My Tab S7 FE wifi somehow got stuck in EDL mode and cannot be booted into android, recovery or fastboot.
It shows as QUSB_BULK_CID on device manager, After installing the qualcomm usb drivers with Driver Signature Enforcement disabled, it now shows as Qualcomm HS-USB QDLoader 9008.
The device is stock, no root or custom rom and only less than 5 months old. Samsung service center, gave an expensive price to repair it claiming that it is display damage and replacing the device it would only get me back like 1/6 of its original value. The device was only dropped twice and Samsung won't cover the warranty (the problem came up long after it was dropped.) Service guy told me that once I dropped the device, the device can still die suddenly afterwards. (totally believable /s). The screen wasn't cracked, only the aluminium frame got dented.
Anyways I assume:
I would need the firehose programmer for the SM7325 chipset. (and for specifically this model I think?, I also don't think anyone have the firehose programmer, please let me know if there is a way to get it)
Download the Samsung stock firmware using something like Frija, extract it then decompress the lz4 files to get the .elf and .mbn files.
Download QPST and then flash those files.
For point 1, is it possible to get the firehose programmer file with another Tab S7 FE? Or is it only obtainable through qualcomm/samsung? I'm clueless when it comes to android stuff.
I don't know what else to do now.
Super unlucky
So I tried to download some of the files from the recent Samsung leak. I found what seems to be the source code for the FE's bootloader, but I'm too noob to understand anything from it.
Related
Hello everyone! I'm new to the forums as a member, but used this for info since a few years back. Ok, so i've spent the past week trying to unbrick a samsung galaxy s2x (t989d on telus or koodo) and it seems alot of people are having trouble with this model. I've brought back another one identical to this one before, but it was only softbricked, so i could still enter download mode and use odin and just searched my butt off to find original roms and all and wound up bringing it back to life.
This one though... It's hard bricked with the dreaded QHSUSB_DLOAD mode. Found drivers for it to use it in windows, found QPST 2.7 build 422 and tried that to no avail since QPST always tells me the HEX files have a scrambling method which cannot be determined (even with it's own hex files that come with it, and tried on 2 different computers, one x86, one x64) so still stuck there. Tried ADB in windows but it never wanted to work in any way, also tried ADB with ubuntu linux but the devices list always ends up empty no matter how hard i try and what i change, even with other phones that are not bricked it won't list them at all... Also tried to use the SD card method and push an image on it to try and boot off the external SD using original rom from odin i have found, but have no idea exactly which image i need to push into the SD or if it need modification in any way to be able to boot like that, or if even the t989d does in fact truly support external SD card booting.
Before anyone says:" Ya you need to JTAG that, it's the only method..." First, no one around here has anything to jtag with and i don't want to cross the border to get it done, second this is the kind of job i need to get done without spending any money if at all possible cause phone is not mine and client on a restricted budget. Now i know this CAN be done as alot of people here and there were able to fix their phone that were on the same qualcomm series chipsets. I just need some help to do this on this phone, and any SERIOUS help would be apreciated.
I have access to original rom file for the particular MC4 version i have in hand, i have original rom file for another version of the 989d which i got to unbrick the first t989d a friend sent me, i have a NVbackup qcn file pulled out of my firends working t989d, and i also have a full backup made with TWRP on my friend's working phone. Wanted to pull out a better backup using darkspr1te's Brixfix-2-1 tool but like i said, in windows ADB wont work in any way even with python installed and all that, drivers also installed, but ADB isn't a recognised command. And in Ubuntu, no way to list any phone at all, even if i installed all the ADB files, JDK, did the whole rules file, changed attributes to the rules file, did the .ini file, and killed and restarded hdev and server... So i'm kind of at witts end right now, plus i've been sick and had a major headache for the past 2 days, and spent so far around 38 hours on this phone plus my normal job this week... So ANY help would be GREATLY apreciated, and i will gladly use this experience to help out the community and help put out a tool or whatever to unbrick all these damned t989d
Just le me know if you need any more info or files to help out and i will gladly do all i can to comply
Thank you in advance to this great community
Nobody?? not even a troll ?? pretty sure that not even a mouse is stirring
Update: I have finally been able to start to get somewhere with this. I was able to extract most of the MBN files needed for QPST from the stock rom, and created my own partition.mbn out of a PIT file i had from a previous t989d. And now i get the phone to accept download and don't get errors for those files, but it stays stuck when sending reset packets. So my guess is that either the partition.mbn file isn't good, or the mprg8660.hex file i used to substitute and test isn't 100% compatible with the MSM8260 chipset. I tried all i could but never was able to find the real mprg8260.hex file anywhere. So if anyone has mprg8260.hex and/or a working partition.mbn for the t989d, i would be grateful to get those so i can continue troubleshooting this and get it working. If you want any of the MBN files and everything i have so far, just send a PM or reply to this thread and i will gladly upload for you.
Don't use the 8660 hex, it might make it go out of DLOAD or SD mode and you'll get a HS-USB 9005 state instead of a HS-USB 9008 or a HS-USB 9006 state, and then you'll need to manually flash it while it reboots every 5 secs in factory recovery mode. Not fun stuff. Also, if you're playing in QPST, make sure you using 2.7.411 or later. And be careful. there is a 2.7.422 that is actually an old version with a Trojan floating around.. Also, be warned, If you don't know what your doing in QPST, you can make things a lot worse.
Lord Zog said:
Don't use the 8660 hex, it might make it go out of DLOAD or SD mode and you'll get a HS-USB 9005 state instead of a HS-USB 9008 or a HS-USB 9006 state, and then you'll need to manually flash it while it reboots every 5 secs in factory recovery mode. Not fun stuff. Also, if you're playing in QPST, make sure you using 2.7.411 or later. And be careful. there is a 2.7.422 that is actually an old version with a Trojan floating around.. Also, be warned, If you don't know what your doing in QPST, you can make things a lot worse.
Click to expand...
Click to collapse
So far i had no problems using 8660hex, only stays on 9008 download mode so far, even after it's supposed to pop back to diag mode. And i AM using 2.7.422 but it doesn't seem to have a trojan or anything or else my anti-virus would've told me, but still kinda looks like an old version since most of the devices supported are the old ones and has nothing newer than 7XXX series on protocol modes in the settings menu. But like i said, so far i got it to respond with the 8660 and accept the mbn files, but still no change yet, still wont reset/reboot, still wont turn on or anything, just stays in download mode seen as a 9008. So i'll check to find 2.7.411 to try it out and see if does anything else. Even if it would reboot every 5 secs in factory recovery mode it would still be a step further than i am now right now it does nothing and stays in download mode. But thanx alot for the info!!
Suraido said:
So far i had no problems using 8660hex, only stays on 9008 download mode so far, even after it's supposed to pop back to diag mode. And i AM using 2.7.422 but it doesn't seem to have a trojan or anything or else my anti-virus would've told me, but still kinda looks like an old version since most of the devices supported are the old ones and has nothing newer than 7XXX series on protocol modes in the settings menu. But like i said, so far i got it to respond with the 8660 and accept the mbn files, but still no change yet, still wont reset/reboot, still wont turn on or anything, just stays in download mode seen as a 9008. So i'll check to find 2.7.411 to try it out and see if does anything else. Even if it would reboot every 5 secs in factory recovery mode it would still be a step further than i am now right now it does nothing and stays in download mode. But thanx alot for the info!!
Click to expand...
Click to collapse
hi,
were you able to resolve this ? I have the Skyrocket (I727R) and i was wondering if you could share the files and possibly how you fixed this problem,
any help would be appreciated.
thanks
So, messing around with kernels and stuff, I wound up with a bricked device (wouldn't turn on, no response to anything, etc [I did eventually manage to get it functional again through a combination of button mashing and praying])
However, when plugging it into my computer, it showed up as "Qualcomm HS-USB QDLoader" which seemed interesting.
Searching the internet, I found several things. The QPST (Qualcomm Product Support Tool) Software suite, as well as other less useful links about the LGFlash tool, etc.
The programs also makes reference to debug and other modes, but there isn't a lot of documentation on the internet.
What I want to know is, is there a way to put the device back into the QDLoader or other QPST related modes so as to either update the firmware again, or just make backups for future use?
If there is, this seems like it would be a great tool for undoing any damage to the phone that isn't hardware related (the documentation says this part resides on a read only chip[which it seems fastboot doesn't])
It looked like you borked your phone to the point where there was nothing recognizable as Android left on it. I don't know anything about this loader but based on my past experiences dealing with proprietary OEM tools (Samsung KIES), I hope I never find myself in a situation where I'd need to learn. :crying:
Turn off your phone. Press all the keys if nothing happens your phone bricked. If you end up qualcomm 9008 mode we cant do much, because we dont have a working flash programmer and a working bootloader which would be flashed to the phone with the flash programmer. You can do 2 things. Replace your motherboard, or find the emmc pins on the motherboard to get direct acces to the storage then with a modified sdcard reader you could have access to the storage content then you could restore the bootloader. This is pretty hard method almost impossible.
If you have qualcomm 9006 mode then you can restore the bootloader with any kind of linux, because in 9006 mode the phone acts like a external hdd.
May I ask how exactly you messed around with the kernels to get this? Did you flash an incompatible kernel or something?
It sounded like he resolved his issue and wanted to know if this hidden mode can be used.
Wakamatsu said:
It sounded like he resolved his issue and wanted to know if this hidden mode can be used.
Click to expand...
Click to collapse
to enter qload mode you have to turn on the phone then press everykey at the same time until the screen turns off
It works!
bitdomo said:
to enter qload mode you have to turn on the phone then press everykey at the same time until the screen turns off
Click to expand...
Click to collapse
Thank you! This works!
It still only puts it in download mode, not the diagnostics or anything else. Although.. That may just be a project for when there's better documentation, or I don't actually need this phone for normal use...
caffeinatedangel said:
Thank you! This works!
It still only puts it in download mode, not the diagnostics or anything else. Although.. That may just be a project for when there's better documentation, or I don't actually need this phone for normal use...
Click to expand...
Click to collapse
To achive diagnostic mode you need a working flash progfammer and bootloader which can be loaded with flash programmer. We will never have these files unless someone at qualcomm build it for nexus 5 then share it here on xda.
With LG G2 if something goes wrong during ota update the phone starts in qualcomm 9006 diagnostic mode.
Well darn
bitdomo said:
To achive diagnostic mode you need a working flash progfammer and bootloader which can be loaded with flash programmer. We will never have these files unless someone at qualcomm build it for nexus 5 then share it here on xda.
With LG G2 if something goes wrong during ota update the phone starts in qualcomm 9006 diagnostic mode.
Click to expand...
Click to collapse
Ah, darn. I suppose we can just hope though. Maybe someone with too much time will find a way to do it on their own. Oh well. Thank you!
I've never bricked my phones that bad man when I was a noob I installed safestrap on a device with an unlocked boot loader and tried to flash a ROM it didn't work out to well,man that was about two years ago
caffeinatedangel said:
Ah, darn. I suppose we can just hope though. Maybe someone with too much time will find a way to do it on their own. Oh well. Thank you!
Click to expand...
Click to collapse
There were two placed where qualcomm documentatiosn could be found. One was a chinese forum where you have to be veteran or admin to get access to the files. This forum not exist anymore. The other is a chinese ebay like website where they are selling qualcomm documents for 3000 usd.
If you search for msm8974 boot flow or sahara protocol you will find file names for qualcomm pdf documents. Sadly just file names no download possibilty.
I'm one of the lucky people with a mostly dead 128gb pixel in HS-USB qdloader 9008 mode. There have been hints at a way of possibly reloading the chipset firmware to revive the phone enough to get to the bootloader.
There is a list of needed files needed for this: a device firehose file + some .xml files, plus some qualcomm software. Apparently someone has been able to pull these off a Pixel XL, but I'm curious if anyone has succeeded for the Pixel.
I have the same problem. Hundreds of people from Russia are watching this. We have the same trouble!
someone has been able to pull these off a Pixel XL ? i read the thread but i can't found who has get these files (MBN or XML)
MBN and XML files are not stored on device after flashing. This is exactly why they need to be sent by QFIL in order to start any flash (emmc, ufs) programming at all. Before Google or whoever produced a particular Pixel phone for them releases these or they're leaked we're out of luck.
Are there any news on this?
I'm the lucky one to get this scarce BRICK problem, my pixel 2 occasionally run into this, can't boot up any more, no bootloader, recovery,
plug into the pc, it always tell qualcomm hs-usb qdloader 9008,
had searched out all the forum, need to use QFIL to flash correct, prog_emmc_firehose_xxxx.mbn, together with rawprogram_XXX.xml.
what is that ? anyone happen to know where to get it ?
any idea is pretty appreciated.
I found this for you: https://forum.xda-developers.com/android/development/guide-fixing-hard-bricks-t3403868/page1
@misslebulletttttt did you fix your Pixel. If yes, how did you do that?
download > Tool all in one. Update it. update the drivers button at the bottom. now....... choose your phone. now choose flash factory image button.
it go to page where you pick the right firmware for you phone. press the download link. go back to Tool all in one and find the file you just download and then flash it with the button.
Tacis said:
@misslebulletttttt did you fix your Pixel. If yes, how did you do that?
Click to expand...
Click to collapse
sadly, the files that download tool asked was far proprietary, I'm not able to peek it a bit
I'm not saying these will fix or even do anything but I found them and maybe they can help you there Qualcomm usb drivers. I apologize if these are of no use.
I will just post here in case someone has the same issue and might contribute with the files...
Basically an Android device has a few steps of initialization
- power on
- initialize cpu and memory
- load bootloader
- bootloader selects boot mode
- having the boot selected, the kernel and device tree are loaded
- drivers are loaded
- system is loaded
- userdata is decrypted
Ok... So knowing that, when we want to write some partition on the device, we use fastboot. But first, the fastboot must have oem unlocked in settings. Well when unlocking in settings, this write in a protected partition (don't remember which one) which is checked if the fastboot can run some commands.
Well the next step is... Where is fastboot located?
Well, fastboot is located inside the bootloader. So, what?
Imagine that there isn't anything written in the memory... What would the processor do? It would think... Well nothing there... But must access the memory. So the cpu opens a port which is known as the emergency download mode (EDL).
EDL mode can be triggered with adb command or by shorting test points (there's another way, but I won't say it here)
Anyway when in edl mode, the processor talks a defined protocol, which is known as firehose.
So the first file you mentioned:
prog_emmc_firehose_xxxx.mbn
Is the programmer for the specific chipset, in order to make a handshake and allow to write.
Then after the handshake, you need to define how the memory will be partitioned (remember... It is considering a raw memory, with nothing on it). This lead us to the second file:
rawprogram_XXX.xml
This is basically how the memory is partitioned and where the image address is.
Besides those files, you need the img files (which will probably be only the system.img non sparsed i think...) And patch.xml too, probably.
But remember... The programmer needs to be signed and for the chipset... So if anyone has any contact with google... Maybe we can get those in order to unbrick devices... Anyway...
I just wanted to have those files, in case i run into a bad update...
I think we have to contact the carrier according to the bootloader files
misslebulletttttt said:
I'm the lucky one to get this scarce BRICK problem, my pixel 2 occasionally run into this, can't boot up any more, no bootloader, recovery,
plug into the pc, it always tell qualcomm hs-usb qdloader 9008,
had searched out all the forum, need to use QFIL to flash correct, prog_emmc_firehose_xxxx.mbn, together with rawprogram_XXX.xml.
what is that ? anyone happen to know where to get it ?
any idea is pretty appreciated.
Click to expand...
Click to collapse
Hello friend! I have the same problem as you! (Hard bricked Pixel 2 and can't find firmware files for flashing device(via QFIL or QPST)). Do you have any progress on this issue ?
I don`t know where to go with this problem except for this forum
Hi, have you found a solution to this problem? I got a hard brick after the update (
Any update from anyone please?
bmw9651 said:
download > Tool all in one. Update it. update the drivers button at the bottom. now....... choose your phone. now choose flash factory image button.
it go to page where you pick the right firmware for you phone. press the download link. go back to Tool all in one and find the file you just download and then flash it with the button.
Click to expand...
Click to collapse
What does any of that mean? There is no download for a, tool all in one around here.
Hello all,
I'm new here, and I searching since many time a solution for my issue.
I'm technician for a company in France, that import professional PDA's from Korean. These devices are strong, and a little "expensive"... So when a customer send me a device for RMA, I need to found the best way for solve the issue, without change parts.
At this time, I'm facing to the issue below :
Lot of devices come in RMA because they can't boot. When I plug the device to my computer, I see Qualcomm HS-USB QDloader 9008 in port COM list.
For the manufacturer (we work direclty with him, no "intermediary"), the only way is to change the main board. OK but I'm not stupid, and I konw that they want sold main boards
I know that the main board is bricked and the device boot in EDL mode, no command can't be send (ex adb), and no screen boot.
Impossible to acces to the bootlader with touch combination.
I have the OS files on my computer (boot.img, emmc_appsboot.mbm, rpm.mbn, NON-HLOS.bin etc...)
The CPu is MSM8916, so I tested with QFIL and Miflash to send send files but nothing good :/ MiFlash told me that the "device is busy", and QFIL told me that there is a Sahara fail error".
So my question is : Can I save the main boards ? I think that there is some people here with more competent than me
For information, I have try 1 year ago with Miflash, and I saved only ONE board with Miflash and Xiaomi OS (I try the OS of the redmi because this phone work with the same CPU) ............. Only one file of the OS was sent by Miflash (before a crash of Miflash), but the main baord was save ^^ So I think that it is really a little problem, maybe an only one partition corrupt ....
I can take pictures of the board if needed.