[GUIDE] LG V20 Hard-Unbrick - LG V20 Guides, News, & Discussion

This guide is for people whose V20s are stuck in EDL mode or are otherwise unable to boot recovery, fastboot, or laf/download mode. You know if your device is in EDL mode if it does not react when you try to turn it on, and when plugged into a computer, it shows up as Qualcomm HS-USB QDLoader 9008, or some similar variation. If your phone can boot into recovery, fastboot, or laf/download mode, this guide is not for you.
Preface
I only have a VS995, so this guide has only been tested with that. However the firehose programmer I found said it was for a H918 so it will likely work for other variants. I performed these steps on Linux, but the tools used are written in Python and should work on Windows and MacOS too.
I take no responsibility if you mess up your phone doing this. Flashing over EDL is a very powerful process that can totally erase your phone's NAND if you're not careful. This process wil likely require a factory reset and you will likely lose all the data stored on the phone.
Prerequisites
Python 3 - Both tools used in this guide are written in Python 3
KDZTools - Used to extract partition images from KDZ files
Bjoern Kerler's EDL Utility - For flashing partition images in EDL mode
v20-root.zip from this XDA post - For the rooted aboot.img
A stock firmware KDZ - Can be obtained from lg-firmwares.com. I used VS99513A. Choose an appropriate KDZ for your device.
A screwdriver and a paper clip - Used to force the device into EDL mode
prog_ufs_firehose_8996_lite.elf - Firehose programmer file for use with the EDL utility
Since the firehose programmer is copyright LG, I cannot link to it as that would be unauthorized distribution of copyrighted work. It can be found online fairly easily though.
Preparation
1. Windows and MacOS: Download and install Python 3. Most Linux distros come with Python 3 already installed. To check, open a terminal/command window and type python --version. It should say "Python 3.x.x"
2. Download and extract KDZTools to a directory of your choosing
3. Download and extract the EDL utility to a directory of your choosing and follow the setup instructions listed on its GitHub page
4. Download v20-root.zip and extract aboot.img into the directory you extracted the EDL utility into
5. Place your KDZ in the KDZTools directory and open a terminal/command window within that directory
6. Type python unkdz.py -f [NAME OF KDZ FILE].kdz -x and press enter. Once complete, you should have a "kdzextracted" folder containing a DZ file and a few other things. If you get an error about missing zstandard, type pip install zstandard and try again
7. Type python undz.py -f kdzextracted/[NAME OF DZ FILE].dz -s and press enter. Once complete, you should have a "dzextracted" folder containing a load of files
8. Create seven folders within "dzextracted", named "lun0", "lun1", "lun2", etc
9. Move all the files prefixed with "B." into the folder titled "lun1", all the files prefixed with "C." into the folder titled "lun2", and so on. Move all the files that are not prefixed with any capital letter into the folder titled "lun0"
10. Rename all the files in each folder and remove the letter and the period from the filename. "E.modem_35910.bin" becomes "modem_35910.bin" for example
11. In the "lun0" folder, delete "userdata.bin"
12. In the command window, type python undz.py -f kdzextracted/[NAME OF DZ FILE].dz -r
13. You should now have seven files titled "rawprogram#.xml" where # is a number from 0 to 6
14. Exit the KDZTools directory and go into the directory containing the EDL utility
15. Place the firehose programmer file into the folder named "Loaders"
16. Follow this iFixit guide up to Step 10 to gain access to your phone's motherboard.
Programming
1. Open a terminal/command window in the folder you extracted the EDL utility to. On Windows, you may need to open the command window as administrator. On MacOS and Linux, you will likely have to run the utility with sudo.
2. Type python edl.py printgpt --memory=ufs and press enter. You should see
Code:
Qualcomm Sahara / Firehose Client V3.2 (c) B.Kerler 2018-2021.
main - Trying with no loader given ...
main - Waiting for the device
If you get a message about missing Capstone and Keystone libraries, ignore it.
3. Put your phone's battery back in
4. Look for the following two pads on your phone's motherboard
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If you can't see them, it's the pair of tiny pads just above the silver square with the H etched into it in the center of the image (Photo courtesy of runningnak3d)
5. Hold your paper clip or other conductive item on those two pads to short them out, then, while holding the paper clip in place, plug your phone into your computer. Keep holding the paper clip in place until you get an error about missing the firehose programmer from the EDL utility
6. Unplug your phone and remove the battery
7. In the message from the EDL utility, you should see a hardware ID and pkhash
8. Rename "prog_ufs_firehose_8996_lite.elf" to [Hardware ID]_[PKHASH]_FHPRG.bin where [Hardware ID] is the hwid provided by the EDL utility, and [PKHASH] is the first 16 characters in the pkhash provided by the EDL utility
9. Follow steps 2-5 again, but this time holding the paper clip in place until you see Programmer uploaded successfully :). If all went well, you should see a list of partition names and a load of hexadecimal offsets and such. This means you've set everything up correctly
10. In the terminal/command window, type python edl.py r fsg fsg.bin --memory=ufs --lun=1 and hit enter. If you get "main - Waiting for the device", unplug your phone, remove the battery, and follow steps 3-5 again until you see Programmer uploaded successfully :)
11. Type python edl.py r modemst1 modemst1.bin --memory=ufs --lun=5 and hit enter.
12. Type python edl.py r modemst2 modemst2.bin --memory=ufs --lun=5 and hit enter. These three steps back up your EFS, which contains your phone's IMEI. We want a backup of this in case it gets corrupted by the flashing process. Your IMEI CANNOT be restored if EFS becomes corrupt and your phone will never be able to be activated on a cellular network again if we do not back up these three partitions first
13. In the terminal/command window, type python edl.py qfil "[PATH TO rawprogram0.xml]" "" "[PATH TO dzextracted/lun0]" --memory=ufs and press enter. Note that all the quotation marks are required.
14. Do step 13 again for each of the seven folders you created, replacing "0" in "rawprogram0.xml" and "lun0" with 1, 2, 3, 4, 5, and 6 as needed. This step will take some time
15. Once you have flashed all 7 "lun#" folders, type python edl.py w aboot aboot.img --memory=ufs --lun=4
16. Once complete, unplug your phone, remove the battery, reattach the backplate, and attempt to turn on the phone. It might boot to Android, but it might not. In my case, it did not boot to Android, but I could access fastboot and laf/download mode again, and I used those to finish fixing my phone.
Potential Problems
If you followed the guide and were able to restore your device to functioning order, but find that you have no signal and your phone reports it has no IMEI, type python edl.py w fsg fsg.bin --memory=ufs --lun=1 and hit enter, then type python edl.py w modemst1 modemst1.bin --memory=ufs --lun=5 and hit enter, then type python edl.py w modemst2 modemst2.bin --memory=ufs --lun=5. These three commands will restore your EFS backup.

getting this error while using unkdz.py command.
[!] Error: Data between headers and payload! (offsets 826 to 83768).
tried different kdz for h918 but the error was consistent.

Kiraisuki said:
This guide is for people whose V20s are stuck in EDL mode or are otherwise unable to boot recovery, fastboot, or laf/download mode. You know if your device is in EDL mode if it does not react when you try to turn it on, and when plugged into a computer, it shows up as Qualcomm HS-USB QDLoader 9008, or some similar variation. If your phone can boot into recovery, fastboot, or laf/download mode, this guide is not for you.
Preface
I only have a VS995, so this guide has only been tested with that. However the firehose programmer I found said it was for a H918 so it will likely work for other variants. I performed these steps on Linux, but the tools used are written in Python and should work on Windows and MacOS too.
I take no responsibility if you mess up your phone doing this. Flashing over EDL is a very powerful process that can totally erase your phone's NAND if you're not careful. This process wil likely require a factory reset and you will likely lose all the data stored on the phone.
Prerequisites
Python 3 - Both tools used in this guide are written in Python 3
KDZTools - Used to extract partition images from KDZ files
Bjoern Kerler's EDL Utility - For flashing partition images in EDL mode
v20-root.zip from this XDA post - For the rooted aboot.img
A stock firmware KDZ - Can be obtained from lg-firmwares.com. I used VS99513A. Choose an appropriate KDZ for your device.
A screwdriver and a paper clip - Used to force the device into EDL mode
prog_ufs_firehose_8996_lite.elf - Firehose programmer file for use with the EDL utility
Since the firehose programmer is copyright LG, I cannot link to it as that would be unauthorized distribution of copyrighted work. It can be found online fairly easily though.
Preparation
1. Windows and MacOS: Download and install Python 3. Most Linux distros come with Python 3 already installed. To check, open a terminal/command window and type python --version. It should say "Python 3.x.x"
2. Download and extract KDZTools to a directory of your choosing
3. Download and extract the EDL utility to a directory of your choosing and follow the setup instructions listed on its GitHub page
4. Download v20-root.zip and extract aboot.img into the directory you extracted the EDL utility into
5. Place your KDZ in the KDZTools directory and open a terminal/command window within that directory
6. Type python unkdz.py -f [NAME OF KDZ FILE].kdz -x and press enter. Once complete, you should have a "kdzextracted" folder containing a DZ file and a few other things. If you get an error about missing zstandard, type pip install zstandard and try again
7. Type python undz.py -f kdzextracted/[NAME OF DZ FILE].dz -s and press enter. Once complete, you should have a "dzextracted" folder containing a load of files
8. Create seven folders within "dzextracted", named "lun0", "lun1", "lun2", etc
9. Move all the files prefixed with "B." into the folder titled "lun1", all the files prefixed with "C." into the folder titled "lun2", and so on. Move all the files that are not prefixed with any capital letter into the folder titled "lun0"
10. Rename all the files in each folder and remove the letter and the period from the filename. "E.modem_35910.bin" becomes "modem_35910.bin" for example
11. In the "lun0" folder, delete "userdata.bin"
12. In the command window, type python undz.py -f kdzextracted/[NAME OF DZ FILE].dz -r
13. You should now have seven files titled "rawprogram#.xml" where # is a number from 0 to 6
14. Exit the KDZTools directory and go into the directory containing the EDL utility
15. Place the firehose programmer file into the folder named "Loaders"
16. Follow this iFixit guide up to Step 10 to gain access to your phone's motherboard.
Programming
1. Open a terminal/command window in the folder you extracted the EDL utility to. On Windows, you may need to open the command window as administrator. On MacOS and Linux, you will likely have to run the utility with sudo.
2. Type python edl.py printgpt --memory=ufs and press enter. You should see
Code:
Qualcomm Sahara / Firehose Client V3.2 (c) B.Kerler 2018-2021.
main - Trying with no loader given ...
main - Waiting for the device
If you get a message about missing Capstone and Keystone libraries, ignore it.
3. Put your phone's battery back in
4. Look for the following two pads on your phone's motherboard
View attachment 5243977
If you can't see them, it's the pair of tiny pads just above the silver square with the H etched into it in the center of the image (Photo courtesy of runningnak3d)
5. Hold your paper clip or other conductive item on those two pads to short them out, then, while holding the paper clip in place, plug your phone into your computer. Keep holding the paper clip in place until you get an error about missing the firehose programmer from the EDL utility
6. Unplug your phone and remove the battery
7. In the message from the EDL utility, you should see a hardware ID and pkhash
8. Rename "prog_ufs_firehose_8996_lite.elf" to [Hardware ID]_[PKHASH]_FHPRG.bin where [Hardware ID] is the hwid provided by the EDL utility, and [PKHASH] is the first 16 characters in the pkhash provided by the EDL utility
9. Follow steps 2-5 again, but this time holding the paper clip in place until you see Programmer uploaded successfully :). If all went well, you should see a list of partition names and a load of hexadecimal offsets and such. This means you've set everything up correctly
10. In the terminal/command window, type python edl.py r fsg fsg.bin --memory=ufs --lun=1 and hit enter. If you get "main - Waiting for the device", unplug your phone, remove the battery, and follow steps 3-5 again until you see Programmer uploaded successfully :)
11. Type python edl.py r modemst1 modemst1.bin --memory=ufs --lun=5 and hit enter.
12. Type python edl.py r modemst2 modemst2.bin --memory=ufs --lun=5 and hit enter. These three steps back up your EFS, which contains your phone's IMEI. We want a backup of this in case it gets corrupted by the flashing process. Your IMEI CANNOT be restored if EFS becomes corrupt and your phone will never be able to be activated on a cellular network again if we do not back up these three partitions first
13. In the terminal/command window, type python edl.py qfil "[PATH TO rawprogram0.xml]" "" "[PATH TO dzextracted/lun0]" --memory=ufs and press enter. Note that all the quotation marks are required.
14. Do step 13 again for each of the seven folders you created, replacing "0" in "rawprogram0.xml" and "lun0" with 1, 2, 3, 4, 5, and 6 as needed. This step will take some time
15. Once you have flashed all 7 "lun#" folders, type python edl.py w aboot aboot.img --memory=ufs --lun=4
16. Once complete, unplug your phone, remove the battery, reattach the backplate, and attempt to turn on the phone. It might boot to Android, but it might not. In my case, it did not boot to Android, but I could access fastboot and laf/download mode again, and I used those to finish fixing my phone.
Potential Problems
If you followed the guide and were able to restore your device to functioning order, but find that you have no signal and your phone reports it has no IMEI, type python edl.py w fsg fsg.bin --memory=ufs --lun=1 and hit enter, then type python edl.py w modemst1 modemst1.bin --memory=ufs --lun=5 and hit enter, then type python edl.py w modemst2 modemst2.bin --memory=ufs --lun=5. These three commands will restore your EFS backup.
Click to expand...
Click to collapse
Can you please make a video for this guide

I've been working with your guide to revive my LG V20 and have stopped at step 7.
Kiraisuki said:
7. Type python undz.py -f kdzextracted/[NAME OF DZ FILE].dz -s and press enter. Once complete, you should have a "dzextracted" folder containing a load of files
Click to expand...
Click to collapse
When I extract files from .DZ, my "dzextracted" folder is filled with “.image” and “.params” files.
There is no single .BIN file and no file has any letter prefix.
I have tried with multiple .DZ files from different V20 ROMs.
I have even downloaded “VS99513A” ROM you mentioned.
I have tried in Windows (7) and Linux (Mint 20.1).
Every time I get this mess of files.
KDZTools version is from direct link on GitHub you provided.
Are there any additional steps that are missing from guide?
Did anyone tried to revive V20 stuck in EDL mode, and has any tips to share?

Question: How is this different from using the QFIL software from qualcomm which is easier to do than this guide?

Is this EDL mode? Unlocked the bootloader and now uppercut, LGUP, NOTHING "sees" the phone USB connection (tho adb and fastboot do, but something's seriously ___ in there, I can't do much with either adb or fastboot)
Either adb or fastboot complain of "locked" this or that - but unlocked bootloader, from LG... (US996 turns out it has BPT - brightpoint - in the barcode, if that matters)

for h918, @Kiraisuki the elf file not work for me i got this error
Code:
sahara - Trying loader: Loaders\009470e10031026c_2cf7619a278d26073f7eea79bb7f4b7949c221487fea058ea072cffe38ce1496_fhprg.bin
sahara - Uploading loader Loaders\009470e10031026c_2cf7619a278d26073f7eea79bb7f4b7949c221487fea058ea072cffe38ce1496_fhprg.bin ...
sahara
sahara - [LIB]: Timeout while uploading loader. Wrong loader ?
No suitable loader found :(

no, edl mode must
virginwidow said:
Is this EDL mode? Unlocked the bootloader and now uppercut, LGUP, NOTHING "sees" the phone USB connection (tho adb and fastboot do, but something's seriously ___ in there, I can't do much with either adb or fastboot)
Either adb or fastboot complain of "locked" this or that - but unlocked bootloader, from LG... (US996 turns out it has BPT - brightpoint - in the barcode, if that matters)
View attachment 5305585
Click to expand...
Click to collapse
no , edl mode is black screen no bootloader, no recovery , no charge animation, nothing just 9008 mode
try to install original kdz with lgup

walidham said:
no, edl mode must
no , edl mode is black screen no bootloader, no recovery , no charge animation, nothing just 9008 mode
try to install original kdz with lgup
Click to expand...
Click to collapse
TY for response -
It appears I'm in a 'purgatory' between brick and "dead"... due to being a noob again (nothing like breaking things to learn).
LGUP, Uppercut - both of these go "No Device Connected" - the closest I can provide for a logcat is 'getvar all' from fastboot.
Code:
fastboot getvar all
(bootloader) version:0.5
(bootloader) variant:MTP eMMC
(bootloader) secure:yes
(bootloader) version-baseband:
(bootloader) version-bootloader:
(bootloader) display-panel:
(bootloader) off-mode-charge:0
(bootloader) charger-screen-enabled:0
(bootloader) max-download-size: 0x20000000
(bootloader) partition-type:cache:ext4
(bootloader) partition-size:cache: 0x4d000000
(bootloader) partition-type:userdata:ext4
(bootloader) partition-size:userdata: 0xced000000
(bootloader) partition-type:system:ext4
(bootloader) partition-size:system: 0x180000000
(bootloader) serialno:LGUS996fzzzzzzzz
(bootloader) kernel:lk
(bootloader) product:MSM8996
(bootloader) unlocked:yes
all:
finished. total time: 0.194s
(Serial editted) There's not enuff info left for the usual end-user tools to "see"
Any thoughts?
Thanks in Advance
VW

........main - Device detected
main - Mode detected: sahara
Device is in EDL mode .. continuing.
sahara -
------------------------
HWID: 0x009470e100310000 (MSM_ID:0x009470e1,OEM_ID:0x0031,MODEL_ID:0x0000)
CPU detected: "MSM8996"
PK_HASH: 0x2cf7619a278d26073f7eea79bb7f4b7949c221487fea058ea072cffe38ce1496
Serial: 0xe895007b
sahara - Detected loader: Loaders\009470e100310000_2cf7619a278d2607_[FHPRG].bin
sahara - Uploading loader Loaders\009470e100310000_2cf7619a278d2607_[FHPRG].bin ...
Successfully uploaded programmer
firehose - Nop succeeded.
firehose - Chip serial num: 3902079099 (0xe895007b)
oneplus
oneplus - [LIB]: No module named 'Library.Modules.oneplus_param'
firehose -
firehose_client - Target detected: MSM8996
firehose
firehose - [LIB]: <?xml version="1.0" encoding="UTF-8" ?>
<data>
<log value="fh.attrs.MaxPayloadSizeToTargetInBytes of 1048576 > fh.channel_buffer_capacity of 4096"/>
</data><?xml version="1.0" encoding="UTF-8" ?>
<data>
<log value="Calling usb_al_bulk_set_zlp_mode(TRUE) since ZlpAwareHost='1'"/>
</data><?xml version="1.0" encoding="UTF-8" ?>
<data>
<log value="Calling hotplug_poll_device('UFS')"/>
</data><?xml version="1.0" encoding="UTF-8" ?>
<data>
<log value="Storage device of type 'UFS' cannot be opened"/>
</data><?xml version="1.0" encoding="UTF-8" ?>
<data>
<log value="storage_device_open() returned FALSE"/>
</data><?xml version="1.0" encoding="UTF-8" ?>
<data>
<log value="ERROR 13: Line 1142: HANDLE_CONFIGURE_FAILURE"/>
</data><?xml version="1.0" encoding="UTF-8" ?>
<data>
<response value="NAK" />
</data>
\\\\\\\\\\\\\\\\Getiing this error/////////////// oneplus param And firehose lib

facing this problem

[Question]
At the step 12 of preparation
"12. In the command window, type python undz.py -f kdzextracted/[NAME OF DZ FILE].dz -r"
There were no rawprogram.xml and cmd window showed
C:\kdztools>undz.py -f kdzextracted/H99010b_00.dz -r
usage: undz.py [-h] -f DZFILE (-l | -x | -c | -s | -i) [-d OUTDIR]
undz.py: error: one of the arguments -l/--list -x/--extract -c/--chunk -s/--sing
le -i/--image is required
How to generate the xml files? Thanks.

Illusings said:
[Question]
At the step 12 of preparation
"12. In the command window, type python undz.py -f kdzextracted/[NAME OF DZ FILE].dz -r"
There were no rawprogram.xml and cmd window showed
C:\kdztools>undz.py -f kdzextracted/H99010b_00.dz -r
usage: undz.py [-h] -f DZFILE (-l | -x | -c | -s | -i) [-d OUTDIR]
undz.py: error: one of the arguments -l/--list -x/--extract -c/--chunk -s/--sing
le -i/--image is required
How to generate the xml files? Thanks.
Click to expand...
Click to collapse
getting this same error. has anyone fixed it?

dmad767 said:
getting this same error. has anyone fixed it?
Click to expand...
Click to collapse

Illusings said:
[Question]
At the step 12 of preparation
"12. In the command window, type python undz.py -f kdzextracted/[NAME OF DZ FILE].dz -r"
There were no rawprogram.xml and cmd window showed
C:\kdztools>undz.py -f kdzextracted/H99010b_00.dz -r
usage: undz.py [-h] -f DZFILE (-l | -x | -c | -s | -i) [-d OUTDIR]
undz.py: error: one of the arguments -l/--list -x/--extract -c/--chunk -s/--sing
le -i/--image is required
How to generate the xml files? Thanks.
Click to expand...
Click to collapse
i found a fix

dmad767 said:
i found a fix
Click to expand...
Click to collapse
how did you fix it

ezzony said:
Question: How is this different from using the QFIL software from qualcomm which is easier to do than this guide?
Click to expand...
Click to collapse
the goal is the same, I think it's easier with qfil partition manager. because the results of extracting the .dz file are in the form of a single image without the lun description as described above.
ROMSG said:
how did you fix it
Click to expand...
Click to collapse
I suggest using qfil manager (raw data manager), manually input the image file to be flashed.

Kiraisuki said:
This guide is for people whose V20s are stuck in EDL mode or are otherwise unable to boot recovery, fastboot, or laf/download mode. You know if your device is in EDL mode if it does not react when you try to turn it on, and when plugged into a computer, it shows up as Qualcomm HS-USB QDLoader 9008, or some similar variation. If your phone can boot into recovery, fastboot, or laf/download mode, this guide is not for you.
Preface
I only have a VS995, so this guide has only been tested with that. However the firehose programmer I found said it was for a H918 so it will likely work for other variants. I performed these steps on Linux, but the tools used are written in Python and should work on Windows and MacOS too.
I take no responsibility if you mess up your phone doing this. Flashing over EDL is a very powerful process that can totally erase your phone's NAND if you're not careful. This process wil likely require a factory reset and you will likely lose all the data stored on the phone.
Prerequisites
Python 3 - Both tools used in this guide are written in Python 3
KDZTools - Used to extract partition images from KDZ files
Bjoern Kerler's EDL Utility - For flashing partition images in EDL mode
v20-root.zip from this XDA post - For the rooted aboot.img
A stock firmware KDZ - Can be obtained from lg-firmwares.com. I used VS99513A. Choose an appropriate KDZ for your device.
A screwdriver and a paper clip - Used to force the device into EDL mode
prog_ufs_firehose_8996_lite.elf - Firehose programmer file for use with the EDL utility
Since the firehose programmer is copyright LG, I cannot link to it as that would be unauthorized distribution of copyrighted work. It can be found online fairly easily though.
Preparation
1. Windows and MacOS: Download and install Python 3. Most Linux distros come with Python 3 already installed. To check, open a terminal/command window and type python --version. It should say "Python 3.x.x"
2. Download and extract KDZTools to a directory of your choosing
3. Download and extract the EDL utility to a directory of your choosing and follow the setup instructions listed on its GitHub page
4. Download v20-root.zip and extract aboot.img into the directory you extracted the EDL utility into
5. Place your KDZ in the KDZTools directory and open a terminal/command window within that directory
6. Type python unkdz.py -f [NAME OF KDZ FILE].kdz -x and press enter. Once complete, you should have a "kdzextracted" folder containing a DZ file and a few other things. If you get an error about missing zstandard, type pip install zstandard and try again
7. Type python undz.py -f kdzextracted/[NAME OF DZ FILE].dz -s and press enter. Once complete, you should have a "dzextracted" folder containing a load of files
8. Create seven folders within "dzextracted", named "lun0", "lun1", "lun2", etc
9. Move all the files prefixed with "B." into the folder titled "lun1", all the files prefixed with "C." into the folder titled "lun2", and so on. Move all the files that are not prefixed with any capital letter into the folder titled "lun0"
10. Rename all the files in each folder and remove the letter and the period from the filename. "E.modem_35910.bin" becomes "modem_35910.bin" for example
11. In the "lun0" folder, delete "userdata.bin"
12. In the command window, type python undz.py -f kdzextracted/[NAME OF DZ FILE].dz -r
13. You should now have seven files titled "rawprogram#.xml" where # is a number from 0 to 6
14. Exit the KDZTools directory and go into the directory containing the EDL utility
15. Place the firehose programmer file into the folder named "Loaders"
16. Follow this iFixit guide up to Step 10 to gain access to your phone's motherboard.
Programming
1. Open a terminal/command window in the folder you extracted the EDL utility to. On Windows, you may need to open the command window as administrator. On MacOS and Linux, you will likely have to run the utility with sudo.
2. Type python edl.py printgpt --memory=ufs and press enter. You should see
Code:
Qualcomm Sahara / Firehose Client V3.2 (c) B.Kerler 2018-2021.
main - Trying with no loader given ...
main - Waiting for the device
If you get a message about missing Capstone and Keystone libraries, ignore it.
3. Put your phone's battery back in
4. Look for the following two pads on your phone's motherboard
View attachment 5243977
If you can't see them, it's the pair of tiny pads just above the silver square with the H etched into it in the center of the image (Photo courtesy of runningnak3d)
5. Hold your paper clip or other conductive item on those two pads to short them out, then, while holding the paper clip in place, plug your phone into your computer. Keep holding the paper clip in place until you get an error about missing the firehose programmer from the EDL utility
6. Unplug your phone and remove the battery
7. In the message from the EDL utility, you should see a hardware ID and pkhash
8. Rename "prog_ufs_firehose_8996_lite.elf" to [Hardware ID]_[PKHASH]_FHPRG.bin where [Hardware ID] is the hwid provided by the EDL utility, and [PKHASH] is the first 16 characters in the pkhash provided by the EDL utility
9. Follow steps 2-5 again, but this time holding the paper clip in place until you see Programmer uploaded successfully :). If all went well, you should see a list of partition names and a load of hexadecimal offsets and such. This means you've set everything up correctly
10. In the terminal/command window, type python edl.py r fsg fsg.bin --memory=ufs --lun=1 and hit enter. If you get "main - Waiting for the device", unplug your phone, remove the battery, and follow steps 3-5 again until you see Programmer uploaded successfully :)
11. Type python edl.py r modemst1 modemst1.bin --memory=ufs --lun=5 and hit enter.
12. Type python edl.py r modemst2 modemst2.bin --memory=ufs --lun=5 and hit enter. These three steps back up your EFS, which contains your phone's IMEI. We want a backup of this in case it gets corrupted by the flashing process. Your IMEI CANNOT be restored if EFS becomes corrupt and your phone will never be able to be activated on a cellular network again if we do not back up these three partitions first
13. In the terminal/command window, type python edl.py qfil "[PATH TO rawprogram0.xml]" "" "[PATH TO dzextracted/lun0]" --memory=ufs and press enter. Note that all the quotation marks are required.
14. Do step 13 again for each of the seven folders you created, replacing "0" in "rawprogram0.xml" and "lun0" with 1, 2, 3, 4, 5, and 6 as needed. This step will take some time
15. Once you have flashed all 7 "lun#" folders, type python edl.py w aboot aboot.img --memory=ufs --lun=4
16. Once complete, unplug your phone, remove the battery, reattach the backplate, and attempt to turn on the phone. It might boot to Android, but it might not. In my case, it did not boot to Android, but I could access fastboot and laf/download mode again, and I used those to finish fixing my phone.
Potential Problems
If you followed the guide and were able to restore your device to functioning order, but find that you have no signal and your phone reports it has no IMEI, type python edl.py w fsg fsg.bin --memory=ufs --lun=1 and hit enter, then type python edl.py w modemst1 modemst1.bin --memory=ufs --lun=5 and hit enter, then type python edl.py w modemst2 modemst2.bin --memory=ufs --lun=5. These three commands will restore your EFS backup.
Click to expand...
Click to collapse
If you have successfully manage to generate raw program.xml. why don't you just share with us and save us from the trouble

Faisal_Mystic said:
If you have successfully manage to generate raw program.xml. why don't you just share with us and save us from the trouble
Click to expand...
Click to collapse
Is your phone having problems? if the partition can still be read by QFIL, you can still manually flash the partitions one by one. But if the partition is blank, I have a raw firmware backup from kdz H990DS. It can be used to save the phone to boot and enter download mode. then just fix it with LGup partition DL, select All partition

lambtur said:
Is your phone having problems? if the partition can still be read by QFIL, you can still manually flash the partitions one by one. But if the partition is blank, I have a raw firmware backup from kdz H990DS. It can be used to save the phone to boot and enter download mode. then just fix it with LGup partition DL, select All partition
Click to expand...
Click to collapse
if you have such backup firmware it would be so nice of you if you upload on G_Drive and provide me the links
I will be very grateful

Related

Fastboot Driver

I am trying to put a ROM on the TF300. I have Unlocked the tablet and installed the ADB driver. When I boot into recovery and the USB icon it asks for a driver for fastboot. I can't seem to get that anywhere. I have the Android SDK installed and java etc. Where is the driver located? I look in the USB driver folder but its not in their...
If you need just fastboot, use this guide, that you will find in the index for tf300 (General & Dev forums)
HELP FOR FLASH MORE FASTER WHEN YOU USE FASTBOOT LINE COMMAND​
If you have got a problem with your adb or fastboot or recovery....it's very simply and faster
use this:
Download this file "fastboot.zip"
Install this file somewhere in one folder which is named "fastboot" on your PC
=> disk C: root
Unzipped this file on the folder "fastboot" and you will find 3 files:
- adb.exe
- AdbWinApi.dll
- fastboot.exe
and when you need to push something by the bootloader, you can use it.
Don't forget to push on this folder the file that you need. For exemple: boot.img or a recovery.img, etc...
The line command is :
Code:
c:\fastboot>
Enter
Code:
c:\fastboot>fastboot flash recovery recovery.img
Enter
If you want to flash the "recovery.img" file
******************************************************************
******************************************************************
If you want to know all lines of command
Code:
c:\fastboot>fastboot
Code:
usage: fastboot [ ]
commands:
update reflash device from update.zip
flashall flash boot + recovery + system
flash [ ] write a file to a flash partition
erase erase a flash partition
getvar display a bootloader variable
boot [ ] download and boot kernel
flash:raw boot [ ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot reboot device normally
reboot-bootloader reboot device into bootloader
help show this help message
options:
-w erase userdata and cache
-s specify device serial number
-p specify product name
-c override kernel commandline
-i specify a custom USB vendor id
-b specify a custom kernel base address
-n specify the nand page size. default: 2048
And if you have some problems with your drivers, you can use this : How to install Universal Naked Drivers
Sent from my N7 3G with DroiDevs premium between sky and earth.
I got it to work thanks!

[GUIDE][Linux/Win] How to unpack system_1.img+system_2.img+...+system_*.img | 2019

A youtube video on this guide
Watch video
Hello guys,
I rarely write guide and tutorials .so neglect my typos and gramatical mistakes
Today im gonna show you how to unpack sparsed system.img files (system_1.img+system_2.img+............+system_*.img)
supports system / cache / userdata / persist / vendor / cust / odm /oem partitions from QFIL firmwares
Lets get started
LINUX
Things Needed:
1) Packsparseimg
2) Imgextractor.exe -Need wine for this
Procedure:
1) First of all extract you device firmware in which you have sparse system.img files in a folder.
(folder path ex:~/Desktop/firmware)
2) Copy the downloaded packsparseimg_v1.1 and Imgextractor.exe in the same folder where you extracted your firmware
(ex:~/Desktop/firmware)
3) Open terminal and enter below commands.
4)
Code:
chmod 0755 packsparseimg_v1.1
5)This command will pack sparse system_1.img....files to system.raw
Code:
./packsparseimg_v1.1
you can use these commands to pack sparse cache and userdata persist,vendor,cust,odm partitions
Code:
Usage of ./packsparseimg_v1.1:
-o string
output dir path (default "./")
-t string
image to unsparse: system / cache / userdata / persist / vendor / cust / odm / oem (default "system")
-x string
xml file to load (default "./rawprogram_unsparse.xml")
6) After joining of sparse system.img's finishes you will get system.raw file
7) Use below commands to unpack system.raw to system folder
Note: You need wine on your linux to run imgextractor.exe
Code:
wine imgextractor.exe system.raw
8) Hell Yeah! you have successfully unpack those system_1,2,3,4....imgs
now you can make your own stock deodexed rom
Downloads For linux:-
[MOD EDIT: URL REMOVED]
Password:innfinite4evr
Imgextractor.exe
WINDOWS
Things Needed:
1) packsparseimg_v1.1
2) Imgextractor.exe
Procedure:
1) First of all extract you device firmware in which you have sparse system.img files in a folder.
(folder path exesktop/Myfirmware)
2) Copy the downloaded packsparseimg_v1.1 and Imgextractor.exe in the same folder where you extracted your firmware
(exesktop/Myfirmware)
3) Open Command Prompt (cmd.exe) and enter below commands.
PS: you can open command propmt by any of these methods. Here method 1 is preferred
Method 1: Most suitable method for this guide
hold down shift key while pressing the right mouse onto the folder you want to open "command prompt" then a new menu item will appear in your context menu offering you exactly that: "open command prompt here" select it and command prompt will open.
Method 2:Search is very helpful. In Windows 7, open the Start Menu and type command or cmd. Then, click or tap the Command Prompt
Method 3ne of the quickest ways to launch the Command Prompt is to use the Run window (press Win+R on your keyboard and type cmd and press enter to open it).
i guess three methods are enough for windows users
4) AFter command prompt opens enter below comamnds to proceed further
5)This command will pack sparse system_1.img....files to system.raw
Note default is "system"
Code:
packsparseimg
you can use these commands to pack sparse cache and userdata persist,vendor,cust,odm partitions
Code:
Usage of packsparseimg:
-o string
output dir path (default "./")
-t string
image to unsparse: system / cache / userdata / persist / vendor / cust / odm (default "system")
-x string
xml file to load (default "./rawprogram_unsparse.xml")
6) After joining of sparse system.img's finishes you will get system.raw file
7) Use below commands to unpack system.raw to system folder
Code:
imgextractor.exe system.raw
8) Now you will get unpacked system folder
Hell Yeah! you have successfully unpack those system_1,2,3,4....imgs
now you can make your own stock deodexed rom
Downloads for windows:-
Imgextractor.exe
Password:innfinite4evr
[MOD EDIT: URL REMOVED]
Changelog:-
in update v1.1
now supports system / cache / userdata / persist / vendor / cust / odm /oem partitions from QFIL firmwares
Credits:
kidd for initially making packsparseimg binary
@and_pDA for imgextractor,exe(Based on sources ext4_unpacker)
@Innfinite4evr for testing this method and write this guide​
Great work bro :good: Nice job and thanks for this
great work man. thanks
can you share code?
There is another way to unpacj that instead of using wine.
Code:
mount -o loop -t ext4 system.img [path]
Replace:
[Path] with path to the output directory you want (ex: ~/sys-img)
ext4: This might be different, check it by yourself, but most device now using ext4
Thanks for the info, btw
Please can somebody tell me how to revert the process? To create again sparse images and flash via qfil? Thanks in advance!
cofface said:
can you share code?
Click to expand...
Click to collapse
only prebuilts
cofface said:
can you share code?
Click to expand...
Click to collapse
only prebuilts
I get this error on Ubuntu:
bash: ./packsparseimg: cannot execute binary file: Formato eseguibile non valido
What is the procedure to do the reverse?
How to repack as parts
sir i was trying to repack system folder to system_1.img system_2.img etc.
is there any way for that?
i need to repack and flash to my phone
Doesn't seem to work for Oreo a/b system
@Innfinite4evr Hi there, can you add vendor, cust and odm support ?
AL_IRAQI said:
@Innfinite4evrHi there, can you add vendor, cust and odm support ?
Click to expand...
Click to collapse
Yes there is.
Im thinking to update this stuff
AL_IRAQI said:
@Innfinite4evrHi there, can you add vendor, cust and odm support ?
Click to expand...
Click to collapse
Ive updated the tool, maybe you can try for odm partition.
Innfinite4evr said:
Ive updated the tool, maybe you can try for odm partition.
Click to expand...
Click to collapse
I've try to buy, with all my2 credit card (master card and american express)
I was addebited 1€ in my mastercard, but it always give me error and I can't download the program.
I do not want the refund, I'd like to have the tool!
Samuele Bonzio
I give you my phone number by PM if that need!
Thank you!
Thread closed. PM me when you have download links that don't require payment to be added to the OP.

Fetching TWG10 Factory imgs+Introduction of Android Device Drivers

Notice : , First of all ,you are responsible for any damages on your tablet and I do not accept any responsibility for that , by reading and doing these procedures , you have already accepted its responsibility by yourself only , secondly this knowledge for Dev people much more ! , of course its written such way that newbies can understand too .
Click to expand...
Click to collapse
Before starting about fetching Stock ROM of TWG10 , maybe you ask ,what is TWG10 ? which Tablet is it ? ,so you can know and Find it from here : Introduction of Datamini TWG10 .
So , we pay attention some introduction and requirements in some steps then considering to the main .
Using of Ubuntu has far better features and advantage respect to Windows to fetch the Stock ROM of any Android devices , So we use Ubuntu too.
First Step is to Install ADB and Fastboot for Ubuntu from here using Terminal of Ubuntu.
Second step is to root your device , Rooting will be released so many privileges that make us to fetch the Stock ROM of any Android Devices .
One of the common and famous way of rooting Android devices is booting TWRP recovery from fastboot and Flashing SuperSu, but when there is no TWRP recovery for your device , you can port and compile it for your device : Porting TWRP From Source .
But always there is a final and better way to root your device which is so easy too -> UNIVERSAL GUIDE for Rooting Any Android Device Manually ! which has worked and been tested on Intel Atom based processor devices .
<<Fetching Factory Imgs>> :
After installing the SU ,now we can access to Android partition scheme of TWG10 , just connect your device through its cable to your PC (Ubuntu) , hoping you have already made USB debugging on in Developer options , just open a new terminal and write
Code:
adb devices
, you should see Baytrail000... in the last line , now command in the terminal ,
Code:
adb shell
and then when it starts , you will see your phone code name ,[email protected]_phone_32:/$ ,it means now you can get controlled fully of your tablet , just type
Code:
su
and press Enter , the information of Android partition scheme is located in /dev/block/platform/dw_mmc/by-name such that , the dw_mmc for TWG10 is 808060F14:00 let's use
Code:
ls -l /dev/block/platform/808060F14:00/by-name
to find locations of , boot.img , system.img, recovery.img and so on(Factory imgs) you will see such below photo : ( you can save this info in your internal storage ,
Code:
ls -la /dev/block/platform/808060F14:00/by-name > sdcard/your selective name.txt
)
also by commanding cat /proc/partition in terminal , you find some info about your tablet partition too
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As you see ,you can find location of each img file in your device for example : boot.img is in /dev/block/mmcblk0p5 now its time to fetch them using
Code:
dd if=Directory of source of=Directory of Destination
for example :
Code:
dd if=/dev/block/mmcblk0p5 of=/sdcard/boot.img
sdcard is absolute location of your Internal storage :/storage/emulated/legancy.(Notice : NEVER TOUCH basic_data_partition , its data of your windows OS , NEVER TOUCH ESP , its location of your UEFI bios insyde software , NEVER TOUCH Microsoft_reserve_partition , the only img files that you need to dd is boot.img. fastboot.img (bootloader) , system.img, recovery.img ,config.img ,factory.img, these two contains vendor.img and radio.img related connectivity and WIFI)
after fetching all imgs of stock ROM (Factory imgs) of TWG10 , its the time to pull them to your PC .
Just type exit and enter , write in the terminal ,
Code:
adb pull /sdcard/"img File" /" your selective Directory in your PC"
for example :
Code:
adb pull /sdcard/boot.img /home/amir/twg10_imgs
.
Do not worry , if you cant fetch all factory images , you can download them from here :Factory imgs of TWG10
But the important question is : why we need those factory imgs ? because when the Android OS gets damaged and its not booted up or in boot looping condition, we can survive it in below instruction :
Reviving TWG10 Android OS by Flashing Factory imgs via Fastboot:
open a new terminal in the directory which those factory images are there and placed and then write in the terminal :
Code:
adb reboot -bootloader
(we will boot to fastboot)
after restarting :
Code:
sudo fastboot devices
now we need to unlock bootloader for flashing
Code:
sudo fastboot oem unlock
sudo fastboot flashing unlock
sudo fastboot reboot bootloader
after restarting to bootloader ,you should press volume up to enter to fastboot
now its the time for erasing necessary partition, as we saw , ls -l /dev/block/platform/808060F14:00/by-name , shows the portions by name for example /dev/block/mmcblk0p5 is called boot .
so we use this code sudo fastboot erase 'partition by name'
Code:
sudo fastboot erase boot
sudo fastboot erase cache
sudo fastboot erase recovery
sudo fastboot erase date (userdata)
sudo fastboot erase system
now flashing 'partition by name'
sudo fastboot flash 'partition by name' 'img file association'
Code:
sudo fastboot flash boot boot.img
sudo fastboot flash fastboot fastboot.img (flashing bootloader)
sudo fastboot reboot bootloader (reboot to fastboot)
sudo fastboot flash recovery recovery.img
sudo fastboot flash system system.img
sudo fastboot flash config config.img (this is radio.img)
sudo fastboot flash factory factory.img (this is vendor.img)
sudo fastboot reboot
Congratulation ! your stock Android revived !
you can also download and install any Android X86 on your TWG10 , you can make bootable flash memory using Rufus but its important to say , you should use GPT Partition scheme for UEFI in partition scheme and target system type , another important notice is : when your bootable flash memory gets ready , you should open your flash memory and go to /boot/grub and open grub.cfg by gedit and modify it , after root=/dev/ram0 you should "space" and type nomodeset vga=5785 for live , debug and installation and then save , otherwise it wont be booted into TWG10!.
By pressing ESC before going to any OS ,you can select the bootable flash memory in boot manager and enter to boot menu of android X86 , if you did not modify the grub.cfg , you can press E in boot menu of Android X86 installation and modify it ( type and add nomodeset vga=5785 after root=/dev/ram0) and press F10 , but because of the orientation of tablet is in horizontal , maybe its difficult to modify , so its better to modify it before booting the flash memory and its better to install Android X86 on a SD card or another flash memory , because 32 GB is not enough for 3 OSs!
Another notice is you should pay attention to above partition scheme in the time of Android X86 installation.
but when you booted up the Android X86 , nothing works , touch , rotation ,sound and ......
this is because of no one of Android Drivers is installed for TWG10 , so we pay attention to ->
<<Introduction of Android Device Drivers >>
lets your TWG10 is connected to your PC.
Android Device Drivers (modules) are C program in fact , they are kind of modules which will be added to kernel of Android OS and they load and unload in the time of demand , these C program files after compiling ,they convert to the files with extension .ko , these .ko Files are located in /lib/modules .
these ko files are taking care of Device functionality (how they perform and operate) and files of hardware devices( such HDMI , hard disk , sound , touchscreen , WIFI...) are located in /dev
you can see the files of hardware devices using these codes in a terminal :
Code:
adb shell
ls -l /dev/i2c-1
you will see
Code:
crw------- root root 89, 1 2017-11-11 01:02 i2c-1
if the first letter is C its character device , 89 is major number using for identify the driver (which module or .ko file is used for this device file) , after 89 , there is a ',' and then 1 its a minor number which is used to distinguish between devices with same driver ,
for example if we write
Code:
adb shell
ls -l /dev/i2c-2
you will see
Code:
crw------- root root 89, 2 2017-11-11 01:02 i2c-2
i2c-2 used same driver file (major number is same) but another device file (minor number different)
we have two type devices , block devices and character devices.
block devices have a buffer for a request so they can have best response , block devices takes input and gives output only , but character devices can takes so many inputs and give so many outputs .
to see blocks and character devices on your TWG10 , you can use below codes :
Code:
adb shell
cat proc/devices
to create a device file ,using this code :
open a terminal :
Code:
mknod dev/'device name' 'major number' 'minor number'
for example :
Code:
adb shell
mknod dev/i2c 89 3
In fact modules (device drivers ) and devices file (hardware) are connect to each other by major number .
You can pull modules which are control the functionality of devices (hardware) in your PC from the stock Android using ADB and Ubuntu Terminal :
just open a new Terminal , type :
Code:
adb devices
adb pull /lib/modules 'A directory in your PC"
now if you want to see these .ko files are about which Device Driver , just open a terminal in the directory that .ko files are type :
Code:
modinfo 'name of the ko file'
for example
Code:
modinfo 8723bs.ko
We can also see Device Drivers which are activated by using lsmod or cat /proc/modules :
open a new terminal and type :
Code:
adb shell
lsmode or cat/proc/modules
For adding a driver or module to the kernel ,
open a terminal in the directory of .ko file where you pulled them into your PC
Code:
adb push 'directory of modules(drivers) in the PC' /lib/modules
adb shell
modprobe 'the pushed file name'
for example :
Code:
adb push /home/amir/twg10_imgs/drivers /lib/modules
adb shell
modprobe 8723bs
also with insmod command , we can add a driver to the kernel , but its dependencies command , we should add other related driver(module) too.
for example
Code:
adb shell
insmod ./8723bs.ko
the story still has not be started , it will be continued !
amirhtc said:
Before starting about fetching Stock ROM of TWG10 , maybe you ask ,what is TWG10 ? which Tablet is it ? ,so you can know and Find it from here : Introduction of Datamini TWG10 .
So , we pay attention some introduction and requirements in some steps then considering to the main .
Using of Ubuntu has far better features and advantage respect to Windows to fetch the Stock ROM of any Android devices , So we use Ubuntu too.
First Step is to Install ADB and Fastboot for Ubuntu from here using Terminal of Ubuntu.
Second step is to root your device , Rooting will be released so many privileges that make us to fetch the Stock ROM of any Android Devices .
One of the common and famous way of rooting Android devices is booting TWRP recovery from fastboot and Flashing SuperSu, but when there is no TWRP recovery for your device , you can port and compile it for your device : Porting TWRP From Source .
But always there is a final and better way to root your device which is so easy too -> UNIVERSAL GUIDE for Rooting Any Android Device Manually ! which has worked and been tested on Intel Atom based processor devices .
<<Fetching Factory Imgs>> :
After installing the SU ,now we can access to Android partition scheme of TWG10 , just connect your device through its cable to your PC (Ubuntu) , hoping you have already made USB debugging on in Developer options , just open a new terminal and write
Code:
adb devices
, you should see Baytrail000... in the last line , now command in the terminal ,
Code:
adb shell
and then when it starts , you will see your phone code name ,[email protected]_phone_32:/$ ,it means now you can get controlled fully of your tablet , just type
Code:
su
and press Enter , the information of Android partition scheme is located in /dev/block/platform/dw_mmc/by-name such that , the dw_mmc for TWG10 is 808060F14:00 let's use
Code:
ls -l /dev/block/platform/808060F14:00/by-name
to find locations of , boot.img , system.img, recovery.img and so on(Factory imgs) you will see such below photo : ( you can save this info in your internal storage ,
Code:
ls -la /dev/block/platform/808060F14:00/by-name > sdcard/your selective name.txt
)
also by commanding cat /proc/partition in terminal , you find some info about your tablet partition too
As you see ,you can find location of each img file in your device for example : boot.img is in /dev/block/mmcblk0p5 now its time to fetch them using
Code:
dd if=Directory of source of=Directory of Destination
for example :
Code:
dd if=/dev/block/mmcblk0p5 of=/sdcard/boot.img
sdcard is absolute location of your Internal storage :/storage/emulated/legancy.(Notice : NEVER TOUCH basic_data_partition , its data of your windows OS , NEVER TOUCH ESP , its location of your UEFI bios insyde software , NEVER TOUCH Microsoft_reserve_partition , the only img files that you need to dd is boot.img. fastboot.img (bootloader) , system.img, recovery.img ,config.img ,factory.img, these two contains vendor.img and radio.img related connectivity and WIFI)
after fetching all imgs of stock ROM (Factory imgs) of TWG10 , its the time to pull them to your PC .
Just type exit and enter , write in the terminal ,
Code:
adb pull /sdcard/"img File" /" your selective Directory in your PC"
for example :
Code:
adb pull /sdcard/boot.img /home/amir/twg10_imgs
.
Do not worry , if you cant fetch all factory images , you can download them from here :Factory imgs of TWG10
But the important question is : why we need those factory imgs ? because when the Android OS gets damaged and its not booted up or in boot looping condition, we can survive it in below instruction :
Reviving TWG10 Android OS by Flashing Factory imgs via Fastboot:
open a new terminal in the directory which those factory images are there and placed and then write in the terminal :
Code:
adb reboot -bootloader
(we will boot to fastboot)
after restarting :
Code:
sudo fastboot devices
now we need to unlock bootloader for flashing
Code:
sudo fastboot oem unlock
sudo fastboot flashing unlock
sudo fastboot reboot bootloader
after restarting to bootloader ,you should press volume up to enter to fastboot
now its the time for erasing necessary partition, as we saw , ls -l /dev/block/platform/808060F14:00/by-name , shows the portions by name for example /dev/block/mmcblk0p5 is called boot .
so we use this code sudo fastboot erase 'partition by name'
Code:
sudo fastboot erase boot
sudo fastboot erase cache
sudo fastboot erase recovery
sudo fastboot erase date (userdata)
sudo fastboot erase system
now flashing 'partition by name'
sudo fastboot flash 'partition by name' 'img file association'
Code:
sudo fastboot flash boot boot.img
sudo fastboot flash fastboot fastboot.img (flashing bootloader)
sudo fastboot reboot bootloader (reboot to fastboot)
sudo fastboot flash recovery recovery.img
sudo fastboot flash system system.img
sudo fastboot flash config config.img (this is radio.img)
sudo fastboot flash factory factory.img (this is vendor.img)
sudo fastboot reboot
Congratulation ! your stock Android revived !
you can also download and install any Android X86 on your TWG10 , you can make bootable flash memory using Rufus but its important to say , you should use GPT Partition scheme for UEFI in partition scheme and target system type , another important notice is : when your bootable flash memory gets ready , you should open your flash memory and go to /boot/grub and open grub.cfg by gedit and modify it , after root=/dev/ram0 you should "space" and type nomodeset vga=5785 for live , debug and installation and then save , otherwise it wont be booted into TWG10!.
By pressing ESC before going to any OS ,you can select the bootable flash memory in boot manager and enter to boot menu of android X86 , if you did not modify the grub.cfg , you can press E in boot menu of Android X86 installation and modify it ( type and add nomodeset vga=5785 after root=/dev/ram0) and press F10 , but because of the orientation of tablet is in horizontal , maybe its difficult to modify , so its better to modify it before booting the flash memory and its better to install Android X86 on a SD card or another flash memory , because 32 GB is not enough for 3 OSs!
Another notice is you should pay attention to above partition scheme in the time of Android X86 installation.
but when you booted up the Android X86 , nothing works , touch , rotation ,sound and ......
this is because of no one of Android Drivers is installed for TWG10 , so we pay attention to ->
<<Introduction of Android Device Drivers >>
lets your TWG10 is connected to your PC.
Android Device Drivers (modules) are C program in fact , they are kind of modules which will be added to kernel of Android OS and they load and unload in the time of demand , these C program files after compiling ,they convert to the files with extension .ko , these .ko Files are located in /lib/modules .
these ko files are taking care of Device functionality (how they perform and operate) and files of hardware devices( such HDMI , hard disk , sound , touchscreen , WIFI...) are located in /dev
you can see the files of hardware devices using these codes in a terminal :
Code:
adb shell
ls -l /dev/i2c-1
you will see
Code:
crw------- root root 89, 1 2017-11-11 01:02 i2c-1
if the first letter is C its character device , 89 is major number using for identify the driver (which module or .ko file is used for this device file) , after 89 , there is a ',' and then 1 its a minor number which is used to distinguish between devices with same driver ,
for example if we write
Code:
adb shell
ls -l /dev/i2c-2
you will see
Code:
crw------- root root 89, 2 2017-11-11 01:02 i2c-2
i2c-2 used same driver file (major number is same) but another device file (minor number different)
we have two type devices , block devices and character devices.
block devices have a buffer for a request so they can have best response , block devices takes input and gives output only , but character devices can takes so many inputs and give so many outputs .
to see blocks and character devices on your TWG10 , you can use below codes :
Code:
adb shell
cat proc/devices
to create a device file ,using this code :
open a terminal :
Code:
mknod dev/'device name' 'major number' 'minor number'
for example :
Code:
adb shell
mknod dev/i2c 89 3
In fact modules (device drivers ) and devices file (hardware) are connect to each other by major number .
You can pull modules which are control the functionality of devices (hardware) in your PC from the stock Android using ADB and Ubuntu Terminal :
just open a new Terminal , type :
Code:
adb devices
adb pull /lib/modules 'A directory in your PC"
now if you want to see these .ko files are about which Device Driver , just open a terminal in the directory that .ko files are type :
Code:
modinfo 'name of the ko file'
for example
Code:
modinfo 8723bs.ko
We can also see Device Drivers which are activated by using lsmod or cat /proc/modules :
open a new terminal and type :
Code:
adb shell
lsmode or cat/proc/modules
For adding a driver or module to the kernel ,
open a terminal in the directory of .ko file where you pulled them into your PC
Code:
adb push 'directory of modules(drivers) in the PC' /lib/modules
adb shell
modprobe 'the pushed file name'
for example :
Code:
adb push /home/amir/twg10_imgs/drivers /lib/modules
adb shell
modprobe 8723bs
also with insmod command , we can add a driver to the kernel , but its dependencies command , we should add other related driver(module) too.
for example
Code:
adb shell
insmod ./8723bs.ko
the story still has not be started , it will be continued !
Click to expand...
Click to collapse
Is it possible to get a copy of your files?
Upload factory image
If you can, kindly please upload the factory images again
If possible in google drive
Atleat it won't get deleted
amirhtc said:
Before starting about fetching Stock ROM of TWG10 , maybe you ask ,what is TWG10 ? which Tablet is it ? ,so you can know and Find it from here : Introduction of Datamini TWG10 .
So , we pay attention some introduction and requirements in some steps then considering to the main .
Using of Ubuntu has far better features and advantage respect to Windows to fetch the Stock ROM of any Android devices , So we use Ubuntu too.
First Step is to Install ADB and Fastboot for Ubuntu from here using Terminal of Ubuntu.
Second step is to root your device , Rooting will be released so many privileges that make us to fetch the Stock ROM of any Android Devices .
One of the common and famous way of rooting Android devices is booting TWRP recovery from fastboot and Flashing SuperSu, but when there is no TWRP recovery for your device , you can port and compile it for your device : Porting TWRP From Source .
But always there is a final and better way to root your device which is so easy too -> UNIVERSAL GUIDE for Rooting Any Android Device Manually ! which has worked and been tested on Intel Atom based processor devices .
<<Fetching Factory Imgs>> :
After installing the SU ,now we can access to Android partition scheme of TWG10 , just connect your device through its cable to your PC (Ubuntu) , hoping you have already made USB debugging on in Developer options , just open a new terminal and write
Code:
adb devices
, you should see Baytrail000... in the last line , now command in the terminal ,
Code:
adb shell
and then when it starts , you will see your phone code name ,[email protected]_phone_32:/$ ,it means now you can get controlled fully of your tablet , just type
Code:
su
and press Enter , the information of Android partition scheme is located in /dev/block/platform/dw_mmc/by-name such that , the dw_mmc for TWG10 is 808060F14:00 let's use
Code:
ls -l /dev/block/platform/808060F14:00/by-name
to find locations of , boot.img , system.img, recovery.img and so on(Factory imgs) you will see such below photo : ( you can save this info in your internal storage ,
Code:
ls -la /dev/block/platform/808060F14:00/by-name > sdcard/your selective name.txt
)
also by commanding cat /proc/partition in terminal , you find some info about your tablet partition too
As you see ,you can find location of each img file in your device for example : boot.img is in /dev/block/mmcblk0p5 now its time to fetch them using
Code:
dd if=Directory of source of=Directory of Destination
for example :
Code:
dd if=/dev/block/mmcblk0p5 of=/sdcard/boot.img
sdcard is absolute location of your Internal storage :/storage/emulated/legancy.(Notice : NEVER TOUCH basic_data_partition , its data of your windows OS , NEVER TOUCH ESP , its location of your UEFI bios insyde software , NEVER TOUCH Microsoft_reserve_partition , the only img files that you need to dd is boot.img. fastboot.img (bootloader) , system.img, recovery.img ,config.img ,factory.img, these two contains vendor.img and radio.img related connectivity and WIFI)
after fetching all imgs of stock ROM (Factory imgs) of TWG10 , its the time to pull them to your PC .
Just type exit and enter , write in the terminal ,
Code:
adb pull /sdcard/"img File" /" your selective Directory in your PC"
for example :
Code:
adb pull /sdcard/boot.img /home/amir/twg10_imgs
.
Do not worry , if you cant fetch all factory images , you can download them from here :Factory imgs of TWG10
But the important question is : why we need those factory imgs ? because when the Android OS gets damaged and its not booted up or in boot looping condition, we can survive it in below instruction :
Reviving TWG10 Android OS by Flashing Factory imgs via Fastboot:
open a new terminal in the directory which those factory images are there and placed and then write in the terminal :
Code:
adb reboot -bootloader
(we will boot to fastboot)
after restarting :
Code:
sudo fastboot devices
now we need to unlock bootloader for flashing
Code:
sudo fastboot oem unlock
sudo fastboot flashing unlock
sudo fastboot reboot bootloader
after restarting to bootloader ,you should press volume up to enter to fastboot
now its the time for erasing necessary partition, as we saw , ls -l /dev/block/platform/808060F14:00/by-name , shows the portions by name for example /dev/block/mmcblk0p5 is called boot .
​so we use this code sudo fastboot erase 'partition by name'
Code:
sudo fastboot erase boot
sudo fastboot erase cache
sudo fastboot erase recovery
sudo fastboot erase date (userdata)
sudo fastboot erase system
now flashing 'partition by name'
sudo fastboot flash 'partition by name' 'img file association'
Code:
sudo fastboot flash boot boot.img
sudo fastboot flash fastboot fastboot.img (flashing bootloader)
sudo fastboot reboot bootloader (reboot to fastboot)
sudo fastboot flash recovery recovery.img
sudo fastboot flash system system.img
sudo fastboot flash config config.img (this is radio.img)
sudo fastboot flash factory factory.img (this is vendor.img)
sudo fastboot reboot
Congratulation ! your stock Android revived !
you can also download and install any Android X86 on your TWG10 , you can make bootable flash memory using Rufus but its important to say , you should use GPT Partition scheme for UEFI in partition scheme and target system type , another important notice is : when your bootable flash memory gets ready , you should open your flash memory and go to /boot/grub and open grub.cfg by gedit and modify it , after root=/dev/ram0 you should "space" and type nomodeset vga=5785 for live , debug and installation and then save , otherwise it wont be booted into TWG10!.
By pressing ESC before going to any OS ,you can select the bootable flash memory in boot manager and enter to boot menu of android X86 , if you did not modify the grub.cfg , you can press E in boot menu of Android X86 installation and modify it ( type and add nomodeset vga=5785 after root=/dev/ram0) and press F10 , but because of the orientation of tablet is in horizontal , maybe its difficult to modify , so its better to modify it before booting the flash memory and its better to install Android X86 on a SD card or another flash memory , because 32 GB is not enough for 3 OSs!
Another notice is you should pay attention to above partition scheme in the time of Android X86 installation.
​but when you booted up the Android X86 , nothing works , touch , rotation ,sound and ......
this is because of no one of Android Drivers is installed for TWG10 , so we pay attention to ->
<<Introduction of Android Device Drivers >>
lets your TWG10 is connected to your PC.
Android Device Drivers (modules) are C program in fact , they are kind of modules which will be added to kernel of Android OS and they load and unload in the time of demand , these C program files after compiling ,they convert to the files with extension .ko , these .ko Files are located in /lib/modules .
these ko files are taking care of Device functionality (how they perform and operate) and files of hardware devices( such HDMI , hard disk , sound , touchscreen , WIFI...) are located in /dev
you can see the files of hardware devices using these codes in a terminal :
Code:
adb shell
ls -l /dev/i2c-1
you will see
Code:
crw------- root root 89, 1 2017-11-11 01:02 i2c-1
if the first letter is C its character device , 89 is major number using for identify the driver (which module or .ko file is used for this device file) , after 89 , there is a ',' and then 1 its a minor number which is used to distinguish between devices with same driver ,
for example if we write
Code:
adb shell
ls -l /dev/i2c-2
you will see
Code:
crw------- root root 89, 2 2017-11-11 01:02 i2c-2
i2c-2 used same driver file (major number is same) but another device file (minor number different)
we have two type devices , block devices and character devices.
block devices have a buffer for a request so they can have best response , block devices takes input and gives output only , but character devices can takes so many inputs and give so many outputs .
to see blocks and character devices on your TWG10 , you can use below codes :
Code:
adb shell
cat proc/devices
to create a device file ,using this code :
open a terminal :
Code:
mknod dev/'device name' 'major number' 'minor number'
for example :
Code:
adb shell
mknod dev/i2c 89 3
In fact modules (device drivers ) and devices file (hardware) are connect to each other by major number .
You can pull modules which are control the functionality of devices (hardware) in your PC from the stock Android using ADB and Ubuntu Terminal :
just open a new Terminal , type :
Code:
adb devices
adb pull /lib/modules 'A directory in your PC"
​now if you want to see these .ko files are about which Device Driver , just open a terminal in the directory that .ko files are type :
Code:
modinfo 'name of the ko file'
for example
Code:
modinfo 8723bs.ko
​We can also see Device Drivers which are activated by using lsmod or cat /proc/modules :
open a new terminal and type :
Code:
adb shell
lsmode or cat/proc/modules
For adding a driver or module to the kernel ,
open a terminal in the directory of .ko file where you pulled them into your PC
Code:
adb push 'directory of modules(drivers) in the PC' /lib/modules
adb shell
modprobe 'the pushed file name'
for example :
Code:
adb push /home/amir/twg10_imgs/drivers /lib/modules
adb shell
modprobe 8723bs
also with insmod command , we can add a driver to the kernel , but its dependencies command , we should add other related driver(module) too.
for example
Code:
adb shell
insmod ./8723bs.ko
the story still has not be started , it will be continued !
Click to expand...
Click to collapse
please upload the factory images again

Editing system.img inside super.img and flashing our modifications

Hello and welcome to my first post.
today I will talk about editing super.img and modifying system.img inside of it.
In android 10 and bigger, sometimes there is no system.img in ROM it because google starting use Dynamic Partitions for more flexible images size - more details here
instead of system.img we will see super.img that include few partition inside.
So In this case, in order to do our modifications in the rom we should unpack the super.img and after that to unpack the system.img and then build it again.
requirements:
1) I will use ubuntu in vbox so you need a linux machine.
2) some super.img for editing.
steps:
1) unpacking super.img
2) resizing system.img in order to insert our MODS to the rom
3) mounting system.img
4) do our modifications
5) umounting system
6) shrink edited system.img to the minimal size
7) generating new super.img
8) flashing it to our device
Let's Start!
1) unpacking super image:
First of all the super.img file might be in sparse format so we need to make it raw image
open termianl in super.img directory and type:
Code:
simg2img super.img super.ext4.img
now we got new file named super.ext4.img: we are working with this file.
There are multiple ways to unpack super.img:
for example: using imjtool or using lpunpack
If you use imjtool follow this
Open terminal in imjtool path and super.img path and type
Code:
./imjtool.ELF64 super.img extract
if you got and error run it as superuser by
Code:
sudo ./imjtool.ELF64 super.img extract
I will use lpunpck tool (Official tool from google)
locate lpunpack and super.ext4.img and open terminal in this folder.
Then type:
Code:
./lpunpack super.ext4.img
wait for it it may take couple of minutes.
now our folder looks like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
2)resizing system.img in order to make enough space for modifications
turn back into your terminal and type:
Code:
fallocate -l 2G system.img
This command allocates more space for system.img (Changing to 2GB)
After that type:
Code:
resize2fs system.img 2G
This command increases the file system size of the partition to 2G
3) mounting system.img
Create new folder and mount:
Code:
mkdir system
Code:
sudo mount -t ext4 -o loop system.img system
Now system dir contains all system.img files.
4)edit it as you want
***IMPORTANT***
In order to make changes you should use superuser:
when you typing a command while you modifying use sudo prefix.
you can use the file explorer with superuser permissions by typing:
Code:
sudo nautilus
5) umount system
*)make sure the terminal is not in system directory or some sub dir of it
if Yes just type
Code:
cd ..
to go up in the directories tree (do it many times until you will be in the same directory like the image in the top)
type:
Code:
sudo umount system
Code:
e2fsck -yf system.img
(fixes file system errors)
6) shrink the edit system.img into the minimum possible size
by:
Code:
resize2fs -M system.img
fix the file system again:
Code:
e2fsck -yf system.img
7) generating new super.img
as you can see at the image above, in my case the super.ext4.img contaings 3 partitions:
1)system.img(that we worked with)
2)vendor.img
3)product.img
in you case it may be different so follow the logic of the following command and not copy paste it.
another tool from google that called lpmake using for packing super.img.
How this tool works
it creates empty super.img with all headers stuff and pushing partitions into it
so let's start with generating:
this is the documentation of the tool: link
at first we should get each partitions file size
we can do it by:
Code:
stat -c '%n %s' system.img
do it for all partitions files
And this is tricky and critical step:
***DO NOT COPY!!***
Code:
./lpmake --metadata-size 65536 --super-name super --metadata-slots 1 --device super:4294967296 --group main:3139354624 --partition system:readonly:1434726400:main --image system=./system.img --partition vendor:readonly:330866688:main --image vendor=./vendor.img --partition product:readonly:1373761536:main --image product=./product.img --sparse --output ./super.new.img
explanation:
1) --metadata-size: The maximum size that partition metadata may consume. A partition entry uses 64 bytes and an extent entry uses 16 bytes. I think 65536 should work in most cases.
2) --metadata-slots - The number of slots available for storing metadata. This should match the number of update slots on the device, 2 for A/B devices and 1 for non-A/B.
3)--device super: The size of the “super” partition on the device. It must match exactly, and it must be evenly divisible by the sector size (512 bytes).
4) --group main:4293513600: sum of all partitions files sizes
5) --partition system:readonly:1577095168:main --image system=./system.img : Every parition file size with permissions(readonly) and input img file
good work we got new custom rom!
credit to(for repacking step):
XDA Post: https://forum.xda-developers.com/showpost.php?p=82241115&postcount=70
8) flashing the new rom to a physical device
First of all we should unlock the boot loader without unlocking we may brick the phone
It can be done by allowing oem unlock in developers options and rebooting into bootloader and type:
Code:
fastboot flashing unlock
But it may not work - it depends on your device so check in google.
After you unlocked the bootloader flash the new rom by:
Code:
fastboot flash super super.new.img
If your devices alert for unlocked bootloader(orange state)
you can remove this annoying alert
just search on google.
if you have mediatek check this link:
https://forum.hovatek.com/thread-31664.html
I'm trying to modify my system.img (/system/build.prop) to include support for multi users. After struggling a lot, I've succeeded following your guide (that's an awesome work btw) to unpack, mount, modify, umount and repack super.img. Then, after flashing the new super.img, nothing changes on the phone. I've tried adding and removing files to the system.img before reflashing, and after flashing, i've verified using adb shell. It seem that the image flashed do not contains my modifications. In other words, I succeed to repack a modified super.img, but flashing the new super.img do not modify the phone itself. Any clues? Can you help me?
Phone is Umidigi A7 Pro 64GB
saga1900 said:
I'm trying to modify my system.img (/system/build.prop) to include support for multi users. After struggling a lot, I've succeeded following your guide (that's an awesome work btw) to unpack, mount, modify, umount and repack super.img. Then, after flashing the new super.img, nothing changes on the phone. I've tried adding and removing files to the system.img before reflashing, and after flashing, i've verified using adb shell. It seem that the image flashed do not contains my modifications. In other words, I succeed to repack a modified super.img, but flashing the new super.img do not modify the phone itself. Any clues? Can you help me?
Phone is Umidigi A7 Pro 64GB
Click to expand...
Click to collapse
Hey dear thank you for the compliment, please tell me more about how did you flash the new image.
hey dear did you flash it by using sp flash tool? did you unlocked the bootloader? did you see orange state warning when the device booted after flashing?
Brepro1 said:
Hey dear thank you for the compliment, please tell me more about how did you flash the new image.
hey dear did you flash it by using sp flash tool? did you unlocked the bootloader? did you see orange state warning when the device booted after flashing?
Click to expand...
Click to collapse
Hi, thx for your reply!
I've unlocked the bootloader as you oriented, and after that, I'm seeing the orange warning!I tried flashing using two methods. Using SP Flash Tool, and using flashboot.
Using SP Flash Tool was straight forward. Just selected the Scatter File, then picked the new super.img. Successfully flashed, but no changes on the phone.
Using flashboot: ./flashboot flash super super.modified.img
What a did, in short, was:
1.) simg2img super.img super.raw
2.) imjtool super.raw extract (also tried using lpunpack as you oriented)
3.) mount -t ext4 -o loop system.img /mount/point
4.) edit everything needed
5.) umount /mount/point
6.) repacked super.img using lpmake
7.) flashed the new super.img using SPFT or flashboot. Boths succeeds, but none really modifies the phone
To double check that the new super.img is correct, I've extracted it again, and double checked my changes. and they are there.
Vary strange, I don't have an idea, sorry
Brepro1 said:
Vary strange, I don't have an idea, sorry
Click to expand...
Click to collapse
NP, thanks anyway. I'm reading about a few things like disabling vbmeta verity and other things. Also, I did not mentioned, but I've downloaded and modified a stock rom, and my phone is not rooted. If i found anything that worths mention here, I'll update this thread
i cant mounr system.img . Cant you help me
#sudo mount -t ext4 -o loop system.img system
mount: /home/nam/system: wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error
NguyenNhutNam said:
i cant mounr system.img . Cant you help me
#sudo mount -t ext4 -o loop system.img system
mount: /home/nam/system: wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error
Click to expand...
Click to collapse
what does the command
file path://system.img
show up?
Anyone can help how to repack an unpacked super.img?
Try to delete an app in the product and system.img and post the instructions to repack everything into a super.img again.
My goal is to remove most of the preinstalled Google apps.
Here is the firmware link
UMIDIGI_A9_PRO_128GB_V1-0_20210127
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
How do you get this size, from the scatter file super partition size?
3)--device super: The size of the “super” partition on the device. It must match exactly, and it must be evenly divisible by the sector size (512 bytes).
After repacking I also get this error, is it normal?
'Invalid sparse file format at header magic'
Brepro1 said:
Hello and welcome to my first post.
today I will talk about editing super.img and modifying system.img inside of it.
In android 10 and bigger, sometimes there is no system.img in ROM it because google starting use Dynamic Partitions for more flexible images size - more details here
instead of system.img we will see super.img that include few partition inside.
So In this case, in order to do our modifications in the rom we should unpack the super.img and after that to unpack the system.img and then build it again.
requirements:
1) I will use ubuntu in vbox so you need a linux machine.
2) some super.img for editing.
steps:
1) unpacking super.img
2) resizing system.img in order to insert our MODS to the rom
3) mounting system.img
4) do our modifications
5) umounting system
6) shrink edited system.img to the minimal size
7) generating new super.img
8) flashing it to our device
Let's Start!
1) unpacking super image:
First of all the super.img file might be in sparse format so we need to make it raw image
open termianl in super.img directory and type:
Code:
simg2img super.img super.ext4.img
now we got new file named super.ext4.img: we are working with this file.
There are multiple ways to unpack super.img:
for example: using imjtool or using lpunpack
If you use imjtool follow this
Open terminal in imjtool path and super.img path and type
Code:
./imjtool.ELF64 super.img extract
if you got and error run it as superuser by
Code:
sudo ./imjtool.ELF64 super.img extract
I will use lpunpck tool (Official tool from google)
locate lpunpack and super.ext4.img and open terminal in this folder.
Then type:
Code:
./lpunpack super.ext4.img
wait for it it may take couple of minutes.
now our folder looks like this:
2)resizing system.img in order to make enough space for modifications
turn back into your terminal and type:
Code:
fallocate -l 2G system.img
This command allocates more space for system.img (Changing to 2GB)
After that type:
Code:
resize2fs system.img 2G
This command increases the file system size of the partition to 2G
3) mounting system.img
Create new folder and mount:
Code:
mkdir system
Code:
sudo mount -t ext4 -o loop system.img system
Now system dir contains all system.img files.
4)edit it as you want
***IMPORTANT***
In order to make changes you should use superuser:
when you typing a command while you modifying use sudo prefix.
you can use the file explorer with superuser permissions by typing:
Code:
sudo nautilus
5) umount system
*)make sure the terminal is not in system directory or some sub dir of it
if Yes just type
Code:
cd ..
to go up in the directories tree (do it many times until you will be in the same directory like the image in the top)
type:
Code:
sudo umount system
Code:
e2fsck -yf system.img
(fixes file system errors)
6) shrink the edit system.img into the minimum possible size
by:
Code:
resize2fs -M system.img
fix the file system again:
Code:
e2fsck -yf system.img
7) generating new super.img
as you can see at the image above, in my case the super.ext4.img contaings 3 partitions:
1)system.img(that we worked with)
2)vendor.img
3)product.img
in you case it may be different so follow the logic of the following command and not copy paste it.
another tool from google that called lpmake using for packing super.img.
How this tool works
it creates empty super.img with all headers stuff and pushing partitions into it
so let's start with generating:
this is the documentation of the tool: link
at first we should get each partitions file size
we can do it by:
Code:
stat -c '%n %s' system.img
do it for all partitions files
And this is tricky and critical step:
***DO NOT COPY!!***
Code:
./lpmake --metadata-size 65536 --super-name super --metadata-slots 1 --device super:4294967296 --group main:3139354624 --partition system:readonly:1434726400:main --image system=./system.img --partition vendor:readonly:330866688:main --image vendor=./vendor.img --partition product:readonly:1373761536:main --image product=./product.img --sparse --output ./super.new.img
explanation:
1) --metadata-size: The maximum size that partition metadata may consume. A partition entry uses 64 bytes and an extent entry uses 16 bytes. I think 65536 should work in most cases.
2) --metadata-slots - The number of slots available for storing metadata. This should match the number of update slots on the device, 2 for A/B devices and 1 for non-A/B.
3)--device super: The size of the “super” partition on the device. It must match exactly, and it must be evenly divisible by the sector size (512 bytes).
4) --group main:4293513600: sum of all partitions files sizes
5) --partition system:readonly:1577095168:main --image system=./system.img : Every parition file size with permissions(readonly) and input img file
good work we got new custom rom!
credit to(for repacking step):
XDA Post: https://forum.xda-developers.com/showpost.php?p=82241115&postcount=70
8) flashing the new rom to a physical device
First of all we should unlock the boot loader without unlocking we may brick the phone
It can be done by allowing oem unlock in developers options and rebooting into bootloader and type:
Code:
fastboot flashing unlock
But it may not work - it depends on your device so check in google.
After you unlocked the bootloader flash the new rom by:
Code:
fastboot flash super super.new.img
If your devices alert for unlocked bootloader(orange state)
you can remove this annoying alert
just search on google.
if you have mediatek check this link:
https://forum.hovatek.com/thread-31664.html
Click to expand...
Click to collapse
when I put the command line
./lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super: 6836715520 --group main: 6642450432 --partition system: readonly: 5244977152: main --image system =. / system.img --partition odm: readonly: 4349952: main --image odm =. / odm.img --partition product: readonly: 752545792: main --image product =. / product.img --partition vendor: readonly: 640577536: main --image vendor =. / Vendor.img --sparse --output ./super_new.img
it says this: Invalid sparse file format at header magic
why ????
I edited the vendor.img but something strange happens:
$stat -c '%n %s' *
super.img 3758096384
product.img 1596944384
system.img 1128718336
vendor.img 544976896
$../otatools/bin/lpmake --metadata-size 65536 --super-name super --metadata-slots 1 --device super:3758096384 --group main:3270639616 --partition system:readonly:1128718336:main --image system=./system.img --partition vendor:readonly:544976896:main --image vendor=./vendor.img --partition product:readonly:1596944384:main --image product=./product.img --sparse --output ./super.new.img
lpmake I 02-17 12:18:27 2646704 2646704 builder.cpp:1012] [liblp]Partition system will resize from 0 bytes to 1128718336 bytes
lpmake I 02-17 12:18:27 2646704 2646704 builder.cpp:1012] [liblp]Partition vendor will resize from 0 bytes to 544976896 bytes
lpmake I 02-17 12:18:27 2646704 2646704 builder.cpp:1012] [liblp]Partition product will resize from 0 bytes to 1596944384 bytes
Invalid sparse file format at header magic
Invalid sparse file format at header magic
Invalid sparse file format at header magic
BUT....
$stat -c '%n %s' super.new.img
super.new.img 3248851200
which is not divisible by 512!
Shouldn't it be 3758096384 ?
This is for android 10 custom os. Or it will work on all android 10 mobile. Can we modify FRP partition using this.
Me too, sorry
@Brepro1 thank you so much for writing this detailed guide.
Thanks to your detailed guide I was able to create an automated bash script that performs all of these steps automatically and makes all read only partitions inside super.img (system, vendor , product, etc...) into read write-able partitions again and flash to device as a brand new super.img.
It would be an honor for me if you could please try it and let me know if it works on your device. Thanks.
Here is the link:
https://forum.xda-developers.com/t/script-mount-system-as-read-write-android-10.4240703/
I have same issue as already was mentioned by NguyenNhutNam on Jan-20, i.e.:
In response to
sudo mount -t ext4 -o loop system.img edit
I'm getting this:
wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error.
And Linux tells me this:
file system.img
system.img: Linux rev 1.0 ext2 filesystem data, UUID=4729639d-b5f2-5cc1-a120-9ac5f788683c (extents) (large files) (huge files)
Of course, I tried:
sudo mount -t ext2 -o loop system.img edit
only to get this:
wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error.
Any ideas?
Figured out the reason.
Topicstarter confuses people with incorrect instructions.
The code below works great in Ubuntu
Code:
sudo su
mkdir /mnt/dir
mount -t ext4 -o loop,rw ./system.img /mnt/dir
But as soon as I try it directly inside Android I get this error:
Code:
mount: '/dev/block/loop10'->'/mnt/dir': Block device required
I guess this must be some kind of Android limitation...
use busybox mount applet instead of toybox
Brepro1 said:
Hello and welcome to my first post.
today I will talk about editing super.img and modifying system.img inside of it.
In android 10 and bigger, sometimes there is no system.img in ROM it because google starting use Dynamic Partitions for more flexible images size - more details here
Click to expand...
Click to collapse
None of this is working on the Moto One 5g Ace. All I want to do is get into /product/media/audio/ringtones to delete the crappy ones like I do with EVERY VERSION OF ANDROID and replace them with my own. I can't even open the images up and mod them because of the Read only xx. Please help and give detailed instructions like I'm a 5 year old. Have tried on linux and windows to ZERO success and LeBigMac's script didn't do xxxxx either.
Mod Edit: Post edited.
why don't use magisk native systemless method? just overlay magisk module with desired mods
https://topjohnwu.github.io/Magisk/guides.html#easy-replace
For those who can't mount system image see this twitter conversation by
https://twitter.com/i/web/status/1170404631865778177

[GUIDE]Solve 'error validating footer' on A30

Make sure u have original firmware files for u device!
You will proably need to do a factory reset, do a backup if you want.
Maybe work on any samsung device.
Requeriments:
A Bootable Linux Pendrive or WSL on Windows 11(a linux terminal app may work)
Unlocked bootloader
avbtool
7zip
Odin3(find on web)
Open a Linux terminal
On Windows 11:
open windows terminal on folder u have avbtool and type
wsl
after Linux start type
python3 avbtool make_vbmeta_image --flags 2 --padding_size 4096 --output vbmeta.img
On Linux:
open terminal on folder that avbtool are in and type
python3 avbtool make_vbmeta_image --flags 2 --padding_size 4096 --output vbmeta.img
With 7zip compact vbmeta.img to .tar and name has u want
Go phone to download mode(u can use adb reboot fastboot or adb reboot bootloader if u want for some reason)
On Odin, place the tar file on AP and start operation and done.
Proably system will not correct initialize so you will got a message on recvery to do a factory reset, do it and wait system initialize.
After it you can download TWRP, Orangefox or any other rom you want.
I find all info her, you can find more thing about avbtool too.
or just watch something on YouTube about 10+- minutes and after flash Twrp with Odin
Can't find that tool

Categories

Resources