Bricked Watch 2 - Huawei Watch 2

Hi guys
I flashed the below ROM on my BT version
Leo-L09S 2.1.7_Firmware_general_05014AHH from (Guide: How to flash english firmware to chinese huawei watch 2 sim card variant) on my BT version by mistake....
The watch does not boot at all.. No response when I press the power button cant go into fastboot or anything... its completely dead... Please let me know what can be done...

devilsden said:
Hi guys
I flashed the below ROM on my BT version
Leo-L09S 2.1.7_Firmware_general_05014AHH from (Guide: How to flash english firmware to chinese huawei watch 2 sim card variant) on my BT version by mistake....
The watch does not boot at all.. No response when I press the power button cant go into fastboot or anything... its completely dead... Please let me know what can be done...
Click to expand...
Click to collapse
hello,
there is another friend with your problem and there is a talk about into 4G ROM thread.
regards

devilsden said:
Hi guys
I flashed the below ROM on my BT version
Leo-L09S 2.1.7_Firmware_general_05014AHH from (Guide: How to flash english firmware to chinese huawei watch 2 sim card variant) on my BT version by mistake....
The watch does not boot at all.. No response when I press the power button cant go into fastboot or anything... its completely dead... Please let me know what can be done...
Click to expand...
Click to collapse
Hey there,
I've been facing the same problem, I think its best we move out of the 4G ROM thread and continue here.
So here is what happened so far:
I did the exact same mistake and flashed my Huawei Watch 2 BT LEO-B09/LEO-BX9 with the 4G Rom and now my watch doesn't show anything and just a black screen, no huawei logo, no vibration, no fastboot access, nothing except when I plug the watch to the PC it shows up as "Qualcomm HS-USB QDLoader 9008 (COM4)".
So at this point we are trying to find a way to flash the correct images to the watch without accessing fastboot. I used a Qualcomm Flash tool called QFIL and on it the Watch was visible as "Qualcomm HS-USB QDLoader 9008 (COM4)".
Now the problem I'm facing is that I need these three files to run the program:
1. prog_emmc_firehose_xxxx.mbn
2. rawprogram0.xml
3. patch0.xml
I'm not 100% sure if this is the correct program to use to Flash Qualcomm smart watches. So I think at this point its still possible to revive our watches because there is still some communication between the watch and the PC.

sorayahya said:
Hey there,
I've been facing the same problem, I think its best we move out of the 4G ROM thread and continue here.
So here is what happened so far:
I did the exact same mistake and flashed my Huawei Watch 2 BT LEO-B09/LEO-BX9 with the 4G Rom and now my watch doesn't show anything and just a black screen, no huawei logo, no vibration, no fastboot access, nothing except when I plug the watch to the PC it shows up as "Qualcomm HS-USB QDLoader 9008 (COM4)".
So at this point we are trying to find a way to flash the correct images to the watch without accessing fastboot. I used a Qualcomm Flash tool called QFIL and on it the Watch was visible as "Qualcomm HS-USB QDLoader 9008 (COM4)".
Now the problem I'm facing is that I need these three files to run the program:
1. prog_emmc_firehose_xxxx.mbn
2. rawprogram0.xml
3. patch0.xml
I'm not 100% sure if this is the correct program to use to Flash Qualcomm smart watches. So I think at this point its still possible to revive our watches because there is still some communication between the watch and the PC.
Click to expand...
Click to collapse
Have been following the thread. Hopefully it will be resolved without needing to send the watch back...

eMMC DL Tool
https://androidmtk.com/use-emmc-dl-tool
I'm not sure if this is the correct program for this situation but apparently it can Flash images to a Qualcomm android, should we try this one?

But what firmware would you flash? Also, I dont think firmware files are image files...

sorayahya said:
Hey there,
I've been facing the same problem, I think its best we move out of the 4G ROM thread and continue here.
So here is what happened so far:
I did the exact same mistake and flashed my Huawei Watch 2 BT LEO-B09/LEO-BX9 with the 4G Rom and now my watch doesn't show anything and just a black screen, no huawei logo, no vibration, no fastboot access, nothing except when I plug the watch to the PC it shows up as "Qualcomm HS-USB QDLoader 9008 (COM4)".
So at this point we are trying to find a way to flash the correct images to the watch without accessing fastboot. I used a Qualcomm Flash tool called QFIL and on it the Watch was visible as "Qualcomm HS-USB QDLoader 9008 (COM4)".
Now the problem I'm facing is that I need these three files to run the program:
1. prog_emmc_firehose_xxxx.mbn
2. rawprogram0.xml
3. patch0.xml
I'm not 100% sure if this is the correct program to use to Flash Qualcomm smart watches. So I think at this point its still possible to revive our watches because there is still some communication between the watch and the PC.
Click to expand...
Click to collapse
The software you named is correct, or some other will use the flash tools from Xiaomi. Yup, The problem is the missing mbn file, which is not available right now.
There will be 2 directions for further investigation.
1. extract the rom and recreate the bootloader part of mbn.
2. dump the full image from another model and restore. Which require at least root of the rom.
Sorry that I were quite busy lately which I can't read a lot for this case. Nor I were not expert in android.
But the following post should be very informative
http://www.droidsavvy.com/unbrick-qualcomm-mobiles/

mcdull said:
The software you named is correct, or some other will use the flash tools from Xiaomi. Yup, The problem is the missing mbn file, which is not available right now.
There will be 2 directions for further investigation.
1. extract the rom and recreate the bootloader part of mbn.
2. dump the full image from another model and restore. Which require at least root of the rom.
Sorry that I were quite busy lately which I can't read a lot for this case. Nor I were not expert in android.
But the following post should be very informative
http://www.droidsavvy.com/unbrick-qualcomm-mobiles/
Click to expand...
Click to collapse
I see, then I guess we need someone who has a rooted Huawei Watch 2 rooted and to dump the full images.
So the factory images we have from the other thread is not what we need to fix this problem?
https://forum.xda-developers.com/watch-2/development/rom-huawei-watch-2-bt-leo-b09-leo-bx9-t3616779
So should we try the guide you linked and which rom should we use?

sorayahya said:
I see, then I guess we need someone who has a rooted Huawei Watch 2 rooted and to dump the full images.
So the factory images we have from the other thread is not what we need to fix this problem?
https://forum.xda-developers.com/watch-2/development/rom-huawei-watch-2-bt-leo-b09-leo-bx9-t3616779
So should we try the guide you linked and which rom should we use?
Click to expand...
Click to collapse
I discussed with dr_chch and he is kind enough to share the complete recovery image. I downloaded and found it was actually an update package instead of factory recovery image. So fastboot is actually needed. On the other hand, in the update.zip, there is a updater-script.
Code:
(!less_than_int(1495259939, getprop("ro.build.date.utc"))) || abort("E3003: Can't install this package (Sat May 20 05:58:59 UTC 2017) over newer build (" + getprop("ro.build.date") + ").");
getprop("ro.product.device") == "sawfish" || abort("E3004: This package is for \"sawfish\" devices; this is a \"" + getprop("ro.product.device") + "\".");
ui_print("Target: huawei/sawfish/sawfish:7.1.1/NXH20B/4029397:user/release-keys");
show_progress(0.750000, 0);
ui_print("Patching system image unconditionally...");
block_image_update("/dev/block/platform/soc/7824900.sdhci/by-name/system", package_extract_file("system.transfer.list"), "system.new.dat", "system.patch.dat") ||
abort("E1001: Failed to update system image.");
show_progress(0.050000, 5);
package_extract_file("boot.img", "/dev/block/platform/soc/7824900.sdhci/by-name/boot");
show_progress(0.200000, 10);
ui_print("Patching FullOTA booloader images.");
package_extract_file("bootloader.img", "/tmp/bootloader.img");
huawei_bootloader_update("/tmp/bootloader.img", "gpt_both0.bin");
huawei_bootloader_update("/tmp/bootloader.img", "sbl1.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/sbl1");
huawei_bootloader_update("/tmp/bootloader.img", "rpm.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/rpm");
huawei_bootloader_update("/tmp/bootloader.img", "tz.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/tz");
huawei_bootloader_update("/tmp/bootloader.img", "emmc_appsboot.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/aboot");
huawei_bootloader_update("/tmp/bootloader.img", "NON-HLOS.bin", "/dev/block/platform/soc/7824900.sdhci/by-name/modem");
huawei_bootloader_update("/tmp/bootloader.img", "keymaster.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/keymaster");
huawei_bootloader_update("/tmp/bootloader.img", "cmnlib.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/cmnlib");
ui_print("FullOTA Bootloader images install ok.");
huawei_save_soft_version("BUILDNUM", "NXH20B");
huawei_save_product_name("PRODNAME", "sawfish");
set_progress(1.000000);
I suppose the update.zip actually contain all these mbn file. and have no idea on how to formulate the xml yet.
So I tested extracting the bootloader.img with WINRAR. And I can come up with all mbn and bin files.
So the files are there, it is just on how to put into the watch.

mcdull said:
I discussed with dr_chch and he is kind enough to share the complete recovery image. I downloaded and found it was actually an update package instead of factory recovery image. So fastboot is actually needed. On the other hand, in the update.zip, there is a updater-script.
Code:
(!less_than_int(1495259939, getprop("ro.build.date.utc"))) || abort("E3003: Can't install this package (Sat May 20 05:58:59 UTC 2017) over newer build (" + getprop("ro.build.date") + ").");
getprop("ro.product.device") == "sawfish" || abort("E3004: This package is for \"sawfish\" devices; this is a \"" + getprop("ro.product.device") + "\".");
ui_print("Target: huawei/sawfish/sawfish:7.1.1/NXH20B/4029397:user/release-keys");
show_progress(0.750000, 0);
ui_print("Patching system image unconditionally...");
block_image_update("/dev/block/platform/soc/7824900.sdhci/by-name/system", package_extract_file("system.transfer.list"), "system.new.dat", "system.patch.dat") ||
abort("E1001: Failed to update system image.");
show_progress(0.050000, 5);
package_extract_file("boot.img", "/dev/block/platform/soc/7824900.sdhci/by-name/boot");
show_progress(0.200000, 10);
ui_print("Patching FullOTA booloader images.");
package_extract_file("bootloader.img", "/tmp/bootloader.img");
huawei_bootloader_update("/tmp/bootloader.img", "gpt_both0.bin");
huawei_bootloader_update("/tmp/bootloader.img", "sbl1.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/sbl1");
huawei_bootloader_update("/tmp/bootloader.img", "rpm.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/rpm");
huawei_bootloader_update("/tmp/bootloader.img", "tz.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/tz");
huawei_bootloader_update("/tmp/bootloader.img", "emmc_appsboot.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/aboot");
huawei_bootloader_update("/tmp/bootloader.img", "NON-HLOS.bin", "/dev/block/platform/soc/7824900.sdhci/by-name/modem");
huawei_bootloader_update("/tmp/bootloader.img", "keymaster.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/keymaster");
huawei_bootloader_update("/tmp/bootloader.img", "cmnlib.mbn", "/dev/block/platform/soc/7824900.sdhci/by-name/cmnlib");
ui_print("FullOTA Bootloader images install ok.");
huawei_save_soft_version("BUILDNUM", "NXH20B");
huawei_save_product_name("PRODNAME", "sawfish");
set_progress(1.000000);
I suppose the update.zip actually contain all these mbn file. and have no idea on how to formulate the xml yet.
So I tested extracting the bootloader.img with WINRAR. And I can come up with all mbn and bin files.
So the files are there, it is just on how to put into the watch.
Click to expand...
Click to collapse
Its true that there are .mbn files inside the bootloader.img but I don't think that necessarily means the prog_emmc_firehose_xxxx.mbn file is in the bootloader.img and/or the ROM images. I think the way we would get the three files required is if we dump/extract the firmware files from a working Huawei Watch 2.

sorayahya said:
Its true that there are .mbn files inside the bootloader.img but I don't think that necessarily means the prog_emmc_firehose_xxxx.mbn file is in the bootloader.img and/or the ROM images. I think the way we would get the three files required is if we dump/extract the firmware files from a working Huawei Watch 2.
Click to expand...
Click to collapse
prog_emmc_firehose_xxxx.mbn is an archive of different component. From my understanding, you just need to flash the bootloader, not the entire rom. Once you get the bootloader fixed, you will be able to flash via fastboot. The xml is the key. It tells the programme on which part of the eMMC to write the mbn.

mcdull said:
prog_emmc_firehose_xxxx.mbn is an archive of different component. From my understanding, you just need to flash the bootloader, not the entire rom. Once you get the bootloader fixed, you will be able to flash via fastboot. The xml is the key. It tells the programme on which part of the eMMC to write the mbn.
Click to expand...
Click to collapse
Hmm that makes sense, but is that an actual technique? Fixing just the fastboot of a bricked devices and then installing it from fastboot. And isn't the way to access the fastboot connected to the booting of the Huawei OS with the logo and the vibration? I don't know I just didn't come across any guides online in my ongoing research about such a technique
Also thank you so much for try to help us figure out a way to fix this all, I really appreciate it

sorayahya said:
Hmm that makes sense, but is that an actual technique? Fixing just the fastboot of a bricked devices and then installing it from fastboot. And isn't the way to access the fastboot connected to the booting of the Huawei OS with the logo and the vibration? I don't know I just didn't come across any guides online in my ongoing research about such a technique
Also thank you so much for try to help us figure out a way to fix this all, I really appreciate it
Click to expand...
Click to collapse
Sorry, I thought I were wrong in prog_emmc_firehose_xxxx file. I am now investigating if it these file is common acorss the devices with the same chipset.
And the file size for this type of file is about 300-400KB. I have got a zip file that contain a hundred of this firehose files, still have no clue on what does it represent.
Keep looking.
Please check this link for more information.
http://www.androidbrick.com/unbrick...-have-the-right-kind-of-rom-qhsusb_dload_edl/

mcdull said:
Sorry, I thought I were wrong in prog_emmc_firehose_xxxx file. I am now investigating if it these file is common acorss the devices with the same chipset.
And the file size for this type of file is about 300-400KB. I have got a zip file that contain a hundred of this firehose files, still have no clue on what does it represent.
Keep looking.
Please check this link for more information.
http://www.androidbrick.com/unbrick...-have-the-right-kind-of-rom-qhsusb_dload_edl/
Click to expand...
Click to collapse
Hmm yeah his guide seems to be very helpful, but we are still stuck with needing to get those .mbn files needed.
Here are my latest findings, the Huawei Watch 2 has a Qualcomm Snapdragon Wear 2100 - MSM8909W.
http://pdadb.net/index.php?m=processor&id=685&c=qualcomm_snapdragon_wear_2100_msm8909w&d=detailed_specs
Which means we need the 8909 of the mbn files if I'm not mistaken, so something like this:
MPRG8909.mbn
8909_msimage.mbn
Everywhere I check about unbricking Qualcomm devices It keeps sending me back to the technique using QFIL with the .mbn and .xml files. So I think this is the way we should focus on.
So the next step is to try find a way to get the files required specific for the Huawei Watch 2.
MPRG8909.mbn
8909_msimage.mbn
and/or
prog_emmc_firehose_xxxx.mbn
2. rawprogram0.xml
3. patch0.xml

sorayahya said:
Hmm yeah his guide seems to be very helpful, but we are still stuck with needing to get those .mbn files needed.
Here are my latest findings, the Huawei Watch 2 has a Qualcomm Snapdragon Wear 2100 - MSM8909W.
http://pdadb.net/index.php?m=processor&id=685&c=qualcomm_snapdragon_wear_2100_msm8909w&d=detailed_specs
Which means we need the 8909 of the mbn files if I'm not mistaken, so something like this:
MPRG8909.mbn
8909_msimage.mbn
Everywhere I check about unbricking Qualcomm devices It keeps sending me back to the technique using QFIL with the .mbn and .xml files. So I think this is the way we should focus on.
So the next step is to try find a way to get the files required specific for the Huawei Watch 2.
MPRG8909.mbn
8909_msimage.mbn
and/or
prog_emmc_firehose_xxxx.mbn
2. rawprogram0.xml
3. patch0.xml
Click to expand...
Click to collapse
It seems to me that you can try partial flash of the bootloader mbn. You are in 9008 mode which indicated that it is not bricked at all. The partition is still there and merely the bootloader itself could be good enough for recovery. Try using the application to see if you can select partition to flash without providing the xml. But I have no device on hand for testing the 9008. I cannot force my watch into 9008 mode unless I intentionally corrupt the bootloader.

mcdull said:
It seems to me that you can try partial flash of the bootloader mbn. You are in 9008 mode which indicated that it is not bricked at all. The partition is still there and merely the bootloader itself could be good enough for recovery. Try using the application to see if you can select partition to flash without providing the xml. But I have no device on hand for testing the 9008. I cannot force my watch into 9008 mode unless I intentionally corrupt the bootloader.
Click to expand...
Click to collapse
So use QFIL to try to flash only bootloader.img onto the watch? But I still need a mbn file for QFIL, where would I get that?

It can't flash img, but can flash mbn inside the img. I am just not sure if the xml is absolutely required.

mcdull said:
It can't flash img, but can flash mbn inside the img. I am just not sure if the xml is absolutely required.
Click to expand...
Click to collapse
I'll do a few test in a bit when I get back home and report back with my results. I'll see what's possible and what's not, but I'm wondering how I should extract the .mbn files from the bootloader.img?

You just need winrar. And rename the img to rar

mcdull said:
You just need winrar. And rename the img to rar
Click to expand...
Click to collapse
Oh right, I feel so stupid for not trying WinRAR.

Related

Jiayu G3 Root

Does any one tested Bin4ry solution on Jiayu G3?
http://forum.xda-developers.com/showthread.php?t=1886460
luznykolo said:
Does any one tested Bin4ry solution on Jiayu G3?
http://forum.xda-developers.com/showthread.php?t=1886460
Click to expand...
Click to collapse
Not yet. Today I will receive my new Jiayu G3 ... and I would like to root it. So very interested to learn about it.
G3 is easy to root. I did root many G3 last week.
Sent from my Honor U8860 using xda-developers app
xjarl said:
G3 is easy to root. I did root many G3 last week.
Sent from my Honor U8860 using xda-developers app
Click to expand...
Click to collapse
Can you provide the link to the guideline you used?
Is it http://techideki.com/how-to-root-jiayu-g3-working-recovery-mode/ ... or the link mentioned above?
xjarl said:
G3 is easy to root. I did root many G3 last week.
Sent from my Honor U8860 using xda-developers app
Click to expand...
Click to collapse
Yeah sure bro but it will be my first smartphone and I can't copy from any device because i don't have it
I have problem. All look fine but have to messages:
"remote object 'system app/Back-Restor.apk does not exist"
"remote object 'system/bin/ric' does not exist
After that my phone reboot and have a screen:
Full restore
a full restore of all data from a connected
desktop computer has been requested. Do
you want allow this to happen?
If you did not request the restore yourself, do
not allow the operation to proceed. This will
replace any data currently on the device!
Please enter your device encryption
password below
______________________________
If the restore data is encrypted, please enter
the password below
_______________________________
I have to install some backup .apk to my Jiayu G3 phone?
I tried to root my Jiayu G3. I tested whether all drivers were installed correctly.
The situation where I have no battery on the Jiayu G3 and plugged in into the USB port is a problem
Driver is mising for MT65xx preloader ... any clue where this driver can be found?
pinibo said:
I tried to root my Jiayu G3. I tested whether all drivers were installed correctly.
The situation where I have no battery on the Jiayu G3 and plugged in into the USB port is a problem
Driver is mising for MT65xx preloader ... any clue where this driver can be found?
Click to expand...
Click to collapse
can send me files of your drives because i have code 10 error
luznykolo said:
can send me files of your drives because i have code 10 error
Click to expand...
Click to collapse
The drivers you can download via the program pdanet:
http://junefabrics.com/android/download.php
When the program asks to replace some existing drivers, you should do that.
Here you can find the flashtool and recovery.img:
http://pan.baidu.com/share/link?shareid=65391&uk=537002687
Thanks but what about Mediatek da USB VCOM? I have code 10 after installing.
Smart Phone Flash Tool will be work properly?
All drivers installed correctly but i have message from sp flash tool
SP FLASH TOOL ERROR: (8100)
[Android USB] Can not find USB port!
something different now: New message
Brom error: S_FT_NEED_DOWNLOAD_ALL_FAIL (4050)
Need download all images!
luznykolo said:
Thanks but what about Mediatek da USB VCOM? I have code 10 after installing.
Smart Phone Flash Tool will be work properly?
All drivers installed correctly but i have message from sp flash tool
SP FLASH TOOL ERROR: (8100)
[Android USB] Can not find USB port!
something different now: New message
Brom error: S_FT_NEED_DOWNLOAD_ALL_FAIL (4050)
Need download all images!
Click to expand...
Click to collapse
I just was successful in installing the driver for MT65xx Preloader (had to manually install it during the flashing exclamation mark).
When I now connect the phone without battery, I have no more exclamation marks.
Now, when I start the flash tool and connect my device without battery I get every time a different error and a window that pops-up with some (vague) explanation. Also the bottom bar of the flash tool becomes red.
It does not look good to me and I have to dive into more details to see what I should do.
In the device manager I do not have further exlamation marks ....to be continued.
So, it seems I am now on the same level as you are.
Thats right.
I think that this error means that we have to mark all files on the list but we don't have these files on the computer. I read some hint on similar tutorial (with only recovery checked on the list)
"Please note that, even though it isn't mandatory to select it on the list of images to flash, preloader file must be present in the same folder as the other partition(s) that you want to flash, or else phone will not be able to enter into download mode."
xjarl said:
G3 is easy to root. I did root many G3 last week.
Sent from my Honor U8860 using xda-developers app
Click to expand...
Click to collapse
Can you send us the mentioned files to root jiayu g3?
luznykolo said:
Can you send us the mentioned files to root jiayu g3?
Click to expand...
Click to collapse
Preamble: DO A BACKUP OF boot.img and recovery.img BEFORE MODIFYING ANYTHING!
-if you are not familar with SP Flash Tool, please google for a full guide regarding this theme: "How to Root JiaYu G3 + working Recovery mode"
the easyest way to install the needed drivers ist to install the app pdanet: h t t p:// junefabrics.com/android/
if some drivers are missing you can find also drivers in the zip files
I attached 2 zip files.
1.) use the files in root.zip with SP_Flash_Tool_v3.1222.00 to flash patched root and recovery with working cwm (english language, searched a while for that)
2.) file root.zip is meant for rooting with cwm (use only if flashing files from 1. does not the complete job)
hint: I struggled a bit on connecting the pone: press power and volume up and plug USB in was only working with attached battery
cheers and sorry for my bad english....
hi, do you know how to upload to phone another language (czech language)? or link to another custom rom. I fail to find anything. Thanks a lot
poweronat said:
Preamble: DO A BACKUP OF boot.img and recovery.img BEFORE MODIFYING ANYTHING!
-if you are not familar with SP Flash Tool, please google for a full guide regarding this theme: "How to Root JiaYu G3 + working Recovery mode"
the easyest way to install the needed drivers ist to install the app pdanet: h t t p:// junefabrics.com/android/
if some drivers are missing you can find also drivers in the zip files
I attached 2 zip files.
1.) use the files in root.zip with SP_Flash_Tool_v3.1222.00 to flash patched root and recovery with working cwm (english language, searched a while for that)
2.) file root.zip is meant for rooting with cwm (use only if flashing files from 1. does not the complete job)
hint: I struggled a bit on connecting the pone: press power and volume up and plug USB in was only working with attached battery
cheers and sorry for my bad english....
Click to expand...
Click to collapse
Thank you poweronat.
Just one question: if there is something goes wrong, how can I restore previous situation?
Thanks
Please google for "How to Root JiaYu G3 + working Recovery mode"
to get a full description of backing up boot.img and recovery.img
if youve done this right you should have a backup of your boot and recovery partitions which can be stored back if a fault occours.
the partitions should be the following (please re-check with your device):
boot: F88000 - 1588000 = length of 600000
recovery: 1588000 - 1B88000 = length of 600000
good luck
poweronat said:
Please google for "How to Root JiaYu G3 + working Recovery mode"
to get a full description of backing up boot.img and recovery.img
if youve done this right you should have a backup of your boot and recovery partitions which can be stored back if a fault occours.
the partitions should be the following (please re-check with your device):
boot: F88000 - 1588000 = length of 600000
recovery: 1588000 - 1B88000 = length of 600000
good luck
Click to expand...
Click to collapse
Where i can check this?
Spflash Tool not working for me. I've installed pda drivers. Driver successfuly installed but when i click download connect the phone without battery. Then i put the battery nothing happens. I the bottom bar i have: EMMC | Searching and nothing happens.
I've tried one more. Now i have "BROM Error" and next try "USB Cable not connected
Should i have clean sd card or something?
did you laod MT6577_Android_scatter_emmc.txt before trying to flash boot and recovery?
also it is recommended to DO A BACKUP BEFORE FLASHING
I receive access vaolation error when i try to start SP flash tool
i really need help
aha, dont know this, sorry.
ive done this with windowx XP phps you do have another machine to test this on

Question Lenovo Phab PB1 770m no operating system help

Hi all i have new Lenovo PB1 770m I attempted to root it the TWRP was installed but it was not rooted
then I tried to update the firmware to the latest 151111 and no go, in the end i managed to delete the operating system so now I can boot to recovery mode only, When I try to restart it comes up with No OS Installed, I have tried to install xposed v79 sdk21 arm64zip no go, Ok now I know that I am an IDIOT for
not making a backup of original system and not cheking the firmware was the same as the root guide,
On the top of recovery screen is :- 2.8.7.7 SevenMaxs and TeamWin Recovery Project, I guess this could
be an expensive lesson, I have been looking for an original ROM with no luck so any help would be very
much appreciated, Thanks pluto1956, Mike
ps used info and files from here to try and root. http://forum.xda-developers.com/andr...oting-t3290347
UPDATE I managed to get a ROM from Russian site PB1-770M_S000156_150930_ROW_fastboot.7z 1.8gig
instructions say to be installed from computer via usb my problem is I can only access the internal storage or external SD card not the Usb-otg so it seems I can only update from the sd or internal memory
tried putting the rom on both but no go
Hi is there anybody that knows where and how to install the stock firmware for the phab PB1-770M
HELP
Same as above. need a stock rom. formatted internal storage mistakenly. HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
naeemdurrani said:
Same as above. need a stock rom. formatted internal storage mistakenly. HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Click to expand...
Click to collapse
Well i did it. Is really simple but it seems nobody has this problem before. You need
- Download Stock Firmware from russian lenovo site
- The Tool i used is QPST_2.7.422 QFIL it cames with the Drivers (i used Win8.1)
- Put phone in Download mode (press vol up and down same time and connect phone to PC)
- Open QFIL program and select flat build
- In select programmer you select prog_emmc_firehose_8936.mbm
- In load xml i selected rawprogram_unsparse and path0
- After that you click download and wait like 4 min and when say finish succesfully you start phone manually
I hope this helps.
Thanks brother, yesterday i downloaded one russian rom in zip format and there was a .bat file included in it. i only double clicked and it flashed through adb and fastboot and it was successfull. i got the operating system 5.0.2 but WLAN is not working, tried flashing several time but no luck. i learned that it is still under warranty ..so sent it to warranty. in a week it will be back with be for testing again hopefully.
well i will try your method as soon as i get my beast again. Thank you so much for helping out in timely manner, really appreciate it brother.
jotade said:
Well i did it. Is really simple but it seems nobody has this problem before. You need
- Download Stock Firmware from russian lenovo site
- The Tool i used is QPST_2.7.422 QFIL it cames with the Drivers (i used Win8.1)
- Put phone in Download mode (press vol up and down same time and connect phone to PC)
- Open QFIL program and select flat build
- In select programmer you select prog_emmc_firehose_8936.mbm
- In load xml i selected rawprogram_unsparse and path0
- After that you click download and wait like 4 min and when say finish succesfully you start phone manually
I hope this helps.
Click to expand...
Click to collapse
---------- Post added at 08:10 AM ---------- Previous post was at 08:06 AM ----------
it is very easy my friend just look into the only topic/thread about Phab plus in xda. it will guide you well.
if you get any error in recovery like footer is wrong/signature verification failed. connect your phone and first check if your device in being tracked by adb. use adb devices.
if your device appear in the list of devices ..use fastboot oem unlock then flash sevenmax twrp again after entering into temporary twrp as per phab plus thread.
0verdaflow said:
How can you root this damn phones.... i was trying like for 2 days....
Click to expand...
Click to collapse
jotade said:
Well i did it. Is really simple but it seems nobody has this problem before. You need
- Download Stock Firmware from russian lenovo site
- The Tool i used is QPST_2.7.422 QFIL it cames with the Drivers (i used Win8.1)
- Put phone in Download mode (press vol up and down same time and connect phone to PC)
- Open QFIL program and select flat build
- In select programmer you select prog_emmc_firehose_8936.mbm
- In load xml i selected rawprogram_unsparse and path0
- After that you click download and wait like 4 min and when say finish succesfully you start phone manually
I hope this helps.
Click to expand...
Click to collapse
Could you please elucidate more? I downloaded the ROM and the flash program. However, I've no clue how to get going. I don't even see the xml files anywhere (as mentioned by you).
Just don't want to screw it up bad so being little more cautious.
jotade said:
Well i did it. Is really simple but it seems nobody has this problem before. You need
- Download Stock Firmware from russian lenovo site
- The Tool i used is QPST_2.7.422 QFIL it cames with the Drivers (i used Win8.1)
- Put phone in Download mode (press vol up and down same time and connect phone to PC)
- Open QFIL program and select flat build
- In select programmer you select prog_emmc_firehose_8936.mbm
- In load xml i selected rawprogram_unsparse and path0
- After that you click download and wait like 4 min and when say finish succesfully you start phone manually
I hope this helps.
Click to expand...
Click to collapse
im getting this error
Start Sending Programmer
Download Fail:System.Exception: Unable to download Flash Programmer using Sahara Protocol
at QC.QMSLPhone.Phone.QPHONEMS_SaharaArmPrgDownload(String sFileName)
at QC.SwDownloadDLL.SwDownload.QPHONEMSSaharaDownloadArmPrg(UInt64& version, String armPrgPath)
Download Fail:Sahara FailSahara Fail
Finish Download
cant flash the stock rom
man dont use Qfil program.
the rom which you downloaded should be in zip format, unzip it, there is a file download_with_partiotion.bat.
run it and sit back until it is finished.
Wakatsik said:
im getting this error
Start Sending Programmer
Download Fail:System.Exception: Unable to download Flash Programmer using Sahara Protocol
at QC.QMSLPhone.Phone.QPHONEMS_SaharaArmPrgDownload(String sFileName)
at QC.SwDownloadDLL.SwDownload.QPHONEMSSaharaDownloadArmPrg(UInt64& version, String armPrgPath)
Download Fail:Sahara FailSahara Fail
Finish Download
cant flash the stock rom
Click to expand...
Click to collapse
naeemdurrani said:
man dont use Qfil program.
the rom which you downloaded should be in zip format, unzip it, there is a file download_with_partiotion.bat.
run it and sit back until it is finished.
Click to expand...
Click to collapse
i cant use the .bat cause my phone is already bricked...it wont be recognize by the app...the only way is thru QFIL but the problem is that i always get the error above
Hi, same here. I tried using QFIL and getting Sahara Fail. Then tried clicking on the bat file but its not working since the phone is not recognized. Please help.
EDIT : I got the QFIL working just now and my phone is working. Flashed the stock rom and I think it will be just fine.
whiskey_1388 said:
Hi, same here. I tried using QFIL and getting Sahara Fail. Then tried clicking on the bat file but its not working since the phone is not recognized. Please help.
EDIT : I got the QFIL working just now and my phone is working. Flashed the stock rom and I think it will be just fine.
Click to expand...
Click to collapse
My phone was wiped by me . I have TWRP and my phone is read as ADB interface (when in recovery mode). I tried adb devices and it returned 1f82f24b recovery. I also can access my phone memory from PC when in TWRP recovery which enables me to transfer files.
My problem is it is only read as ADB interface not as Qualcom COM port device. When I try Download_with_partition.cmd I get the error that it can not distinguish devices and to try. Any solution by those managed to install it successfully?
For everyone landing in this page due to wiping his OS of Lenovo Phab Plus by mistake (like I did), please refer to this thread:
Lenovo Phab Plus PB1-770M Stock ROM needed
Thanks!
jotade said:
Well i did it. Is really simple but it seems nobody has this problem before. You need
- Download Stock Firmware from russian lenovo site
- The Tool i used is QPST_2.7.422 QFIL it cames with the Drivers (i used Win8.1)
- Put phone in Download mode (press vol up and down same time and connect phone to PC)
- Open QFIL program and select flat build
- In select programmer you select prog_emmc_firehose_8936.mbm
- In load xml i selected rawprogram_unsparse and path0
- After that you click download and wait like 4 min and when say finish succesfully you start phone manually
I hope this helps.
Click to expand...
Click to collapse
I was not doing the 8936.mbn part!
By default it is 8916 so it doesnt work. but after changing that setting, it work!:highfive::good:
I can't unbrick
Hi!
I have a Lenovo Phab PB1-770M, this phone won't turn on, only Lenovo logo, or fastboot or flashmode.
With Flashtool i can't flash. In Fastboot i flash a recovery or operating system, i reboot the phone and again only the Lenovo screen, operating system not starting.
What can i do?
naeemdurrani said:
man dont use Qfil program.
the rom which you downloaded should be in zip format, unzip it, there is a file download_with_partiotion.bat.
run it and sit back until it is finished.
Click to expand...
Click to collapse
this is what i get running the .bat command >
'adb' is not recognized as an internal or external command,
operable program or batch file.
╟δ╚╖▒ú╩╓╗·─▄╣╗╩╢▒≡adb╔Φ▒╕!╟δ╓╪╩╘úí
please ensure the phone can distinguish adb devices! Please retry!
Press any key to continue . . .

Downgrade/Unbrick Huawei device (if other methods doesn't work)

This is Generic guide for Unbricking or Downgrading Huawei devices with Kirin 960 CPU. Most probably very similar steps can be done for Kirin 970, but i don't have device to test. At the end i did attach my files, that i used for CMR-W09.
This WILL WORK even if you have Black Screen with permanent Fastboot - this is common issue for those, who tried to downgrade from EMUI 9 to EMUI 8. Yes, this is also unbrickable!
Have Fun!
1. Prerequisites
- Linux installed on your PC/laptop or as Virtual Machine, with fastboot tool on it
- Board Software for your device – you can find on easy-firmware.com (about $15 for pass and reach collection) or gem-flash.com (has cheap $3 pass but less firmwares in collection)
HiKey_IDT linux tool – can be found there https://github.com/96boards-hikey/tools-images-hikey960/
- Knowledge about test point location to interrupt CPU loading routine – ask google or look on this forum
http://forum.gsmhosting.com/vbb/f1022/huawei-test-point-gallery-2291781/index17.html
- Opened device – you need access to motherboard
2. Booting device in force update mode
Small intro. Hisilicon Kirin CPUs has special mode, when they are interrupting normal boot process and opening COM port on USB to accept commands. You have chance to load your own binaries directly to device RAM before boot process will continue (still, this images has to be signed by Huawei private key)
- Disconnect battery connector from motherboard
- Short test point to ground (any big metal shield on board will work for that)
- Having test point shorted – connect USB cable. Run “lsusb” command – you should see device “USB SER” in devices
- Open folder with Board Software. Find xml file with model name in name, for ex. “CMR-W09-BD_1.0.0.19_Download.xml”. In that xml file – check section for “bootloaderimage” – you will find paths and memory addresses for all needed boot stages. Keep that open.
- Find all three boot img files – copy them to Linux machine. Note: For me, this three files didn’t work. But I found files with same names in other folder of Board Software – and that did a trick. You have to experiment a little bit.
- Go to folder, where you have HiKey_IDT tools downloaded. Copy three boot files from Board Software to same folder as hikey_idt. Edit “config” file – you should specify correct address and file name – according to Board Software
- Check “dmesg” command output – look for GSM Modem connected messages – you will see port name attached – like ttyUSB0
- Run next command “./hikey_idt -c config -p /dev/ttyUSB0”. You should see information about loaded all boot stages, with “Finish downloading” message after each. If you did everything fine – in 5-15 seconds you will have your device ready for downgrade/unbrick/killing_your_cat
- To verify that everything is fine – run “fastboot devices” command. If it will show device with proper serial number in output – you are fine to continue
3. Fixing your device
On that step – you have special fastboot booted, that has no security/validation on it. You can unbrick your device, or kill it. Do all steps carefully.
- Flash proper partition table information. You can take it from OTA package (from inside of UPDATE.APP) – normally, it has name HISIUFS_GPT. Run “fastboot flash ptable HISIUFS_GPT.img”
- Flash other partitions one by one. Skip files CRC.img, SHA256RSA.img, CURVER.img, VERLIST.img, PACKAGE_TYPE.img and HISIUFS_GPT.img (it was already flashed on previous step). To flash this files, run “fastboot flash” with partition name and image file name after it – for ex. “fastboot flash recovery_vendor RECOVERY_VENDOR.img”. Note: Partition names should be written in lowercase. You can see partition names in Huawei Update Extractor, as extracted image files sometimes has shortened names.
- Run few more commands to cleanup things around:
Code:
fastboot erase misc
fastboot erase modemnvm_factory
fastboot erase bootfail_info
fastboot erase dfx
fastboot erase rrecord
fastboot erase patch
- Flash few more files – from Board Software:
Code:
fastboot flash splash2 splash2.img
fastboot erase userdata
fastboot flash userdata userdata.img
fastboot erase version
fastboot flash version version.img
fastboot flash reserved4 gpu_test_data_all_v2.bin (may be different for other devices – look into XML file from Board Software package for any “reserved” partitions)
- Remove USB cable, connect battery back and boot your device. Most probably your device will boot now! Or at least it will try
4. Final steps
- Make factory reset from stock recovery!
- Make 3-button flash of same or newer firmware just after restoring device!
- Make backup of your NVME and OEMINFO! Use next commands for that:
Code:
dd if=/dev/block/platform/hi_mci.0/by-name/oeminfo of=/storage/emulated/0/oeminfo.img
dd if=/dev/block/bootdevice/by-name/nvme of=/storage/emulated/0/nvme.bak
Above commands are for adb shell with root. If you will do that under TWRP – you can use “of=/sdcard” in dd commands
Note: If your device is in bootloop, but runs recovery/eRecovery fine. If recovery is showing error during factory reset – maybe, you have screwed your nvme during previous upgrades/downgrades. In that case – make NVME backup using TWRP, take nvme.img from Board software package. Using any HEX editor – open both files, and copy all variable values from your backup to nvme.img from Board – manually. After doing that – repeat all steps from beginning until getting forced fastboot mode, and flash this image with “fastboot flash nvme”
P.S. In above links you may find lovely-prepared files for CMR-W09 tablet with region C432 for recovering to b161 firmware (includes recovery.sh script to flash everything in one command) - it can be used to get $4 unlock code with DC Unlocker.
HiKey_IDT => https://drive.google.com/open?id=1EdNfHVc8japoVSe2k4iTWdyp5JyPa1LR
Recovery Files for CMR-W09 C432 B161 => https://drive.google.com/open?id=1YgwwwFITjbJ8vIepcCt0O5w_RRJcKV8F
Board Software for CMR-W09 => https://drive.google.com/open?id=1w3mfVt8ObsViiv5ov3cUAog-M8hHMaSF
Testpoint location on Mediapad 10.8 (should be same on both Pro and non-Pro)
Reserved
Damn! I sent my tablet to a repair center two days ago...
Thank you for this great guide!
crckmc said:
Damn! I sent my tablet to a repair center two days ago...
Thank you for this great guide!
Click to expand...
Click to collapse
Nah, i'm not looking for fast ways! Decided that i can do it by my own ))) Btw, service center will not even try to repair your tablet - they will replace whole logic board or whole tablet.
For me It gives errors, I used my own device board fw.
Which device do you use? Did you boot it with testpoint?
If it is any of M5/M5 Pro (even if it is 8.4") - you can use files that i attached - hikey_idt is preconfigured. For other kirin960 devices that may need different boot files from own board
goodwin_c said:
Which device do you use? Did you boot it with testpoint?
If it is any of M5/M5 Pro (even if it is 8.4") - you can use files that i attached - hikey_idt is preconfigured. For other kirin960 devices that may need different boot files from own board
Click to expand...
Click to collapse
Booted with testpoint, and I used the Huawei P10 (It's a kirin960) and used my own boot files from the board fw. From what I know, I did a wrong downgrade, I did not know about the xloader thing going on, I had B386 installed, and tried do downgrade to B369a, different xloaders both of them. Now the screen is black, can't get into fastboot this way, I used DC-Phoenix too, managed to get somehow into fastboot, but these flashing errors still happened saying partition lenght get error, my logicboard may be already damaged tho.
yoghurt13 said:
Booted with testpoint, and I used the Huawei P10 (It's a kirin960) and used my own boot files from the board fw. From what I know, I did a wrong downgrade, I did not know about the xloader thing going on, I had B386 installed, and tried do downgrade to B369a, different xloaders both of them. Now the screen is black, can't get into fastboot this way, I used DC-Phoenix too, managed to get somehow into fastboot, but these flashing errors still happened saying partition lenght get error, my logicboard may be already damaged tho.
Click to expand...
Click to collapse
But the first - try hikey_idt with my files (it is preconfigured in attached archive). If it will be still throwing errors (i had same errors with wrong boot files) - take own files from your board. But not from "bootloaderimg" or "fastbootimage" folders - i got success with files from "update_nv_bootloader_block" folder of my board software package.
Next step - after you will boot board with hikey_idt and willl have fastboot loaded (screen will be still black - this is normal) - you will have to write partition table to device eMMC. For that - extract HISIUFS_GPT.img from UPDATE.APP and flash it as "ptable" - run "fastboot flash ptable HISIUFS_GPT.img". If that will go without errors - you can flash other images one by one.
What linux should i have? It's not possible under windows?
lukastob said:
What linux should i have? It's not possible under windows?
Click to expand...
Click to collapse
Any distro that you like - will work for you. If you are newbie - you can take Ubuntu for ex. Also, virtual machine with linux will be totally fine - just you should check everytime that USB is passed from host to VM. And no - i don't know about alternative tool for hikey_idt under WIndows, and service version of IDT - is bad-bad-bad. So, Linux is your choice.
Good jobs man ))) thanks from all users for testpoint
Well I managed to get into the special fastboot, and I could flash a few thing, but at least 5 images fail the verification, including Xloader, It's strage, as the Xloader still tries to verify things.
yoghurt13 said:
Well I managed to get into the special fastboot, and I could flash a few thing, but at least 5 images fail the verification, including Xloader, It's strage, as the Xloader still tries to verify things.
Click to expand...
Click to collapse
Try to flash xloader from OTA, not from board. From UPDATE.APP. Did you flash ptable in that mode?
goodwin_c said:
Try to flash xloader from OTA, not from board. From UPDATE.APP. Did you flash ptable in that mode?
Click to expand...
Click to collapse
I was doing that, I tried the ota xloader, and I tried the board sec_xloader too, they did not work, both of them has verification errors. Flashing DTS, fastboot, trustfirmware gives this error FAILED (remote: 'image verification error'). And yes, I flashed the Ptable too.
yoghurt13 said:
I was doing that, I tried the ota xloader, and I tried the board sec_xloader too, they did not work, both of them has verification errors. Flashing DTS, fastboot, trustfirmware gives this error FAILED (remote: 'image verification error'). And yes, I flashed the Ptable too.
Click to expand...
Click to collapse
from which folder did you take boot files for hikey_idt? maybe, you could try to take older board firmware? Or try to flash files from "fastbootimage" folder of your board.
goodwin_c said:
from which folder did you take boot files for hikey_idt? maybe, you could try to take older board firmware? Or try to flash files from "fastbootimage" folder of your board.
Click to expand...
Click to collapse
I literally have only 1 board firmware version the VTR-AL00, and I tried those stuff already, only your hikey-idt preconfigured got it into fastboot, after that I tried to flash my own board fw stuff onto it. So this whole thing might not work in my case.
yoghurt13 said:
I literally have only 1 board firmware version the VTR-AL00, and I tried those stuff already, only your hikey-idt preconfigured got it into fastboot, after that I tried to flash my own board fw stuff onto it. So this whole thing might not work in my case.
Click to expand...
Click to collapse
Can you share somewhere files from your board? i'll look into it.
goodwin_c said:
Can you share somewhere files from your board? i'll look into it.
Click to expand...
Click to collapse
Yeah, I'll upload the thing, I'll PM you the link.
Okay, I somehow managed to get it to work, found the perfect rom for the reset, BUT, the thing is, I lost my IMEI number from the phone, is there any way to reset it?
Amazing, thank you for this
---------- Post added at 10:02 PM ---------- Previous post was at 10:00 PM ----------
yoghurt13 said:
Yeah, I'll upload the thing, I'll PM you the link.
Click to expand...
Click to collapse
I think because of the relocked bootloader

[HOW TO] Recover from any hardbrick or red case in 9008 mode without ANY BOXEs

Well guys, its finally here!! You can finally unbrick your device without any jtag,medusa, octopus box!!
DISCLAIMER: IM NOT RESPONSIBLE IF THIS DOES SOMETHING BAD TO YOUR DEVICE WHICH IT SHOULDNT.
WARNING: THIS WILL DELETE EVERYTHING IN THE INTERNAL STORAGE OF THE DEVICE!!
FAQ"
1.,)My phone blinks red and i cant boot into 9008 mode at all. What can i do?
A. From what ive expreniced, you need to take out the back and touch two test points on the g7 while connected to the pc with a tweezer.
from another thread :
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
2,) I keep getting shara failed, the firehose is in the right folder and the xml files as well. Everything is in the same folder.
A. There are two reasons why it may fail.
1 Make sure you install the drivers correctly.!! Windows 10 has driver signature enforcment enabled on default so you need to disable that and install the 9008 drivers. To check if your drivers are installed correctly open up Device manager via searching it in the windows bar then go into ports and make sure theres no question mark or an yellow exclamation (!) sign next to it. If there is you have you disable signature enforcement and install the drivers manually. To do that you can google it cause theres a bunch of ways to do it.
2. if the drivers are installed correctly then you should try two things. One run it as admin and check if you can open up parition manager or load the files. and two is to reboot into edl mode by holding down Vol - and then power then once it turns off and on again at the lg logo, hold it down and reboot into edl mode again.
3.Red case:
You may have the red case cause you locked your bootloader by accident or you never unlocked it or something happened. Just use this guide to flash the abl file https://forum.xda-developers.com/lg-g7-thinq/how-to/how-to-partitions-flash-abl-t-mo-t4051249 then do fastboot oem unlock then flash back the abl for your android verison.
Requirments:
-A computer of course
-USB cable to connect your phone to the pc
-This oreo firmware https://lg-firmwares.com/downloads-file/17341/G710ULM11g_01_NAO_US_OP_1112.kdz
-The unbrick files from here: https://drive.google.com/open?id=1gozwGTc8BT1w_gb230GUT4RP_Mwe5fz4
-KDZ Tools: https://github.com/ANEP-ET/kdztools/archive/master.zip
-Python installed :https://www.python.org/downloads/
Steps:
AA. You can download this, extract them and skip steps 1, and 5-9
https://drive.google.com/file/d/19JBomkFdFglUqFhF3jFsJ-H2WJN4Dwp0/view?usp=sharing Thanks to @avilav
BB. You can do it your self too ill leave them in the steps
1. Download and install python
PYTHON INSTALL STEPS:
a. Download and install python 2.7
b.Download and install C++ Compiler for python2.7: https://www.microsoft.com/en-us/download/details.aspx?id=44266
c. Download and install thus redistruble
https://www.microsoft.com/en-us/download/details.aspx?id=48145
D. After everything is done installing open C:/Python2.7/Scripts folder and right click and open powershell
E. Type CMD then enter and then put
Code:
pip install zstandard
F. After thats done continue with the next steps. And you can close that window
2, Download all the files above and extract them into one folder. Make sure to extract everything INSIDE the kdztools folder.
3. Run the qpst file you extracted and install it
4. A.If your phone is already in 9008 mode and stuck there make sure to hold down and power for at least 10-20 seconds while connected to your pc and should reboot back to it.
B. If it doesnt boot into download mode or android at all but theres a picture or bootlooping or at fastboot mode etc... or at the white lg logo: https://www.youtube.com/watch?v=__MY0qB1G8c use this tutorial to boot into 9008 mode. Plug your device into the computer, then hold power then down the turn it off and then quicky let go of power and press and hold power then rapidly press the vol+ button and you should be at a black screen and should be in 9008 mode. To check: Open up device manager and check ports and should say qualcomm 9008 mode. If it says something like qhubulk usb an theres an exclamation on it make sure to right click update drivers and search automatically on the internet. Otherwise youre gonna have to find the drivers your self online which isnt hard.
5. Once you confirm that you are there right click in the folder where you extracted everything open up Powershell or if you have it to set to command prompt open that.
6. In powershell type cmd and press enter.
7. Type:
Code:
unkdz.py -f G710ULM11g_01_NAO_US_OP_1112.kdz -x
then press enter
8. Wait a while and ignore the warning about offsets and stuff like that and dont close it yet.
9. After its done open up the kdz extracted folder and move the .dz file it generated back into where you extracted everything and then run this command in that same command prompt:
Code:
undz.py -f G71011g_01.dz -c
10. Wait while this also finishes, again ignore the warnings.
11. Place the rawprogramfiles0-6.xml's into the dzextracted folder it created this time
12. Now its time to flash, so open up qfil, you can just search it in the search bar on windows 10.
13. In the qfil window, select click configuration on top then firehouse configuration then make sure you change device type to UFS then click ok
14. Select Flat Build then in the programmer path select the prog_ufs_firehose_Sdm845_lge.elf file.
15. In the search path put the location of the dzextracted where all the files are extracted should be where theres a bunch of different bins
16. In the Rawprogram and Patch place click load xml then navigate to where the rawprogramfiles are (should be where dzextracted ) if you dont see it. If you do see it then shift then click Rawprogramfile0 then Rawprogramfile6 and it should select all of them. Then it should say select patch file. just click cancel on the patch file.
17. Click download and it should start flashing the files and wait till it done.
18 Hold power and down for 10-20s it should reboot and it should be able to boot android. It may restart once so it erases user data.
19. You should be able to boot into android now
If it doesnt boot:
You should be able to enter download mode now to flash fw with lgup
Lets Thank:
@Xsavi For finding the firehose file for sdm devices
@quickwshell for the rawprogram generator.
THANK YOU!!!!!!!!!!!!!!
Thank you thank you it worked with my lg g7 g710n
Hi there,
is there a way to recover my lost s/n number with that?
And many thanks for your work!
bongster said:
Hi there,
is there a way to recover my lost s/n number with that?
And many thanks for your work!
Click to expand...
Click to collapse
I can restore you S / N
motogvasyag said:
I can restore you S / N
Click to expand...
Click to collapse
Hi,
and how do you do that?
heres another link for the kdz if the lge link is slow
https://androidfilehost.com/?fid=4349826312261728482
Where to enter "D. after the installation is complete, go back to another cmd window and type: pip install zstandard"? In adb, python?
Smouk said:
Where to enter "D. after the installation is complete, go back to another cmd window and type: pip install zstandard"? In adb, python?
Click to expand...
Click to collapse
The python windiw where you opened the script folder
Smouk said:
Where to enter "D. after the installation is complete, go back to another cmd window and type: pip install zstandard"? In adb, python?
Click to expand...
Click to collapse
It'z easier to use Cygwin. Download it and install. Open Cygwin
After the $ type pip install zstandard as zstd press enter it will find the .whl file it needs to run in python to extract any dz file your having problems with or other files you need for python.
Hi, @Awesomeslayerg, would your method wipe efs along with s/n or imei?
zacox123 said:
Hi, @Awesomeslayerg, would your method wipe efs along with s/n or imei?
Click to expand...
Click to collapse
Possibly, depends how you bricked it.
can anyone provide the extracted *11g kdz* files in a link. i managed to run evrything exept to extract the *G71011g_01.dz* in python. its says that the zstandard tool not found, and dosnt extract with LG_Firmware_Extract_v1.2.6.1 eather , idont know why.
or help me with the *prog_ufs_firehose_Sdm845_lge* and *rawprograms* for the *G710ULM21d_00_NAO_US_OP_0711.kdz* firmware to flash pie
thnks for your help frnds plz help me
ghani mal said:
can anyone provide the extracted *11g kdz* files in a link. i managed to run evrything exept to extract the *G71011g_01.dz* in python. its says that the zstandard tool not found, and dosnt extract with LG_Firmware_Extract_v1.2.6.1 eather , idont know why.
or help me with the *prog_ufs_firehose_Sdm845_lge* and *rawprograms* for the *G710ULM21d_00_NAO_US_OP_0711.kdz* firmware to flash pie
thnks for your help frnds plz help me
Click to expand...
Click to collapse
Cross flash to the G710ULM21d_00_NAO_US_OP_0711.kdz and use qfil to backup what you need. (Boot_a.img, Boot_b.img).
Here's a good guide to help you. It's from the of LG v40 forum but you can use it for your device.
https://forum.xda-developers.com/lg-v40/development/unlock-lg-v40-via-9008-root-t-mobile-t4042207
Remember all this is at your own risk!!! Good luck.
All the files you need are in the thread.
netookska05 said:
Cross flash to the G710ULM21d_00_NAO_US_OP_0711.kdz and use qfil to backup what you need. (Boot_a.img, Boot_b.img).
Here's a good guide to help you. It's from the of LG v40 forum but you can use it for your device.
https://forum.xda-developers.com/lg-v40/development/unlock-lg-v40-via-9008-root-t-mobile-t4042207
Remember all this is at your own risk!!! Good luck.
All the files you need are in the thread.
Click to expand...
Click to collapse
i want to flash 11g oreo rom and i need somone to provide 11g firmware extracted files; to flash it. i get erour when i flash the 21d firmare cause of *size does not match*, so if you can just provide a link to the 11g firmware extracted files in *androidfilehost* or *mega* i will be greatfull
thank you
ghani mal said:
i want to flash 11g oreo rom and i need somone to provide 11g firmware extracted files; to flash it. i get erour when i flash the 21d firmare cause of *size does not match*, so if you can just provide a link to the 11g firmware extracted files in *androidfilehost* or *mega* i will be greatfull
thank you
Click to expand...
Click to collapse
How are you flashing the 21d kdz?
netookska05 said:
How are you flashing the 21d kdz?
Click to expand...
Click to collapse
I extracted it with lg kdz extractor and try to flash it with the files that's found on top of this thread (rawfiles and everything else) exept the extracted files i changed theme to the 21d firmware.
ghani mal said:
I extracted it with lg kdz extractor and try to flash it with the files that's found on top of this thread (rawfiles and everything else) exept the extracted files i changed theme to the 21d firmware.
Click to expand...
Click to collapse
So your device is bricked? I can share the kdz and dz files. Let me get things together and I will provide a link.
ghani mal said:
I extracted it with lg kdz extractor and try to flash it with the files that's found on top of this thread (rawfiles and everything else) exept the extracted files i changed theme to the 21d firmware.
Click to expand...
Click to collapse
You cant use the 21d with the rawprogran files. These are only for that oreo kdz. You can flash them back to pie later.
Awesomeslayerg said:
You cant use the 21d with the rawprogran files. These are only for that oreo kdz. You can flash them back to pie later.
Click to expand...
Click to collapse
This is why i need oreo files, to flash them but i couldn't extract this firmware 11g , if you did extract it could you upload them for me, and thank you for your help.
netookska05 said:
So your device is bricked? I can share the kdz and dz files. Let me get things together and I will provide a link.
Click to expand...
Click to collapse
Thanks man for your help, i am waiting....

HELP: Attempting to obtain root on BLU G9 Pro

Hello all, so long story short I had bought a BLU G9 Pro which came with Android 9 Pie. The only device-specific guide I could find online about obtaining root was: https://www.getdroidtips.com/root-blu-g9-pro/
The information on that guide is trivial and can be applicable to almost any device. The root method worked, however, there was an OTA update to Android 10 (and then later a security update) which I took. I then attempted to re-root the device utilizing the same method. However, now it seems that everytime I flash a Magisk modded boot.img my device gets stuck in a bootloop and will not go past the bootloader. I believe that this device may be uncharted territory but it is a great phone and I would love to have both Magisk root and the latest Android 10 firmware. I have found that Magisk supports both Android 10 and A-only devices so I do not see what is causing the problem. Additionally, I attempted to flash an AOSP GSI of Android 10 which refused to boot before I even installed Magisk. I am new to modern Android devices with Project Treble so please forgive me if there is something obvious I am missing. Any help is appreciated, thanks in advance!
@eLatErbI
Try flashing GSI like said in https://source.android.com/setup/build/gsi#flashing-gsis
May be vbmeta flashing is required for your device.
You can get vbmeta.img from your stock firmware.
It seems that Verified Boot could definitely be getting in the way. Could this possibly explain why Magisk is working on the Android 9.0 version of the stock ROM but not Android 10? However, I thought Magisk disabled verified boot in the kernel (boot.img) also I do not have a vbmeta.img in any stock firmware for this phone. Any other means of disabling verified boot? Thanks in advance!
Hi, I have the same problem with my G9 PRO, I tried to boot all kinds of GSI roms with and without magisk and it doesn't work (bootloop). I cannot find the vbmeta partition anywhere so I am hesitant to try to flash it without a backup. There is a mention of it in the fstab of the boot partition, however it is not in the stock firmware or in my own backups. Magisk did also work for me before the Android 10 update. Does anyone have an idea of how AVB works without a vbmeta partition or a verity file?
You can extract the boot.img from your phone if you updated to 10. I updated and used SP Flash to read the boot.img and WwR_MTK to get the partition length and starting value for the boot.img and patched it using Magisk and reflashed it over fastboot. I know this thread is a bit old but if anyone is interested, reply and I will post the link that explains. I have Android 10 running on my Blu G9 pro rooted.
tuffasagong said:
You can extract the boot.img from your phone if you updated to 10. I updated and used SP Flash to read the boot.img and WwR_MTK to get the partition length and starting value for the boot.img and patched it using Magisk and reflashed it over fastboot. I know this thread is a bit old but if anyone is interested, reply and I will post the link that explains. I have Android 10 running on my Blu G9 pro rooted.
Click to expand...
Click to collapse
Hi. Please post the link. It will be very helpful for me. I have the BLU_G0231WW android 10.
Here is the link: https://forum.hovatek.com/thread-21970.html
This is what I did to root the phone:
Download WwR_MTK 2.30 and SP Flash (I used version 5.2112)
**Open WwR_MTK 2.30 and create a basic Scatter File by choosing the Platform Type (processor) which for Blu G9 Pro is MT6771. Click create and save as - I saved all files in one folder.
**Open SP Flash Tool and under the download tab choose the scatter file we just created it will have only Preloader under it.
**Go to the Readback tab press Add -- Double click on what was added and just keep it saved as ROM_0 (once again I saved it in the same folder as the scatter file) -- the Start Address is in the scatter file as "physical_start_addr:" it should be 0x0 and the length is "partition_size:" and the value should be 0x80000. Keep the Region as EMMC_USER unless you want the preloader but to get the boot.img we don't need that. Turn off your phone and press the Read Back button with the Arrow and plug your phone into the computer. It will read the file and give you a big Green Check to let you know it completed succesfully.
**Once you have the ROM_0 open it up in WwR_MTK 2.30 Under Step 3 (Choose the EMMC_USER partition in the prepared backup) you will get an error that says "The file size is smaller than the start position of the LK (uboot)" press OK -- You will get another error that says "To determine the ype of process and memory.... blah blah blah" Press OK
**Click the Scatter File tab -- Under the Name field find boot. We now get the starting value of the boot.img and the partition length. We need these values to put back into SP Flash.
**Go to SP Flash and Readback tab again. Press add. Double Click the new add and save it as boot.img -- Region is EMMC_USER and the start address is going to be the HEX value next to Boot and length the length address next to boot. For the BLU_G0231WW_V10.0.04.07_GENERIC Build these addresses are:
Start: 0x20C00000 and Length: 0x2000000
Push ok when you put the start address and length for the boot.img and once again push Readback and connect your phone while off. The File size I got was a boot.img of 32,768 KB in size which is much bigger than the boot.img of the Android 9 (which was like 9 MB in size).
**Install Magisk on the phone and patch the boot.img and flash it with fastboot and boom, you have a rooted BLU G9 Pro with the latest Update. Keep your stock boot.img as I rooted my phone with the 10.0.04.04 update and could not update to 10.0.04.07 until I reflashed the stock boot.img in case there is another update.
That is all there is to it and you should be able to use this tutorial to root if BLU pushes anymore updates.
tuffasagong said:
Here is the link: https://forum.hovatek.com/thread-21970.html
This is what I did to root the phone:
Download WwR_MTK 2.30 and SP Flash (I used version 5.2112)
**Open WwR_MTK 2.30 and create a basic Scatter File by choosing the Platform Type (processor) which for Blu G9 Pro is MT6771. Click create and save as - I saved all files in one folder.
**Open SP Flash Tool and under the download tab choose the scatter file we just created it will have only Preloader under it.
**Go to the Readback tab press Add -- Double click on what was added and just keep it saved as ROM_0 (once again I saved it in the same folder as the scatter file) -- the Start Address is in the scatter file as "physical_start_addr:" it should be 0x0 and the length is "partition_size:" and the value should be 0x80000. Keep the Region as EMMC_USER unless you want the preloader but to get the boot.img we don't need that. Turn off your phone and press the Read Back button with the Arrow and plug your phone into the computer. It will read the file and give you a big Green Check to let you know it completed succesfully.
**Once you have the ROM_0 open it up in WwR_MTK 2.30 Under Step 3 (Choose the EMMC_USER partition in the prepared backup) you will get an error that says "The file size is smaller than the start position of the LK (uboot)" press OK -- You will get another error that says "To determine the ype of process and memory.... blah blah blah" Press OK
**Click the Scatter File tab -- Under the Name field find boot. We now get the starting value of the boot.img and the partition length. We need these values to put back into SP Flash.
**Go to SP Flash and Readback tab again. Press add. Double Click the new add and save it as boot.img -- Region is EMMC_USER and the start address is going to be the HEX value next to Boot and length the length address next to boot. For the BLU_G0231WW_V10.0.04.07_GENERIC Build these addresses are:
Start: 0x20C00000 and Length: 0x2000000
Push ok when you put the start address and length for the boot.img and once again push Readback and connect your phone while off. The File size I got was a boot.img of 32,768 KB in size which is much bigger than the boot.img of the Android 9 (which was like 9 MB in size).
**Install Magisk on the phone and patch the boot.img and flash it with fastboot and boom, you have a rooted BLU G9 Pro with the latest Update. Keep your stock boot.img as I rooted my phone with the 10.0.04.04 update and could not update to 10.0.04.07 until I reflashed the stock boot.img in case there is another update.
That is all there is to it and you should be able to use this tutorial to root if BLU pushes anymore updates.
Click to expand...
Click to collapse
Thank tuffasagong.
I now have my blu g9 pro magisk rooted on Android 10. I added viper4Android, Adaway and more tweaks.
Have you noticed the desktop mode when screen casting to second display? I wonder if there is a way to reduce lag when using bluetooth mous.
&oot4peace said:
Thank tuffasagong.
I now have my blu g9 pro magisk rooted on Android 10. I added viper4Android, Adaway and more tweaks.
Have you noticed the desktop mode when screen casting to second display? I wonder if there is a way to reduce lag when using bluetooth mous.
Click to expand...
Click to collapse
flashed magisk but bricked phone Does anyone happen to have g9 pro v10 firmware G0230WW or G0231WW readback rom? please i need to unbrick and firmware on web wont work. Please help..
Tesh3180 said:
flashed magisk but bricked phone Does anyone happen to have g9 pro v10 firmware G0230WW or G0231WW readback rom? please i need to unbrick and firmware on web wont work. Please help..
Click to expand...
Click to collapse
Search here: BLU Stock Firmware Repository (Mediafire)
lopestom said:
Search here: BLU Stock Firmware Repository (Mediafire)
Click to expand...
Click to collapse
thanks but already tried that file and wont work..
Tesh3180 said:
thanks but already tried that file and wont work..
Click to expand...
Click to collapse
Which version were you on? The latest at the time? A little more info did you flash a Magisk patched boot image?
Blu pushed out a new update 10.0.04.08 a couple weeks ago. Reflash the stock Boot image to update. Boot image has the same length and start addresses. I just reflashed the magisk Boot image I made with 10.0.04.07 and works fine.
tuffasagong said:
Here is the link: https://forum.hovatek.com/thread-21970.html
This is what I did to root the phone:
Download WwR_MTK 2.30 and SP Flash (I used version 5.2112)
**Open WwR_MTK 2.30 and create a basic Scatter File by choosing the Platform Type (processor) which for Blu G9 Pro is MT6771. Click create and save as - I saved all files in one folder.
**Open SP Flash Tool and under the download tab choose the scatter file we just created it will have only Preloader under it.
**Go to the Readback tab press Add -- Double click on what was added and just keep it saved as ROM_0 (once again I saved it in the same folder as the scatter file) -- the Start Address is in the scatter file as "physical_start_addr:" it should be 0x0 and the length is "partition_size:" and the value should be 0x80000. Keep the Region as EMMC_USER unless you want the preloader but to get the boot.img we don't need that. Turn off your phone and press the Read Back button with the Arrow and plug your phone into the computer. It will read the file and give you a big Green Check to let you know it completed succesfully.
**Once you have the ROM_0 open it up in WwR_MTK 2.30 Under Step 3 (Choose the EMMC_USER partition in the prepared backup) you will get an error that says "The file size is smaller than the start position of the LK (uboot)" press OK -- You will get another error that says "To determine the ype of process and memory.... blah blah blah" Press OK
**Click the Scatter File tab -- Under the Name field find boot. We now get the starting value of the boot.img and the partition length. We need these values to put back into SP Flash.
**Go to SP Flash and Readback tab again. Press add. Double Click the new add and save it as boot.img -- Region is EMMC_USER and the start address is going to be the HEX value next to Boot and length the length address next to boot. For the BLU_G0231WW_V10.0.04.07_GENERIC Build these addresses are:
Start: 0x20C00000 and Length: 0x2000000
Push ok when you put the start address and length for the boot.img and once again push Readback and connect your phone while off. The File size I got was a boot.img of 32,768 KB in size which is much bigger than the boot.img of the Android 9 (which was like 9 MB in size).
**Install Magisk on the phone and patch the boot.img and flash it with fastboot and boom, you have a rooted BLU G9 Pro with the latest Update. Keep your stock boot.img as I rooted my phone with the 10.0.04.04 update and could not update to 10.0.04.07 until I reflashed the stock boot.img in case there is another update.
That is all there is to it and you should be able to use this tutorial to root if BLU pushes anymore updates.
Click to expand...
Click to collapse
I've followed this and have gotten quite far but I can't seem to find any working fastboot drivers for the G9 pro, I have tried several different ones and with every one I get absolutely no hits on "fastboot devices" and upon any attempts to flash, it leaves me at "waiting for device" I just want to know if you had a specific driver or if it's different issue
Cathedralruins said:
I've followed this and have gotten quite far but I can't seem to find any working fastboot drivers for the G9 pro, I have tried several different ones and with every one I get absolutely no hits on "fastboot devices" and upon any attempts to flash, it leaves me at "waiting for device" I just want to know if you had a specific driver or if it's different issue
Click to expand...
Click to collapse
Use the Platform Tools for A9 or A10.
Downloads - Read and accept the terms.: platform-tools-latest-windows.zip
Device need OEM Unlock & USB Debugging enable.
Maybe your PC need USB Drivers: drivers USB OEM
Maybe need MTK USB driver: MTK Driver
lopestom said:
Use the Platform Tools for A9 or A10.
Downloads - Read and accept the terms.: platform-tools-latest-windows.zip
Device need OEM Unlock & USB Debugging enable.
Maybe your PC need USB Drivers: drivers USB OEM
Maybe need MTK USB driver: MTK Driver
Click to expand...
Click to collapse
First off, thank you for your really speedy assistance with this, I appreciate it.
A couple things, to note, the device has already had OEM unlocking and usb debugging enabled, it works with adb, but is not recognized at all by fastboot itself, I'm definitely going to try those drivers and that version of the platform tools. Is there any log, device list, or any other info I can dump that would be useful in troubleshooting this?
Thanks again for your assistance, lopestom.
Cathedralruins said:
First off, thank you for your really speedy assistance with this, I appreciate it.
A couple things, to note, the device has already had OEM unlocking and usb debugging enabled, it works with adb, but is not recognized at all by fastboot itself, I'm definitely going to try those drivers and that version of the platform tools. Is there any log, device list, or any other info I can dump that would be useful in troubleshooting this?
Thanks again for your assistance, lopestom.
Click to expand...
Click to collapse
Bootloader unlocked?
Authorization PC vs device already has with USB debugging?
If yes so look drivers.
Hello there,
My technical skills when comes to android phones is next to zero, but I have been running linux (Fedora, Endeavour, currently Debian 11), I am not affraid of the terminal.
I have bought a Blu g9 pro, like 3 months ago, it came out of the box with android 9, then It updated to android 10.
It is very close to stock android, and I am ok with it, exept for a few creepy apps that I would like to remove,
I would like your input on what is the safest aproach, can I just 'debloat' the current system? or might as well replace it with something else?
Thank you.
I attempted to flash the patched boot image from Magisk but my G9 Pro started boot looping. I've tried to flash every firmware that I can find for this model but I keep getting an error message from the Flash tool.
Any guidance?
tuffasagong said:
Here is the link: https://forum.hovatek.com/thread-21970.html
This is what I did to root the phone:
Download WwR_MTK 2.30 and SP Flash (I used version 5.2112)
**Open WwR_MTK 2.30 and create a basic Scatter File by choosing the Platform Type (processor) which for Blu G9 Pro is MT6771. Click create and save as - I saved all files in one folder.
**Open SP Flash Tool and under the download tab choose the scatter file we just created it will have only Preloader under it.
**Go to the Readback tab press Add -- Double click on what was added and just keep it saved as ROM_0 (once again I saved it in the same folder as the scatter file) -- the Start Address is in the scatter file as "physical_start_addr:" it should be 0x0 and the length is "partition_size:" and the value should be 0x80000. Keep the Region as EMMC_USER unless you want the preloader but to get the boot.img we don't need that. Turn off your phone and press the Read Back button with the Arrow and plug your phone into the computer. It will read the file and give you a big Green Check to let you know it completed succesfully.
**Once you have the ROM_0 open it up in WwR_MTK 2.30 Under Step 3 (Choose the EMMC_USER partition in the prepared backup) you will get an error that says "The file size is smaller than the start position of the LK (uboot)" press OK -- You will get another error that says "To determine the ype of process and memory.... blah blah blah" Press OK
**Click the Scatter File tab -- Under the Name field find boot. We now get the starting value of the boot.img and the partition length. We need these values to put back into SP Flash.
**Go to SP Flash and Readback tab again. Press add. Double Click the new add and save it as boot.img -- Region is EMMC_USER and the start address is going to be the HEX value next to Boot and length the length address next to boot. For the BLU_G0231WW_V10.0.04.07_GENERIC Build these addresses are:
Start: 0x20C00000 and Length: 0x2000000
Push ok when you put the start address and length for the boot.img and once again push Readback and connect your phone while off. The File size I got was a boot.img of 32,768 KB in size which is much bigger than the boot.img of the Android 9 (which was like 9 MB in size).
**Install Magisk on the phone and patch the boot.img and flash it with fastboot and boom, you have a rooted BLU G9 Pro with the latest Update. Keep your stock boot.img as I rooted my phone with the 10.0.04.04 update and could not update to 10.0.04.07 until I reflashed the stock boot.img in case there is another update.
That is all there is to it and you should be able to use this tutorial to root if BLU pushes anymore updates.
Click to expand...
Click to collapse
Saved me - TY. This worked for me for Mintt Ultramintt Y3 - basically an Aussie rebadged Blu G9 Pro. I used this method for it with Pie 9 (before allowing update to 10). Cheers

Categories

Resources