ... there are instructions how to work with it. The link is from the French support section of Alcatel. Despite that the program has support for 6039 and 6045 is not clear for which of their versions.
Click to expand...
Click to collapse
The problem is we currently have no stock images in the format it requires to flash to restore the device. I would think those have to be available first?
---------- Post added at 02:56 AM ---------- Previous post was at 02:55 AM ----------
n3tnut said:
Just tested using adb reboot bootloader again and this is the result: error: device unauthorized. Please check the confirmation dialog on your device.
Something else I tried was running fastboot commands in the narrow window that the phone initially boots (black screen with Android logo) but that didn't seem to work either. I tried:
fastboot reboot-bootloader
fastboot -i 0x1bbb reboot-bootloader
fastboot -i 0x1bbb devices
I noticed if you plug the phone into the computer via USB while the phone is off, it will briefly power on to the Android logo/black screen before flashing the battery status once and turning off. Is this an opportunity to send fastboot or adb commands to the phone?
I'll try messing with the adbkey stuff later when I have time to dig into it.
Click to expand...
Click to collapse
You can't do fastboot commands until the phone is IN bootloader....so you'd have to do adb reboot bootloader
adb devices
etc....
famewolf said:
The problem is we currently have no stock images in the format it requires to flash to restore the device. I would think those have to be available first?
Click to expand...
Click to collapse
It is possible the program to download these images from a server.
I found another interesting thing. The device has a download mode. It is activated when the phone is powered off and connected to a PC. You must wait the display to turn off after the charging battery symbol and then to press and hold both volume keys, after which to press and hold the power button (without releasing these for the volume). But still don't know what to do in this mode. No device is detected on my Linux box when the phone is in this state. Probably I should try in Windows.
Also when the Alcatel upgrade tool was trying to detect the phone I'm almost sure that one of the COM ports was
Qualcomm HS-USB Diagnostics 9006
there is a lot information for other devices how this can be used to unbrick your phone, so this is a some start. The images which the people flash through it are in raw format.
Hi,
I tried lots of things! Can't do anything yet... I really need that file.
My USB debugging is not turned on, if it was I'll be ok. I found that if you copy the adbkey.pub from your users directory to the phone it
will bypass the USB debugging function, but can't push it with adb.
I can only boot in recovery and use fastboot or adb but with no access to the phone... I don't have TWRP installed.
I tried to flash TWRP with: fastboot flash recovery twrp.img
and I got an error telling me: FAILED (remote: 'No such partition.')
Probably because USB debug is not enabled... again...?
EDIT: tried to make me a walkthrough for the keyboard using a working phone, I can get up to the settings app, there's no focus on the settings items so I can't select them...
- I have access to the fingerprint sensor, but not gonna do much since I rebooted the phone i'll need to enter the unlock code.
- I can plug in a keyboard/mouse combo in my phone, for this to work i'll need a walkthough for arrows key/enter key to press to I can enable USB debugging.
- The screen is broken(black) touch sensor also broken.
- The phone is not rooted but is OEM unlocked
- I tried several software to mirror screen, they all require USB debugging enable or accept something on the phone or both.
- I know where the file is located on the phone but I don't know it's exact name (it's a .mp3 file, not a song ) it's in /storage/emulated/0/Recorders
Any help is greatly appreciated.
Thank you
I purchased a used Kajeet branded Orbic Speed RC400L hotspot off eBay which came with a charger, carrying case and Verizon SIM. I went though the Verizon prepaid activate website and it says the device is compatible and the Verizon sim card in it will work, however I noticed when I powered on the hotspot many menu settings were locked out.
I then connected to the hotspot and navigated to 192.168.1.1 and following Verizon's manual for this device I entered in admin as the username and the wifi password as the password and nope, wasn't able to log in. To make matters worse I decided to swap a Verizon prepaid SIM from another device and everything appeared to work, it showed signal however it had no internet, and when I looked into this further I realized this device is programmed with a different APN than the Verizon default for Kajeet's services, and I can't log in to change this.
I then attempted to hold down the reset button on the device for 5 seconds following Verizon's manual for this device while it was powered on and it did not reset, nothing I did would let me factory reset the device.
I then started to look into other options.
If I connect the device powered off to a laptop via USB, press and hold both the power and reset buttons I hear the device connect sound on Windows. I checked Device Manager and see the device as a Qualcomm device on COM10. I opened up QPST which confirms this device is on COM10 and in download mode.
This is good news as this appears to be how I can flash new firmware onto this device, but sadly there is no instructions on how to do this nor the stock Verizon firmware to download for this device.
When connecting the device powered up normally QPST detects it on COM10 but isn't able to read any info about the device at all.
I am stuck now on what to do, part of me wants to activate it on Verizon prepaid and then call Verizon when it has no internet and see if they can remotely reset it or program the right APN settings into the device to see if it'll work, however I don't know if they'll be able to do this.
I’m looking into acquiring a second Orbic Speed hotspot new from Verizon and making a backup of that firmware and then flashing it to this other hotspot using the Qualcomm download mode to recover it as well as uploading it and making instructions here for anyone else who runs into this issue.
That seems to be the only way to do a complete hard reset since the firmware on the one I have is locked and the reset button doesn’t do anything in its regular powered up state.
There are various tutorials for Qualcomm based devices on how to make an entire firmware backup or dump of the device so I’m hoping those will work with this device as well.
I’d like to see if anyone can root this hotspot given it reportedly runs Linux and install a modified OS on it as well as do band unlocking and allow it to work on any carrier too, I’ll see if I can get more info about the hardware and which Qualcomm chipset it uses.
You can obtain one of these hotspots new for a significant discount by purchasing a used Ellipsis MHS900L and exchanging it under the recall that exists for these devices.
TheTechDude48 said:
I’m looking into acquiring a second Orbic Speed hotspot new from Verizon and making a backup of that firmware and then flashing it to this other hotspot using the Qualcomm download mode to recover it as well as uploading it and making instructions here for anyone else who runs into this issue. Omegle app
That seems to be the only way to do a complete hard reset since the firmware on the one I have is locked and the reset button doesn’t do anything in its regular powered up state.
There are various tutorials for Qualcomm based devices on how to make an entire firmware backup or dump of the device so I’m hoping those will work with this device as well.
I’d like to see if anyone can root this hotspot given it reportedly runs Linux and install a modified OS on it as well as do band unlocking and allow it to work on any carrier too, I’ll see if I can get more info about the hardware and which Qualcomm chipset it uses.
You can obtain one of these hotspots new for a significant discount by purchasing a used Ellipsis MHS900L and exchanging it under the recall that exists for these devices.
Click to expand...
Click to collapse
Xposed is incompatible with the ART runtime. That means it won't work on Lollipop.
How can i
Make an backup of a normal orbic hotspot
I have an Orbic Speed that I got in exchange for an Ellipse with the battery problem.
I had already wasted more money on the 8800L so I really didn't need the Orbic.
I was playing around trying to get it into EDL mode.
The normal connect is RNDIS.
I tried to find EDL test points, but nothing seemed to work.
I tried beating on it and actually got it into 11f6/900e QHSUSB__BULK, which is certainly strange. (Should be 05c6/9008).
I haven't been able to get there again, it may have just been really corrupted. Also, it didn't respond correctly to Sahara and got wedged.
But... I did find a test point to reliably put it into Fastboot mode! I was surprised. I can getvar and reboot but no reboot-edl or oem edl.
The test point is under the top left corner of the LCD, the first point in the corner. Just ground it during reset.
You have to ease the LCD display up a bit.
Does anyone know any good Orbic OEM commands?
Edit: Lol! That was quick. I just discovered that if you connect the "Fastboot" test point to the test point immediately to the right it goes into EDL.
I haven't got a loader for it, but Sahara gives me HWID: 000480e100000000, MSM: 000480e1, OEM: 0000, Model: 0000, Hash: cc3153a80293939b.
I haven't found a loader yet because my internet is so crappy. Yeah, Verizon.
For Fastboot: Connect Sense to Gnd
For EDL: Connect Sense to 1.8V
If you're timid, use a resistor (I used a 1k).
The loader that you want is:
https://github.com/bkerler/Loaders/qualcomm/patched/mdm9x07/prog_nand_firehose_9x07.mbn
This uses NAND storage.
The partioning is not GPT, it's something else.
Partitions are: sbl, mibib, efs2, dynamic_nv, efs2_bak, tz, rpm, aboot, boot, scrub, modem, misc, recovery, usrdata, recoveryfs, sec, system
The boot image is Red Hat UBI.
Edit: I got tired of this thing sitting around disassembled, so I soldered in a tiny magnetic reed switch and buttoned it up.
Now if I want to get to EDL I just park a magnet in the top of the case and hit reset.
I did this before to my ereader (Onyx Poke3) too.
@Renate
Are you still fooling with this device?
I told you I got one a couple weeks ago, I have my workup done for it. I also go the factory for it and patched it so it actually works now lol, it would only work before if you were on I think it was v1.5.1 now I have it set to force load everytime and patched the version check, I have full reloadable firmware made up for it now and can erase the device to 0 and then recover it to fully working.
I never could get that loader to work, i have to find a diff one for this model
here is a few screenshots
imei repair was different for this one than on other similar devices
We were talking about its comports in that 8800 thread, I baked enabled ports into the first firmware build I made for this one but then later found a way to enable them without needing to load firmware, if you need your ports enabled on yours hit me up.
Someone sent me a moxee device a few days ago and while they are basically the same looking device it is a deceiving similarity, cannot use the same firmware or loader and the board layouts are much different, the Verizon orbic model is much better than the moxee device at first glance the only notable diff is the micro USB port but looks can be deceiving lol.
the dumbed-down kernel with almost none of the needed modules makes it live up to its entry-level status.
Mmm, I don't need dumber Verizon hot spots, I need a smarter one!
It's too bad that the NetGear NightHawk M1 and M6 don't have the Verizon bands.
I have put hundreds of M1's on vzw, it only lacks b13 but most markets have 2, 4 & 66, they work fine on vzw and M6 I have put many on vzw also
Figured out a few things about my RC400L. First, to enable ADB, send a USB control message of type LIBUSB_REQUEST_TYPE_VENDOR, request 0xa0, a value of 0, and no data. The device will now reboot. adb is now enabled, but rndis has been disabled (regardless of what you set USB tethering to). However, it's also exposed the DIAG and AT endpoints, so if you have drivers installed for that you can just connect to the AT port and send AT+SER=9,1 which will switch to a mode that exposes adb, diag, at, and rndis. adb is running as an unprivileged user, but if you connect over the AT interface you can also run AT+SYSCMD= with a Linux command after the equals sign, and it'll run that as root. I was hoping to find a way to reboot into fastboot via software but haven't had any luck on that so far, so I guess I'll have to crack the case open.
Unfortunately it's not possible to configure the Orbic to just boot when plugged into USB - it's actually booting Linux, but simply displaying a charging screen instead of enabling USB or starting the modem stack. This is controlled by the "androidboot.poweronreason=" parameter that's passed on the kernel command line, and several different components parse this. The easiest solution I've found is to dump the bootloader (it's /dev/mtdblock7) and search for the byte sequence "03 02 00 0a 20" and replace the 20 with ff. 20 is the value read from the power management controller that indicates the device powered up because it was plugged into USB - replacing that with ff means the bootloader no longer understands that, and falls back to describing it as a hard reset. This value is interpreted as a legitimate bootup and everything works.
mjg59 said:
Unfortunately it's not possible to configure the Orbic to just boot when plugged into USB - it's actually booting Linux, but simply displaying a charging screen instead of enabling USB or starting the modem stack. This is controlled by the "androidboot.poweronreason=" parameter that's passed on the kernel command line, and several different components parse this. The easiest solution I've found is to dump the bootloader (it's /dev/mtdblock7) and search for the byte sequence "03 02 00 0a 20" and replace the 20 with ff. 20 is the value read from the power management controller that indicates the device powered up because it was plugged into USB - replacing that with ff means the bootloader no longer understands that, and falls back to describing it as a hard reset. This value is interpreted as a legitimate bootup and everything works.
Click to expand...
Click to collapse
Any chance at getting some 5000 foot guide/direction on how to do this? I haven't messed with ADB in the last 10 or so years . I would love to get my RC400L setup to auto start from a powered off state when the USB power is connected. My use case is a rpi running a remote weather station and camera that posts to twitter every 5 minutes. I have access to the setup, but it's a 15 minute drive each way!
Renate said:
I have an Orbic Speed that I got in exchange for an Ellipse with the battery problem.
I had already wasted more money on the 8800L so I really didn't need the Orbic.
I was playing around trying to get it into EDL mode.
The normal connect is RNDIS.
I tried to find EDL test points, but nothing seemed to work.
I tried beating on it and actually got it into 11f6/900e QHSUSB__BULK, which is certainly strange. (Should be 05c6/9008).
I haven't been able to get there again, it may have just been really corrupted. Also, it didn't respond correctly to Sahara and got wedged.
But... I did find a test point to reliably put it into Fastboot mode! I was surprised. I can getvar and reboot but no reboot-edl or oem edl.
The test point is under the top left corner of the LCD, the first point in the corner. Just ground it during reset.
You have to ease the LCD display up a bit.
Does anyone know any good Orbic OEM commands?
Edit: Lol! That was quick. I just discovered that if you connect the "Fastboot" test point to the test point immediately to the right it goes into EDL.
I haven't got a loader for it, but Sahara gives me HWID: 000480e100000000, MSM: 000480e1, OEM: 0000, Model: 0000, Hash: cc3153a80293939b.
I haven't found a loader yet because my internet is so crappy. Yeah, Verizon.
For Fastboot: Connect Sense to Gnd
For EDL: Connect Sense to 1.8V
If you're timid, use a resistor (I used a 1k).
The loader that you want is:
https://github.com/bkerler/Loaders/qualcomm/patched/mdm9x07/prog_nand_firehose_9x07.mbn
This uses NAND storage.
The partioning is not GPT, it's something else.
Partitions are: sbl, mibib, efs2, dynamic_nv, efs2_bak, tz, rpm, aboot, boot, scrub, modem, misc, recovery, usrdata, recoveryfs, sec, system
The boot image is Red Hat UBI.
Edit: I got tired of this thing sitting around disassembled, so I soldered in a tiny magnetic reed switch and buttoned it up.
Now if I want to get to EDL I just park a magnet in the top of the case and hit reset.
I did this before to my ereader (Onyx Poke3) too.
Click to expand...
Click to collapse
magnetic reed switch is so ****ing clever so it doesnt have to be disassembled to use testpoints for edl
chimchim54321 said:
Any chance at getting some 5000 foot guide/direction on how to do this? I haven't messed with ADB in the last 10 or so years . I would love to get my RC400L setup to auto start from a powered off state when the USB power is connected. My use case is a rpi running a remote weather station and camera that posts to twitter every 5 minutes. I have access to the setup, but it's a 15 minute drive each way!
Click to expand...
Click to collapse
Ok, this is extremely at your own risk - I've attached a zip file with a couple of files.
Download https://www.verizon.com/support/verizon-orbic-speed-mobile-hotspot-update-instructions/ and install it.
Unzip this zip file into the update app directory
Download https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html .
Plug in your hotspot
Run the update app. Hit start. Wait until you hear the Windows device disconnected sound and unplug your hotspot. Quit the update app.
Plug your hotspot back in. Device Manager should now show a bunch of com ports that weren't there before.
Open a command prompt and go to the update app directory. Run adb push orbic/* /tmp
Run Putty and tell it to make a serial connection. Choose the COM port that Device Manager has listed with AT in the name.
Type AT. You should get back an "OK" response. Type AT+SYSCMD=cp /tmp/sshell /sbin
Type AT+SYSCMD=chown root /sbin/sshell
Type AT+SYSCMD=chmod 4755 /sbin/sshell
Go back to the command prompt and run adb shell
Type sshell
This is the dangerous part. If you want to modify your existing bootloader, run dd if=/dev/mtdblock7 of=/tmp/aboot and then use adb pull to copy it back to your computer. Modify it as described above, and then use adb push to copy it back into /tmp on the hotspot. If you're willing to risk bricking your device if the bootloader is somehow incompatible, you can just use the copy that was in the zip file.
adb shell back into the device and run sshell again. Run dd if=/tmp/aboot of=/dev/mtdblock7 oflags=sync . The patched bootloader is now installed. Run reboot.
It's probably fine to just use the bootloader I've included, but it does seem to vary between firmware releases, so if you feel up to patching it yourself then I'd recommend that (make sure that your bootloader only contains one copy of the byte sequence I mention - if there's more then let me know and I'll figure out where the patch needs to go.
mjg59 said:
Ok, this is extremely at your own risk - I've attached a zip file with a couple of files.
Download https://www.verizon.com/support/verizon-orbic-speed-mobile-hotspot-update-instructions/ and install it.
Unzip this zip file into the update app directory
Download https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html .
Plug in your hotspot
Run the update app. Hit start. Wait until you hear the Windows device disconnected sound and unplug your hotspot. Quit the update app.
Plug your hotspot back in. Device Manager should now show a bunch of com ports that weren't there before.
Open a command prompt and go to the update app directory. Run adb push orbic/* /tmp
Run Putty and tell it to make a serial connection. Choose the COM port that Device Manager has listed with AT in the name.
Type AT. You should get back an "OK" response. Type AT+SYSCMD=cp /tmp/sshell /sbin
Type AT+SYSCMD=chown root /sbin/sshell
Type AT+SYSCMD=chmod 4755 /sbin/sshell
Go back to the command prompt and run adb shell
Type sshell
This is the dangerous part. If you want to modify your existing bootloader, run dd if=/dev/mtdblock7 of=/tmp/aboot and then use adb pull to copy it back to your computer. Modify it as described above, and then use adb push to copy it back into /tmp on the hotspot. If you're willing to risk bricking your device if the bootloader is somehow incompatible, you can just use the copy that was in the zip file.
adb shell back into the device and run sshell again. Run dd if=/tmp/aboot of=/dev/mtdblock7 oflags=sync . The patched bootloader is now installed. Run reboot.
It's probably fine to just use the bootloader I've included, but it does seem to vary between firmware releases, so if you feel up to patching it yourself then I'd recommend that (make sure that your bootloader only contains one copy of the byte sequence I mention - if there's more then let me know and I'll figure out where the patch needs to go.
Click to expand...
Click to collapse
Awesome, thanks! What could possibly go wrong!!!!!
mjg59 said:
Ok, this is extremely at your own risk - I've attached a zip file with a couple of files.
Download https://www.verizon.com/support/verizon-orbic-speed-mobile-hotspot-update-instructions/ and install it.
Unzip this zip file into the update app directory
Download https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html .
Plug in your hotspot
Run the update app. Hit start. Wait until you hear the Windows device disconnected sound and unplug your hotspot. Quit the update app.
Plug your hotspot back in. Device Manager should now show a bunch of com ports that weren't there before.
Open a command prompt and go to the update app directory. Run adb push orbic/* /tmp
Run Putty and tell it to make a serial connection. Choose the COM port that Device Manager has listed with AT in the name.
Type AT. You should get back an "OK" response. Type AT+SYSCMD=cp /tmp/sshell /sbin
Type AT+SYSCMD=chown root /sbin/sshell
Type AT+SYSCMD=chmod 4755 /sbin/sshell
Go back to the command prompt and run adb shell
Type sshell
This is the dangerous part. If you want to modify your existing bootloader, run dd if=/dev/mtdblock7 of=/tmp/aboot and then use adb pull to copy it back to your computer. Modify it as described above, and then use adb push to copy it back into /tmp on the hotspot. If you're willing to risk bricking your device if the bootloader is somehow incompatible, you can just use the copy that was in the zip file.
adb shell back into the device and run sshell again. Run dd if=/tmp/aboot of=/dev/mtdblock7 oflags=sync . The patched bootloader is now installed. Run reboot.
It's probably fine to just use the bootloader I've included, but it does seem to vary between firmware releases, so if you feel up to patching it yourself then I'd recommend that (make sure that your bootloader only contains one copy of the byte sequence I mention - if there's more then let me know and I'll figure out where the patch needs to go.
Click to expand...
Click to collapse
Some of the steps are just a touch off on syntax, but it all worked successfully with my edit of aboot locally on my Windows machine via the HxD app.
Does the battery bypass file work to allow the RC400L to boot without the battery installed? If so, is the file specific to the RC400L?
chimchim54321 said:
Some of the steps are just a touch off on syntax, but it all worked successfully with my edit of aboot locally on my Windows machine via the HxD app.
Does the battery bypass file work to allow the RC400L to boot without the battery installed? If so, is the file specific to the RC400L?
Click to expand...
Click to collapse
Oh, please let me know what I screwed up and I'll fix it in case anyone else follows this! But no, as far as I can tell if the battery is missing the code changes behaviour at an earlier point, and I haven't looked into that (or whether it's even possible for it - some devices insist on the battery because they may instantaneously draw more power than is provided over USB and rely on the battery to make up for it). But this specific patch is very specific to the RC400L bootloader, and the entire process would probably need to be modified for other devices.
rich hathaway said:
I have put hundreds of M1's on vzw, it only lacks b13 but most markets have 2, 4 & 66, they work fine on vzw and M6 I have put many on vzw also
Click to expand...
Click to collapse
B13 at 750 MHz is very important when you're in the sticks.
In contrast, 5G is something that will never make any difference to me.
(A bit off-topic)
I'm currently running PtMP (microwave) internet off a Ubiquiti LTU Mini and a separate router/WiFi.
I'd like to be able to seasonally switch over to a 4G LTE modem with only wired ethernet.
So I don't want a modem with anything (no NAT, no WiFi), only a RJ45.
I see the NetGear LM1200. Is this any good? That 5G is useful to at least discount the 4G equipment.
Also, this is a battery-less device.
I never liked the MiFi 8800L. I found that when the LTE reception was flailing it would disrupt the regular connection between local devices on the WiFi.
mjg59 said:
Ok, this is extremely at your own risk - I've attached a zip file with a couple of files.
Download https://www.verizon.com/support/verizon-orbic-speed-mobile-hotspot-update-instructions/ and install it.
Unzip this zip file into the update app directory
Download https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html .
Plug in your hotspot
Run the update app. Hit start. Wait until you hear the Windows device disconnected sound and unplug your hotspot. Quit the update app.
Plug your hotspot back in. Device Manager should now show a bunch of com ports that weren't there before.
Open a command prompt and go to the update app directory. Run adb push orbic/* /tmp
Click to expand...
Click to collapse
step 7 - my win10 PC didn't care for the orbic/* portion. Either use just "orbic" or use orbic/sshell (unteseted but would likely work)
mjg59 said:
Run Putty and tell it to make a serial connection. Choose the COM port that Device Manager has listed with AT in the name.
Type AT. You should get back an "OK" response. Type AT+SYSCMD=cp /tmp/sshell /sbin
Click to expand...
Click to collapse
second half of step 9, the path is wrong and strangely the terminal responds back with OK. The path should be /tmp/orbic/sshell
mjg59 said:
Type AT+SYSCMD=chown root /sbin/sshell
Type AT+SYSCMD=chmod 4755 /sbin/sshell
Go back to the command prompt and run adb shell
Type sshell
This is the dangerous part. If you want to modify your existing bootloader, run dd if=/dev/mtdblock7 of=/tmp/aboot and then use adb pull to copy it back to your computer. Modify it as described above, and then use adb push to copy it back into /tmp on the hotspot. If you're willing to risk bricking your device if the bootloader is somehow incompatible, you can just use the copy that was in the zip file.
adb shell back into the device and run sshell again. Run dd if=/tmp/aboot of=/dev/mtdblock7 oflags=sync . The patched bootloader is now installed. Run reboot.
It's probably fine to just use the bootloader I've included, but it does seem to vary between firmware releases, so if you feel up to patching it yourself then I'd recommend that (make sure that your bootloader only contains one copy of the byte sequence I mention - if there's more then let me know and I'll figure out where the patch needs to go.
Click to expand...
Click to collapse
I think that was it for the issues I had. At least with the directions The adb pull put the file in a weird AppData path location, and perhaps a fully qualified path for the target of the pull would be advisable.
My old modem would often sort of flip out and require a power cycle to get back to normal. I built a relay module that could be operated by one of the gpio pins on the Rpi, and it would cut the external power as well as the internal battery. Was much easier as the internal battery had wires and a plug that I could splice into. For this modem I think I'm going to have to design and print a battery adapter that will allow me to put a set of relay contacts between the battery tabs and the modem battery buttons.
mjg59 said:
Ok, this is extremely at your own risk - I've attached a zip file with a couple of files.
Download https://www.verizon.com/support/verizon-orbic-speed-mobile-hotspot-update-instructions/ and install it.
Unzip this zip file into the update app directory
Download https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html .
Plug in your hotspot
Run the update app. Hit start. Wait until you hear the Windows device disconnected sound and unplug your hotspot. Quit the update app.
Plug your hotspot back in. Device Manager should now show a bunch of com ports that weren't there before.
Open a command prompt and go to the update app directory. Run adb push orbic/* /tmp
Run Putty and tell it to make a serial connection. Choose the COM port that Device Manager has listed with AT in the name.
Type AT. You should get back an "OK" response. Type AT+SYSCMD=cp /tmp/sshell /sbin
Type AT+SYSCMD=chown root /sbin/sshell
Type AT+SYSCMD=chmod 4755 /sbin/sshell
Go back to the command prompt and run adb shell
Type sshell
This is the dangerous part. If you want to modify your existing bootloader, run dd if=/dev/mtdblock7 of=/tmp/aboot and then use adb pull to copy it back to your computer. Modify it as described above, and then use adb push to copy it back into /tmp on the hotspot. If you're willing to risk bricking your device if the bootloader is somehow incompatible, you can just use the copy that was in the zip file.
adb shell back into the device and run sshell again. Run dd if=/tmp/aboot of=/dev/mtdblock7 oflags=sync . The patched bootloader is now installed. Run reboot.
It's probably fine to just use the bootloader I've included, but it does seem to vary between firmware releases, so if you feel up to patching it yourself then I'd recommend that (make sure that your bootloader only contains one copy of the byte sequence I mention - if there's more then let me know and I'll figure out where the patch needs to go.
Click to expand...
Click to collapse
wondering if it has uart testpoints, and if so, please send a pinout
Renate said:
B13 at 750 MHz is very important when you're in the sticks.
In contrast, 5G is something that will never make any difference to me.
Click to expand...
Click to collapse
Yes the lower end of the spectrum is better for penetrating buidings and such, but if you have a tower (line-of-site) or maybe not to far and not to obstructed b13 is not needed to get good service, I have a tower at about 8miles not line of site and b66 works fine for me here on an m1
Renate said:
I'd like to be able to seasonally switch over to a 4G LTE modem with only wired ethernet.
So I don't want a modem with anything (no NAT, no WiFi), only a RJ45.
I see the NetGear LM1200. Is this any good? That 5G is useful to at least discount the 4G equipment.
Also, this is a battery-less device.
Click to expand...
Click to collapse
I have not had that device before so I am not familiar with it and not sure what it costs but the m2000 is a fine device and can run without a battery with a simple mod, no rj45 coming out but the usb-C can be cheaply adapted over to rj45, and this device can be bought for cheap (35 bucks) on ebay if you look around there are many for 50 bucks out there.
if you need help pulling in signal in your location the FW2000 is an excellent device, its expensive but I can tell you I am using one now and it is a beast with built in high power antennas it really pulls the signal in and is battery - less
So I had a pixel 6 pro and unfortunately my wife got mad and threw it against the wall a few times, causing the frame to bend and entire back glass to shatter. The front LCD didn't break, but glue came apart and it separated from the frame.
I had all my 2fa accounts on there, as well as very valuable data that I need to recover.
The phone still powers on, but there's nothing visible on the screen. A local repair shop advised we start by replacing the screen and then work on transferring everything out.
I have a replacement pixel 4a and want to be prepared for when my phone comes back online.
What's the best way to backup my 6 pro and restore on the 4a?
I need everything copied as a whole image, and restored on the 4a. I want to be able to boot up my 4a, open my authenticator app, and have all my accounts listed there.
Someone please tell me this is possible, and if so, please post instructions.
Thank you in advance.
I doubt 1:1 image cloning is possible because encryption is hardware-backed and therefore device-unique. it's not even possible to restore backup on origin device after factory reset since android apps can use keystore in TEE.
side note: you could connect HDMI multiport usb-c otg adapter to TV and mouse so you have access to phone at least
aIecxs said:
I doubt 1:1 image cloning is possible because encryption is hardware-backed and therefore device-unique. it's not even possible to restore backup on origin device after factory reset since android apps can use keystore in TEE.
side note: you could connect HDMI multiport usb-c otg adapter to TV and mouse so you have access to phone at least
Click to expand...
Click to collapse
The HDMI multiport didn't work. Nothing was displayed. I don't know if it's because my phone is badly damaged, or if the pixel 6 doesn't support HDMI out over USB C
I tried this one https://www.amazon.com/dp/B081VBSNRZ/ref=cm_sw_r_apan_i_5NF5RPBKZ97YW4KFW9AX
What are my other options?
the best option would be previously unlocked bootloader, so you can have full access. but you did not unlock bootloader so this is no option for you, because unlocking will factory reset device.
HDMI might require some setting or app installed on device. apps can installed remotely from PC google play with proper google play account. not sure how to start an app though, but guess app can autostart.
at least usb keyboard is working, you could try to navigate blind and enable usb-debugging, this would allow you to use scrcpy. maybe connect headphones or use talkback to get some kind of audio feedback.
of course both methods requires some information from another identical device and need to tested on fully functional pixel 6 pro before..
some (not) useful apps
https://forum.xda-developers.com/t/i-broke-my-screen-and-digitizer.4436261/#post-86791963
https://forum.xda-developers.com/t/broke-the-display-of-my-phone.4424413/#post-86676229
https://forum.xda-developers.com/t/...asily-manage-multiple-android-devices.2707556
Anyone else have suggestions?
AcuraKidd said:
Anyone else have suggestions?
Click to expand...
Click to collapse
This is not a full backup, but it might help you interactively recover some items without replacing the broken screen. Also, assuming this is something you're still looking to solve...
If you have adb debugging enabled, you can try to use https://github.com/Genymobile/scrcpy to interact with your phone over USB from a computer.
If you do not have adb debugging enabled, you can try to enable it via Recovery Mode. The steps to enable Recovery Mode below are from https://www.tenorshare.com/android/how-to-enable-usb-debugging-on-android-with-black-screen.html (I have not tried these steps).
Less:
To enable ADB without a screen:
1. Download the ADB toolkit for your computer and extract its contents to a folder.
ADB toolkit can be found at https://developer.android.com/studio/releases/platform-tools
ADB requires you have USB debugging enabled on your phone.
Since your phone has a black screen, reboot your phone into recovery mode to accomplish this.
Press the Volume Down and Power buttons at the same time to enter recovery mode.
2. Connect your phone to your computer, open a Command Prompt window in the ADB folder, and type the following command.
adb devices
3. You should see your device listed there.
Run the following commands one by one.
adb shell
mount data
mount system
4. Use the following command to pull the persist.sys.usb.config file from your phone to the PC.
adb pull /data/property/persist.sys.usb.config C:\Users\[your-username]\Desktop\
5. Access the persist.sys.usb.config file on your computer with a text editor and edit it to mtp,adb.
6. Run the following command to send the file back to your device.
adb push "C:\Users\[your-username]\Desktop/persist.sys.usb.config" /data/property
7. Download the build.prop file from your phone by using this command.
adb pull /system/build.prop C:\Users\[your-username]\Desktop\
8. Launch the build.prop file in a text editor like NotePad++ on your computer, and add the following code to it.
persist.service.adb.enable=1
persist.service.debuggable=1
persist.sys.usb.config=mtp,adb
9. Save the file and transfer the file back to your device using this command.
adb push "C:\Users\[your-username]\Desktop/build.prop" /system/
10. Reboot your device using the following command.
adb reboot
11. You are all set. Your phone will boot up with USB debugging enabled.
Hello everyone,
my phone (Xiaomi MI 9T) has fallen in the water and now it's partially working.
I really need to recover some data from it, but any method I've found on the internet requires USB Debug active. The phone turns on but it works only as long as it stays on the lock screen or if I go to settings from the notification bar. If I unlock it, the launcher doesn't work (but I can still drag down the notification's bar) and after few seconds the phone reboots I'm also able to activate the toggle of the USB Debug but it looks like it doesn't stay active because if I go back and re-enter developer's section, USB Debug is OFF.
At this point I don't really know what to do. The phone enters fastboot and recovery mode, unfortunately everything is stock, so my possibilities are limited.
I haven't tried to change the screen, but I doubt that would solve the problem, since if I stay in those specific areas, it works fine.
Android version: 10
MIUI 12
Thank you
Dona2592 said:
Hello everyone,
my phone (Xiaomi MI 9T) has fallen in the water and now it's partially working.
I really need to recover some data from it, but any method I've found on the internet requires USB Debug active. The phone turns on but it works only as long as it stays on the lock screen or if I go to settings from the notification bar. If I unlock it, the launcher doesn't work (but I can still drag down the notification's bar) and after few seconds the phone reboots I'm also able to activate the toggle of the USB Debug but it looks like it doesn't stay active because if I go back and re-enter developer's section, USB Debug is OFF.
At this point I don't really know what to do. The phone enters fastboot and recovery mode, unfortunately everything is stock, so my possibilities are limited.
I haven't tried to change the screen, but I doubt that would solve the problem, since if I stay in those specific areas, it works fine.
Android version: 10
MIUI 12
Thank you
Click to expand...
Click to collapse
Due to the security implications of remotely enabling USB Debugging, the only way to enable it is through Developer Options. You can try rebooting to recovery and clearing cache although I am doubtful as to how much that might help you. If your device took a swim, you're going to be looking at repair, which will most likely result in wiping your data.
V0latyle said:
Due to the security implications of remotely enabling USB Debugging, the only way to enable it is through Developer Options. You can try rebooting to recovery and clearing cache although I am doubtful as to how much that might help you. If your device took a swim, you're going to be looking at repair, which will most likely result in wiping your data.
Click to expand...
Click to collapse
Do you know if changing the screen could solve the problem? Or do you think there's a way to copy data 1:1 on another device (such as a used mi 9t I could buy)?
Dona2592 said:
Hello everyone,
my phone (Xiaomi MI 9T) has fallen in the water and now it's partially working.
I really need to recover some data from it, but any method I've found on the internet requires USB Debug active. The phone turns on but it works only as long as it stays on the lock screen or if I go to settings from the notification bar. If I unlock it, the launcher doesn't work (but I can still drag down the notification's bar) and after few seconds the phone reboots I'm also able to activate the toggle of the USB Debug but it looks like it doesn't stay active because if I go back and re-enter developer's section, USB Debug is OFF.
At this point I don't really know what to do. The phone enters fastboot and recovery mode, unfortunately everything is stock, so my possibilities are limited.
I haven't tried to change the screen, but I doubt that would solve the problem, since if I stay in those specific areas, it works fine.
Android version: 10
MIUI 12
Thank you
Click to expand...
Click to collapse
How long ago was it dropped in water, have you allowed it thoroughly dry out? Can you open the body of the device to allow it to dry?
Droidriven said:
How long ago was it dropped in water, have you allowed it thoroughly dry out? Can you open the body of the device to allow it to dry?
Click to expand...
Click to collapse
It stayed in the water for few seconds, the bottom half of it. I shut it down and I let it dry for 2 days, after removing the battery. Anyway I brought it to a center that made a treatment for electronic contacts, an they said that it's needed to change the display first, then run some tests to see what else is wrong. The problem is that changing the screen costs 130€ and, in my opinion, won't solve the issue.
Dona2592 said:
It stayed in the water for few seconds, the bottom half of it. I shut it down and I let it dry for 2 days, after removing the battery. Anyway I brought it to a center that made a treatment for electronic contacts, an they said that it's needed to change the display first, then run some tests to see what else is wrong. The problem is that changing the screen costs 130€ and, in my opinion, won't solve the issue.
Click to expand...
Click to collapse
Can you find a stock update for your specific model number in the form ol stock update.zip that can be flashed in your stock recovery like a OTA update? If so, you might be able to extract the build.prop file from the update then open the build.prop file in a note editor and edit the file by adding or editing lines that enable USB debugging. Then save the file. Then remove everything from the update.zip except for the Meta-inf or "updater script" file/folder then place your modified build.prop file in the update.zip so that it is the only thing in the zip other than the Meta-inf/updater script. Then put it on external sdcard, insert it into your device and boot into stock recovery then choose the option that lets you install updates from sdcard and try flashing your modified update.zip file and reboot the device, if it works, it will enable USB debugging. The next obstacle is getting past your lock screen, which is pointless if the device reboots in seconds. If you can get it to stop rebooting, you might be able to use adb to unlock the lock screen by using adb commands that simulate the touch input required to unlock the screen. You'll have to do some searching to find out the "address" and order of each part of the screen that you need to simulate the touch input on the screen in the right order. It's a bit complicated for those that aren't familiar but it can be done if you do the research.
Or,you can try connecting a USB mouse to the device and see if it will let you open the lock screen.
Droidriven said:
Can you find a stock update for your specific model number in the form ol stock update.zip that can be flashed in your stock recovery like a OTA update? If so, you might be able to extract the build.prop file from the update then open the build.prop file in a note editor and edit the file by adding or editing lines that enable USB debugging. Then save the file. Then remove everything from the update.zip except for the Meta-inf or "updater script" file/folder then place your modified build.prop file in the update.zip so that it is the only thing in the zip other than the Meta-inf/updater script. Then put it on external sdcard, insert it into your device and boot into stock recovery then choose the option that lets you install updates from sdcard and try flashing your modified update.zip file and reboot the device, if it works, it will enable USB debugging. The next obstacle is getting past your lock screen, which is pointless if the device reboots in seconds. If you can get it to stop rebooting, you might be able to use adb to unlock the lock screen by using adb commands that simulate the touch input required to unlock the screen. You'll have to do some searching to find out the "address" and order of each part of the screen that you need to simulate the touch input on the screen in the right order. It's a bit complicated for those that aren't familiar but it can be done if you do the research.
Or,you can try connecting a USB mouse to the device and see if it will let you open the lock screen.
Click to expand...
Click to collapse
Droidriven said:
Can you find a stock update for your specific model number in the form ol stock update.zip that can be flashed in your stock recovery like a OTA update? If so, you might be able to extract the build.prop file from the update then open the build.prop file in a note editor and edit the file by adding or editing lines that enable USB debugging. Then save the file. Then remove everything from the update.zip except for the Meta-inf or "updater script" file/folder then place your modified build.prop file in the update.zip so that it is the only thing in the zip other than the Meta-inf/updater script. Then put it on external sdcard, insert it into your device and boot into stock recovery then choose the option that lets you install updates from sdcard and try flashing your modified update.zip file and reboot the device, if it works, it will enable USB debugging. The next obstacle is getting past your lock screen, which is pointless if the device reboots in seconds. If you can get it to stop rebooting, you might be able to use adb to unlock the lock screen by using adb commands that simulate the touch input required to unlock the screen. You'll have to do some searching to find out the "address" and order of each part of the screen that you need to simulate the touch input on the screen in the right order. It's a bit complicated for those that aren't familiar but it can be done if you do the research.
Or,you can try connecting a USB mouse to the device and see if it will let you open the lock screen.
Click to expand...
Click to collapse
The procedure looks good, I'd give it a try but is there any alternative to the SD card? Cause my phone has no SD slot available. Maybe an external usb card reader to plug into the phone?
Droidriven said:
Can you find a stock update for your specific model number in the form ol stock update.zip that can be flashed in your stock recovery like a OTA update? If so, you might be able to extract the build.prop file from the update then open the build.prop file in a note editor and edit the file by adding or editing lines that enable USB debugging. Then save the file. Then remove everything from the update.zip except for the Meta-inf or "updater script" file/folder then place your modified build.prop file in the update.zip so that it is the only thing in the zip other than the Meta-inf/updater script. Then put it on external sdcard, insert it into your device and boot into stock recovery then choose the option that lets you install updates from sdcard and try flashing your modified update.zip file and reboot the device, if it works, it will enable USB debugging. The next obstacle is getting past your lock screen, which is pointless if the device reboots in seconds. If you can get it to stop rebooting, you might be able to use adb to unlock the lock screen by using adb commands that simulate the touch input required to unlock the screen. You'll have to do some searching to find out the "address" and order of each part of the screen that you need to simulate the touch input on the screen in the right order. It's a bit complicated for those that aren't familiar but it can be done if you do the research.
Or,you can try connecting a USB mouse to the device and see if it will let you open the lock screen.
Click to expand...
Click to collapse
Plus, I don't really get why the system fails right after the lockscreen, I'm actually able to enter the code and the phone unlocks but the launcher seems not working, while the notifications bar works fine, and after some seconds the phone reboots. How can the system work fine in some aspects and bad in others at the same time? Can it be some flash memory issue?
Dona2592 said:
The procedure looks good, I'd give it a try but is there any alternative to the SD card? Cause my phone has no SD slot available. Maybe an external usb card reader to plug into the phone?
Click to expand...
Click to collapse
Yes USB should work in place of sdcard
Dona2592 said:
Plus, I don't really get why the system fails right after the lockscreen, I'm actually able to enter the code and the phone unlocks but the launcher seems not working, while the notifications bar works fine, and after some seconds the phone reboots. How can the system work fine in some aspects and bad in others at the same time? Can it be some flash memory issue?
Click to expand...
Click to collapse
That or kernel panic due to some other important hardware is damaged.
Maybe you can use a adb script to interrupt the running processes right after the device unlocks. Something to stop everything from loading beyond screen unlock. It might allow you to use adb to pull whatever you want from the device via adb pull commands.
Or, if there is a custom recovery for your device and if your bootloader is already unlocked(if it isn', don't unlock it, it will wipe your data), you can install the custom recovery and use it to create a backup of your data then extract your data from the backup.
Droidriven said:
That or kernel panic due to some other important hardware is damaged.
Maybe you can use a adb script to interrupt the running processes right after the device unlocks. Something to stop everything from loading beyond screen unlock. It might allow you to use adb to pull whatever you want from the device via adb pull commands.
Or, if there is a custom recovery for your device and if your bootloader is already unlocked(if it isn', don't unlock it, it will wipe your data), you can install the custom recovery and use it to create a backup of your data then extract your data from the backup.
Click to expand...
Click to collapse
Unfortunately I still have the stock recovery. Plus USB debug is deactivated. What really boggles me is the fact that I can still enter settings and get to developer options, turn ON the toggle of USB debug, but it's like the phone doesn't save the setting, cause if I go back to the main setting screen and enter again developer options, USB debug is OFF. I mean, what the hell?
Having access to device's Stock Recovery you can try as shown below to enable ADB / USB Debug ging: yes you can run Android shell commands from within Android's Stock Recovery.
Unplug device's USB-connection , boot into recovery mode. Having successfully booted into recovery mode, connect device via USB-cable with computer - what switches the USB driver to ADB mode.
Now enable USB debugging via recovery:
Code:
adb shell
echo "persist.service.adb.enable=1" >> /system/build.prop
echo "persist.service.debuggable=1" >> /system/build.prop
echo "persist.sys.usb.config=adb,mtp" >> /system/build.prop"
reboot
Dona2592 said:
Unfortunately I still have the stock recovery. Plus USB debug is deactivated. What really boggles me is the fact that I can still enter settings and get to developer options, turn ON the toggle of USB debug, but it's like the phone doesn't save the setting, cause if I go back to the main setting screen and enter again developer options, USB debug is OFF. I mean, what the hell?
Click to expand...
Click to collapse
Hardware damaged. You're going to have to repair the hardware or forget about retrieving your data, unless you can find a reputable shop that has the equipment and experience to pull your data directly from the chip itself.
xXx yYy said:
Having access to device's Stock Recovery you can try as shown below to enable ADB / USB Debug ging: yes you can run Android shell commands from within Android's Stock Recovery.
Unplug device's USB-connection , boot into recovery mode. Having successfully booted into recovery mode, connect device via USB-cable with computer - what switches the USB driver to ADB mode.
Now enable USB debugging via recovery:
Code:
adb shell
echo "persist.service.adb.enable=1" >> /system/build.prop
echo "persist.service.debuggable=1" >> /system/build.prop
echo "persist.sys.usb.config=adb,mtp" >> /system/build.prop"
reboot
Click to expand...
Click to collapse
Thanks mate, I'll give it a try for sure
Droidriven said:
Hardware damaged. You're going to have to repair the hardware or forget about retrieving your data, unless you can find a reputable shop that has the equipment and experience to pull your data directly from the chip itself.
Click to expand...
Click to collapse
Ok, but do you know what could be the damaged piece of hardware?
Dona2592 said:
Ok, but do you know what could be the damaged piece of hardware?
Click to expand...
Click to collapse
NO
xXx yYy said:
Having access to device's Stock Recovery you can try as shown below to enable ADB / USB Debug ging: yes you can run Android shell commands from within Android's Stock Recovery.
Unplug device's USB-connection , boot into recovery mode. Having successfully booted into recovery mode, connect device via USB-cable with computer - what switches the USB driver to ADB mode.
Now enable USB debugging via recovery:
Code:
adb shell
echo "persist.service.adb.enable=1" >> /system/build.prop
echo "persist.service.debuggable=1" >> /system/build.prop
echo "persist.sys.usb.config=adb,mtp" >> /system/build.prop"
reboot
Click to expand...
Click to collapse
That might work but I've never had any luck with adb in stock recovery, not on the devices that I've owned, at least.
Dona2592 said:
Hello everyone,
my phone (Xiaomi MI 9T) has fallen in the water and now it's partially working.
I really need to recover some data from it, but any method I've found on the internet requires USB Debug active. The phone turns on but it works only as long as it stays on the lock screen or if I go to settings from the notification bar. If I unlock it, the launcher doesn't work (but I can still drag down the notification's bar) and after few seconds the phone reboots I'm also able to activate the toggle of the USB Debug but it looks like it doesn't stay active because if I go back and re-enter developer's section, USB Debug is OFF.
At this point I don't really know what to do. The phone enters fastboot and recovery mode, unfortunately everything is stock, so my possibilities are limited.
I haven't tried to change the screen, but I doubt that would solve the problem, since if I stay in those specific areas, it works fine.
Android version: 10
MIUI 12
Thank you
Click to expand...
Click to collapse
Is your bootloader locked?
Droidriven said:
That might work but I've never had any luck with adb in stock recovery, not on the devices that I've owned, at least.
Click to expand...
Click to collapse
Yeah in fact when I type "adb shell" it gives me error, but I can enter fastboot mode and the phone is seen. Unfortunately I can't do much from there
Arealhooman said:
Is your bootloader locked?
Click to expand...
Click to collapse
Yeah. **** me, for once I kept everything stock and this happened . I've always rooted and customized my phones and nothing like this has ever happened.