Hi,
I have installed twrp on my Honor 6 (h60-l04), i tried to flash another firmware but now I can't boot it, theres only a frozen "HONOR" startscreen. I tried to install another firmware (original from huawei), but its no .img file , its a dload file with "update.app" in it. How can I flash the original firmware on my phone? (its Unlocked)
Please help me
follow this method http://forum.gsmhosting.com/vbb/f929/huawei-honor-6-tools-1900692/
You can flash the full Stock ROM manually too by following these steps, how to extract UPDATE.APP is also given
Download your phone's latest firmware and extract system.img, boot.img, recovery.img, cust.img from UPDATE.APP using Huawei Update Extractor tool.
Flash recovery first, using this command.
Code:
fastboot flash recovery recovery.img
Flash all other extracted files similarly firing these commands.
Code:
fastboot flash boot boot.img
fastboot flash cust cust.img
fastboot flash system system.img
After doing this put that very UPDATE.APP from which you extracted the files in dload folder of your external SDCARD.
Switch off your phone, and press Vol UP + Vol DOWN + Power button simultaneously.
Update process will start, let it finish.
Your device will be as good as new after this.
I just bought a LG V50 from China and the seller claimed it to be a 2nd hand Korea KT phone but it's not. The serial number was wipe out and the impl=0.
It got unlocked bootloader warning for every reboot and OTA upgrade fails to find new firmware.
I would like to re-lock the bootloader but fail to enter fastboot mode. The command "adb reboot bootloader" or keys combination only reboot the phone. "adb reboot recovery" success but only gives green robot and no command as shown in attched picture.
I thought a flash of stock ROM may help so I use the lgup tool 1.16 to refurbish the firmware to V500N20t (V500NO20t_00_OPEN_KR_OP_0622.kdz). However, the recovery remain the same and reboot to fastboot mode fails as well.
Is there any way to flash the stock recovery and bring back the fastboot mode to re-lock the bootloader?
new68u said:
I just bought a LG V50 from China and the seller claimed it to be a 2nd hand Korea KT phone but it's not. The serial number was wipe out and the impl=0.
It got unlocked bootloader warning for every reboot and OTA upgrade fails to find new firmware.
I would like to re-lock the bootloader but fail to enter fastboot mode. The command "adb reboot bootloader" or keys combination only reboot the phone. "adb reboot recovery" success but only gives green robot and no command as shown in attched picture.
I thought a flash of stock ROM may help so I use the lgup tool 1.16 to refurbish the firmware to V500N20t (V500NO20t_00_OPEN_KR_OP_0622.kdz). However, the recovery remain the same and reboot to fastboot mode fails as well.
Is there any way to flash the stock recovery and bring back the fastboot mode to re-lock the bootloader?
Click to expand...
Click to collapse
You need to flash pie, and then use the xiaomi firehose in qfil to flash the engineering bootloader, then go to fastboot and do the lock command
Hi new68u! It seems you have no experience with LG phones...
Just use LGUP partition mode and flash in partition mode boot_a and boot_b images from different KDZ pack (20M for example) and you will be able to enter fastboot.
Then lock bootloader and go to download mode again and flash the correct boot images from 20T kdz.
antintin said:
You need to flash pie, and then use the xiaomi firehose in qfil to flash the engineering bootloader, then go to fastboot and do the lock command
Click to expand...
Click to collapse
Thank you for you hints, it's a bit complicated to me.
I download the pie firmware V500N11d_00_LGU_KR_OP_0701.kdz, qfil tool, prog_ufs_firehose_sdm855_ddr.elf file.
Before I downgrade the phone to pie, I try to launch qfil, select port, select ufs, load the xiaomi firehose, then select "load xml" but I can't find the rawprogram().xml and the patch().xml.
I browse through some topcs and find out those 2 files need to be rebuild by extract the firmware. That's even more complicated. Am I still on the correct approach?
vlad48 said:
Hi new68u! It seems you have no experience with LG phones...
Just use LGUP partition mode and flash in partition mode boot_a and boot_b images from different KDZ pack (20M for example) and you will be able to enter fastboot.
Then lock bootloader and go to download mode again and flash the correct boot images from 20T kdz.
Click to expand...
Click to collapse
You're right, it's my first LG phone. I launch the LGUP but I can't find the "partition" option. Any hints?
new68u said:
You're right, it's my first LG phone. I launch the LGUP but I can't find the "partition" option. Any hints?
Click to expand...
Click to collapse
Please refer to this thread or replace original files with attached one and you will have those options....
vlad48 said:
Please refer to this thread or replace original files with attached one and you will have those options....
Click to expand...
Click to collapse
Thanks! I successfully write the boot_a and boot_b partitions from two difference kdz files, however, the "adb reboot bootloader" still fail to enter fastboot mode and only reboot the phone. :crying:
new68u said:
Thanks! I successfully write the boot_a and boot_b partitions from two difference kdz files, however, the "adb reboot bootloader" still fail to enter fastboot mode and only reboot the phone. :crying:
Click to expand...
Click to collapse
You need to flash boot_a from one kdz, and then all partitions from another kdz to make boot and other partitions mismatch. Use partition dl. You might have to do it for both slots. However, I'm not sure if the normal fastboot allows the lock bootloader command
antintin said:
You need to flash boot_a from one kdz, and then all partitions from another kdz to make boot and other partitions mismatch. Use partition dl. You might have to do it for both slots. However, I'm not sure if the normal fastboot allows the lock bootloader command
Click to expand...
Click to collapse
Please correct me if I misunderstood anything:
1) prepare 20o and 20t firmware
2) use lgup to load 20t and refurbish -> all 20t partitions goes to partition a
3) use lgup to load 20t and write boot_b -> boot_b becomes 20t
4) use lgup to load 20o and write boot_a -> boot_a becomes 20o
5) use lgup to load 20o and write all partitions with ***_b -> ***_b becomes 20o
6) reboot
new68u said:
Please correct me if I misunderstood anything:
1) prepare 20o and 20t firmware
2) use lgup to load 20t and refurbish -> all 20t partitions goes to partition a
3) use lgup to load 20t and write boot_b -> boot_b becomes 20t
4) use lgup to load 20o and write boot_a -> boot_a becomes 20o
5) use lgup to load 20o and write all partitions with ***_b -> ***_b becomes 20o
6) reboot
Click to expand...
Click to collapse
1) prepare 20o and 20t firmware
2) use lgup to load 20t and refurbish
3) use lgup to load 20o and write boot_b -> boot_b becomes 20o
4) use lgup to load 20o and write boot_a -> boot_a becomes 20o
5) reboot -> you will enter directly into fastboot
vlad48 said:
1) prepare 20o and 20t firmware
2) use lgup to load 20t and refurbish
3) use lgup to load 20o and write boot_b -> boot_b becomes 20o
4) use lgup to load 20o and write boot_a -> boot_a becomes 20o
5) reboot -> you will enter directly into fastboot
Click to expand...
Click to collapse
Just tried, but on #5, it just reboot to the desktop and the UI freezes after few seconds.
new68u said:
Just tried, but on #5, it just reboot to the desktop and the UI freezes after few seconds.
Click to expand...
Click to collapse
Then either boot image is very similar to t or LGUP fails to overwrite it.
Try with boot image from older kdz as suggested initially - 20M
vlad48 said:
Then either boot image is very similar to t or LGUP fails to overwrite it.
Try with boot image from older kdz as suggested initially - 20M
Click to expand...
Click to collapse
Brilliant! I use an even older 11d kdz and the fastboot is back!
I lock the bootloader and reboot, the phone goes to boot loop. After go to download mode and rewrite the boot_a&b partition back to 20t, it can bootup successfully.
Thanks so much!!! :good:
BTW, is there any way I can retrieve the serial number of my phone, it was empty from the day I got it.
new68u said:
Brilliant!
BTW, is there any way I can retrieve the serial number of my phone, it was empty from the day I got it.
Click to expand...
Click to collapse
It is actually there, but fails to initialize properly because of whoever cross-flashed it wrong - just do not bother about S/N.
P.S.: To restore it successfully you need to unlock again bootloader and re-flash an edited FTM partition under fastboot which is a painful process, so better way - just do not bother about SN not showing.
new68u said:
Brilliant! I use an even older 11d kdz and the fastboot is back!
I lock the bootloader and reboot, the phone goes to boot loop. After go to download mode and rewrite the boot_a&b partition back to 20t, it can bootup successfully.
Thanks so much!!! :good:
BTW, is there any way I can retrieve the serial number of my phone, it was empty from the day I got it.
Click to expand...
Click to collapse
what command have you typed in to lock the bootloader again?
I've tried fastboot oem lock but for some reason it says command failed. Thanks!
hell
vlad48 said:
Then either boot image is very similar to t or LGUP fails to overwrite it.
Try with boot image from older kdz as suggested initially - 20M
Click to expand...
Click to collapse
o, i have lg v50 thinq-v450vm , it was bootloader unlocked , i just had to reinstall the software again via lgup and successfully done , but now it won't boot into bootloader , do u have any idea , is it the same problem here , and what if i write the boot_a or boot_b of the device via Qfil , does it work , and is it gonna be erased or formatted ?
Thank u
i just need to get into the fastboot mode to see which slot is active to root my phone via magisk bached boot image
Alaaaloha said:
hell
o, i have lg v50 thinq-v450vm , it was bootloader unlocked , i just had to reinstall the software again via lgup and successfully done , but now it won't boot into bootloader , do u have any idea , is it the same problem here , and what if i write the boot_a or boot_b of the device via Qfil , does it work , and is it gonna be erased or formatted ?
Thank u
i just need to get into the fastboot mode to see which slot is active to root my phone via magisk bached boot image
Click to expand...
Click to collapse
hey, have you found a solution? i have the same issue
new68u said:
new68u said:
I just bought a LG V50 from China and the seller claimed it to be a 2nd hand Korea KT phone but it's not. The serial number was wipe out and the impl=0.
It got unlocked bootloader warning for every reboot and OTA upgrade fails to find new firmware.
I would like to re-lock the bootloader but fail to enter fastboot mode. The command "adb reboot bootloader" or keys combination only reboot the phone. "adb reboot recovery" success but only gives green robot and no command as shown in attched picture.
I thought a flash of stock ROM may help so I use the lgup tool 1.16 to refurbish the firmware to V500N20t (V500NO20t_00_OPEN_KR_OP_0622.kdz). However, the recovery remain the same and reboot to fastboot mode fails as well.
Is there any way to flash the stock recovery and bring back the fastboot mode to re-lock the bootloader?
Click to expand...
Click to collapse
Click to expand...
Click to collapse
vlad48 said:
Hi new68u! It seems you have no experience with LG phones...
Just use LGUP partition mode and flash in partition mode boot_a and boot_b images from different KDZ pack (20M for example) and you will be able to enter fastboot.
Then lock bootloader and go to download mode again and flash the correct boot images from 20T kdz.
Click to expand...
Click to collapse
Hello, please can you help? I am a complete novice here. Can you please point me in the right direction?
vlad48 said:
Hi new68u! It seems you have no experience with LG phones...
Just use LGUP partition mode and flash in partition mode boot_a and boot_b images from different KDZ pack (20M for example) and you will be able to enter fastboot.
Then lock bootloader and go to download mode again and flash the correct boot images from 20T kdz.
Click to expand...
Click to collapse
Hello Sir, are you able to provide a step by step for this? Same problem here. Many thanks in advance.
I have realized that there isn't a guide to root the G91 PRO (not the max, for whatever reason that got rooted before the pro...) anyway, I figured out how to do it, and I'm probably not the first one. Since I haven't been able to find the stock rom on the internet, I strongly advise you backup your stock rom with mtkclient.
This is an A/B device, so we need to flash to both slots.
First, dump your stock rom with this tool: https://github.com/bkerler/mtkclient
This is mtkclient. It reverse engineers BROM or Preloader mode so that we can pull down the flash. Once you put your phone in BROM mode, use this command to back up the whole flash. (To put your phone in BROM mode, power off your phone and hold down volume up, down, and power and the same time while plugging in a USB-C cable)
python3 mtk rf flash.bin
Now that we've made a backup, we can start screwing around with the phone. If you ever need to restore your backup then all you need to do is:
python3 mtk w flash.bin
Inside of that flash bin you can find all the partitions inside of it. I use 7zip to look inside of the archive. Look for boot_a.img. After you find it, use magisk manager to root the stock boot.img.
If you don't want to look inside of the archive and would prefer to just dump the boot images, then just run these commands instead.
python3 mtk r boot_a boot_a.img
python3 mtk r boot_b boot_b.img
Now we can also use this mtkclient software to unlock the bootloader. We don't have to use mtkclient, we could use bootloader mode after enabling oem unlocking in developer options, but we can do this too.
We first have to erase metadata, userdata, and md_udc.
python3 mtk e metadata, userdata, md_udc
Now we can unlock the bootloader.
python3 mtk da seccfg unlock
After unlocking the bootloader, you can now flash partitions. Flash your patched boot.img in bootloader mode.
fastboot flash boot_a (patched boot.img)
fastboot flash boot_b (patched boot.img)
Inside of the mtkclient folder, you will find a file called vbmeta.img.empty. This is a patched vbmeta (its blank haha) so that we can disable verified boot. we need to flash it to both slots.
fastboot flash vbmeta_a (vbmeta.img.empty)
fastboot flash vbmeta_b (vbmeta.img.empty)
That's all!
Edit: I decided to attach my rooted and non rooted boot img for those who want to do it quickly. You can flash magiskboot_a.img to both slots, as they are the same. I caution you though, only flash my provided boot.img if your build number and custom build number matches the one in the screenshot I provided. Build number can be checked in Settings>About Device>Build Number and Custom Build Info. Make sure to also flash the empty vbmeta so you don't have any dm verity errors!
is build id same as build number?and can i flash that boot_a.img in bugjaeger app?
ziyad45 said:
View attachment 5620469is build id same as build number?and can i flash that boot_a.img in bugjaeger app?
Click to expand...
Click to collapse
This is not the same phone. You can't flash the boot.img. However, the specs are identical. You could probably follow the method I used to root this phone.
dtingley11222 said:
I have realized that there isn't a guide to root the G91 PRO (not the max, for whatever reason that got rooted before the pro...) anyway, I figured out how to do it, and I'm probably not the first one. Since I haven't been able to find the stock rom on the internet, I strongly advise you backup your stock rom with mtkclient.
This is an A/B device, so we need to flash to both slots.
First, dump your stock rom with this tool: https://github.com/bkerler/mtkclient
This is mtkclient. It reverse engineers BROM or Preloader mode so that we can pull down the flash. Once you put your phone in BROM mode, use this command to back up the whole flash. (To put your phone in BROM mode, power off your phone and hold down volume up, down, and power and the same time while plugging in a USB-C cable)
python3 mtk rf flash.bin
Now that we've made a backup, we can start screwing around with the phone. If you ever need to restore your backup then all you need to do is:
python3 mtk w flash.bin
Inside of that flash bin you can find all the partitions inside of it. I use 7zip to look inside of the archive. Look for boot_a.img. After you find it, use magisk manager to root the stock boot.img.
If you don't want to look inside of the archive and would prefer to just dump the boot images, then just run these commands instead.
python3 mtk r boot_a boot_a.img
python3 mtk r boot_b boot_b.img
Now we can also use this mtkclient software to unlock the bootloader. We don't have to use mtkclient, we could use bootloader mode after enabling oem unlocking in developer options, but we can do this too.
We first have to erase metadata, userdata, and md_udc.
python3 mtk e metadata, userdata, md_udc
Now we can unlock the bootloader.
python3 mtk da seccfg unlock
After unlocking the bootloader, you can now flash partitions. Flash your patched boot.img in bootloader mode.
fastboot flash boot_a (patched boot.img)
fastboot flash boot_b (patched boot.img)
Inside of the mtkclient folder, you will find a file called vbmeta.img.empty. This is a patched vbmeta (its blank haha) so that we can disable verified boot. we need to flash it to both slots.
fastboot flash vbmeta_a (vbmeta.img.empty)
fastboot flash vbmeta_b (vbmeta.img.empty)
That's all!
Edit: I decided to attach my rooted and non rooted boot img for those who want to do it quickly. I caution you though, only flash my provided boot.img if your build number and custom build number matches the one in the screenshot I provided. Build number can be checked in Settings>About Device>Build Number and Custom Build Info. Make sure to also flash the empty vbmeta so you don't have any dm verity errors!
Click to expand...
Click to collapse
My g91 pro doesn't seem to work with mtk client it but I have the same build as you.
To root my phone I need to have boot image a and b? I noticed just image a is attached and I can't find a rom download for the g91 pro anywhere.
Did you use img a for both?
Any help would be great.
Thanks
Longdelayecho said:
My g91 pro doesn't seem to work with mtk client it but I have the same build as you.
To root my phone I need to have boot image a and b? I noticed just image a is attached and I can't find a rom download for the g91 pro anywhere.
Did you use img a for both?
Any help would be great.
Thanks
Click to expand...
Click to collapse
You might not be entering brom correctly. The rom is not available on the internet. You only need boot_a because the boot imgs are the same for both slots. You can flash it to both a and b with no issue.
Hey do you think this would work on the G61S?
Hello, i have the RMX2075 version (not sure what's different with RMX2076 by the way..?) updated it to last version, which is "RMX2075_11_C.25". I wanted to root, for that i needed the boot.img file, i found on andrealmefirmware.com the fimrware "RMX2075GDPR_11_C.25" - GDPR means EU too, so i thought it's the right one. I extracted vbmeta and boot files with OFP extractor and patched the boot with magisk, then went in fasboot mode and entered the commands to root which can be found here.
Problem : phone won't boot, i get the warning "boot/recovery has been destroyed, phone cannot boot". I have had the ozip of an older firmware in the phone storage, but it refused to flash, because older! Not sure it was a mistake but i did format data. Anyway, RealmeFlashTool won't flash that "RMX2075GDPR_11_C.25" firmware, it says "cannot find directory". I'm stuck.. Anybody has the boot.img of that specific "RMX2075_11_C.25"? Or any instructions on how to recover.. Hope to get replies, thanks!
Ok, good news : when i flash the original boot.img of that "RMX2075GDPR_11_C.25" firmware, i don't get the error and i can boot. I still don't understand why it won't boot after i enter those :
fastboot --disable-verity --disable-verification
fastboot flash vbmeta vbmeta.img
fastboot flash boot boot.img
Which i patched with magisk (tried various versions). It doesn't make much sense to me..? Also would like to know which firmware file i need to downgrade to RUI 1.0 (and where to find it).