Related
EDIT: FIXED. I flashed persist.img from version "S250260_210804..." (unzip, flash via `fastboot flash persist persist.img`) https://mirrors.lolinet.com/firmware/lenovo/Tab_P11_Pro/TB-J706F/
Hello dear community,
I am in need of some help. So here is what I did:
* Coming from latest Android 11 ROW, flashed ZUI using QFIL from here: https://mirrors.lolinet.com/firmware/lenovo/Tab_P11_Pro/TB-J706F/
* tried upgrading to ZUI 12.5, 12.6 and 13 but didn't work
* used fastboot to unlock and unlock_critical (i know, i know...)
* used payload_dumper (from some github repo) to extract zui 13 update.zip
* flashed every image I extracted manually using fastboot (I know, I'm stupid)
* Got ZUI 12.0 working, didn't like it and wanted ROW android 11 back
* flashed latest ROW rom using QFIL from lolinet url -> bootloop
* flashed oldest ROW rom using QFIL, updated 3x via OTA to latest version -> few bootloops, then device booted back to android 10 and created notification "failed to install ota"
So I can install any version between TB-J706F_S210002_201015_ROW and TB-J706F_S250260_210804_ROW from lolinet url, but nothing above that. Neither through QFIL, nor using lenovo smart rescue assistent, nor using OTA update from android 10 (which is working fine).
I tried following things to fix this:
* ####6030# -> change to CN and change the NV value to 00
* ####6030# -> change to DE and change the NV value to 02 or 00
* flash latest ROW using QFIL, then change NV value from 02 to 00
nothing of that worked and I'm starting to believe, that I ****ed up some partitions using fastboot. Because I flashed images from ZUI android 11 and I can't install ROW android 11 now.
Could I possibly try restoring a TWRP backup from some other user?
What else could I do to install android 11?
PS: I used QFIL backup and restore tool to change the NV value. Because the nv reader/writer tool didn't seem to work.
It might help, if someone would be kind enough to provide me with the following images (by backing them up with twrp):
* abl
* xbl_a
* xbl_b
Hi there, I also got into this trouble that can't flash any global ROM including TB-J706F_S250260_210804_ROW. What I did is change the NV value to 02 and not 00 using QFIL. After that I was able to update via OTA and currently on the latest global ROM.
Thanks to this thread: https://forum.xda-developers.com/t/check-region-unlock-p11-tb-j606f-l-n.4356451/
MateUserHHTTI have similar problem before, can not flash to Android 11, even ROW or ZUI, bootloop~
please check your J706F screen auto rotate and auto brightness(and pair bluetooth devices) still functional?
If not functional, I'm following below post instruction to flash presist.img, and can upgrade to Android 11, both of ROW & ZUI are available.
<TB-J706F> Auto-rotation & Auto Brightness Broken.But Serial Number shows 123456789ABCDEF, wifi /bluetooth MAC shows 00:00:00... still not solve even functional.
auston said:
But Serial Number shows 123456789ABCDEF, wifi /bluetooth MAC shows 00:00:00... still not solve even functional.
Click to expand...
Click to collapse
I may found a fix for Bluetooth MAC by generating a file for the "NV-items_reader_writer.exe" and wrote it to NV item 447 (some one sait this is BT). Problem was that this item (447) was NOT present at this time inn QCN.
WARNING! May my guess of "Items size" 128 is wrong, I don't know. Use at your own risk and change the file to your MAC.
After that I flashed "persist.img" (matching the actual ROM), some one wrote that this fixed the autorotate. I can confirm this.
But still not found solution for serial, the correct serial is still in NV item 2497.
Okay, Serial number restore can be done the same way.
See here https://forum.xda-developers.com/t/tab-j706f-serial-number.4318901/
Best would be to have the full original QCN file (or an editor for this files)
MateUserHHTT said:
* abl
* xbl_a
* xbl_b
Click to expand...
Click to collapse
abl (_a and _b) = abl.elf
xbl (_a and _b) = xbl.elf
You will find both in the ROM Zip's at lolinet.
Mine updates successfully from 10 to 11 after I have restored BT, Wifi, SN, PN and region lock. And flashed persist.img.
Oh, and you have to set region code in QCN NV 6858, somebody found out that Android 11 checks that value. If it is wrong, device boot loops.
auston said:
please check your J706F screen auto rotate and auto brightness(and pair bluetooth devices) still functional?
Click to expand...
Click to collapse
Firstly, let me thank you for your reply! It's interesting, I indeed noticed just a few days ago, that auto rotation isn't working!
I will follow the guide you linked and update my post accordingly.
Edit: THANK you very much indeed! My problem was solved instantly by this!
Flashed persist.img via fastboot, flashed the latest ROM from lolinet using QFIL and had no issues whatsoever.
Oh, and you have to set region code in QCN NV 6858, somebody found out that Android 11 checks that value. If it is wrong, device boot loops.
Click to expand...
Click to collapse
as I said in my post, I did tried both 00 and 02. I read the thread about the second region code checking.
CryptMan said:
Mine updates successfully from 10 to 11 after I have restored BT, Wifi, SN, PN and region lock. And flashed persist.img.
Click to expand...
Click to collapse
I don't have any problem but just in case...
I guess PN is Product Number where did you change it and where do you get the correct value? I only found a code before the SN that looks unique per tablet but it's not in the box.
MrCrayon said:
I guess PN is Product Number where did you change it and where do you get the correct value?
Click to expand...
Click to collapse
Well I changed the PN in NV item 2497
I found this PN number here: https://forum.xda-developers.com/t/tab-j706f-serial-number.4318901/#post-86315607
My other device, P11 (TB-J606F), has this number: 8SSP69A6PB5XHA6213L0864
Because they look pretty same (length, etc.) I decided to try it.
May somebody would confirm if this PN are the same on all device.
Open settings and type in the search bar "####2222#". That will display PN and SN.
One issue persists though, which is that my widewine level is set to L3.
1. I flashed persist.img from TB-J706F_S250260_210804_ROW
2. I then installed the TB-J706F_S620150_211226_ROW via QFIL and
3. updated to TB-J706F_S630185_220128_ROW via OTA in system settings.
My serial number is also 1-9A-F. My device is locked. I'm unlocking my device and flashing the persist.img of the latest ROM. If that doesn't work, what are my options to restore L1?
CryptMan said:
Well I changed the PN in NV item 2497
I found this PN number here: https://forum.xda-developers.com/t/tab-j706f-serial-number.4318901/#post-86315607
My other device, P11 (TB-J606F), has this number: 8SSP69A6PB5XHA6213L0864
Because they look pretty same (length, etc.) I decided to try it.
May somebody would confirm if this PN are the same on all device.
Open settings and type in the search bar "####2222#". That will display PN and SN.
Click to expand...
Click to collapse
Ah ok, so the number before SN is the PN.
I have two J706F and they have different PN, The last 8-9 digits are different and the other ones are the same.
I could not find that code anywhere else.
MateUserHHTT said:
One issue persists though, which is that my widewine level is set to L3.
Click to expand...
Click to collapse
If you check in play store settings does it say your device is certified?
On my J706F, the one on which I have lost QCN with SN MAC etc. , I have the same problem as MateUserHHTT.
The device lost L1 cert. PlayStore says NOT certified and "DRM Info" app says L3.
I also have a property "sys.lenovo.widevine_security_level" with value "L3".
My guess it that there is a file or partition holding this certifications, but I don' t know which.
And of course I don't have a backup ...
If you check in play store settings does it say your device is certified?
Click to expand...
Click to collapse
It says "Device is not certified"
Now that's curious: my tablet, running the latest Android 11 ROW version, is offering me to upgrade my device to Android Kitkat 4.4. Now that's an offer I can't resist (yes, of course I clicked "update". I want all the new features!)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
CryptMan said:
The device lost L1 cert. PlayStore says NOT certified and "DRM Info" app says L3.
I also have a property "sys.lenovo.widevine_security_level" with value "L3".
Click to expand...
Click to collapse
Is your bootloader unlocked or did you unlock it previously and relocked?
MateUserHHTT said:
It says "Device is not certified"
Now that's curious: my tablet, running the latest Android 11 ROW version, is offering me to upgrade my device to Android Kitkat 4.4. Now that's an offer I can't resist (yes, of course I clicked "update". I want all the new features!)
Click to expand...
Click to collapse
Maybe the OTA app is getting some wrong data / not set data and that's the result
I tried to decompile that app to get the address called to download updates but my knowledge of android programming is really basic and did not have enough time.
MrCrayon said:
Is your bootloader unlocked or did you unlock it previously and relocked?
Maybe the OTA app is getting some wrong data / not set data and that's the result
I tried to decompile that app to get the address called to download updates but my knowledge of android programming is really basic and did not have enough time.
Click to expand...
Click to collapse
I previousl, unlocked and afterwards relocked it (both flashing lock and flashing lock_critical)
Yes, I once said "erase all before download" and accidentally deleted my original qcn file so some NV fields seem to be missing. Maybe that caused the app to default back to 4.4 it was Lenovo Feature Updater by the way, not the settings - system - update.
If you share your past work in a git repo I will take a look at it. I'm no expert for sure but I'm developing fir android for some years and have stuck my nose a tiny bit under the surface of android rom development (1mm and it was very painful still).
My widewine lvl is L3. Any chance of resetting to L1 myself? I don't know much about how trust attestation works. :/
MateUserHHTT said:
It was Lenovo Feature Updater by the way, not the settings - system - update.
Click to expand...
Click to collapse
I disabled that as soon as I saw it
MateUserHHTT said:
If you share your past work in a git repo I will take a look at it. I'm no expert for sure but I'm developing fir android for some years and have stuck my nose a tiny bit under the surface of android rom development (1mm and it was very painful still).
Click to expand...
Click to collapse
Not much really, I'm not at my desk now but I extracted LenovoOTA from stock ROM and decompiled it with apktools, but even with online tools is probably ok.
Then I see two options:
Recompile that package changing package name and adding a log with full address and parameters or get the code that construct the URL and put it in a new app.
For you probably the last one is easier.
I went for a third I was trying to understand if i could get the data with adb or in files but I did not find documentation.
MateUserHHTT said:
My widewine lvl is L3. Any chance of resetting to L1 myself? I don't know much about how trust attestation works. :/
Click to expand...
Click to collapse
I don't think there is a way to force it, this widevine a thing is a pain.
MrCrayon said:
Is your bootloader unlocked or did you unlock it previously and relocked?
Click to expand...
Click to collapse
Locked, and was never unlocked before.
I tried to unlock now, but does not succeed with flashing sn.img.
Because I'm not interested on Custum ROM, I will leave it locked.
Do you know where the device certification is stored?
I unlocked without flashing sn.img. Does that make a difference?
Did you try monitoring the network traffic with wireshark?
hi every body my tablet has p11 pro TB-J706F and my rom Row (global) how to change to CN rom.. I heard that China rom is better
Thank you for the explanation Explain how to change, should I change the serial number?
make sure you backup your qcn file first important
here is the link to qpst zui and ota offline update:
Яндекс
Найдётся всё
disk.yandex.ru
Lenovo P11 Country Set code
Internal Version : ####5993# Country Set : ####6030# If the country set appears as NO SET, enter ####6020# Warning !! : Change the country code, all data will be initialized. Tutorial:
forum.xda-developers.com
TEK023 said:
make sure you backup your qcn file first important
here is the link to qpst zui and ota offline update:
Яндекс
Найдётся всё
disk.yandex.ru
Lenovo P11 Country Set code
Internal Version : ####5993# Country Set : ####6030# If the country set appears as NO SET, enter ####6020# Warning !! : Change the country code, all data will be initialized. Tutorial:
forum.xda-developers.com
Click to expand...
Click to collapse
I read somewhere that I must first upgrade to version 12.5, then 12.6, is that correct?
Can you flash to version 12.6 first?
TEK023 said:
make sure you backup your qcn file first important
here is the link to qpst zui and ota offline update:
Яндекс
Найдётся всё
disk.yandex.ru
Lenovo P11 Country Set code
Internal Version : ####5993# Country Set : ####6030# If the country set appears as NO SET, enter ####6020# Warning !! : Change the country code, all data will be initialized. Tutorial:
forum.xda-developers.com
Click to expand...
Click to collapse
My country code is China, don't I need to change it?
TEK023 said:
make sure you backup your qcn file first important
here is the link to qpst zui and ota offline update:
Яндекс
Найдётся всё
disk.yandex.ru
Lenovo P11 Country Set code
Internal Version : ####5993# Country Set : ####6030# If the country set appears as NO SET, enter ####6020# Warning !! : Change the country code, all data will be initialized. Tutorial:
forum.xda-developers.com
Click to expand...
Click to collapse
I downloaded this package, but I don't see the mbn file. How should I flash it? Please explain
TEK023 said:
Click to expand...
Click to collapse
After updating to 12.6.133. The current system error is not compatible with the hardware. What is the solution?
im global to cn flashed
TEK023 said:
Click to expand...
Click to collapse
tanks bro
amirslip said:
After updating to 12.6.133. The current system error is not compatible with the hardware. What is the solution?
im global to cn flashed
Click to expand...
Click to collapse
there are two method to change from global to cn rom
01 is china
02 is global lock
00 is unlock
안드로이드11 미개봉 중국롬 P11 글로벌롬 5월 이후 업데이트 방법
추가로 확인을 해보니 중국롬의 경우 ANDROID 11부터, 글로벌롬의 경우 8월롬(안드10)부터 해당 버전을 체
www.ppomppu.co.kr
TEK023 said:
there are two method to change from global to cn rom
01 is china
02 is global lock
00 is unlock
안드로이드11 미개봉 중국롬 P11 글로벌롬 5월 이후 업데이트 방법
추가로 확인을 해보니 중국롬의 경우 ANDROID 11부터, 글로벌롬의 경우 8월롬(안드10)부터 해당 버전을 체
www.ppomppu.co.kr
Click to expand...
Click to collapse
Hello, dear friend, I have reached this part, can you explain the rest, which code should I change, but the code that was written on the Korean site cannot be found, maybe because the models are different. plz help me . im loose my mind! icant find 88 00 01 00 CA 1A 00 00 01
amirslip said:
Hello, dear friend, I have reached this part, can you explain the rest, which code should I change, but the code that was written on the Korean site cannot be found, maybe because the models are different. plz help me . im loose my mind! icant find 88 00 01 00 CA 1A 00 00 01
Click to expand...
Click to collapse
try to write it 10-11 times
make sure you're on ffbm mode
TEK023 said:
make sure you're on ffbm mode
Click to expand...
Click to collapse
Thank you very much, it's done.. I wish you the best
Update: This did not delete my serial. It's hidden in "settings, about, model"
Hi, thanks for anyone who was helping me the last few days!
Today i succeded in converting my International "Xiaoxin Pad Plus" to international "P11 5g" !
This it what i did:
A) Boot Tablet to FFBM:
Power off
Press Up, Down, Power + insert USB
Release Power few seconds after the Lenovo screen appears
Select boot to bootloader
Select boot to FFBM
Wait until FFBM is displayed on screen
B) Change NV-RAM:
Install NV_Ram_Reader
Install Qualcomm USB Driver
Open NV-RAM Reader and Set right Port, press connect
Put Range 6858-6858, then press read, save file
Open new file, change 01 to 02 and save
Check file again for value 02
Back to NV-RAM Reader, press write, select file with "02" in it.
Chill
Put Range 2497-2497, then press read, save file
Open new file, change "43 4E 58 58" to "4B 52 58 58" and save
Check file again for "4B 52 58 58"
Back to NV-RAM Reader, press write, select file with "4B 52 58 58" in it.
Reboot tablet - now maybe bootloop with "software incompatible" appears and tablet shuts itself down.
This is fine =)
C) Change Software: (This works fine on latest W11)
Install Lenvo LSMA from here: (only latest version works, needs Lenovo-ID)
Rescue and Smart Assistant (RSA) - Lenovo Support DE
support.lenovo.com
Login to LSMA and select "recover"
Put a valid serial of TB-J607Z
Follow steps
D) Enjoy:
Get yourself a drink or a good cigar =)
Set up tablet as you wish.
Note:
Part of this tutorial is inspired by
Check Region Unlock!! P11 [TB-J606F/L/N]
This method was shared by Koreans at the Ppomppu Forum. When Check Region Unlock is performed, firmware downgrade and update are free. Chinese ROM ZUI(12.6) check region introduce Global ROM 210805 check region introduce How To Guide (Check...
forum.xda-developers.com
안드로이드11 미개봉 중국롬 P11 글로벌롬 5월 이후 업데이트 방법
추가로 확인을 해보니 중국롬의 경우 ANDROID 11부터, 글로벌롬의 경우 8월롬(안드10)부터 해당 버전을 체
www.ppomppu.co.kr
Whoever made them: Thank you very very much for providing those helpful guidelines!
It didn't work before with QFIL - since i tried to flash TB-J606* Firmwares since those are linked somewhere else in this devices topics, to be used with TB-J607F. This doesnt work. save your bandwith
try to restart your pc
here firmware :
lolinet mirrors - firmware, software, iso etc.
lolinet mirrors - powered by h5ai
mirrors.lolinet.com
TEK023 said:
try to restart your pc
here firmware :
lolinet mirrors - firmware, software, iso etc.
lolinet mirrors - powered by h5ai
mirrors.lolinet.com
Click to expand...
Click to collapse
Thanks,
any hints on why it is giving me the same config file error with any lolinet roms from this folder? (Some file is not found even tho it is right in the folder), is the path to long?
Or do I have to flash those roms with something else then qfil?
Can't post a screenshot since I'm out of home until Thursday. (See 2nd picture for the "missed" file's name)
I tried various files from this folder yesterday on w10
// lenovo android rescue assistant (or how it is called) asks for a serial before doing the selection now, this might cause the fail of flashing in that tool.
Anyone knowing a version that doesn't do that - I found some version. 6.1 instead of 6.2 it still asks.
it's something to do with your driver try install it again with no driver signature mode via advance startup
myself use to fail but after few try it work
I finaly did it. without qfil =) see above
is there a way to do the oposite? install zui rom over P11 5g rom in my j607f?
Maybe you already have a loader for Qualcomm "Emergency DownLoad" (EDL) mode.
Maybe you're looking for one.
You know what? A single loader is for more than one device. But it gets hairy with signing and manufacturers and stuff.
So, I've got a beta release utility here. It can (in most cases) identify which model Qualcomm processors a "Firehose" loader is designed for.
First, it's currently a Windows release.
Second, it doesn't work with the older .mbn style loader (since they don't include that information).
So, just go to My EDL page and go to the bottom and download qcomview.exe
Code:
C:\>qcomview.exe poke3.bin
APQ8096
APQ8098
MDM9250
MDM9255
MDM9350
MDM9650
MDM9655
MSM8996
MSM8997
MSM8998
QDF2432
SDA630
SDA636
SDA658
SDA660
SDM636
SDM658
SDM660
You can see the SDM 636 (which is the actual processor on a Poke3.
Obviously, you have to select your own loader.
I've scanned through 200 loaders and I recognize all the processors.
If you see a "???" please quote it.
Edit: Maybe you're saying, "That ain't nothing but a "string" script!" Eh, mostly, but it is more clever and it sorts things.
Thanks for the tool. I have a small feature request, since xbl and elf firehorse programmer use similar structure(I guess), it would be useful if you add a way to check if xbl and programmer are compatible(by comparing cert hashes?).
HemanthJabalpuri said:
It would be useful if you add a way to check if xbl and programmer are compatible...
Click to expand...
Click to collapse
It would be.
On your device you already have a ton of ELF images that have compatible signing.
The problem is, the certs are not identical since the lowest level (farthest away from the root authority) has things like dates and annotations and the bit fields are not the same.
I've not yet figured out how to generate from an ELF file the 256 bit "Hash" that EDL gets out of the device.
To those who don't know yet, I've added more things to this utility. It can check the regular hashes in the ELF files. If your device is not SecureBoot this can be handy if you want to patch. The hashes on the program segments in an ELF file are always checked, the signing is only checked if SecureBoot is on. So, if your SecureBoot is off, you can patch a file, run qcomview /h whatever.elf. As of now it won't can correct wrong hashes but you can simply hexedit in the bigendian values and then double-check with the same command.
Code:
C:\>qcomview /h xbl
64 bit ELF, SHA384
0 00000000 000003f8 8a46a864b9bec352 69b1dadfcac64bfa a388f7bea37d855e 50f55170277c043c 87c862e23709fd96 34bb545ac49a3d64 OK
1 00001000 00001cd8
2 0005cd10 00002ab0 3d2e7c505458e1e7 9070b1957a8f2520 3bbcf288674548f1 7db146a86b314499 5890e1432dbac635 2bad53bfd2960908 OK
3 0005f7c0 00000d64 ac556708059a1315 41e774e34310b89f 3c3f13183b43fda9 9e3a34bd0899da4b bb43c1080a43925f fd8d6a2ecd864e29 OK
4 00076d70 00000000
5 0005cd10 00000000
6 00003000 0004cd04 a81ab8ec59e2dfb1 f2f98e3ac0a9a396 1cd9f0dfb5a5daa5 2cda2f52d4df97c8 bc398b24528fd10f cd47ced08596f61c OK
7 0004fd10 00000000
8 0004fd10 0000d000 e7d03abb34361774 e030039e096b3e25 64519024c5c15666 efecbd8006deaaae b87884e2bdab52cb e06a4a7a4873e1c5 OK
9 0005cd10 00000000
10 00060530 00016838 2ca0423b6e745b5f c69544b947556ff1 9d04792c579d2f53 d480d2fa738cac82 1674ddaab8078071 648cc10f384ec25a OK
11 00376d70 00022000 18bdbbdeac3e92c0 6f3e5f06f5aa91ae d0daa757a375bab6 5e90d4e2a52d8e95 2255d80c76637316 b24736223e0a0bd2 OK
12 0005cd10 00000000
13 00398d70 00048ded 794528234b46757a 3017481198fa8fd6 c9578e6565ec301a f0ab28fbe105c460 c7cc855f93576767 29302c26357a00bb OK
14 003e8490 00000000
15 003e1b60 0000692d 1354b9b55447ffb8 54ea17d1d9f1ea88 c84bd1045a6bd106 3b38df93fa049fa9 c1b245dc6106098a 0450a75bf7e5ce3f OK
16 00076d70 00300000 7341f2cde09d6a5f 53bcb90714f779a5 53c3ffeeff1824e5 437464f4bfcc545f 6719370d5d6c656d df96e81382315405 OK
For you Motorola users running into "range restricted" you can dump the ranges by:
Code:
C:\>qcomview /r motog.bin
Addr LUN Start Count
------ --- -------- --------
008220 0 0 32
008238 0 -5 5
008250 1 0 32
008268 1 -5 5
008280 2 0 32
008298 2 -5 5
0082b0 3 0 32
0082c8 3 -5 5
0082e0 4 0 32
0082f8 4 -5 5
008310 5 0 32
008328 5 -5 5
008340 1 0 2048
008358 2 0 2048
008370 3 0 2356
008388 5 0 2356
0083a0 0 2080 512
0083b8 0 0 256
0083d0 0 -33 33
0083e8 0 131072 284992
008400 0 416064 2048
008418 1 1 1
The UFS table is on top, followed my the eMMC table.
HemanthJabalpuri said:
It would be useful if you add a way to check if xbl and programmer are compatible (by comparing cert hashes?).
Click to expand...
Click to collapse
I've just added SHA256 fingerprint of the root CA to qcomview.
Code:
C:\>qcomview /f loader.bin
5adc6039 dcb297d4 0c55df73 1580248d a9e18b31 ccc43b45 36795313 f82fd430
If SecureBoot is enabled xbl/abl/Firehose must all have the same fingerprint.
(This also goes for the other two dozen ELF files in flash.)
For most devices this SHA256 will be the same that your EDL client prints out as "Hash".
There appears to sometimes be (on newer devices?) a discrepancy between root CA fingerprint and EDL "Hash".
Possibly the EDL "Hash" is the encrypted version?
In any case, all the fingerprints should agree.
Renate said:
Maybe you already have a loader for Qualcomm "Emergency DownLoad" (EDL) mode.
Maybe you're looking for one.
You know what? A single loader is for more than one device. But it gets hairy with signing and manufacturers and stuff.
So, I've got a beta release utility here. It can (in most cases) identify which model Qualcomm processors a "Firehose" loader is designed for.
First, it's currently a Windows release.
Second, it doesn't work with the older .mbn style loader (since they don't include that information).
So, just go to My EDL page and go to the bottom and download qcomview.exe
Code:
C:\>qcomview.exe poke3.bin
APQ8096
APQ8098
MDM9250
MDM9255
MDM9350
MDM9650
MDM9655
MSM8996
MSM8997
MSM8998
QDF2432
SDA630
SDA636
SDA658
SDA660
SDM636
SDM658
SDM660
You can see the SDM 636 (which is the actual processor on a Poke3.
Obviously, you have to select your own loader.
I've scanned through 200 loaders and I recognize all the processors.
If you see a "???" please quote it.
Edit: Maybe you're saying, "That ain't nothing but a "string" script!" Eh, mostly, but it is more clever and it sorts things.
Click to expand...
Click to collapse
Hello , Renate
I am using you edl.exe programme. it work fine but i would like to know that the tool has any features to flash using xml file or not ? and it is support ufs provisioning or not ? Please confirm
noob9t2 said:
Please confirm
Click to expand...
Click to collapse
Yes, it does UFS (with the /u flag).
No, it doesn't do these XML files. I find the whole idea a bit overblown.
If you're in the habit of overwriting every partition on your device often, simply:
Take the XML file and delete all the redundant stuff besides 1) partition name, 2) image filename.
Add in edl /w /p on each line.
Execute it as a batch file.
Thank You Renate for reply. we flash ufs chip using qfil after flashing on qfil, we need to flash patch file and check ufs provisioning to boot the device properly. On your tool, anything need to do after writing a partition. if i write a single partition, phone will boot normally ?
noob9t2 said:
If i write a single partition, phone will boot normally?
Click to expand...
Click to collapse
Sure, if you didn't break anything.
The reboot command is edl /z
Ha! You motivated me to track down why some devices need you to do that command twice.
I just fixed it.
Download the special Valentine's Day release of edl.exe (from the usual place).
noob9t2 said:
We flash ufs chip using qfil after flashing on qfil?
Click to expand...
Click to collapse
So, if you're using QFIL there's a loader somewhere that you're using. Find it.
Please can you explain how the patch for the loader works
roulo said:
Please can you explain how the patch for the loader works
Click to expand...
Click to collapse
Loaders are made by phone manufacturers from standard editions of xbl (the secondary loader) released by Qualcomm.
Sometimes they put in restrictions (like Lenovo/Motorola), sometimes they put in authorization (like OnePlus).
Sometimes there are two different versions, one with full capabilities, one without.
The word "patched" gets used often for the full capabilities loader.
Patching a loader yourself is not that difficult, the problem is that loaders must be signed and you can't do that.
Many components on Qualcomm SoC phones are signed.
This ensures a "chain of trust".
The only way that you can patch something is if your device does not have SecureBoot enabled.
If you know of a phone without SecureBoot, tell me and I'll buy a case of them.
I never had time but here is a starting point.
https://forum.xda-developers.com/t/k40-bricked.4538285/post-87978383
alecxs said:
I never had time but here is a starting point.
https://forum.xda-developers.com/t/k40-bricked.4538285/post-87978383
Click to expand...
Click to collapse
What I could read of that was talking about analyzing Firehose loaders for vulnerabilities, which you can.
I've largely disassembled a "restricted" Motorola Firehose loader and could patch it easily.
Still, unless some Motorola employee goes rogue I don't see how I could sign it.
Read carefully:This is a dedicated post for general questions only. If you need technical support about flashing or restoring your device, please use the general topic for TB132FU. Please search for your question below before asking.NEW: How to restore the lost Serial Number (on the second response)
How to flash Official global romDid my work help you? Be free to buy me a coffee. PayPal me at @alsbvg
FAQ:
Why so many versions of TB132FU and why so much confusion about the Android system, updates, etc?
There are currently 3 systems available for the tablet known as TB132FU and is really important to find which one you have.
Fake Global version - Modified Android 12
Official International version - Official Android 12 or latest by Lenovo international
Chinese version - Zui 14 based on Android 12 or latest by Lenovo China
But why so many versions then? The Chinese model is apparently cheaper than the international version, so Chinese sellers are selling online the Chinese model with a modified android version to look like the international version.
How to identify which version of TB132FU I have? By the seller:If you purchased your tablet online from china like on Aliexpress or from a seller that sells items from china, you most likely have the “Fake” Global version.
If you purchased your tablet on Lenovos’s website or a certified local or national seller in your country, you most likely have the International version. This version usually costs more.
If you purchased from china or anywhere else, but your tablet has a Chinese interface, you have the Chinese version running ZUI 14 or latest.
How to identify which version of TB132FU I have? By the system version:To make sure which one you have you can also do the following:
On your tablet go to SETTINGS > ABOUT DEVICE > and find your system version.
If it starts with TB132FU_S3 you have the Chinese version running an unofficial android version. The number S3 confirms it’s a modified OS. You will never get any updates.
If it says TB132FU_S0 you have the official international version. This is the official version, so you already have the best compatible system for your tablet. You will get official updates.
If you open the settings and see on the About device menu the system version ZUI, well you have the chinese official device and system.
Can I convert my Chinese TB132FU into the international version?The answer currently is no. Why? To keep it short: There is a code inside your tablet saying “This is the Chinese tablet” and because of this code you can't install the international android system. Maybe in the future, someone from the community will be able to find that code and change it so the tablet thinks it is the international version.
Can I convert my Official Lenovo-bought TB132FU to the Chinese version to use ZUI?Same as the answer above. We need to find the code and how to modify it first.
Can I use Lenovo’s Rescue and Smart Assistant software to convert my Chinese TB132FU into the international version?No. You will brick your device if you try to update your system using this tool.
What are the differences between the Chinese TB132FU and the International version?Chinese version with ZUI 14
Software: It comes with an Android flavor called ZUI currently based on android 12. Updates will be available.
System languages: English and Chinese only.
Full support for super fast charging with the original charger. Full charge in less than 90 minutes in most cases.
Computer mode: No longer available. The online community is pushing Lenovo to enable this option again.
HDR and L1 status: Fully functional HDR and L1 status for HD content on Netflix in most cases.
Chinese version with Fake global version
Software: It comes with a modified Android 12. No updates will be available.
System languages: All languages available.
Slow charging. Can take up to 3 hours to fully charge.
Computer mode: Available.
HDR and L1 status: Falty HDR on most apps. L1 status for HD content on Netflix.
Official International Version
Software: It comes with Android 12. Updates will be available by Lenovo.
System languages: All languages available.
Slow charging. Can take up to 3 hours to fully charge. (By some reports online) This information hasn't been confirmed yet as the community with the official international version is still small.
Computer mode: Available.
HDR and L1 status: Working HDR. L1 status for HD content on Netflix.
(Under construction)
How-tos and tutorials links:
How to install/restore ZUI on my fake global version?There are three options available. Please read all 3 below and decide which one you want to try.
OPTION ONE: If you are in a hurry and have technical knowledge download the file our community colleague @Fatperman managed to upload and install it using the SP flash tool. Thread here. A Step-by-step tutorial will be provided by another community member soon. A link will be provided once available.
OPTION TWO: If you are not in a hurry and don't have the technical knowledge to flash the system, there is an easier way, but it takes one or two days.
1 - Download Lenovo’s Rescue and Smart Assistant software here.
2 - Open the software and create an account. Connecting to Google is easier.
3 - Once connected to an account, find the SMALL blue FEEDBACK button on the right side bottom of your screen and click there.
4 - Put your email address and in COMMENTS write that you have problems flashing the Chinese version of TB132FU and that you would like to restore it to the original ZUI 14 software. PLEASE USE YOUR OWN WORDS.
5 - After one or two days (usually), INSIDE the software you will receive a response with instructions on how to install ZUI more easily. Note: You will not get a response via email, you will receive institutions inside Lenovo’s Rescue and Smart Assistant software.
The instructions are pretty simple. READ THEM carefully once you receive them. It's really easy. Basically, they will send you a link to download a special rescue tool and some credentials. Take a screenshot of the instructions as you will need to uninstall the official Rescue software and will lose the message.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Download and install the software they sent, enter using the temporary credentials (the credential are confidential and should not be shared), and follow the instructions on the screenshot you took. You will just need to turn off the tablet, click to restore, and connect the cable. After a few minutes, you will have the original ZUI 14 software.
Thanks again for the amazing help of our colleague @Fatperman for his exceptional work!
NEW - OPTION THREE:
This is by far the easist way to recover or flash the original ZUI 14 on our TB132FU. DON'T CLICK to Restore before reading all the steps.
Step 1: Download the original ZUI firmware here. Extract the files to a new folder. Password is on the table. Read carefully.
Step 2: Download and log in on the official rescue and smart assistant.
Step 3: Select to rescue your device and select as in the picture below:
Step 4: Click to download the firmware.
Step 5: Wait for the download to be completed until you see START Rescue. But don't click there yet. Don't close the program.
Step 6: Click the donwloads icon at the top and identify the folder where the download was saved.
On mine it was saved at C:\ProgramData\RSA\Download\RomFiles
Step 7: Access and Open the folder of the downloaded firmware and DELETE all files there, but don't delete the folder.
Step 8: Go to the ZUI firmware you downloaded before and copy all files inside the folder. Paste them inside the folder where you just deleted all files.
It should look something like this:
Step 9: TURN OFF YOUR TABLET and Go back to the rescue tool and now click the blue button Start Rescue. Follow the instructions on your screen.
Wait for the tablet to restar and DONE. You recovered or donwloaded the original ZUI on your tablet.
How to debloat my recently installed ZUI 14 and remove the Chinese apps and make it look better?1 - After starting your device, select English and connect to your wifi network.
2 - Once you are set, press the home screen for 3 seconds. Click Desktop Settings.
Switch off the "Left one screen".
Change to "Drawer Style"
3 - Find the setting button and go to General Settings > Language & input > Current Keyboard. Change it to English. (You can download Gboard or another keyboard later)
4 - Go back to the original setting screen and click on the search box. Search for google play services. Click to enable. Then search for Google Play Store and enable it as well.
5 - Before opening the Play store and connecting to your account, go to Apps management and uninstall any apps with Chinese characters you may find. Do not uninstall the HD browser just yet in case you need to download something later. Then restart your device.
6 - Open the Google Play store, and connect your account. Now you can update and download all your apps.
(If you see an error saying Google can't connect please follow the steps in this tutorial)
7 - Unistall HD Browser and done.
How to ROOT my TB132FU running ZUI 14?DISCLAMER: You will lose your data, so backup. It can brick your device if you don't know what to do. You need to know how to use ADB and fastboot commands. The tutorial is for advanced users that knows how to use ADB. Do your research first. If anything goes wrong, flash the ZUI firmware again.
For this tutorial you will need:
Windows computer with all necessary drivers installed
Know how to use ADB
The latest MAGISK manager app.
The latest ZUI firmware for TB132FU
Some minutes to complete all the steps.
Step 1: Go to SETTINGS Menu and click multiple times on your ZUI version. This will give you Developer access.
Step 2: Go General Settings menu > Developer options
Step 3: Click to enable OEM unlocking, also enable debugging mode.
Step 4: Connect your USB cable and run the following command:
adb reboot bootloader
Step 5: Run the fllowing command:
fastboot flashing unlock
On your tablet Click volume UP to unlock your bootloader
Wait for the confirmation on the tablet screen
Step 6: Run command:
fastboot reboot
This will make your tablet restart. Skip all configuarion steps on your tablet and install the latest version of MAGISK on your tablet.
Step 7: On your computer, go to the Firmware folder and copy the file boot.img to your tablet.
Step 8: Open MAGISK and click Select and patch a file. Find the boot.img you copied and patch this file. Wait for the process to be completed.
Step 9: Connect your tablet to your computer and access the folder Downloads in your tablet. There you will see a new boot image Magisk created. Rename that file to boot.img
Step 10: This is the most important step. You will now flash this boot.img file using the following commands:
adb reboot bootloader - to reboot to fastboot
fastboot flash boot boot.img
Wait for it to complete then:
fastboot reboot
Done, your tablet is now rooted. You can install Magisk again and root checker to make sure.
How to UNLOCK the bootloader of my TB132FU running ZUI 14?This will delete all you data
Step 1: Go to SETTINGS Menu and click multiple times on your ZUI version. This will give you Developer access.
Step 2: Go General Settings menu > Developer options
Step 3: Click to enable OEM unlocking, also enable debugging mode.
Step 4: Connect your USB cable and run the following command:
adb reboot bootloader
Step 5: Run the fllowing command:
fastboot flashing unlock
On your tablet Click volume UP to unlock your bootloader
Wait for the confirmation on the tablet screen
Step 6: Run command:
fastboot reboot
Done! Your bootloader is now unlocked.
How to Install and use GOOGLE PLAY on my TB132FU running ZUI 14?First you have to download and install a compatible Google Framework app. Got to APKmirror and search for google framework. Click the one that says Google Services Framework 12. Scroll down and find the version "December 17, 2021 GMT-0300". Install this version. Only this or older version will work. Do not try a different one. It will update automatically eventually.
Then go to settings and search for Google Play and enable the app. Done. You can now log in and use the PLay Store
How to RESTORE lost S/N Seria number?
Step 1 - Go back to ZUI 14. Use one of the options provided in this thread.
Step 2 - Unlock bootloader and OEM. Please refer to the tutorial to unlock the bootloader in this thread.
Step 3 - Once your bootloader is unlocked go and install on your computer MTK META Utility. Link here. Also install HxD here.
Step 4 - Turn off your tablet, disconnect the USB cable and open MTK META.
Step 5 - Click the option Dump NV region. Wait for it to finish reading. It will open a folder.
Step 6 - On the folder that opened, right-click with your mouse the file proinfo.bin and click to open with HxD, or open the software and drag and drop the file there.
Step 7 - Edit the proinfo.bin to add your Serial Number. Change the 12345ABCDE you see to your actual S/N. It's on the back of your tablet on a small sticker.
Step 8 - On the same folder press SHIFT on your keyboard and right-click on an empty space and click OPEN CMD/SHELL terminal here. Or if you use a ADB folder, copy the proinfo.bin file to it so you can flash it.
Step 9 - Turn on your tablet, make sure Debugging is active, connect your tablet to the computer and send these two commands:
adb reboot bootloader
(this will reboot your tablet to fastboot although the line says bootloader)
Once you see the red lines send the command:
fastboot flash proinfo proinfo.bin
And done. You can check in your setting menu if your serial number changed.
Now you can reflash ZUI or the global rom.
thanks man
Great job !
als_bvg said:
How to debloat my recently installed ZUI 14 and remove the Chinese apps and make it look better?
4 - Go back to the original setting screen and click on the search box. Search for google play services. Click to enable. Then search for Google Play Store and enable it as well.
5 - Before opening the Play store and connecting to your account, go to Apps management and uninstall any apps with Chinese characters you may find. Do not uninstall the HD browser just yet in case you need to download something later. Then restart your device.
6 - Open the Google Play store, and connect your account. Now you can update and download all your apps.
(If you see an error saying Google can't connect please follow the steps in this tutorial)
7 - Unistall HD Browser and done.
(Under construction)
Click to expand...
Click to collapse
bro im on zui14 and uninstall all apps, i download the google services and play store but cant still connecting to google account, i dtryed the google installer and stay on 3%... any help?
did it, first intall google services framwork, then google play and restart before log in
Hi can you please guys share the Chinese version of the Lenovo RSA no need for the personal credentials, I tried too contact them as you said but I haven't received any answers thanks
Swanzzl said:
Hi can you please guys share the Chinese version of the Lenovo RSA no need for the personal credentials, I tried too contact them as you said but I haven't received any answers
Click to expand...
Click to collapse
I don't think there's a Chinese version of the software. The credentials are needed. They may be off for the holidays so you will need to wait. Hopefully someone gets back to you during this week. Otherwise I would recommend writing again.
after install zui14 my device show message "orange state" in boot, I can't update even with vpn.
can i lock bootloader after installing zui14 in chinese version? how to proceed?
Yes you can. If anything goes wrong you can do everything again. I Unlocked the bootloader and tried flashing a recovery, bricked the tablet and used the tool to fix again.
ednardo777 said:
after install zui14 my device show message "orange state" in boot, I can't update even with vpn.
can i lock bootloader after installing zui14 in chinese version? how to proceed?
Click to expand...
Click to collapse
als_bvg said:
5 - After one or two days (usually), INSIDE the software you will receive a response with instructions on how to install ZUI more easily. Note: You will not get a response via email, you will receive institutions inside Lenovo’s Rescue and Smart Assistant software.
Click to expand...
Click to collapse
Where do I find the instructions in the software? Do they appear as a notification? p.s. I sent the message (feedback) two days ago and still haven't received a answer.
als_bvg said:
Sim você pode. Se algo der errado, você pode fazer tudo de novo. Desbloqueei o bootloader e tentei fazer uma recuperação, bloqueei o tablet e usei a ferramenta para consertar novamente.
Click to expand...
Click to collapse
thanks man
eamcardoso said:
Where do I find the instructions in the software? Do they appear as a notification? p.s. I sent the message (feedback) two days ago and still haven't received a answer.
Click to expand...
Click to collapse
It will popup as a notification inside the rescue tool. They might be off for the holidays. I'll share another method tonight.
Third method on how to flash ZUI or restore the tablet added to the FAQ. Enjoy! Also Tutorial on how to root the device.
als_bvg said:
Third method on how to flash ZUI or restore the tablet added to the FAQ. Enjoy! Also Tutorial on how to root the device.
Click to expand...
Click to collapse
This method worked for me thanks bro
After unlocking the bootloader every time you boot up the device the following text will be displayed on the screen:
Code:
Orange State
Your device has been unlocked and can't be trusted..
Your device will boot in 5 seconds
To remove this text warning and 5s delay you need to change the file "lk.img" (firmware folder):
Open "lk.img" with a hex editor (for example, HxD)
In menu toolbar click "Search-Find" and select "Hex-values" tab.
Search 08 B5 0E 4B 7B 44 1B 68 1B 68 02 2B
Copy text 08 B5 00 20 08 BD 1B 68 1B 68 02 2B
Return back to hex editor window then right click on the highlighted items and select "Paste Insert"
The newly modified 24 characters will be displayed in red
Click "File" and select "Save".
Flash the modified "lk.img" in fastboot mode
fastboot flash lk lk.img
ZUI_14.0.691
The firmware already includes Google Services Framework.
/system/system_ext/priv-app/GoogleServicesFramework/GoogleServicesFramework.apk
com.google.android.gsf - version 12-7567768
It is disabled by default.
When you turn on "Settings - Apps management - Google Basic Services" the application status changes to enabled (installed).
ug0o said:
After unlocking the bootloader every time you boot up the device the following text will be displayed on the screen:
Code:
Orange State
Your device has been unlocked and can't be trusted..
Your device will boot in 5 seconds
To remove this text warning and 5s delay you need to change the file "lk.img" (firmware folder):
Open "lk.img" with a hex editor (for example, HxD)
In menu toolbar click "Search-Find" and select "Hex-values" tab.
Search 08 B5 0E 4B 7B 44 1B 68 1B 68 02 2BView attachment 5799489
Copy text 08 B5 00 20 08 BD 1B 68 1B 68 02 2B
Return back to hex editor window then right click on the highlighted items and select "Paste Insert"View attachment 5799501
The newly modified 24 characters will be displayed in redView attachment 5799503
Click "File" and select "Save".
Flash the modified "lk.img" in fastboot mode
fastboot flash lk lk.img
Click to expand...
Click to collapse
Nice work! Do you have any idea where the code for text on the picture below might be? Technically, if we are able to find this code and modify it, it should allow us to use the Offical Global rom. I tried to replicate these steps and these steps with no success. I can flash the image using fastboot but the message doesn't disappear.
Protip: The version TB132FU_USR_S000034_2206180119_MPR0_ROW allows the bootloader to remain unlocked. Useful for tests with the Global version
While the version "TB132FU_USR_S000089_2210200620_MPR0_ROW" will lock the bootloader and the commands to unlock will not work.
Let me know if you have any insights.
als_bvg said:
Protip: The version TB132FU_USR_S000034_2206180119_MPR0_ROW allows the bootloader to remain unlocked. Useful for tests with the Global version
While the version "TB132FU_USR_S000089_2210200620_MPR0_ROW" will lock the bootloader and the commands to unlock will not work.
Click to expand...
Click to collapse
I had TB132FU_S000034_220618_ROW installed.
I flashed ZUI 14.0.691.
And now I can't flash any firmware through the flashtool. I can't flash my backup of TB132FU_S000034_220618_ROW.
That's why I'm still on the ZUI 14.0.691.
I'm getting used to it
ug0o said:
I had TB132FU_S000034_220618_ROW installed.
I flashed ZUI 14.0.691.
And now I can't flash any firmware through the flashtool. I can't flash my backup of TB132FU_S000034_220618_ROW.
That's why I'm still on the ZUI 14.0.691.
I'm getting used to it
Click to expand...
Click to collapse
Awesome. Just a note: The fake global was TB132FU_S300062_220921_ROW, and the version we could use to try removing the code is TB132FU_USR_S000034_2206180119_MPR0_ROW. This version is flashable via the Third method on the FAQ. I tried to flash a backup using the Flash Tool and even splitting the dump using Wwr MTK tool and using the third flashing method, but no success with the backup either.
But If we manage to locate the 'Incompatible software' code we could use an official ROM.