Database Info

Imei Lost, qpst backup and partition too

Well, I have some problems trying to crossflash modem.
I had some problems before, I managed to repair it with qpst, but now I cannot send my backup.
Where I am?
I have a qpst backup, and backup of modem, modemst1 and modemst2.
But when I try to dump it again over it do nothing.
Can someone give me a hand?
I have all phone working exept of movile data of course.
can someone tell me how to restore that partitions from download mode?
the seek and count?
Its an H950 with h950PR firmware
Thanks so much
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

well, I have some tests from adb and I cannot understand seek and count commands, so I try some but with no succes from ADB.
when I try to overwrite the partitions the log tell me that
Code:
[email protected]:/ # cd /data/media/0/
[email protected]:/data/media/0 # dd if=mod
modem.img modemst1.img modemst2.img
[email protected]:/data/media/0 # dd if=modem.img skip=1 of=/dev/block/mmcblk0p1
dd: /dev/block/mmcblk0p1: No space left on device
163841+0 records in
163840+0 records out
83886080 bytes transferred in 11.118 secs (7545069 bytes/sec)
1|[email protected]:/data/media/0 # dd if=modem.img bs=512 skip=1 of=/dev/block/mmcblk0p>
dd: /dev/block/mmcblk0p1: No space left on device
163841+0 records in
163840+0 records out
83886080 bytes transferred in 13.969 secs (6005159 bytes/sec)
d if=modemst1.img bs=512 skip=1 of=/dev/block/mmcblk0p23 <
dd: /dev/block/mmcblk0p23: No space left on device
3073+0 records in
3072+0 records out
1572864 bytes transferred in 0.294 secs (5349877 bytes/sec)
1|[email protected]:/data/media/0 # dd if=modemst2.img bs=512 skip=1 of=/dev/block/mmcbl>
dd: /dev/block/mmcblk0p24: No space left on device
3073+0 records in
3072+0 records out
1572864 bytes transferred in 0.179 secs (8786949 bytes/sec)
all backup are 1 record bigger than partitions.
I try with bs=512 skip=1 to avoid it, but without that I have the same problem...
can someone help me?

I can help!
first, use parted, and copy output of this:
./parted /dev/block/mmcblk0 unit s print
If the partition map is same with the H955, you cab backup with this commands:
the full backup of modemst1 and modemst2 size is: 1572864 byte
In download mode, copy backup files to internal storage:
dd if=/data/media/0/modemst1_mmcblk0p23.img of=/dev/block/mmcblk0 bs=8192 seek=20480 count=192
dd if=/data/media/0/modemst2_mmcblk0p24.img of=/dev/block/mmcblk0 bs=8192 seek=20672 count=192
In normal mode, booted android:
dd if=/data/media/0/modemst1_mmcblk0p23.img of=/dev/block/mmcblk0p23
dd if=/data/media/0/modemst2_mmcblk0p24.img of=/dev/block/mmcblk0p24

stars2 said:
I can help!
first, use parted, and copy output of this:
./parted /dev/block/mmcblk0 unit s print
If the partition map is same with the H955, you cab backup with this commands:
the full backup of modemst1 and modemst2 size is: 1572864 byte
In download mode, copy backup files to internal storage:
dd if=/data/media/0/modemst1_mmcblk0p23.img of=/dev/block/mmcblk0 bs=8192 seek=20480 count=192
dd if=/data/media/0/modemst2_mmcblk0p24.img of=/dev/block/mmcblk0 bs=8192 seek=20672 count=192
In normal mode, booted android:
dd if=/data/media/0/modemst1_mmcblk0p23.img of=/dev/block/mmcblk0p23
dd if=/data/media/0/modemst2_mmcblk0p24.img of=/dev/block/mmcblk0p24
Click to expand...
Click to collapse
Hi sr, Thanks for your answer.
The question is the next.
How to calculate seek and count, I understand that count*bs = size of partition, but seek is the blocks skipped, I dont understand how to know, Im on H950, partition table is the same, but sizes arent....
thanks so much

well, I dont know what happends, but my diag mode is useless.
I think my problem was overwritting the first 3 or 4 partitions.
can someone upload me a dump of first I think 100mb of a pr rom?
if was a full rom till system will be awesome.
a h955/950/950PR will work too for me.... I prefer to avoid antirollback roms...
thanks for the help

Your phone is even bootable?
Download parted binary, and execute this: /parted /dev/block/mmcblk0 unit s print
This is the example, how calculate seek and count
Number Start End Size File system Name
23 327680s 330751s 3072s modemst1
1. Calculate SKIP/SEEK
327680 sector * 512 byte (sector size) = 167772160 byte / 8192 (block size in byte) = 20480
2. Calculate Count (By the Partition size in sector)
You can use, the partition size in sector, or end sector - start sector
3072 sector * 512 byte (sector size) = 1572864 byte / 8192 (block size in byte) = 192

stars2 said:
Your phone is even bootable?
Download parted binary, and execute this: /parted /dev/block/mmcblk0 unit s print
This is the example, how calculate seek and count
Number Start End Size File system Name
23 327680s 330751s 3072s modemst1
1. Calculate SKIP/SEEK
327680 sector * 512 byte (sector size) = 167772160 byte / 8192 (block size in byte) = 20480
2. Calculate Count (By the Partition size in sector)
You can use, the partition size in sector, or end sector - start sector
3072 sector * 512 byte (sector size) = 1572864 byte / 8192 (block size in byte) = 192
Click to expand...
Click to collapse
yes sr, my phone is normally booting...
Ill try in a while and comment here.
thanks for the tips!

pelelademadera said:
yes sr, my phone is normally booting...
Ill try in a while and comment here.
thanks for the tips!
Click to expand...
Click to collapse
well, nothing, my phone works as a tablet...
I cannot restore my imei, all nv items are 000000, when phone is in diag mode I cannot send SPC.
which partition contains NV data?
I dont know how I broke it, I only overwrite modem.img with ATT one.
Do you think that booting with this partition makes that my phone will only work with att rom?
thanks so much for your time and explanation.
The bigger problem is that If I try with att rom, I have no way back

The modemst1 and modemst2 partition contain your imei and all nv data, these partitions is unique.
If this partitions damaged, deleted, your imei is lost and you can't restore, without a working backup...

stars2 said:
The modemst1 and modemst2 partition contain your imei and all nv data, these partitions is unique.
If this partitions damaged, deleted, your imei is lost and you can't restore, without a working backup...
Click to expand...
Click to collapse
Solved my problem sr.
phone is back...

Marquis MP977 MarquisPad serial disabled

Hi,
Because I could not find a reliable rooting mechanism I soldered a serial FTDI UB232, and I gain shell access.
The serial works ok as long I am in u-boot prompt.
Texas Instruments X-Loader 1.41 (Apr 12 2012 - 12:06:17)
OMAP4460: 1.2 GHz capable SOM
**** DDR SDRAM PATTERN TEST ****
DDR SDRAM DATA BUS TEST..... [PASSED]
DDR SDRAM ADDRESS BUS TEST..... [PASSED]
Starting OS Bootloader from EMMC ...
U-Boot 1.1.4 (Nov 9 2012 - 20:33:58)
Load address: 0x80e80000
DRAM: 1024 MB
Flash: 0 kB
Using default environment
printenv
bootargs=console=ttyO2,115200n8 [email protected] [email protected] init=/init vram=48M omapfb.vram=0:32M androidboot.console=ttyO2
bootcmd=booti mmc1
bootdelay=1
baudrate=115200
ipaddr=128.247.77.90
serverip=128.247.77.158
netmask=255.255.254.0
bootfile="uImage"
ethact=KS8851SNL
Environment size: 285/131068 bytes
As soon android boots when everything is settled down, the tty input is totally ignored, though the shell
prints all the os messages. There is no prompt. ?!?
[ 33.844390] wlan0: moving STA 00:90:a9:a5:51:a1 to state 3
[ 58.387908] omap_cpu_thermal_manager:sensor 66200 avg sensor 59795 pcb 0, delta 18897 hot spot 85097
[ 58.397766] omap_monitor_zone:hot spot temp 85097
[ 58.887908] omap_cpu_thermal_manager:sensor 63800 avg sensor 59795 pcb 0, delta 17742 hot spot 81542
[ 58.897827] omap_safe_zone:hot spot temp 81542
no prompt
Any idea how to outcome and enable the shell tty input.
Here are the pictures of the serial soldering and the serial to usb adapter.
(The pictures are mine, from the stack-over-flow post)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The ftdi

I found and android for OMAP blaze (GB and a kernel from https://e2e.ti.com/support/omap/f/849/t/310839),
After having all cowboys engineering from Texas headaches I finally end up with:
boot.img cache.img fastboot mkbootimg MLO_es2.1_gp MLO_es2.2_emu ramdisk.img ramdisk-recovery.img recovery.img system.img u-boot.bin userdata.img zImage files.
I tried first a non destructive flash, trying to flash the system, (then boot, kernel, recovery / all of them encountering same error)
Linux console:
sudo fastboot flash system system.img
[sudo] password for mpang:
< waiting for device >
sending 'system' (110304 KB)...
OKAY [ 42.127s]
writing 'system'...
FAILED (remote failure)
finished. total time: 42.137s
marquis tablet serial output, as shown in previous post
OMAP44XX TAB # fastboot
I2C read: I/O error
I2C read: I/O error
Device Serial Number: 5C28000200000001
Fastboot entered...
Starting download of 112951340 bytes
................................................................................... many dots
downloading of 112951340 bytes finished
writing to partition 'system'
Wrong Image... Failed to program
How did we get here fastboot.c 993 ?
Anyone ?, Thank you

[Tool][Windows][PowerShell] Android Platform Tools Updater (ADB & Fastboot)

Hi folks,
I've created a PowerShell script which will install or update Android Platform Tools to the latest version. It will also add the install path to Windows Environment Variables, which will make you able to type "adb" or "fastboot" in CMD from anywhere in Windows.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
ADB and Fastboot from anywhere.​
Warning / Disclaimer
If this script does any harm or damage, I'm not responsible.
This project is very much a hobby project.
No guarantees are made.
You are responsible for what you do to your system.
License
I chose MIT license. You are free to use and reuse this code, but please point to the source (me) if you redestribute it.
Features
Installs latest Android Platform Tools (ADB & Fastboot).
Updates currently installed Android Platform Tools if newer version is available.
Adds Install Path to Windows Environment Variables, System Wide or Current User (controllable by boolean).
Issues of Feature Request
Please comment in the thread if you find any issues or have feature requests.
I won't guarantee fixes or new features implemented in any timely manner.
Usage
Download script from GitHub.
View as RAW.
Copy everything over to PowerShell ISE, Notepad++ or similar.
Save as "AndroidPlatformToolsUpdater.ps1".
Edit settings to your liking.
Run script as administrator.
Download
https://github.com/o-l-a-v/PowerShell-Projects/blob/master/AndroidPlatformToolsUpdater

Reserved for Changelogs

Thanks looks promising will try it out this evening

Thank you o-1-a-v!
First run I got:
Code:
Installed version is up to date (v0.0.0.0).
Add-AndroidPlatformToolsToEnvironmentVariables : Cannot validate argument on parameter 'PathDirAndroidPlatformTools'. The "[bool]$(Test-Path -Path
$_ -ErrorAction 'SilentlyContinue')" validation script for the argument with value "C:\Program Files (x86)\Android Platform Tools" did not return
a result of True. Determine why the validation script failed, and then try the command again.
At C:\Users\Xxx\Documents\AndroidPlatformToolsUpdater.ps1:335 char:104
+ ... les -PathDirAndroidPlatformTools $PathDirAndroidPlatformTools -System ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-AndroidPlat...onmentVariables], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Add-AndroidPlatformToolsToEnvironmentVariables
I created the "Android Platform Tools" dir, and then got:
Code:
Installed version is up to date (v0.0.0.0).
Checking and eventually adding Android Platform Tools to Current User Environment Variables. Success? True.
Running Windows 10.

andacro said:
Thank you o-1-a-v!
First run I got:
Code:
Installed version is up to date (v0.0.0.0).
Add-AndroidPlatformToolsToEnvironmentVariables : Cannot validate argument on parameter 'PathDirAndroidPlatformTools'. The "[bool]$(Test-Path -Path
$_ -ErrorAction 'SilentlyContinue')" validation script for the argument with value "C:\Program Files (x86)\Android Platform Tools" did not return
a result of True. Determine why the validation script failed, and then try the command again.
At C:\Users\Xxx\Documents\AndroidPlatformToolsUpdater.ps1:335 char:104
+ ... les -PathDirAndroidPlatformTools $PathDirAndroidPlatformTools -System ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-AndroidPlat...onmentVariables], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Add-AndroidPlatformToolsToEnvironmentVariables
I created the "Android Platform Tools" dir, and then got:
Code:
Installed version is up to date (v0.0.0.0).
Checking and eventually adding Android Platform Tools to Current User Environment Variables. Success? True.
Running Windows 10.
Click to expand...
Click to collapse
Thanks for feedback, I'll look into it

Updated the tool a bit today. Found more showstopper bugs. But think it's at least usefull now.
https://github.com/o-l-a-v/PowerShell-Projects/tree/master/AndroidPlatformToolsUpdater

Script updated with better logic to detect available version vs. installed version.
https://github.com/o-l-a-v/PowerShell-Projects/tree/master/AndroidPlatformToolsUpdater

Thanks for this bro

Made a script that can install ADB drivers on Windows. Not thoroughly tested, but seems to work.
C#:
#Requires -RunAsAdministrator
#Requires -Version 5.1
<#
.SYNOPSIS
Downloads and installs Google ADB drivers for Windows.
.DESCRIPTION
Downloads and installs Google ADB drivers for Windows.
* Currently there is no logic to check installed version vs. what's available.
* If already installed, running the script will just install the newest available driver again.
.NOTES
# About the script
Author: Olav Rønnestad Birkeland | github.com/o-l-a-v
Created: 220318
Modified: 220318
# Resources
* [Google ADB Drivers](https://developer.android.com/studio/run/win-usb)
* [PnPUtil return values](https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/pnputil-return-values)
.EXAMPLE
& $psISE.CurrentFile.FullPath
#>
# Input parameters
[OutputType($null)]
Param()
# Assets
$Uri = [string] 'https://dl-ssl.google.com/android/repository/latest_usb_driver_windows.zip'
$DownloadPath = [string] '{0}\{1}' -f $env:TEMP, $Uri.Split('/')[-1]
$ExtractDir = [string] $DownloadPath.Replace('.zip','')
$InfFileName = [string] 'android_winusb.inf'
# Download
Write-Output -InputObject '# Download'
if ([System.IO.File]::Exists($DownloadPath)) {
$null = [System.IO.File]::Delete($DownloadPath)
}
$null = [System.Net.WebClient]::new().DownloadFile(
$Uri,
$DownloadPath
)
Write-Output -InputObject ('$? = "{0}", $LASTEXITCODE = "{1}".' -f $?.ToString(), $LASTEXITCODE)
# Extract
Write-Output -InputObject '# Extract'
if ([System.IO.Directory]::Exists($ExtractDir)) {
$null = [System.IO.Directory]::Delete($ExtractDir,$true)
}
$null = Expand-Archive -Path $DownloadPath -DestinationPath $ExtractDir
Write-Output -InputObject ('$? = "{0}", $LASTEXITCODE = "{1}".' -f $?.ToString(), $LASTEXITCODE)
# Install .INF
Write-Output -InputObject '# Install .INF'
$InfFilePath = [string](Get-ChildItem -Path $ExtractDir -Filter $InfFileName -Recurse -File | Select-Object -ExpandProperty 'FullName')
$null = cmd /c ('pnputil.exe /add-driver "{0}" /install' -f $InfFilePath)
Write-Output -InputObject ('$? = "{0}", $LASTEXITCODE = "{1}".' -f $?.ToString(), $LASTEXITCODE)
# Check results
Write-Output -InputObject '# Checking if driver is found after install'
$InstalledDriver = [array](
Get-WindowsDriver -Online -All | Where-Object -FilterScript {$_.'ClassName' -eq 'AndroidUsbDeviceClass'}
)
if ($InstalledDriver.'Count' -ge 1) {
Write-Output -InputObject 'Found the driver.'
Exit 0
}
else {
Throw 'Did not find the driver.'
Exit 1
}
Maybe I'll add the to the main script later.

[SOLVED]Missing Preloader on MTK6762, recognized as "MT6227 Phone"

A long time ago I hard bricked my daily dialer and in a fit of desperation I formated the preloader (silly me, should've looked for a boot-lock bypass instead!) and so, I can't flash anything on my phone anymore as it throws a STATUS_BROM_CMD_FAIL error (using the all in one DA or the one provided by Hovatek yields identical results)
The Vol +/- buttons don't let me flash, removing the battery doesn't help, tespins neither and 'lsusb -v' only recognizes my phone as an MT6227 Phone with a V/PID of 0e8d:003.
here's the output of 'lsusb -v'
Code:
Bus 001 Device 079: ID 0e8d:0003 MediaTek Inc. MT6227 phone
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 1.10
bDeviceClass 2 Communications
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x0e8d MediaTek Inc.
idProduct 0x0003 MT6227 phone
bcdDevice 1.00
iManufacturer 0
iProduct 0
iSerial 0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0043
bNumInterfaces 2
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 0mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 2 Communications
bInterfaceSubClass 2 Abstract (modem)
bInterfaceProtocol 1 AT-commands (v.25ter)
iInterface 1 comm_if̦data_if̄Љ召
CDC Header:
bcdCDC 1.10
CDC ACM:
bmCapabilities 0x0f
connection notifications
sends break
line coding and serial state
get/set/clear comm features
CDC Union:
bMasterInterface 0
bSlaveInterface 1
CDC Call Management:
bmCapabilities 0x03
call management
use DataInterface
bDataInterface 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x84 EP 4 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 2 data_if̄Љ召呪풅ཊꤛ漢䕄礤
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
can't get debug descriptor: Resource temporarily unavailable
Device Status: 0x0000
(Bus Powered)
I've searched far and wide for documentation on flashing both an MTK6762/5 chip and an MT6227 chip (best I found was a technicall brief).
I tried to get my hands on the DA for the MT6227 but I only ever found ones for a MT626X.
I've tried searching for general flashing tools, found like two and neither work with cdc connections or something.
so my request would be; does anyone of you know of any flash chip documentation repos or guides on low level flashing over a serial usb connection?
I am desperate.

I'm not sure what your exact issue is but there was some recent work bypassing SLA/DAA to be able to flash using SP Flash, maybe give this a try
[MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility

StonedEngineer97 said:
I'm not sure what your exact issue is but there was some recent work bypassing SLA/DAA to be able to flash using SP Flash, maybe give this a try
[MOD][DEV] MediaTek / MTK - Auth Bypass (SLA/DAA) - Utility
Click to expand...
Click to collapse
Been there, done that.
you want to know the funny part? the exploits don't work on mine!
Even though it appears to be a 6765 it's actually a 6762 so it's not really supported.
I can dump the rom just fine, but I can't flash anything.
anyway, thanks for replying!

Answering my own thread again.
using MTK Client python script found on github I was able to flash all partitions without fail and only booting as per usual, the script automatically crashes the preloader (if available) to BROM and writes the memory
if there isn't a preloader, it just writes the image.
MTK Client is a God-sent for me and an objective replacement for SP Flash Tool, I can not recomend it enough!

Qwerty_in_me said:
Answering my own thread again.
using MTK Client python script found on github I was able to flash all partitions without fail and only booting as per usual, the script automatically crashes the preloader (if available) to BROM and writes the memory
if there isn't a preloader, it just writes the image.
MTK Client is a God-sent for me and an objective replacement for SP Flash Tool, I can not recomend it enough!
Click to expand...
Click to collapse
Any way you can tell me the script you used? Thanks

Tesh3180 said:
Any way you can tell me the script you used? Thanks
Click to expand...
Click to collapse
it's github.com/bkerler/mtkclient
worked miracles for me, I even got my phone back to operational, but then bricked it again and haven't touched it since

Qwerty_in_me said:
Answering my own thread again.
using MTK Client python script found on github I was able to flash all partitions without fail and only booting as per usual, the script automatically crashes the preloader (if available) to BROM and writes the memory
if there isn't a preloader, it just writes the image.
MTK Client is a God-sent for me and an objective replacement for SP Flash Tool, I can not recomend it enough!
Click to expand...
Click to collapse
How/What did you flash? I've got MTK Client all set up and connected to my phone, and can read the partitions off of it. My phone is hardbricked, can't access fastboot either.

Yuarian said:
How/What did you flash? I've got MTK Client all set up and connected to my phone, and can read the partitions off of it. My phone is hardbricked, can't access fastboot either.
Click to expand...
Click to collapse
I flashed a stock ROM if I recall correctly, it's been a while...

Qwerty_in_me said:
I flashed a stock ROM if I recall correctly, it's been a while...
Click to expand...
Click to collapse
Can you help me with this error?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

mvikrant97 said:
Can you help me with this error?
View attachment 5851493
Click to expand...
Click to collapse
seems simple enough, if you have a mtk6765/6762 (they're the same chip) you probably have a broken install. if you used the official repo, try cloning it again.
you honestly didn't give me much to work with, I'd need to know the mtkclient version you are using, packaged or built, and the chipset you have as it might not be supported by mtkclient.

Mi Stick stuck on boot logo (bricked?)

Hello everybody.
A couple of years ago I bought a Mi Stick for my mother, to use connected to an old LED tv she had. She used just 3 o 4 times tops with a Netflix account my brother shared with her. The device was practically new. My brother stopped paying Netflix a couple of months ago so she stopped using the device altogether so I disconnected it. But yesterday she told me my brother started paying Netflix again and told me to connect the MiStick to her TV again. Surprisingly, the device is now stuck on the boot logo:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I'm really angry because the device had very little use and especially because I live in third world ****hole: a new MiStick costs almost 4 times more now. It's not like I have couple of dollars getting dust on a drawer somewhere and I can go buy another one.
Anyway, I know it's possible to flash/unbrick a MiBox, I did it some time ago. Anybody knows if it's possible to the same with the Mi Stick??? I googled about it but I didn't find anything.
Thank you for your time.

hello, my Mi TV Stick MDZ-24-AA also unfortunately hangs all the time on the logo, checked on various cables and on a decent power supply
through the remote control (arrow + OK) does not want to enter the bootloader
I have purchased PL2303HX converter
According to the instructions from https://forum.xda-developers.com/t/help-pleas...-no-power-led-no-video.4452819/#post-87044521
and partially supported by Ruslan's film
With a backup downloaded from https://disk-yandex-ru.translate.goog/d/aL5Xo...en&_x_tr_hl=en&_x_tr_pto=wapp&_x_tr_hist=true
Using Putty and ADB
I went through the entire installation process
Unfortunately, my mi stick still hangs on the logo: / What could be the cause? Is my mi stick still salvageable?

kedzior.kedzior said:
I have purchased PL2303HX converter
Using Putty and ...
I went through the entire installation process
Unfortunately, my mi stick still hangs on the logo
Click to expand...
Click to collapse
With the PL2303HX connected to the uart while the device is booting (to a hung state), what is shown in the uart log while the device is trying to boot?
Are you able to get a prompt over the uart as shown in the video?

Functioner said:
With the PL2303HX connected to the uart while the device is booting (to a hung state), what is shown in the uart log while the device is trying to boot?
Are you able to get a prompt over the uart as shown in the video?
Click to expand...
Click to collapse
GXL:BL1:9ac50e:bb16dc;FEAT:BDFD71BC:0;POC:3;RCY:0;EMMC:0;READ:0;0.0;0.0;CHK:0;
TE: 138335
BL2 Built : 10:18:52, Sep 14 2020. gxl g9f162b4-dirty - [email protected]
set vcck to 1120 mv
set vddee to 1000 mv
id=3
DDR4 board
CPU clk: 1200MHz
DDR scramble enabled
DDR4 chl: Rank0+1 @ 1056MHz - FAIL
DDR4 chl: Rank0 @ 1056MHz
bist_test rank: 0 19 05 2e 28 16 3a 17 02 2d 2b 1d 3a 17 02 2c 2c 1c 3d 18 02 2f 27 16 38 706 - PASS
Rank0: 1024MB(auto)-2T-18
AddrBus test pass!
eMMC boot @ 0
sw8 s
emmc switch 3 ok
BL2: rpmb counter: 0x00000020
emmc switch 0 ok
Load fip header from eMMC, src: 0x0000c200, des: 0x01400000, size: 0x00004000, part: 0
aml log : R1024 check pass!
New fip structure!
Load bl30 from eMMC, src: 0x00010200, des: 0x01700000, size: 0x0000d600, part: 0
aml log : R1024 check pass!
Load bl31 from eMMC, src: 0x00020200, des: 0x01700000, size: 0x0002b400, part: 0
aml log : R1024 check pass!
Load bl32 from eMMC, src: 0x0004c200, des: 0x01700000, size: 0x0003e200, part: 0
aml log : R1024 check pass!
Load bl33 from eMMC, src: 0x0008c200, des: 0x01700000, size: 0x00080e00, part: 0
aml log : R1024 check pass!
NOTICE: BL3-1: v1.0(release):129a6bc
NOTICE: BL3-1: Built : 17:09:37, Apr 25 2019
[BL31]: GXL CPU setup!
NOTICE: BL3-1: GXL secure boot!
NOTICE: BL3-1: BL33 decompress pass
mpu_config_enable:system pre init ok
dmc sec lock
[Image: gxl_v1.1.3377-2941e55e3 2020-07-08 17:19:09 [email protected]]
OPS=0xb4
21 0d b4 00 6b a3 4a 05 e8 35 9e 81 38 16 4f b7
[0.733983 Inits done]
secure task start!
high task start!
low task start!
INFO: BL3-2: ATOS-V2.4-239-g48b8c37d #1 Wed Feb 5 09:34:09 UTC 2020 arm
INFO: BL3-2: Chip: GXL Rev: D (21 - B0:2)
INFO: BL3-2: crypto engine DMA
INFO: BL3-2: secure time TEE
INFO: BL3-2: CONFIG_DEVICE_SECURE 0xb200000e
U-Boot 2015.01-g2e3e77d-dirty (Nov 07 2020 - 00:20:15), Build: jenkins-aquaman-664
DRAM: 1 GiB
Relocation Offset is: 36e80000
gpio: pin gpiodv_24 (gpio 43) value is 1
register usb cfg[0][1] = 0000000037f4c4f8
[CANVAS]canvas init
MMC: aml_priv->desc_buf = 0x0000000033e80ab0
aml_priv->desc_buf = 0x0000000033e82df0
SDIO Port B: 0, SDIO Port C: 1
co-phase 0x2, tx-dly 0, clock 400000
co-phase 0x2, tx-dly 0, clock 400000
co-phase 0x2, tx-dly 0, clock 400000
emmc/sd response timeout, cmd8, status=0x1ff2800
emmc/sd response timeout, cmd55, status=0x1ff2800
co-phase 0x2, tx-dly 0, clock 400000
co-phase 0x2, tx-dly 0, clock 40000000
[mmc_startup] mmc refix success
init_part() 297: PART_TYPE_AML
[mmc_init] mmc init success
aml log : R1024 check pass!
start dts,buffer=0000000033e85640,dt_addr=0000000033e85640
get_partition_from_dts() 71: ret 0
parts: 17
00: logo 0000000000800000 1
01: recovery 0000000001800000 1
02: misc 0000000000800000 1
03: dtbo 0000000000800000 1
04: cri_data 0000000000800000 2
05: param 0000000001000000 2
06: boot 0000000001000000 1
set has_boot_slot = 0
07: rsv 0000000001000000 1
08: tee 0000000002000000 1
09: vendor 0000000006400000 1
10: odm 0000000001400000 1
11: metadata 0000000001000000 1
12: vbmeta 0000000000200000 1
13: system 000000005ac00000 1
14: product 0000000006a00000 1
15: cache 0000000010000000 2
16: data ffffffffffffffff 4
init_part() 297: PART_TYPE_AML
eMMC/TSD partition table have been checked OK!
crc32_s:0x1577dad == storage crc_pattern:0x1577dad!!!
crc32_s:0xee152b83 == storage crc_pattern:0xee152b83!!!
crc32_s:0x7fd3b243 == storage crc_pattern:0x7fd3b243!!!
mmc env offset: 0x17400000
In: serial
Out: serial
Err: serial
reboot_mode=cold_boot
[store]To run cmd[emmc dtb_read 0x1000000 0x40000]
_verify_dtb_checksum()-2755: calc 6955a20f, store 6955a20f
_verify_dtb_checksum()-2755: calc 6955a20f, store 6955a20f
dtb_read()-2972: total valid 2
update_old_dtb()-2953: do nothing
aml log : R1024 check pass!
vpu: clk_level in dts: 7
vpu: set clk: 666667000Hz, readback: 666666667Hz(0x300)
vpu: vpu_clk_gate_init_off finish
vpp: vpp_init
hpd_state=0
vpp: vpp_matrix_update: 2
cvbs performance type = 6, table = 0
cvbs_config_hdmipll_gxl
cvbs_set_vid2_clk
the HHI_VDAC_CNTL0 =b0001
the HHI_VDAC_CNTL0 =b0200
the HHI_VDAC_CNTL1 =0
the HHI_VDAC_CNTL1 =8
amlkey_init() enter!
[EFUSE_MSG]keynum is 4
[BL31]: tee size: 0
[BL31]: tee size: 0
[BL31]: tee size: 0
[BL31]: tee size: 0
[KM]Error:f[key_manage_query_size]L507:key[region] not programed yet
CONFIG_AVB2: avb2
Start read misc partition datas!
info->magic =
info->version_major = 1
info->version_minor = 0
info->slots[0].priority = 15
info->slots[0].tries_remaining = 7
info->slots[0].successful_boot = 0
info->slots[1].priority = 14
info->slots[1].tries_remaining = 7
info->slots[1].successful_boot = 0
info->crc32 = -1075449479
active slot = 0
wipe_data=successful
wipe_cache=successful
upgrade_step=2
reboot_mode:::: cold_boot
[OSD]load fb addr from dts:/meson-fb
[OSD]fb_addr for logo: 0x3f800000
[OSD]load fb addr from dts:/meson-fb
[OSD]fb_addr for logo: 0x3f800000
[OSD]VPP_OFIFO_SIZE:0xfff00fff
[CANVAS]addr=0x3f800000 width=5760, height=2160
[OSD]osd_hw.free_dst_data: 0,719,0,575
Command: bcb uboot-command
Start read misc partition datas!
BCB hasn't any datas,exit!
do_monitor_bt_cmdline
gpio: pin GPIOX_17 (gpio 17) value is 0
gpio: pin GPIOX_17 (gpio 17) value is 1
gpio: pin GPIOX_18 (gpio 18) value is 1
hw_config_start:state = 3
bt_cmdline: fw downloaded
no recovery mod!
gpio: pin GPIOX_8 (gpio 8) value is 1
Hit Enter or space or Ctrl+C key to stop autoboot -- : 0
CONFIG_SYSTEM_AS_ROOT: systemroot
system_mode: 1
CONFIG_AVB2: avb2
active_slot: normal avb2: 1
Err imgread(L328):Fmt unsupported!genFmt 0x0 != 0x3
InUsbBurn
[MSG]sof
Set Addr 4
Get DT cfg
Get DT cfg
Get DT cfg
set CFG
Get DT cfg
Get DT cfg
Get DT cfg
Get DT cfg
waitIdentifyTime(751) > timeout(750)
(Re)start USB...
USB0: USB3.0 XHCI init start
Register 2000140 NbrPorts 2
Starting the controller
USB XHCI 1.00
scanning bus 0 for devices... 1 USB Device(s) found
scanning usb for storage devices... 0 Storage Device(s) found
** Bad device usb 0 **
** Bad device usb 0 **
active_slot: normal
Err imgread(L328):Fmt unsupported!genFmt 0x0 != 0x3
gxl_aquaman_v1#

kedzior.kedzior said:
Err imgread(L328):Fmt unsupported!genFmt 0x0 != 0x3
Click to expand...
Click to collapse
The above error might be an issue.
at the prompt:
gxl_aquaman_v1#
type:
printenv
and post the output.

Functioner said:
The above error might be an issue.
at the prompt:
gxl_aquaman_v1#
type:
printenv
and post the output.
Click to expand...
Click to collapse
gxl_aquaman_v1#printenv
1080p60hz_deepcolor=444,12bit
480p60hz_deepcolor=rgb,8bit
EnableSelinux=permissive
active_slot=normal
avb2=1
baudrate=115200
bcb_cmd=get_avb_mode;get_valid_slot;
boardid=3
boot_part=boot
bootargs=init=/init console=ttyS0,115200 no_console_suspend earlycon=aml_uart,0xc81004c0 ramoops.pstore_en=1 ramoops.record_size=0x8000 ramoops.console_size=0x4000 ro rootwait skip_initramfs reboot_mode_android=normal androidboot.selinux=permissive logo=osd1,loaded,0x3d800000,576cvbs maxcpus=4 vout=576cvbs,enable hdmimode=1080p60hz frac_rate_policy=1 cvbsmode=576cvbs hdmitx=,444,12bit cvbsdrv=0 androidboot.firstboot=0 jtag=apao androidboot.veritymode=enforcing androidboot.hardware=amlogic androidboot.btmacaddr=00:00:00:00:00:00 androidboot.wifimac=00:00:00:00:00:00 androidboot.wificountrycode=US androidboot.bootloader= androidboot.serialno=26919800002433906 androidboot.boardid=3 androidboot.region=none androidboot.reboot_mode=cold_boot page_trace=on androidboot.rpmb_state=0 aml_dt= recovery_part={recovery_part} recovery_offset={recovery_offset} aml_dt= recovery_part={recovery_part} recovery_offset={recovery_offset}
bootcmd=run storeboot
bootdelay=1
bootup_offset=0x1133b50
bootup_size=0x5eec7a
btmac=00:00:00:00:00:00
cmdline_keys=keyman init 0x1234; setkeys;
colorattribute=444,12bit
cvbs_drv=0
cvbsmode=576cvbs
display_bpp=24
display_color_bg=0
display_color_fg=0xffff
display_color_index=24
display_height=576
display_layer=osd1
display_width=720
dtb_mem_addr=0x1000000
factory_reset_poweroff_protect=echo wipe_data=${wipe_data}; echo wipe_cache=${wipe_cache};if test ${wipe_data} = failed; then run init_display; run storeargs;if usb start 0; then run recovery_from_udisk;fi;run recovery_from_flash;fi; if test ${wipe_cache} = failed; then run init_display; run storeargs;if usb start 0; then run recovery_from_udisk;fi;run recovery_from_flash;fi;
fb_addr=0x3d800000
fb_height=1080
fb_width=1920
fdt_high=0x20000000
firstboot=0
frac_rate_policy=1
fs_type=ro rootwait skip_initramfs
hdmimode=1080p60hz
identifyWaitTime=750
init_display=get_rebootmode;echo reboot_mode:::: ${reboot_mode};if test ${reboot_mode} = quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;osd open;osd clear;else if test ${reboot_mode} = recovery_quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;osd open;osd clear;else setenv reboot_mode_android normal;run storeargs;osd open;osd clear;imgread pic logo bootup $loadaddr;bmp display $bootup_offset;bmp scale; fi;fi;
initargs=init=/init console=ttyS0,115200 no_console_suspend earlycon=aml_uart,0xc81004c0 ramoops.pstore_en=1 ramoops.record_size=0x8000 ramoops.console_size=0x4000
jtag=apao
loadaddr=1080000
lock=10001000
maxcpus=4
outputmode=576cvbs
page_trace=on
preboot=run cmdline_keys;run bcb_cmd; run factory_reset_poweroff_protect;run upgrade_check;run init_display;run storeargs;bcb uboot-command;run switch_bootmode;
reboot_mode=cold_boot
reboot_mode_android=normal
recovery_from_flash=get_valid_slot;echo active_slot: ${active_slot};if test ${active_slot} = normal; then setenv bootargs ${bootargs} aml_dt=${aml_dt} recovery_part={recovery_part} recovery_offset={recovery_offset};if itest ${upgrade_step} == 3; then if ext4load mmc 1:2 ${dtb_mem_addr} /recovery/dtb.img; then echo cache dtb.img loaded; fi;if ext4load mmc 1:2 ${loadaddr} /recovery/recovery.img; then echo cache recovery.img loaded; wipeisb; bootm ${loadaddr}; fi;else fi;if imgread kernel ${recovery_part} ${loadaddr} ${recovery_offset}; then wipeisb; bootm ${loadaddr}; fi;else setenv bootargs ${bootargs} aml_dt=${aml_dt} recovery_part=${boot_part} recovery_offset=${recovery_offset};if imgread kernel ${boot_part} ${loadaddr}; then bootm ${loadaddr}; fi;fi;
recovery_from_udisk=setenv bootargs ${bootargs} aml_dt=${aml_dt} recovery_part={recovery_part} recovery_offset={recovery_offset};if fatload usb 0 ${loadaddr} aml_autoscript; then autoscr ${loadaddr}; fi;if fatload usb 0 ${loadaddr} recovery.img; then if fatload usb 0 ${dtb_mem_addr} dtb.img; then echo udisk dtb.img loaded; fi;wipeisb; bootm ${loadaddr};fi;
recovery_offset=0
recovery_part=recovery
region=none
rpmb_state=0
sdc_burning=sdc_burn ${sdcburncfg}
sdcburncfg=aml_sdc_burn.ini
serialno=26919800002433906
sn2=3236393139383030303032343333393036
stderr=serial
stdin=serial
stdout=serial
storeargs=get_rebootmode;setenv bootargs ${initargs} ${fs_type} reboot_mode_android=${reboot_mode_android} androidboot.selinux=${EnableSelinux} logo=${display_layer},loaded,${fb_addr},${outputmode} maxcpus=${maxcpus} vout=${outputmode},enable hdmimode=${hdmimode} frac_rate_policy=${frac_rate_policy} cvbsmode=${cvbsmode} hdmitx=${cecconfig},${colorattribute} cvbsdrv=${cvbs_drv} androidboot.firstboot=${firstboot} jtag=${jtag}; setenv bootargs ${bootargs} androidboot.veritymode=enforcing androidboot.hardware=amlogic androidboot.btmacaddr=${btmac} androidboot.wifimac=${wifimac} androidboot.wificountrycode=${wifi_ccode} androidboot.bootloader=${bootloader} androidboot.serialno=${serialno} androidboot.boardid=${boardid} androidboot.region=${region} androidboot.reboot_mode=${reboot_mode};setenv bootargs ${bootargs} page_trace=${page_trace};setenv bootargs ${bootargs} androidboot.rpmb_state=${rpmb_state};
storeboot=get_system_as_root_mode;echo system_mode: ${system_mode};if test ${system_mode} = 1; then setenv fs_type ro rootwait skip_initramfs;run storeargs;fi;get_valid_slot;get_avb_mode;echo active_slot: ${active_slot} avb2: ${avb2};if test ${active_slot} != normal; then setenv bootargs ${bootargs} androidboot.slot_suffix=${active_slot};fi;if test ${avb2} = 0; then if test ${active_slot} = _a; then setenv bootargs ${bootargs} root=/dev/mmcblk0p23;else if test ${active_slot} = _b; then setenv bootargs ${bootargs} root=/dev/mmcblk0p24;fi;fi;fi;if imgread kernel ${boot_part} ${loadaddr}; then bootm ${loadaddr}; fi;run update;
switch_bootmode=get_rebootmode;if test ${reboot_mode} = factory_reset; then setenv reboot_mode_android normal;run storeargs;run recovery_from_flash;else if test ${reboot_mode} = update; then setenv reboot_mode_android normal;run storeargs;run update;else if test ${reboot_mode} = quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;else if test ${reboot_mode} = recovery_quiescent; then setenv reboot_mode_android quiescent;run storeargs;setenv bootargs ${bootargs} androidboot.quiescent=1;run recovery_from_flash;else if test ${reboot_mode} = cold_boot; then setenv reboot_mode_android normal;run storeargs;else if test ${reboot_mode} = fastboot; then setenv reboot_mode_android normal;run storeargs;fastboot;fi;fi;fi;fi;fi;fi;if monitor_bt_cmdline; then run update; fi;
system_mode=1
try_auto_burn=update 700 750;
update=run try_auto_burn; if usb start 0; then run recovery_from_udisk;fi;run recovery_from_flash;
upgrade_check=echo upgrade_step=${upgrade_step}; if itest ${upgrade_step} == 3; then run init_display; run storeargs; run update;else fi;
upgrade_step=2
usb_burning=update 1000
wifi_ccode=US
wifimac=00:00:00:00:00:00
wipe_cache=successful
wipe_data=successful
Environment size: 7334/65532 bytes

I'm not sure if imgread is being called by the normal boot process, or a recovery process because the device failed to boot.
At the uart prompt type:
imgread dtb boot 0x1000000
imgread kernel boot 0x1080000
bootm 0x1080000
and post the output.
If it's the same error as before, the boot partition might not be flashed with the correct image.

gxl_aquaman_v1#imgread dtb boot 0x1000000
Err imgread(L220):Fmt unsupported! only support 0x3
gxl_aquaman_v1#imgread kernel boot 0x1080000
Err imgread(L328):Fmt unsupported!genFmt 0x0 != 0x3
gxl_aquaman_v1#imgread kernel boot 0x1080000
Err imgread(L328):Fmt unsupported!genFmt 0x0 != 0x3
gxl_aquaman_v1#<INTERRUPT>
gxl_aquaman_v1#bootm 0x1080000
aml log : Sig Check 1830

kedzior.kedzior said:
gxl_aquaman_v1#imgread dtb boot 0x1000000
Err imgread(L220):Fmt unsupported! only support 0x3
Click to expand...
Click to collapse
Are you able to flash the boot partition with the boot image again?
Which version of the firmware did you flash?

Are you able to flash the boot partition with the boot image again?
Yes
Which version of the firmware did you flash?
https://disk.yandex.ru/d/aL5XolrdAbTJ0g How to check it?
Other than this one I have no other
Did you flash it with fastboot or burn mode?
According to the instructions from the post https://forum.xda-developers.com/t/help-please-mdz-24-aa-no-power-led-no-video.4452819/post-87044521
but one of the commands "fastboot oem unlock" not working
"astboot flashing unlock" worked
"fastboot flashing unlock_critical" worked
I notice from the environment that the bootloader is currently locked.
The russian guy in the video mentioned that it is important to keep the older version of the bootloader, because the newer version could lock you out.
What I would try is starting fastboot, and then using the ota source files, flashing all of the partitions again, except NOT the bootloader.
What you could try first is just flashing the boot partition again from whatever firmware you used the last time.
Unfortunately, I do not have the previous works version :/

kedzior.kedzior said:
https://disk.yandex.ru/d/aL5XolrdAbTJ0g How to check it?
Click to expand...
Click to collapse
I will check that version, and will also check which version is the newest version.

At the uart prompt, type:
get_bootloaderversion
and post the version.

Functioner said:
At the uart prompt, type:
get_bootloaderversion
and post the version.
Click to expand...
Click to collapse
gxl_aquaman_v1#get_bootloaderversion
Nieznane polecenie 'get_bootloaderversion' - spróbuj 'help'
C:\adb>fastboot getvar version-bootloader
version-bootloader: U-Boot 2015.01-g2e3e77d-dirty
Finished. Total time: 0.003s

The version of the firmware in backup-Restore.rar from the above yandex link is r293:
Xiaomi/aquaman/aquaman:9/PI/293:user/release-keys
This is quite old. It's from May 26 2020.
If you flashed the tee image from that download, it could have corrupted your device.

thank you very much for your help and your time. I will continue to try to bring my stick back to life

kedzior.kedzior said:
thank you very much for your help and your time. I will continue to try to bring my stick back to life
Click to expand...
Click to collapse
sure, good luck.