Related
The initial problem
My i9023 got totally bricked after restoring it to factory defaults. As soon as I changed the SIM card and tried to power the phone up, it just wouldn't do anything; the display wouldn't turn on (neither while charging), no vibration, no light on the touch keys, nothing.
The inspirers
I found the posts by AdamOutler about the Unbrickable Mod and the Unbrickable Resurrector, plus a nice thread started by cyberalex88 on how he unbricked his Nexus S.
Current situation
Starting from what it is mentioned on the threads mentioned above, I performed the Unbrickable Mod with the help of a friend last Monday, and now the phone is detected by the Unbrickable Resurrector, but I cannot get it to work again.
The Unbrickable Resurrector interacts with the phone somehow ("S5PC110 detected") and seems to enable the Download Mode, but it is not working as I think it should.
My diagnosis
I think that the partition table of the phone is broken, but there might also be a problem with the resurrection. I've spent a good time finding information, but still I haven't been able to find a way to fix the issue. I do not how to proceed anymore.
Working environment
I've been using a dual boot PC, with Ubuntu 13.04 64bit and Windows 7, trying both Odin 1.83 and Heimdall 1.4.0 (from Ubuntu) to flash the original firmware (I9023_EUR_GRI54_XXKB3) downloaded from samfirmware.
Using The Unbrickable Resurrector
After launching the Unbrickable Resurrector, inserting the battery to the phone and plugin the usb to the Linux machine, the Resurrector detects my phone. From that starting point, I've been able to enable the "Download Mode" (search and home buttons lighted on) in the phone in two different ways:
Selecting Nexus S as Device type
After selecting "Nexus S" and performing the resurrection, the phone enters on what it should be the "Download Mode" (search and home buttons lighted on), but then it is not detected by Heimdall.
Code:
[email protected]:~#heimdall detect
ERROR: Failed to detect compatible download-mode device.
I don't know if it's related with this, but the Resurrector does not show the "Download Mode" photo on top of the window after resurrecting.
This is the log from the resurrection:
Code:
Building command list
#S5PC110 (Nexus S)
#RESURRECTOR SELECTED:HIBL.bin LOCATION:0xD0020000
#SBL: nexus_sbl.bin LOCATION:0x33040000 tool:SMDK
1. Apply UnBrickable Mod
2. Remove then insert Device battery
3. Connect to computer via USB.
4. Click the Download Mode button while holding button combination
5. Download new software with fastboot for Linux.
Begin Resurrection Sequence
Requesting Permission to access device
Please wait.... Uploading..
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v2.1
Copyright (C) Rebellos 2011
-------------------------------------------------------------
SMDK42XX,S3C64XX USB Download Tool
Version 0.20 (c) 2004,2005,2006 Ben Dooks <[email protected]>
S3C64XX Detected!
=> found device: bus 001, dev 031
=> loaded 24576 bytes from /tmp/TempHeimdallOneClickA2EFF4DC/UnBrickPack/HIBL.bin
=> Downloading 24586 bytes to 0xd0020000
=> Data checksum d8dc
=> usb_bulk_write() returned 24586
Interceptor Injection Complete. Injecting modified SBL
SMDK42XX,S3C64XX USB Download Tool
Version 0.20 (c) 2004,2005,2006 Ben Dooks <[email protected]>
S3C64XX Detected!
=> found device: bus 001, dev 032
=> loaded 1310720 bytes from /tmp/TempHeimdallOneClickA2EFF4DC/UnBrickPack/nexus_sbl.bin
=> Downloading 1310730 bytes to 0x33040000
=> Data checksum 6106
=> usb_bulk_write() returned 1310730
Modified SBL Injection Completed Download Mode Activated
Selecting Galaxy S as Device type
Since the Heimdall message got me worried, I tried to resurrect the phone selecting the other two device types, and it seems that it gets to "Download Mode" (search and home buttons lighted on) as "Galaxy S". As Galaxy S, after the resurrection, and unlike as Nexus S, the window shows the Download Mode photo on the top part and Heimdall detects the phone:
Code:
[email protected]:~#heimdall detect
Device detected
This is the log from the resurrection:
Code:
Building command list
#S5PC110 (Galaxy S)
#RESURRECTOR SELECTED:HIBL.bin LOCATION:0xD0020000
#SBL: Sbl.bin LOCATION:0x40244000 tool:SMDK
1. Apply UnBrickable Mod
2. Remove then insert Device battery
3. Connect to computer via USB.
4. Click the Download Mode button
5. Download new software with Heimdall.
Begin Resurrection Sequence
Requesting Permission to access device
Please wait.... Uploading..
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v2.1
Copyright (C) Rebellos 2011
-------------------------------------------------------------
SMDK42XX,S3C64XX USB Download Tool
Version 0.20 (c) 2004,2005,2006 Ben Dooks <[email protected]>
S3C64XX Detected!
=> found device: bus 001, dev 033
=> loaded 24576 bytes from /tmp/TempHeimdallOneClick9ECA7A24/UnBrickPack/HIBL.bin
=> Downloading 24586 bytes to 0xd0020000
=> Data checksum d8dc
=> usb_bulk_write() returned 24586
Interceptor Injection Complete. Injecting modified SBL
SMDK42XX,S3C64XX USB Download Tool
Version 0.20 (c) 2004,2005,2006 Ben Dooks <[email protected]>
S3C64XX Detected!
=> found device: bus 001, dev 034
=> loaded 1310720 bytes from /tmp/TempHeimdallOneClick9ECA7A24/UnBrickPack/Sbl.bin
=> Downloading 1310730 bytes to 0x40244000
=> Data checksum f37e
=> usb_bulk_write() returned 1310730
Modified SBL Injection Completed Download Mode Activated
Using Heimdall
Since Heimdall wouldn't detect the phone unless resurrecting as Galaxy S, I proceeded from that resurrection. The first thing I tried was to flash the original rom, but since I got an error message related with the phone's pit file, I focused on getting the pit file from the phone.
This is the output of the "print-pit" argument:
Code:
[email protected]:~#heimdall print-pit
Heimdall v1.4.0
Copyright (c) 2010-2013, Benjamin Dobell, Glass Echidna
http://www.glassechidna.com.au/
This software is provided free of charge. Copying and redistribution is
encouraged.
If you appreciate this software and you would like to support future
development please consider donating:
http://www.glassechidna.com.au/donate/
Initialising connection...
Detecting device...
Claiming interface...
Attempt failed. Detaching driver...
Claiming interface again...
Setting up interface...
Initialising protocol...
Protocol initialisation successful.
Beginning session...
Some devices may take up to 2 minutes to respond.
Please be patient!
Session begun.
Downloading device's PIT file...
ERROR: Failed to receive PIT file size!
ERROR: Failed to download PIT file!
Ending session...
Rebooting device...
Releasing device interface...
Re-attaching kernel driver...
So, Heimdall is not able to get the PIT file from the phone, but it does reboot the device since the search and home buttons are turned off after launching the command. So there is some kind of communication.
Guessing that the partition table of the phone might be corrupted, I found a pit file that it is supposed to be for the device (u1_02_20110310_emmc_EXT4.pit), and launched the following Heimdall command trying to repartition the phone:
Code:
[email protected]:~#heimdall flash --repartition --pit u1_02_20110310_emmc_EXT4.pit --BOOT boot.img --SBL1 bootloader.img --RECOVERY recovery.img --FACTORYFS system.img --DATAFS userdata.img --MODEM modem.img --CACHE dgs.img
Heimdall v1.4.0
Copyright (c) 2010-2013, Benjamin Dobell, Glass Echidna
http://www.glassechidna.com.au/
This software is provided free of charge. Copying and redistribution is
encouraged.
If you appreciate this software and you would like to support future
development please consider donating:
http://www.glassechidna.com.au/donate/
Initialising connection...
Detecting device...
Claiming interface...
Attempt failed. Detaching driver...
Claiming interface again...
Setting up interface...
Initialising protocol...
Protocol initialisation successful.
Beginning session...
Some devices may take up to 2 minutes to respond.
Please be patient!
Session begun.
Uploading PIT
ERROR: Failed to confirm end of PIT file transfer!
ERROR: PIT upload failed!
Ending session...
Rebooting device...
Releasing device interface...
Re-attaching kernel driver...
Using Odin
Since I had no luck with Heimdall, I installed Windows 7 on my Linux machine and rebooted to Windows after the resurrection in both modes of operation (Nexus S and Galaxy S) to try Odin. The result was the same in both cases, the device was not detected and the program only checks if the rom files are correct.
Code:
<OSM> Enter CS for MD5..
<OSM> Check MD5.. Do not unplug the cable..
<OSM> Please wait..
<OSM> Bootloader_I9023XXKA3.tar.md5 is valid.
<OSM> PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar.md5 is valid.
<OSM> MODEM_I9023XXKB3_REV_00_CL912571_SIGNED.tar.md5 is valid.
<OSM> Checking MD5 finished Sucessfully..
<OSM> Leave CS..
<OSM> All threads completed. (succeed 0 / failed 0)
I installed the Samsung USB drivers before using ODIN and plugging in the phone, so I don't think that the fact that the phone is not being detected by Odin has nothing to do with the computer itself.
Call for help
I've tried everything in my hands to try to unbrick the phone with no luck. I don't usually seek for help on the forums, but I see no other choice.
Does anyone have any clue on what to do in order to unbrick the phone?
Have you tried fastboot?
Yes. It does not detect the device.
AdamOutler said:
Have you tried fastboot?
Click to expand...
Click to collapse
unai_goiko said:
Yes. It does not detect the device.
Click to expand...
Click to collapse
Try it again, but hold the key combination.
We don't force the Nexus into Fastboot mode. you could boot it into Odin, Fastboot, or Recovery mode using this tool.
I did try the key combination ( power and volume up), and since it wouldn't work, I also tried others (power and volume down, and power and both volume buttons). Is there any other way to try to get into that mode?
AdamOutler said:
Try it again, but hold the key combination.
Click to expand...
Click to collapse
I'm sitting here with this exact problem. Anymore insight?
Adsmji said:
I'm sitting here with this exact problem. Anymore insight?
Click to expand...
Click to collapse
I had the same problem as the OP. Can enter download mode just fine (thanks to Unbrickable Mod), but fails to print PIT or flash anything. I think the flash is fried, that would explain the problem. The phone however can still be used as a S5PC110 development platform so it's not completely useless.
Adsmji said:
I'm sitting here with this exact problem. Anymore insight?
Click to expand...
Click to collapse
I'm afraid I wasn't able to find a solution and that I gave up. I still have the phone, but i haven't tried to fix it again...
xd.bx said:
I had the same problem as the OP. Can enter download mode just fine (thanks to Unbrickable Mod), but fails to print PIT or flash anything. I think the flash is fried, that would explain the problem. The phone however can still be used as a S5PC110 development platform so it's not completely useless.
Click to expand...
Click to collapse
By the way the other choice (in the drop down menu) which is Nexus S, in theory the proper choice, did not lead to a successful fastboot mode, the phone became totally unresponsive. That's presumably because the fastboot code tries to access the flash and gets stuck at this point. Like the OP I gave up.
The reason for the brick in the first place was that I removed the battery while the phone was booting (fresh ROM just installed). I guess there were some flash writes and the sudden power removal left the flash in a bad state. So don't do this.
I have recently bought Huawei Watch 2 Chinese version and tried to flash Android Wear 2.0 as described on "theunlockr.com/2016/06/07/get-android-wear-2-0-right-now" since I want to change the OS language version. Now my watch is not opening and even I cannot see the boot when power-on only black screen. Since this flash(bootloader-sturgeon-nvd36i.img) changed my bootlader, I cannot also open the boot recovery menu. Can somebody help me that how can I recover again my Huawei Watch 2 - 4G (SIM) , LEO-DLXX ?
"https://ibb.co/gJRYza" - After long press power button, Windows says that does not recognize it. adb device list is empty and fastboot device list is empty.
Hi Kahramanhero,
First of all in order to help you, please provide the model and type (4G/BT) of your watch.
Enviado desde mi ONEPLUS A3000 mediante Tapatalk
dr_chch said:
Hi Kahramanhero,
First of all in order to help you, please provide the model and type (4G/BT) of your watch.
Enviado desde mi ONEPLUS A3000 mediante Tapatalk
Click to expand...
Click to collapse
It is Huawei Watch 2 - 4G (SIM) , LEO-DLXX
KahramanHero said:
It is Huawei Watch 2 - 4G (SIM) , LEO-DLXX
Click to expand...
Click to collapse
umm.. you have bricked the watch by using the totally incompatible firmware.
We have post the recovery method for bluetooth version, however, the 4G version is not available.
It has high chance that you can recover the watch if you can obtain the proper files and following the same recovery procedure as described in the bootloader recovery thread.
https://forum.xda-developers.com/watch-2/development/rom-bootloader-recover-huawei-watch-2-t3624657
You will have to obtain the "Board Software" for the model. And it is likely not available to the general public.
Since you have nothing to lose. You may try the following by integrating the recovery modules and bootloader files from L09S.
https://mega.nz/#!8MMyjBJL!NWZxZM1bimTFvyjJDB8MkXOtZXxrSz7apygj6yEiGRs
WARNING: This file is blindly combined and have fairly little chance that works.
And it will re-partition your device and you may probably lost original IMEI / WIFI / BT Mac Address that saved in your existing partition.
The guide is made by theory, and not tested at all. Please DO NOT proceed if you have any hesitation.
I have no L09S device so I cannot test it.
OR, you can try following this guide to backup the xQCN file to see if your IMEI could be backup and restore.
https://forum.xda-developers.com/redmi-note-3/how-to/guide-qpst-tool-backup-imei-nvram-t3455297
If you are lucky enough, this file can recover the bootloader and you will gain access to fastboot again. Then you can re-flash the proper firmware.
mcdull said:
umm.. you have bricked the watch by using the totally incompatible firmware.
We have post the recovery method for bluetooth version, however, the 4G version is not available.
It has high chance that you can recover the watch if you can obtain the proper files and following the same recovery procedure as described in the bootloader recovery thread.
https://forum.xda-developers.com/watch-2/development/rom-bootloader-recover-huawei-watch-2-t3624657
You will have to obtain the "Board Software" for the model. And it is likely not available to the general public.
Since you have nothing to lose. You may try the following by integrating the recovery modules and bootloader files from L09S.
https://mega.nz/#!8MMyjBJL!NWZxZM1bimTFvyjJDB8MkXOtZXxrSz7apygj6yEiGRs
WARNING: This file is blindly combined and have fairly little chance that works.
And it will re-partition your device and you may probably lost original IMEI / WIFI / BT Mac Address that saved in your existing partition.
The guide is made by theory, and not tested at all. Please DO NOT proceed if you have any hesitation.
I have no L09S device so I cannot test it.
OR, you can try following this guide to backup the xQCN file to see if your IMEI could be backup and restore.
https://forum.xda-developers.com/redmi-note-3/how-to/guide-qpst-tool-backup-imei-nvram-t3455297
If you are lucky enough, this file can recover the bootloader and you will gain access to fastboot again. Then you can re-flash the proper firmware.
Click to expand...
Click to collapse
Thanks for your support. I got some progress but couldn't achieve to recover bootloader.
I tried last step to backup the xQCN file but unfortunately my watch diagnostic mode is not enable, I got this error: Port does not contain a phone in Diagnostics Mode. Since I cannot access via adb shell, I couldn't enable it.
I tried first step, everything looks fine but when try to download content I got this error:
E:\Recovery\prog_emmc_firehose.mbn
ERROR: function: sahara_rx_data:194 Unable to read packet header. Only read 0 bytes.
ERROR: function: sahara_main:854 Sahara protocol error
ERROR: function: main:265 Uploading Image using Sahara protocol failed
Download Fail:Sahara Fail:QSaharaServer Failrocess fail
Screen shots:
Diagnostics Mode: "https://ibb.co/na10vF"
QFIL: "https://ibb.co/bUXJhv"
QPST Configuration: "https://ibb.co/kjOc9a"
Qualcomm State: "https://ibb.co/krdc9a"
KahramanHero said:
Thanks for your support. I got some progress but couldn't achieve to recover bootloader.
I tried last step to backup the xQCN file but unfortunately my watch diagnostic mode is not enable, I got this error: Port does not contain a phone in Diagnostics Mode. Since I cannot access via adb shell, I couldn't enable it.
I tried first step, everything looks fine but when try to download content I got this error:
E:\Recovery\prog_emmc_firehose.mbn
ERROR: function: sahara_rx_data:194 Unable to read packet header. Only read 0 bytes.
ERROR: function: sahara_main:854 Sahara protocol error
ERROR: function: main:265 Uploading Image using Sahara protocol failed
Download Fail:Sahara Fail:QSaharaServer Failrocess fail
Screen shots:
Diagnostics Mode: "https://ibb.co/na10vF"
QFIL: "https://ibb.co/bUXJhv"
QPST Configuration: "https://ibb.co/kjOc9a"
Qualcomm State: "https://ibb.co/krdc9a"
Click to expand...
Click to collapse
I cannot test it again unless I intentionally brick my device. But I do have some issue with my win10 desktop producing Sahara protocol error and I end up required to flash the watch with my old win7 laptop.
---------- Post added at 08:35 PM ---------- Previous post was at 08:09 PM ----------
KahramanHero said:
Thanks for your support. I got some progress but couldn't achieve to recover bootloader.
I tried last step to backup the xQCN file but unfortunately my watch diagnostic mode is not enable, I got this error: Port does not contain a phone in Diagnostics Mode. Since I cannot access via adb shell, I couldn't enable it.
I tried first step, everything looks fine but when try to download content I got this error:
E:\Recovery\prog_emmc_firehose.mbn
ERROR: function: sahara_rx_data:194 Unable to read packet header. Only read 0 bytes.
ERROR: function: sahara_main:854 Sahara protocol error
ERROR: function: main:265 Uploading Image using Sahara protocol failed
Download Fail:Sahara Fail:QSaharaServer Failrocess fail
Screen shots:
Diagnostics Mode: "https://ibb.co/na10vF"
QFIL: "https://ibb.co/bUXJhv"
QPST Configuration: "https://ibb.co/kjOc9a"
Qualcomm State: "https://ibb.co/krdc9a"
Click to expand...
Click to collapse
Okay. I have intentionally bricked my watch again and the file flash fine on my BT version. By theory, at least it will start flashing on the L09S. Please download the exact version as indicate in the tutorial and using Win7 just in case.
I got to fix my watch now.
mcdull said:
I cannot test it again unless I intentionally brick my device. But I do have some issue with my win10 desktop producing Sahara protocol error and I end up required to flash the watch with my old win7 laptop.
---------- Post added at 08:35 PM ---------- Previous post was at 08:09 PM ----------
Okay. I have intentionally bricked my watch again and the file flash fine on my BT version. By theory, at least it will start flashing on the L09S. Please download the exact version as indicate in the tutorial and using Win7 just in case.
I got to fix my watch now.
Click to expand...
Click to collapse
I got some more progress but unfortunately Win7 does not work for me.
Screen shot:
"https://ibb.co/dXLaVF"
I have formatted my Laptop and installed Win7. I tried same procedure in the tutorial but this time I am getting different error:
Validating Application Configuration
Load APP Configuration
COM:3
PBLDOWNLOADPROTOCOL:0
PROGRAMMER:True
PROGRAMMER:C:\Leo\prog_emmc_firehose.mbn
RESETSAHARASTATEEMACHINE:False
SEARCHPATH:C:\Leo
RAWPROGRAM:
rawprogram_unsparse.xml
PATCH:
patch0.xml
ACKRAWDATAEVERYNUMPACKETS:False
ACKRAWDATAEVERYNUMPACKETS:100
MAXPAYLOADSIZETOTARGETINBYTES:False
MAXPAYLOADSIZETOTARGETINBYTES:49152
DEVICETYPE:eMMC
PLATFORM:8x26
VALIDATIONMODE:0
RESETAFTERDOWNLOAD:False
MAXDIGESTTABLESIZE:8192
SWITCHTOFIREHOSETIMEOUT:30
RESETTIMEOUT:200
RESETDELAYTIME:2
FLATBUILDPATH:C:\
FLATBUILDFORCEOVERRIDE:True
QCNPATH:C:\Temp\00000000.qcn
QCNAUTOBACKUPRESTORE:False
SPCCODE:000000
ENABLEMULTISIM:False
AUTOPRESERVEPARTITIONS:False
PARTITIONPRESERVEMODE:0
PRESERVEDPARTITIONS:0
PRESERVEDPARTITIONS:
ERASEALL:False
Load ARG Configuration
Validating Download Configuration
Image Search Path: C:\Leo
RAWPROGRAM file path: C:\Leo\rawprogram_unsparse.xml
PATCH file path:C:\Leo\patch0.xml
Programmer Path:C:\Leo\prog_emmc_firehose.mbn
Process Index:0
Image Search Path: C:\Leo
RAWPROGRAM file path: C:\Leo\rawprogram_unsparse.xml
PATCH file path:C:\Leo\patch0.xml
Start Download
Program Path:C:\Leo\prog_emmc_firehose.mbn
***** Working Folder:C:\Users\K\AppData\Roaming\Qualcomm\QFIL\COMPORT_3
Binary build date: Oct 31 2016 @ 22:51:05
QSAHARASERVER CALLED LIKE THIS: 'C:\QPST\bin\QSaharaServer.ex'Current working dir: C:\Users\K\AppData\Roaming\Qualcomm\QFIL\COMPORT_3
Sahara mappings:
2: amss.mbn
6: apps.mbn
8: dsp1.mbn
10: dbl.mbn
11: osbl.mbn
12: dsp2.mbn
16: efs1.mbn
17: efs2.mbn
20: efs3.mbn
21: sbl1.mbn
22: sbl2.mbn
23: rpm.mbn
25: tz.mbn
28: dsp3.mbn
29: acdb.mbn
30: wdt.mbn
31: mba.mbn
13: C:\Leo\prog_emmc_firehose.mbn
13:35:30: ERROR: function: sahara_rx_data:237 Unable to read packet header. Only read 0 bytes.
13:35:30: ERROR: function: sahara_main:924 Sahara protocol error
13:35:30: ERROR: function: main:303 Uploading Image using Sahara protocol failed
Download Fail:Sahara Fail:QSaharaServer Failrocess fail
Finish Download
You will need to try on different computer with different version of driver and QPST software. Since I have no issue in downloading, I am not able to tell the issue.
Wish someone else would confirm if the package work on 4G version. But he will need to take risk in bricking and losing the IMEI
mcdull said:
You will need to try on different computer with different version of driver and QPST software. Since I have no issue in downloading, I am not able to tell the issue.
Wish someone else would confirm if the package work on 4G version. But he will need to take risk in bricking and losing the IMEI
Click to expand...
Click to collapse
i seem to be having this exact problem my watch cant also boot after loading a wrong firmware to it... any luck from you guys? maybe can get my watch to come back to life
kenmlax said:
i seem to be having this exact problem my watch cant also boot after loading a wrong firmware to it... any luck from you guys? maybe can get my watch to come back to life
Click to expand...
Click to collapse
I am wondering the same. Any progress on getting the LEO-DLXX version to boot?
Was anyone able to successfully unbrick the LEO-DLXX model?
ilitirit said:
Was anyone able to successfully unbrick the LEO-DLXX model?
Click to expand...
Click to collapse
is your watch codenamed SawShark?
Nekogarushia said:
is your watch codenamed SawShark?
Click to expand...
Click to collapse
Mine also cannot boot it had the code name SawShark but its model is LEO-DLXX watch 2 sport LTE version with nano SIM
abo3bdo said:
Mine yes and also cannot boot any help
Click to expand...
Click to collapse
can you at least get into the bootloader?
Nekogarushia said:
can you at least get into the bootloader?
Click to expand...
Click to collapse
No I cannot get into bootloader its only black screen no boot logo no vibration.
Nekogarushia said:
is your watch codenamed SawShark?
Click to expand...
Click to collapse
Yes, it's the Sawshark version.
ilitirit said:
Yes, it's the Sawshark version.
Click to expand...
Click to collapse
can you get into the bootloader ?
---------- Post added at 10:40 PM ---------- Previous post was at 10:39 PM ----------
abo3bdo said:
No I cannot get into bootloader its only black screen no boot logo no vibration.
Click to expand...
Click to collapse
oh man.. this is a full on brick.. mmmm.. research time.
Nekogarushia said:
can you get into the bootloader ?
---------- Post added at 10:40 PM ---------- Previous post was at 10:39 PM ----------
oh man.. this is a full on brick.. mmmm.. research time.
Click to expand...
Click to collapse
It is working now just follow the steps in that post for Huawei Watch 2 model LEO-DLXX
https://forum.xda-developers.com/watch-2/development/rom-bootloader-recover-huawei-watch-2-t3855864
I have hw2 chenesee version. I flashed it with eu firmware and its work fine till i make update (after update my wathes dont have sound). I tried to flash it one more time with eu firmware and now they stop on logo.
WARNING: THE FOLLOWING IS FOR INFORMATIONAL PURPOSES ONLY AND MAY FURTHER DAMAGE YOUR DEVICE. EXERCISE EXTREME CAUTION. USE ONLY AS A LAST RESORT.
This was tested with a Global OnePlus 9 LE2115
Overview
So I was encountering an error with MSM Download Tool that would show "Sahara communication failed" after about 18 seconds. This resulted in me being 100% unable to recover my device with MSM as it was continuously rebooting into EDL mode with no possibility of entering fastboot.
After much research, I stumbled upon a solution completely by accident. I was able to fix the issue by utilizing the following tools:
Qualcomm Sahara Tools - https://github.com/bkerler/edl
Oppo/OnePlus Decryption Tools - https://github.com/bkerler/oppo_decrypt
You need:
- Latest version of Python 3
- C/C++ build tools (gcc, Visual Studio, XCode) to build pip dependencies
- Dependencies installed using pip as specified in README.md of each repo
- Linux or macOS (Windows untested)
- *.ops file from your corresponding MSM Download Tool package
Process
Follow the instructions contained within the README of the above repos to download all files and install dependencies before continuing.
Spoiler: Extract ops package
Use opscrypto.py to extract the ops file you obtained earlier.
This results in a directory full of the decrypted contents of the update image (a collection of bin, img, and other files):
Code:
$ ./opscrypto.py decrypt lemonade_xxxx.ops
This creates an extract directory containing the decrypted files
Spoiler: Flash using edl.py
The wl subcommand for edl.py can then be used to write the aforementioned partitions.
The documentation describes the command thusly:
Code:
./edl.py wl dumps --memory=ufs >> to write all files from "dumps" folder to according partitions to flash and try to autodetect lun
I ran the command on the extract directory that was previously decrypted.
Additionally, I had to explicitly specify the OP9 EDL loader as well as specify that the flash memory was UFS and not EMMC:
Code:
$ sudo ./edl.py wl extract --memory=ufs --loader=Loaders/oneplus/0000000000514d67_a26bc25799770106_fhprg_op9.bin
This output was produced:
Code:
main - Using loader Loaders/oneplus/0000000000514d67_a26bc25799770106_fhprg_op9.bin ...
main - Waiting for the device
...............
.main - Device detected :)
main - Mode detected: sahara
Device is in EDL mode .. continuing.
sahara -
------------------------
HWID: <CLIPPED>
CPU detected: "lahaina"
PK_HASH: <CLIPPED>
Serial: <CLIPPED>
sahara - Uploading loader Loaders/oneplus/0000000000514d67_a26bc25799770106_fhprg_op9.bin ...
Successfully uploaded programmer :)
firehose - Chip serial num: <CLIPPED>
firehose - Supported Functions: program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest
firehose -
firehose_client - Target detected: lahaina
firehose - TargetName=
firehose - MemoryName=UFS
firehose - Version=
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest
firehose -
Reading from physical partition 0, sector 8, sectors 1
Progress: |██████████████████████████████████████████████████| 100.0% Complete
Progress: |██████████████████████████████████████████████████| 100.0% Complete
oneplus - Oneplus protection with prjid 19825 detected
Writing ./param.bin to partition param.
firehose -
Writing to physical partition 0, sector 8, sectors 256
Writing ./persist.img to partition persist.
firehose -
Writing to physical partition 0, sector 2056, sectors 8192
Writing ./misc.bin to partition misc.
firehose -
Writing to physical partition 0, sector 10248, sectors 256
Writing ./frp.bin to partition frp.
firehose -
Writing to physical partition 0, sector 10632, sectors 128
Writing ./carrier.img to partition carrier.
QCSparse - Sparse Format detected. Using unpacked image.
firehose -
Writing to physical partition 0, sector 18440, sectors 12288
Writing ./opluslog.img to partition opluslog.
QCSparse - Sparse Format detected. Using unpacked image.
firehose -
Writing to physical partition 0, sector 34824, sectors 65536
Writing ./metadata.img to partition metadata.
firehose -
Writing to physical partition 0, sector 108616, sectors 4096
Writing ./super.img to partition super.
QCSparse - Sparse Format detected. Using unpacked image.
firehose -
Writing to physical partition 0, sector 145480, sectors 1
Writing ./userdata.img to partition userdata.
QCSparse - Sparse Format detected. Using unpacked image.
firehose -
Writing to physical partition 0, sector 2877512, sectors 2105
Writing ./ocdt.bin to partition ocdt.
firehose -
Writing to physical partition 3, sector 576, sectors 32
Writing ./oplusreserve2.img to partition oplusreserve2.
QCSparse - Sparse Format detected. Using unpacked image.
firehose -
Writing to physical partition 4, sector 6, sectors 32768
Writing ./devinfo.bin to partition devinfo.
firehose -
Writing to physical partition 4, sector 722224, sectors 1
Writing ./apdp.mbn to partition apdp.
firehose -
Writing to physical partition 4, sector 722481, sectors 4
Writing ./storsec.mbn to partition storsec.
firehose -
Writing to physical partition 4, sector 817779, sectors 6
Writing ./mdcompress.mbn to partition mdcompress.
firehose -
Writing to physical partition 4, sector 826302, sectors 12
Writing ./spunvm.bin to partition spunvm.
firehose -
Writing to physical partition 4, sector 831486, sectors 87
Writing ./rtice.mbn to partition rtice.
firehose -
Writing to physical partition 4, sector 839678, sectors 65
Writing ./abl_log.bin to partition abl_log.
firehose -
Writing to physical partition 4, sector 839870, sectors 4048
Writing ./android_log.bin to partition android_log.
firehose -
Writing to physical partition 4, sector 847966, sectors 4048
Writing ./qsee_log.bin to partition qsee_log.
firehose -
Writing to physical partition 4, sector 852014, sectors 4048
Writing ./hyp_log.bin to partition hyp_log.
firehose -
Writing to physical partition 4, sector 856062, sectors 4048
ConclusionAfter performing the above on a macOS device, the device successfully flashed in MSM on Windows 11.
I rebooted the device prior to attempting to flash after performing the above steps.
AddendumThis isn't a foolproof guide and may not even work for your device or may even damage it further.The process described above is somewhat advanced and very much undocumented and unsupported/unofficial/hacky.
I cannot vouch for the quality, security or effectiveness of the tools linked above.
I'm putting this out there in hopes it helps others and to gather more information about how MSM Download Tool and EDL mode actually work.
Please let me know if this solves any issues with MSM and I can potentially produce a guide if this method is proven safe.
Spoiler: Speculation / Thoughts
Firehose appears to be an executable elf file that is ran on the device, which then parses settings.xml and provision_*.xml contained within the ops file.
These files appear to contain the directives that allow MSM to recover bricked devices.
MSM appears to transmit these XML files to the firehose executable after loading it on the device.
These files reference the stock images, partition sizes, names, and extents that firehose then uses to provision the device.
Since firehose is simply an elf file that appears to rely on some preexisting data to be present on the device, some bricks may cause firehose to fail due to corruption of certain partitions.
Producing errors such as:
- Device mismatch
- Param preload error
- Sahara communication failure
- Waiting for device
- Waiting for COM port
The partitions shown in the output log appear to not be touched by MSM prior to sending firehose to the device, suggesting that it assumes they have been untouched.
Therefore, firehose may throw an error or fail to run entirely when attempting to recover some devices, even when using the correct MSM tool and drivers.
Despite being contained in the ops file, MSM doesn't appear to touch these partitions in its default Upgrade Mode.
That functionality may be locked behind more advanced modes such as SMT Download Mode, however, that mode is well known for causing more issues than it solves.
The tools above are open source reverse engineering tools that can do some rudimentary communication with OnePlus devices in EDL mode by utilizing a custom firehose binary (known as the "loader").
These appear to permit operations not possible with MSM's default behavior.
Spoiler: Observations
I was only able to get the edl.py tool to work on macOS.
I was unable to get this tool (edl.py) to work in Windows. It threw various libusb related errors despite using zadig as directed.
I observed that writing to any partition that was part of A/B dynamic partitioning would report that it was written successfully but in reality would only write 1 sector of the provided file.
However, a handful of other partitions appear to be writable, ones that typically can't be written to/aren't written with fastbootd or OTA side loading.
My IMEI and Serial Number were fully intact after flashing.
Bruh my pro was in that constant reboot state. Buss laugh if this is a Tually a fix for that
Click to expand...
Click to collapse
Hopefully it is. I'm curious to see if it works for others. I stumbled upon this right as I had given up and submitted a ticket to OnePlus.
At which point they said there's nothing to do and the device needed repaired.
So hopefully this is a reliable fix for devices that are super-bricked, because it saved me from having to send my device in.
Op9 was there all except I could always get to fastboot by pressing all buttons and hold until off and back on fb ,also several times monfrios all in one would read it dump and could reboot to fastboot .lol thanks again mon ,and I do some dumb junk to mine trying to get 5g on att all the time eventually I may need this .thanks in advanced for your efforts and interest .
Jessp4046 said:
Op9 was there all except I could always get to fastboot by pressing all buttons and hold until off and back on fb ,also several times monfrios all in one would read it dump and could reboot to fastboot .lol thanks again mon ,and I do some dumb junk to mine trying to get 5g on att all the time eventually I may need this .thanks in advanced for your efforts and interest .
Click to expand...
Click to collapse
This may be a solution to a problem that isn't all that widespread.
I found myself in this situation after flashing an Android 12 GSI to my device which involved mucking around with stuff I probably shouldn't have touched.
I've used MSM many times while experimenting but this time I really messed up and was out of options.
Amazingly, I stumbled across the tools above and was able to bumble my way to a solution. This took me about 4 days to resolve as the device refused to enter fastboot.
GlitterFartzz said:
This may be a solution to a problem that isn't all that widespread.
I found myself in this situation after flashing an Android 12 GSI to my device which involved mucking around with stuff I probably shouldn't have touched.
I've used MSM many times while experimenting but this time I really messed up and was out of options.
Amazingly, I stumbled across the tools above and was able to bumble my way to a solution. This took me about 4 days to resolve as the device refused to enter fastboot.
Click to expand...
Click to collapse
This is exactly what cause mine to loop. I tried flashing a 12 GSI lol
Jhoopes517 said:
This is exactly what cause mine to loop. I tried flashing a 12 GSI lol
Click to expand...
Click to collapse
I was actually able to get the GSI to boot, albeit with no cellular, fingerprint, etc. OP9 claims to be treble-compliant in the props but methinks that's a total lie.
I m waiting here
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
flameteam said:
I m waiting here
View attachment 5364413
Click to expand...
Click to collapse
Looks like you're trying to do a full dump of LUN 0 into a single bin file. LUN 0 contains a large chunk of data as it houses the super partition and the userdata partition.
I would recommend using the r subcommand to dump individual partitions or just use rl which will dump your whole device while neatly separating each partition into individual files.
To see exactly what each LUN is comprised of, you can use the printgpt command:
Code:
./edl.py printgpt --memory=ufs
Given that you're running in a VM, your I/O speeds are likely much lower.
I recommend at least booting into a Linux Live USB to do this.
If security is a concern, at a minimum I would recommend vfio passthrough via QEMU to pass your entire USB controller through from a Linux host.
IMO, virtualizing the USB connection will kill your throughput and put you at risk of data corruption.
GlitterFartzz said:
I was actually able to get the GSI to boot, albeit with no cellular, fingerprint, etc. OP9 claims to be treble-compliant in the props but methinks that's a total lie.
Click to expand...
Click to collapse
I couldn't this time. I was able to prior but no go.
my one plus 8t is completely hard bricked, black screen, no logo, no vibration, nothing. Now i cant use msm cuz always got sahara communication failed. This seems like the way to go, will update you if it works
Help me guys. I can't access anything and it's saying Sahara Comm. error at 18 sec. I tried this on Windows and Linux but it does not work........ It gives me this:
File "opscrypto.py", line 160
self.info = print
^
SyntaxError: invalid syntax
_MartyMan_ said:
Help me guys. I can't access anything and it's saying Sahara Comm. error at 18 sec. I tried this on Windows and Linux but it does not work........ It gives me this:
File "opscrypto.py", line 160
self.info = print
^
SyntaxError: invalid syntax
Click to expand...
Click to collapse
same here! oneplu 9 chinese version model 2110, screen its just black, but computer detects it.
thanks in advance
Kind of progress but still does not work... I get this error message:
Somebody help pls.......
@GlitterFartzz do you have any idea what this could be?
I have tried everything to get my Global one plus 9 back up and running again … monster what I do with drivers I get this error on msm tool . As you can see my phone is detected in tool but can put go past this point . I do not have access to download or fast or mode . Last steps I took was through this thread ——https://forum.xda-developers.com/t/fastboot-rom-pc-required-op9-stock-oos-11-2-2-2aa.4275727/—— and reached 1/2 way point (waiting on device) and now I can’t get oos back on phone .. does anyone have any tips or knowledge they can guide me to get my phone working with msm tool ? Much appreciated
Toggle on "Use lite Firehose" before running
Thanks shooter7889 , got past the SMT error by setting date back 2 years on laptop and turning Wi-Fi off. Now i am getting the Sahara error after 18 sec and if I toggle use lite firehouse i get the PARAM error after 8 sec. I have tried to follow steps on the READ ME section (advanced GitHub page )but i dont have any experience with the process as shown. Is it possible to get a easy step guide that can be put together to get past the Sahara error? for us less advanced members? Anything helps at this point. phone is a brick , only thing i can get into is EDL mode .
Justingaribay7 said:
Thanks shooter7889 , got past the SMT error by setting date back 2 years on laptop and turning Wi-Fi off. Now i am getting the Sahara error after 18 sec and if I toggle use lite firehouse i get the PARAM error after 8 sec. I have tried to follow steps on the READ ME section (advanced GitHub page )but i dont have any experience with the process as shown. Is it possible to get a easy step guide that can be put together to get past the Sahara error? for us less advanced members? Anything helps at this point. phone is a brick , only thing i can get into is EDL mode .
Click to expand...
Click to collapse
Mate what's your device model ? If you device model LE2113 flash https://androidfilehost.com/?fid=2188818919693804750 9pro eu msm rom. and after ınstallation flash op9 https://drive.google.com/drive/folders/1R_j8sML_46YrTp1HGfpS6zrAUeFl8uJU?usp=sharing
This is a great resource to have, nice work. I'll give it a go if I ever hit that state again. I've only had success using the pro msm tools up to this point for some reason with lite firehose when I get the Sahara or param info device not match error. Once I've lite msmed with the pro tool, I can normal msm with the nonpro tool, just like flame team mentioned
flameteam said:
Mate what's your device model ? If you device model LE2113 flash https://androidfilehost.com/?fid=2188818919693804750 9pro eu msm rom. and after ınstallation flash op9 https://drive.google.com/drive/folders/1R_j8sML_46YrTp1HGfpS6zrAUeFl8uJU?usp=sharing
Click to expand...
Click to collapse
Thanks for the reply flameteam . My device is LE2115 Global . Would this method still work on this Version?
I tried running the Eu tool . No luck . Same errors as the O2 tool . Tried different flash options such as light firehouse on and off .. Sahara error and Parameters error still present
has anyone installed any kind of GSI or custom rom on the V60 ?
here are some roms for those who looking to test on the v60.
Generic System Image (GSI) list
Notes about tinkering with Android Project Treble. Contribute to phhusson/treble_experimentations development by creating an account on GitHub.
github.com
Device support (Project Treble)
harvey186 I see that you seem to know a lot. I installed a generic a/b treble image on my pixel 3a sargo. It works fine. but it says the base image is months out of date. How can I manually upgrade it?
community.e.foundation
Treble-Enabled Device Development A/AB ROMS
Treble-Enabled Device Development A/AB ROMS
forum.xda-developers.com
I just learned that the V60 tmobile variant has no vendor or system or product partition. I has a super partition which seems to have system and vendor combined. can someone confirm this and if so how do we flash a GSI to the V60?
heres a video that might help use get some GSI on our newer dynamic partitions
i manged to flash 3 different gsi roms only 2 booted, but never entered android environment
Finally got GSI installed on v60 so snappy and no bloated ware. everything seems to work except no audio over bluetooth
blaze2051 said:
Finally got GSI installed on v60 so snappy and no bloated ware. everything seems to work except no audio over bluetooth
Click to expand...
Click to collapse
Wondering if you've used any Bkerler edl utilities on the V60? If so do you have a working copy of the v60 "loader". This is of course just the v60 firehose renamed.
hooutoo said:
Wondering if you've used any Bkerler edl utilities on the V60? If so do you have a working copy of the v60 "loader". This is of course just the v60 firehose renamed.
Click to expand...
Click to collapse
i couldnt get it to work on my v60
blaze2051 said:
i couldnt get it to work on my v60
Click to expand...
Click to collapse
Was this the error you got?????? The important part is at the end. The loader (firehose) it can't upload is the one provided by Bkerler.
edl$ edl printgpt --memory=ufs --lun=0 --loader=000c30e100310000_e746e34f737403f4_fhprg.bin
Capstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.53 (c) B.Kerler 2018-2021.
main - Using loader 000c30e100310000_e746e34f737403f4_fhprg.bin ...
main - Waiting for the device
......
main - Hint: Press and hold vol up+dwn, connect usb. For some, only use vol up.
main - Xiaomi: Press and hold vol dwn + pwr, in fastboot mode connect usb.
Run "./fastpwn oem edl".
main - Other: Run "adb reboot edl".
...............
....main - Device detected
main - Mode detected: sahara
Device is in EDL mode .. continuing.
sahara -
------------------------
HWID: 0x000c30e100310000 (MSM_ID:0x000c30e1,OEM_ID:0x0031,MODEL_ID:0x0000)
CPU detected: "SM8250:CD90-PH805-1A"
PK_HASH: 0xe746e34f737403f40212cf29f0c0cab9f1038aa8bce6c097e82cc93213020edb
Serial: 0xff08b1ae
sahara - Uploading loader 000c30e100310000_e746e34f737403f4_fhprg.bin ...
sahara
sahara - [LIB]: [Errno 2] No such file or directory: '000c30e100310000_e746e34f737403f4_fhprg.bin'
blaze2051 said:
Finally got GSI installed on v60 so snappy and no bloated ware. everything seems to work except no audio over bluetooth
Click to expand...
Click to collapse
can you link the gsi rom
FernSal said:
can you link the gsi rom
Click to expand...
Click to collapse
the link is provided
hooutoo said:
Was this the error you got?????? The important part is at the end. The loader (firehose) it can't upload is the one provided by Bkerler.
edl$ edl printgpt --memory=ufs --lun=0 --loader=000c30e100310000_e746e34f737403f4_fhprg.bin
Capstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.53 (c) B.Kerler 2018-2021.
main - Using loader 000c30e100310000_e746e34f737403f4_fhprg.bin ...
main - Waiting for the device
......
main - Hint: Press and hold vol up+dwn, connect usb. For some, only use vol up.
main - Xiaomi: Press and hold vol dwn + pwr, in fastboot mode connect usb.
Run "./fastpwn oem edl".
main - Other: Run "adb reboot edl".
...............
....main - Device detected
main - Mode detected: sahara
Device is in EDL mode .. continuing.
sahara -
------------------------
HWID: 0x000c30e100310000 (MSM_ID:0x000c30e1,OEM_ID:0x0031,MODEL_ID:0x0000)
CPU detected: "SM8250:CD90-PH805-1A"
PK_HASH: 0xe746e34f737403f40212cf29f0c0cab9f1038aa8bce6c097e82cc93213020edb
Serial: 0xff08b1ae
sahara - Uploading loader 000c30e100310000_e746e34f737403f4_fhprg.bin ...
sahara
sahara - [LIB]: [Errno 2] No such file or directory: '000c30e100310000_e746e34f737403f4_fhprg.bin'
Click to expand...
Click to collapse
i dont remember exactly, basically it says device detected but it cant load the firehose file or non found something like that
blaze2051 said:
the link is provided
Click to expand...
Click to collapse
i meant the specific rom that worked for you
FernSal said:
i meant the specific rom that worked for you
Click to expand...
Click to collapse
https://images.ecloud.global/dev/treble_arm64_bvN/IMG-e-0.19-q-20211027142973-dev-treble_arm64_bvN.zip
blaze2051 said:
https://images.ecloud.global/dev/treble_arm64_bvN/IMG-e-0.19-q-20211027142973-dev-treble_arm64_bvN.zip
Click to expand...
Click to collapse
thanks bro i appreciate it
blaze2051 said:
Finally got GSI installed on v60 so snappy and no bloated ware. everything seems to work except no audio over bluetooth
Click to expand...
Click to collapse
I have lg v60 a12 and i downloaded elixir gsi when i flash in fastboot it shows error like no partition found. Can you help me
Naziraslam88 said:
I have lg v60 a12 and i downloaded elixir gsi when i flash in fastboot it shows error like no partition found. Can you help me
Click to expand...
Click to collapse
you were not in the correct fastboot, you need to type "fastboot reboot fastboot"
Hello everyone!) I accidentally deleted the partition from the system boot, etc. phone in edl now
When I try to flash through qfil, I get the error fhloader process failed, and before that Something failed. The target rejected your <configure>. Please check the log for more information
Drivers from Lenovo
There is no EDL authentication
Tried to flash device's Stock ROM via QFIL tool? It's Qualcomm SoC based device?
jwoegerbauer said:
Tried to flash device's Stock ROM via QFIL tool? It's Qualcomm SoC based device?
Click to expand...
Click to collapse
When I try to flash through qfil, I get the error fhloader process failed, and before that Something failed. The target rejected your <configure>. Please check the log for more information
You must not repeat things already told.
jwoegerbauer said:
You must not repeat things already told.
Click to expand...
Click to collapse
ok
[No auth collection] Xiaomi No Auth Firehose Files for Qualcomm based phones.
What is this file? As we all know that Xiaomi has blocked offline flashing with authentication to flash their device. This files will ultimately help you to fix the Mi Account Authorization issue and hence unbrick your Xiaomi device via EDL mode...
forum.xda-developers.com
Xiaomi Firmware Updater
The ultimate script that provides firmware packages for Xiaomi devices.
xiaomifirmwareupdater.com
GitHub - bkerler/edl: Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :) - GitHub - bkerler/edl: Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
github.com