Can someone help me find a scatter firmware for my lg k10 2017 mt6750. I’m using sp flash tool .I have searched online but I still didn’t get it. My phone is bricked. I can’t get into recovery and download mode. I tried extracting it from kdz rom, but It has not been a success.
hello
if you want to extract LGk10 2017 m250n kdz firmware , you can use this tool
Download LG Firmware Extract Tool (.kdz .dz extract tool)
Download LG Firmware Extract Tool which helps LG users to extract the contents of any KDZ or DZ Firmware (ROM) on the computer.
androidmtk.com
yakapa40 said:
hello
if you want to extract LGk10 2017 m250n kdz firmware , you can use this tool
Download LG Firmware Extract Tool (.kdz .dz extract tool)
Download LG Firmware Extract Tool which helps LG users to extract the contents of any KDZ or DZ Firmware (ROM) on the computer.
androidmtk.com
Click to expand...
Click to collapse
I used it, but the system.bin is multiple. So I had to flash it once a time in the system partition. And it didn’t work out for me it’s still bootloops. I get error when I flash the laf and cust file.
I've made a scatter file once for this. Can be found by searching..
At that time sp flash tool wasn't workable solution..
Hacks have been improved since.
I would now use mtkclient.
You can join that system with that tool..
CXZa said:
I've made a scatter file once for this. Can be found by searching..
At that time sp flash tool wasn't workable solution..
Hacks have been improved since.
I would now use mtkclient.
You can join that system with that tool..
Click to expand...
Click to collapse
I have tried the mtk client. I also get errors with that. It frequently disconnects with my phone.
if you want only one file for system click :Merge system bin and in Merge output folder you will have system.img
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
yakapa40 said:
if you want only one file for system click :Merge system bin and in Merge output folder you will have system.img
View attachment 5901631
Click to expand...
Click to collapse
I did that but I couldn’t load the file.
Young540 said:
I did that but I couldn’t load the file.
Click to expand...
Click to collapse
Ah, it might be Android 8 then.. don't remember much anymore... for some reason I made some tools that I've not released for the kdz/tot files.
Mainly because there are some python tools that can do most of them... but one has to find the right one for the version.
I wanted to it to extract them all.. but the variations.. like 90% goes fine... but then there is some (rare?) weird differences in these kdz/tot files..
Don't know what version is the best at the moment, but this that @haise.zero mentions here works in many newer cases...
GitHub - haise0/kdz-toolkit: A list of script tools, informational resources, and analysis reports for LG KDZ firmware files.
A list of script tools, informational resources, and analysis reports for LG KDZ firmware files. - GitHub - haise0/kdz-toolkit: A list of script tools, informational resources, and analysis reports...
github.com
Check Hovatek too... they have sometimes some good findings...
Spoiler: This was nice... Thanks, Haise!
GitHub - haise0/kdz-toolkit: A list of script tools, informational resources, and analysis reports for LG KDZ firmware files.
A list of script tools, informational resources, and analysis reports for LG KDZ firmware files. - GitHub - haise0/kdz-toolkit: A list of script tools, informational resources, and analysis reports...
github.com
Edit... missed the pic... so it was the sp tool that doesn't load the file....
The scatter I made if it makes any difference...
Nuked LAF = No Download Mode,always without fastboot
Hello everyone, today I made a bull****, let's start from the beginning, my K10 2017 M250n had Android Oreo and I had come to know the exploit LGLAF, I tried, and did not work because I discovered that the flaw was patched on Android Oreo but I...
forum.xda-developers.com
Mtkclient: Try the LiveDVD if it makes any difference...
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
CXZa said:
The scatter I made if it makes any difference...
Nuked LAF = No Download Mode,always without fastboot
Hello everyone, today I made a bull****, let's start from the beginning, my K10 2017 M250n had Android Oreo and I had come to know the exploit LGLAF, I tried, and did not work because I discovered that the flaw was patched on Android Oreo but I...
forum.xda-developers.com
Mtkclient: Try the LiveDVD if it makes any difference...
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
I tried your scatter file. The laf failed again.
CXZa said:
The scatter I made if it makes any difference...
Nuked LAF = No Download Mode,always without fastboot
Hello everyone, today I made a bull****, let's start from the beginning, my K10 2017 M250n had Android Oreo and I had come to know the exploit LGLAF, I tried, and did not work because I discovered that the flaw was patched on Android Oreo but I...
forum.xda-developers.com
Mtkclient: Try the LiveDVD if it makes any difference...
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
this is the output I got when I flashed the laf with mtk client
Failed to write laf_102400.bin to sector 102400 with sector count 57344
Young540 said:
flashed the laf with mtk client
Click to expand...
Click to collapse
That's not the livedvd i.e. linux.. I run it in virtualbox... just had to put mtk vendor id to usb settings so it catches them all..
The loader file I used was MTK_AllInOne_DA_5.2136.bin , removed the others...
Nice gui but if if errors it just halts... and if relocking the bootloader the seccfg wasn't exactly the same as before, do a backup first...
Don't know if these are now fixed ...
Thanks for your help. I’ve been able to flash the laf by using a bypass trick. Thanks for your help.
First, the tools I used was hxd editor, hex calculator, notepad and sp flash tool. I added the lk and the laf partition together using the hex calculator. Then I changed the partition size of the lk partition size to the sum of the lk and laf partition on the scatter file with notepad. Then I deleted the laf partition from the notepad. I opened the pgpt.bin in the hex editor, then I deleted the last zeros found under the pgpt partition . I saved it leading to a reduction in the pgpt.bin size. Then I opened both the laf.bin and lk.bin in the hex editor. I copied the data on the laf.bin then I pasted it after the end of the data found on the lk partition. Then I saved it, this increased the lk partition size. Then I loaded the scatter file on sp flash tool. Then I did format all + download. It did that successfully. Then I flashed only the pgpt.bin. This time I didn’t format it. After that I was able to flash with the LG UP tool and it worked like a charm.
*Note: I added the lk and the laf because on my device the laf is next to the lk. So it depends on how they follow each other on your device. I saw a similar post on hovatek forum "How to bypass verified boot is enabled error in sp flash tool" and I followed the steps. They also have a video in the post explaining it. So it’s recommended to check there if you have the same problem.
Young540 said:
First, the tools I used was hxd editor, hex calculator, notepad and sp flash tool. I added the lk and the laf partition together using the hex calculator. Then I changed the partition size of the lk partition size to the sum of the lk and laf partition on the scatter file with notepad. Then I deleted the laf partition from the notepad. I opened the pgpt.bin in the hex editor, then I deleted the last zeros found under the pgpt partition . I saved it leading to a reduction in the pgpt.bin size. Then I opened both the laf.bin and lk.bin in the hex editor. I copied the data on the laf.bin then I pasted it after the end of the data found on the lk partition. Then I saved it, this increased the lk partition size. Then I loaded the scatter file on sp flash tool. Then I did format all + download. It did that successfully. Then I flashed only the pgpt.bin. This time I didn’t format it. After that I was able to flash with the LG UP tool and it worked like a charm.
*Note: I added the lk and the laf because on my device the laf is next to the lk. So it depends on how they follow each other on your device. I saw a similar post on hovatek forum "How to bypass verified boot is enabled error in sp flash tool" and I followed the steps. They also have a video in the post explaining it. So it’s recommended to check there if you have the same problem.
Click to expand...
Click to collapse
Interesting...
Related
Hi all MTK6573/MTK6516 users !!!!
SEE SECOND POST FOR MTK6516 phones.
THIS POST IS FOR MTK6573 phones.
This is for all MTK6573 users with Android 2.3(.x). Also for all B63M phones !!
Follow this guide to backup your FULL ROM !! You can even flash your phone through FlashTools with this COMPLETE backup !!!
ROOT IS REQUIRED !!
Here is the guide:
1) ROOT is necessary. It is recommended to put the phone in 'Airplane mode' so that it won't disturb the process and make sure you have ~500 mb space in SD card.
2) Download 'MTK-6573-BackUpTools.rar' from attachments and extract it to your SD Card. You'll have 2 folders - 'gscript' and 'Install'.
3) Install 'GScriptLite.apk' from gscript folder.
3) After installation, open the 'GScriptLite' application -> Menu -> Add Script.
4) Tick 'Needs SU ?'
5) Click 'Load File' and select 'Back23.sh' and then select 'save'
6) Now Click on 'Back 23' and Super User will ask for Permission and allow it. Nothing more to touch. Wait for few minutes. After few mins, it will say 'Auto Close is Cancelled'. Now its safe to close.
7) Your Back-Up will be in 'backup_' folder located in your SD card's root.
It will have files named ' firmware.info, preloader.img, nvram.img, seccnfg.img, uboot.img, boot.img, recovery.img, secstatic. img, misc.img, logo.img, expdb.img, cache.img, system.img, data.img' in that folder. Copy it to your computer and keep it at a safe place. More Over if you are posting in the forums or sharing it online, don't include ' data.img, cache.img and nvram.img' as they contain your personal information.
NOTE: The backup script is not created by me. Gathered all information from the web !!
Hit THANKS if you find this useful !!
For MTK6516 !!
THIS POST IS FOR MTK6516 phones.
This is for all MTK6516 users with Android 2.2(.x).
Follow this guide to backup your FULL ROM !! You can even flash your phone through FlashTools with this COMPLETE backup !!!
ROOT IS REQUIRED !!
Here is the guide:
1) ROOT is necessary. It is recommended to put the phone in 'Airplane mode' so that it won't disturb the process and make sure you have ~500 mb space in SD card.
2) Download 'MTK-6516-BackUpTools.rar' from attachments and extract it to your SD Card. You'll have 2 folders - 'gscript' and 'Install'.
3) Install 'GScriptLite.apk' from gscript folder.
3) After installation, open the 'GScriptLite' application -> Menu -> Add Script.
4) Tick 'Needs SU ?'
5) Click 'Load File' and select 'Back23.sh' and then select 'save'
6) Now Click on 'Back 23' and Super User will ask for Permission and allow it. Nothing more to touch. Wait for few minutes. After few mins, it will say 'Auto Close is Cancelled'. Now its safe to close.
7) Your Back-Up will be in 'backup_' folder located in your SD card's root.
It will have files named ' firmware.info, preloader.img, nvram.img, seccnfg.img, uboot.img, boot.img, recovery.img, secstatic. img, misc.img, logo.img, expdb.img, cache.img, system.img, data.img' in that folder. Copy it to your computer and keep it at a safe place. More Over if you are posting in the forums or sharing it online, don't include ' data.img, cache.img and nvram.img' as they contain your personal information.
NOTE: The backup script is not created by me. Gathered all information from the web !!
Hit THANKS if you find this useful !!
A few questions!
Hello!
Thank you for this software, it worked with making a dump of my rom. How do you create a scatter file to use in SP Flash Tool? Or do you have another program that I can use to flash these files back onto the phone?
The SP Flash Tool I am using V2.1129.00 does not show as many partitions as what was backed up by my phone with the default MT6573 scatter file that it comes with.
I keep getting errors trying to load/burn the files to my phone.
PLEASE HELP!!
LeStonga said:
Hello!
Thank you for this software, it worked with making a dump of my rom. How do you create a scatter file to use in SP Flash Tool? Or do you have another program that I can use to flash these files back onto the phone?
The SP Flash Tool I am using V2.1129.00 does not show as many partitions as what was backed up by my phone with the default MT6573 scatter file that it comes with.
I keep getting errors trying to load/burn the files to my phone.
PLEASE HELP!!
Click to expand...
Click to collapse
You can try this:
Copy the backup_ folder from your sd card to your computer. Now place a copy of a the scatter file.txt in that folder.
Now in SP Flash tool, browse to the folder and select the scatter file that you placed.....all files will be loaded automatically......
It didnt work . . .
Hello!
I took your advice and attempted to load the scatter file from the same folder that the backup partitions are in.
A few of they files loaded on their own, not all of them, and their are still partitions missing.
When I open the scatter file in txt editor it shows all partitions.
When I open the scatter file in smart phone flash tool i only show
preloader
dsp
uboot*
bootimg*
recovery*
secro
logo*
android*
usrdata
The files above are what shows in sp flash tool program and the ones with the * are the files that load automatically.
I did try a smart phone flash tool version 5.1140 and the scatter file did load correctly with all the partitions, but again not all load and I get an error when I try to load them manually. In addition, I have never been able to successfully use version 5.1140 to flash.
I was able to flash in version 2.1129, but as I said I couldnt load every partition so I am missing my nvram and other partitions.
Can you recommend anything else?
Maybe a different version of sp flash tool that you know works? Maybe a different program all together?
THANKS!
@Bala
Yo, bro, its been awhile since our last chat ! You have been like an android modding/ hacking teacher/ guru & i'm sure alot of users will benefit from all of it...
@LeStonga
Yes, in fact your are correct, there is a software by linerty(these russians are so 'terror', not only hacking but coming out with tools to make it easier) that converts the extracted firmware.info back into scatter.txt...You can find the tuts & tools here.
The tuts even show you ways to upload with FlashTool too ! i know there is an upload function but never knew the way to use it though...
Hello balamu96m!
Thank you for your suggestions, that was the website which I first followed instructions for.
As you can see however, even when Bruno (administrator of the tutorial you provided in the link) opened his scatter file, nvram partition is not shown. I was able to use the program balamu96m pointed me to and it made perfect backups of all my partitions.
My problem is that sp flash tool loads my scatter file and it is the same as Bruno's which is lacking several partitions, especially the nvram partition.
If i use an updated sp flash tool (v5), when I load my scatter file all of my partitions are shown, including nvram, but I have never had any success flashing my phone with that version.
Maybe I can use that version but someone has to help me set up the configurations to flash . .. i.e. download with or without battery, com, baud rate, etc.
Sp flash tool V2.11 was easy to use and straight forward, but even though my scatter lists all my partitions (when i open in a text editor), it only loads the partitions shown in bruno's tutorial, not including nvram.
yuweng said:
@Bala
Yo, bro, its been awhile since our last chat ! You have been like an android modding/ hacking teacher/ guru & i'm sure alot of users will benefit from all of it...
@LeStonga
Yes, in fact your are correct, there is a software by linerty(these russians are so 'terror', not only hacking but coming out with tools to make it easier) that converts the extracted firmware.info back into scatter.txt...You can find the tuts & tools here.
The tuts even show you ways to upload with FlashTool too ! i know there is an upload function but never knew the way to use it though...
Click to expand...
Click to collapse
Hi yuweng bro!
It seems miui is going to release their source code........i read in the russian forum at 4pda that one mtk6573 was running miui 4 (ics).......is that true??
So when miui sources are out, can we build one for our mi-357/350n??
Waiting for your reply
@Bala
AFAIK, Miui public part of their source code before the launch of their first android phone, Xiaomi M1 & now launching their next version M2 which is based on ARM Cortex-A8 & coincidentally, its just been launch today ! Its fully supported by the Miui team & it has two ROM, one ROM for daily use & the other one for you to flash their 'nightly' built. Best is that you can switch over to either one of them at any time ! Great for android enthusiastic...
However, of all hundreds over MT65xx android phone manufacturer all over the world, non of them actually ported it to Miui ! There is only one answer to this, it will be copied over to all other MT65xx ! Thats what Chinese are best at...(Oopps, i'm a Chinese too...)
So, i think you won't see an official Miui phone on MT65xx platform... Currently, official Miui ROM is for single SIM... You can check out Miui sources here & here
If its really true that the russian has ported Miui to MT65xx, very soon we'll have Miui running on every MT65xx...
What you said on the other thread is true, if Mediatek keep on keeping their source code, i think very soon they can keep it to themself forever.... No android enthusiastic will ever buy their phone ever... Even HTC has released the source code for a whole bunch of devices recently after been pressured by android enthusiastic...
@LeStonga
AFAIK, FlashTool is not for flashing NVRam(IMEI). However, you can use it to backup NVRam then restore it. Typically, you only need to download boot, recovery, logo, android, usrdata. Normally, i just download 'android' partition only(system.img) I normally put a 'tick' at 'No Action' for NVRam...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
There is a thread on how to backup & restoring your MT65xx IMEI by cybermaus just over a week ago...
help help
I have android phone china H4300. mediatek mtk6573. yesterday , i deleted stock launcher and format factory the phone. so i don't use it.
please help me up rom (i haved rom) or install the Launcher ,...
thank you
vanlaosonya said:
I have android phone china H4300. mediatek mtk6573. yesterday , i deleted stock launcher and format factory the phone. so i don't use it.
please help me up rom (i haved rom) or install the Launcher ,...
thank you
Click to expand...
Click to collapse
Do you have modded recovery??
balamu96m said:
Do you have modded recovery??
Click to expand...
Click to collapse
i only have stock recovery
Thanks it works on my MT6573 phone
Hey balamu....
Can you please tell me how to restore this backup...???
maitreyapatni said:
Hey balamu....
Can you please tell me how to restore this backup...???
Click to expand...
Click to collapse
Allow me to answer ...
To restore this backup, 1st you need to convert the firmware.info into your own scatter.txt file. Read here : http://bm-smartphone-reviews.blogspot.com/2012/04/creating-rom-dump-of-your-mt65x3-device.html
Then you run SPflash tool, choose your scatter file and the appropriate area to flash. You don't need to flash all area. Just boot+system (android) to restore is sufficient. You can change the file by double-click at the appropriate row. Untick to deselect, tick to select which area to flash.
Again, no need to flash the whole thing ... some file contains private info such as nvram/userdata. I've read that many device already bricked by flashing wrong file (specially uboot) unless it's from your own backup.
no cache.img, system.img, data.img
hi balamu, i need some help.
i have an mt6516 phone. i followed every step, but 3 files didn't show up i.e cache.img, system.img, data.img
in the end of running script, gscript show "no such files". my question are: is that normal? are those file important? any ideas to get these files?
i really need any help here.
so thx in advance
hisoka8888 said:
hi balamu, i need some help.
i have an mt6516 phone. i followed every step, but 3 files didn't show up i.e cache.img, system.img, data.img
in the end of running script, gscript show "no such files". my question are: is that normal? are those file important? any ideas to get these files?
i really need any help here.
so thx in advance
Click to expand...
Click to collapse
they are really important...................you can retry the process again.......it should work.....!
silly me
found out the problem. looks like i didn't do exactly one of your step "extract into sd card". i actually extract the content into a folder inside the sd card, so gscript can't find the "Install" folder. I copied the folder into sd card and redo the process then those file showed up. LOL.
anyway, nice share... :good::good:
n7000 note copy rom file i loss it help
n7000 note copy rom file i loss it help
mtk 6573
plz send rom file
mail id [email protected]
thanks in adwance
Hi,Thanks for tutorial,I backup my phone,create scatter file and all goes ok but now i have 1 litl problem,my phone is mobiwire aquila mt6573 platform, he got factory recovery e3 and i wanna change to cwm and Bruno say that cwm must be specific for phone so is any chance to find cwm for my phone or any hack/swap from backup recovery or any other method?
Sorry guys on bad english or wrong section
Thanks
For those who own G Pro 2 D838 that cannot enter stock recovery to run adb sideload option (ioroot25), this tutorial teaches you how to grant root access through normal adb (ioroot24).
After long time investigating LG TOT file structure, I've found the way to partially flash a partition. And if you flash, for example, F350K kernel into a D838, you can run modified ioroot24 batch file by adding LG-D838 in the model option list.
The steps are as follows:
0. Backup your critical data. Flashing TOT will do factory reset automatically. All user data except Ext-SD will be erased.
1. Find and download the firmware exactly matching your D838 (16GB or 32GB model, HK or TW model), and the DLL file (or extract from KDZ).
2. Find and download old version F350 firmware such as F350K 10d version (only old versions are compatible with ioroot24 method).
3. Download my sample TOT header file below (myboothdr.bin). This file is verified on D838 16GB Taiwan. May not work for 32GB version.
4. Download any KDZ/TOT extractor you like.
5. Download any CRC32 checksum program you like. I use HashMyFiles. And download any hex editor you like. I use xvi32.
6. Extract D838 firmware to get PrimaryGPT.bin (partition table), boot.bin (kernel) and the DLL file if KDZ.
7. Extract F350 firmware to get boot.bin. Rename it as boot350.bin
8. In Windows command prompt, combine PrimaryGPT.bin and boot.bin into d838body.bin by the following command:
copy /b PrimaryGPT.bin+boot.bin d838body.bin
Don't forget the argument "/b". It's very important to use the flag to do "binary mode" copy.
9. Calculate d838body.bin CRC32 checksum by your checksum program. This should be a 32-bit nubmer.
10. In sample header file "myboothdr.bin", Fill the CRC32 value at file offset 0x08. Please note that the file store number in little-endian order, so the byte order of the 32-bit CRC32 value should be reversed. For example, a calculated CRC32 value 0x12345678 should be filled as 78 56 34 12 in file offset 0x08, 0x09, 0x0a, 0x0b.
11. Combine header and body by the following command (the result file must be in "tot" file extension):
copy /b myboothdr.bin+d838body.bin d838kernel.tot
12. Repeat steps 8~11 but replace boot.bin with boot350.bin and d838kernel.tot with f350k4d848.tot.
Now you have two kernel TOT files for your D838.
13. Use LG Flash Tool to flash f350k4d838.tot with your D838 DLL ffile.
14. Manually run adb command similar with ioroot24 for F350. However, unplug and plug USB cable did not work for me. Switching between "Changing Only" and "MTP" works.
15. Use LG Flash Tool to flash back d838kernel.tot with your D838 DLL file.
The file "myboothdr.bin" contains some offset / size values which may not work for other region and/or 32GB D838. Make sure the size of boot.bin is 12058624 bytes. And try to investigate your partition table file PrimaryGPT.bin to make sure "boot" partition starting at 0x40000.
It is assumed that all 16GB models have the same partition geometry and same size of kernel image (boot.bin), so I GUESS all 16GB D838 could use this header file. But I am not responsible to this. To custom the header file for you D838 16GB or 32GB model, check the following items and modify the header if necessary:
1. Check you partition table file (PrimaryGPT.bin) to find the location of your kernel image partition. In D838 TW model, the kernel partition entry is at offset 0x700 (totally 0x80 bytes, 0x700~0x77f), offset 0x700+0x38 contains partition name 0x62,0x00,0x6F,0x00,0x6F,0x00, 0x74,0x00 (UTF16-LE string "boot"). And offset 0x700+0x20 contains kernel partition starting sector 0x00, 0x00, 0x04, 0x00 (32-bit number 0x00040000). If your D838 model has different value from 0x00040000, please modify my header file offset 0x2020 to your value.
2. Verify the files size of you boot.bin (and boot350.bin) to make sure if it is 12058624 bytes (0xb80000). If not, please stop here. Some calculation is required to modify my header file, and some partition size verification has to be made for your case.
Because the resulting tot files contain partition info and kernel image. You'd better use your own tot files. If you want to use others, please make sure it's for the same model, kernel version, ROM size (16 or 32GB), and region (TW, HK or SG).
Thanks:
autoprime's great ioroot tools
You are the man! I
Feel proud to be a Taiwanese
這才是愛台灣
humble suggestion, probably move this thread to development?
pcfree said:
For those who own G Pro 2 D838 that cannot enter stock recovery to run adb sideload option (ioroot25), this tutorial teaches you hot to grant root access through normal adb (ioroot24).
After long time investigating LG TOT file structure, I've found the way to partially flash a partition. And if you flash, for example, F350K kernel into a D838, you can run modified ioroot24 batch file by adding LG-D838 in the model option list.
The steps are as follows:
0. Backup your critical data. Flash TOT will do factory reset automatically.
1. Find and download the firmware exactly matching your D838 (16GB or 32GB model, HK or TW model), and the DLL file (or extract from KDZ).
2. Find and download old version F350 firmware such as F350K 10d version (only old versions are compatible with ioroot24 method).
3. Download my sample TOT header file below (myboothdr.bin). This file is verified on D838 16GB Taiwan. May not work for 32GB version.
4. Download any KDZ/TOT extractor you like.
5. Download any CRC32 checksum program you like. I use HashMyFiles.
6. Download any hex editor.
6. Extract D838 firmware to get PrimaryGPT.bin (partition table), boot.bin (kernel) and the DLL file if KDZ.
7. Extract F350 firmware to get boot.bin. Rename it as boot350.bin
8. In Windows command prompt, combine PrimaryGPT.bin and boot.bin into d838body.bin by the following command:
copy /b PrimaryGPT.bin+boot.bin d838body.bin
9. Calculate d838body.bin CRC32 checksum.
10. In sample header file "myboothdr.bin", Fill the CRC32 value at file offset 0x08.
11. Combine header and body by the following command (the result file must be in "tot" file extension):
copy /b mybootheader.bin+d838body.bin d838kernel.tot
12. Repeat steps 8~11 but replace boot.bin with boot350.bin and d838kernel.tot with f350k4d848.tot.
Now you have two kernel TOT files for your D838.
13. Use LG Flash Tool to flash f350k4d838.tot.
14. Manually run adb command similar with ioroot24 for F350. However, unplug and plug USB cable did not work for me. Switching between "Changing Only" and "MTP" works.
15. Use LG Flash Tool to flash back d838kernel.tot.
The file "myboothdr.bin" contains some offset / size values which may not work for other region and/or 32GB D838. Make sure the size of boot.bin is 12058624 bytes. And try to investigate your partition table file PrimaryGPT.bin to make sure "boot" partition starting at 0x40000.
Click to expand...
Click to collapse
Nice work! But speaking as a non-technical guy, do you think there'll be an easier, less scary, way of rooting the D838 soon?
I've rooted and flashed all my previous phones but these instructions sound very complicated indeed...
Appreciate your amazing work,
You're the miracle creator!!
我也要說…這才是愛台灣啦+1 ~^^
It's true.
The procedure is too complicate for beginner to root the D838.
But be honestly, this is one small step for a man, a giant leap for D838 device owners.
I believe author will try to reform the procedure into a simple way.
It just takes time to improve it.
Again, thanks for your great work on D838.
So close, but the LGFlashTool doesn't want to recognise my D838, even after trying every driver I could find... So I'm stuck at unlucky step 13!
Sent from my LG-D838 using Tapatalk
sub69 said:
So close, but the LGFlashTool doesn't want to recognise my D838, even after trying every driver I could find... So I'm stuck at unlucky step 13!
Sent from my LG-D838 using Tapatalk
Click to expand...
Click to collapse
Do you get the message "Failed previousLoad()"? This seems to be caused by an invalid tot file.
OP any chance you can just up the tot files?
thelestat said:
Do you get the message "Failed previousLoad()"? This seems to be caused by an invalid tot file.
Click to expand...
Click to collapse
I did, but I think as an LG n00b it's a PEBKAC error. I'll keep reading and let you know when it works...
Sent from my LG-D838 using Tapatalk
Wrong check sum
According to above tutorial.
Someone had reply that the checksum is inccorect.
The correct checksum is 30252AC8 for d838body.bin
and E5ED3232 for f350body.bin
That's another tutorial by Taiwan developer named "z30152" had simplified the procedure which much easier for most user.
You can refer to http://www.mobile01.com/topicdetail.php?f=581&t=3864486&p=1
jc042982 said:
According to above tutorial.
Someone had reply that the checksum is inccorect.
The correct checksum is 30252AC8 for d838body.bin
and E5ED3232 for f350body.bin
That's another tutorial by Taiwan developer named "z30152" had simplified the procedure which much easier for most user.
You can refer to http://www.mobile01.com/topicdetail.php?f=581&t=3864486&p=1
Click to expand...
Click to collapse
Yeah, not sure what I'm doing wrong - I'm sure I've input the CRC correctly, but it's just not playing ball. Will have a look at the other tutorial later...
Thinking about it, it's possibly failing because I'm using a 16Gb HKG phone with the .kdz of the HKG firmware, but I expected the process to be the same, even if the CRC's are different...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
sub69 said:
Yeah, not sure what I'm doing wrong - I'm sure I've input the CRC correctly, but it's just not playing ball. Will have a look at the other tutorial later...
Thinking about it, it's possibly failing because I'm using a 16Gb HKG phone with the HKG firmware, but I expected the process to be the same, even if the CRC's are different...
Click to expand...
Click to collapse
Follow the instruction here!
I think you can extract the HKG version firmware and follow the instruction to merge with F350K.
This should be work properly for HKG version 16GB.
jc042982 said:
Follow the instruction here!
I think you can extract the HKG version firmware and follow the instruction to merge with F350K.
This should be work properly for HKG version 16GB.
Click to expand...
Click to collapse
Ohhhhh, reverse the hex-pairs!
I'm an idiot, I always forget to do that. Thanks, it looks far more promising now.
May I know how do I start to do this with 32GB International version? Currently the firmware is D83810a-SEA-XX
Yep, that did it.
So for anyone else trying this, follow the instructions in the OP precisely, and you should be fine, with the caveat that in Point 10 YOU HAVE TO REVERSE THE CRC32 HEX PAIRS when adding them to 0x08 in "myboothdr.bin"
My CRC32 value was "e46a6dcb" so I had to add "CB 6D 6A E4" into myboothdr.bin
Great work pcfree, and many thanks to jc042982 for pointing this LG n00b in the right direction.
thanks
would you please explain inside the header file:
44 DD 55 AA
how to make these values?
hkfriends said:
thanks
would you please explain inside the header file:
44 DD 55 AA
how to make these values?
Click to expand...
Click to collapse
Don't touch those, just open your myboothdr.bin file in a Hex Editor (I used HxD) and change the four pairs shown below (my CRC32 value for this file came up as b00db074 in "HashMyFiles", so I had to enter "74 B0 0D B0"):
hkfriends said:
thanks
would you please explain inside the header file:
44 DD 55 AA
how to make these values?
Click to expand...
Click to collapse
Which KDZ you extract from? 16GB? or 32GB?
What country?
I am having a 16GB D838 International Edition (Taiwan)
and the procedure is workable for all D838.
This only thing you need to do is extract the correct file from your origin firmware.
It depends by what country version you purchase, such as Taiwan, HK, or Singapore...etc.
THE ONLY DIFFERENCE IS STEP 6.Extract D838 firmware to get PrimaryGPT.bin (partition table), boot.bin (kernel) and the DLL file if KDZ.
*PLEASE your own firmware and extract it!
Other procedures are all the same with the post.
Be careful with the 16GB and 32GB PrimaryGPT_0.bin!!!
jc042982 said:
Which KDZ you extract from? 16GB? or 32GB?
What country?
I am having a 16GB D838 International Edition (Taiwan)
and the procedure is workable for all D838.
This only thing you need to do is extract the correct file from your origin firmware.
It depends by what country version you purchase, such as Taiwan, HK, or Singapore...etc.
THE ONLY DIFFERENCE IS STEP 6.Extract D838 firmware to get PrimaryGPT.bin (partition table), boot.bin (kernel) and the DLL file if KDZ.
*PLEASE your own firmware and extract it!
Other procedures are all the same with the post.
Be careful with the 16GB and 32GB PrimaryGPT_0.bin!!!
Click to expand...
Click to collapse
yep... i double check all related TOT files with header starting "44 DD 55 AA"
so I believe it is TOT header signature only
the only thing need to cater is what you said, PrimaryGPT.bin (partition table), boot.bin (kernel)
I am thinking it can ported to oher models...
hkfriends said:
yep... i double check all related TOT files with header starting "44 DD 55 AA"
so I believe it is TOT header signature only
the only thing need to cater is what you said, PrimaryGPT.bin (partition table), boot.bin (kernel)
I am thinking it can ported to oher models...
Click to expand...
Click to collapse
After successful root your device.
You can revise the platform.xml by following the instruction post by http://forum.xda-developers.com/showthread.php?t=2537793
I am success revise the platform and this allow you to read-write your external SD card.
The next step is revise the NAV Key, make it smaller^^
==============================================
Auto System Image Exctractor
==============================================
==============================================
Supports
1) system.new.dat
2) system.new.dat.br
3) payload.bin
==============================================
==============================================
Requiremnets
==============================================
1. python v3.x
2. 7-Zip
Note 1: make sure your environment variables path is correctly set for python and 7-Zip(set it in system properties-->advance-->environment variable-->path)
Note2: while installing python, set the environment variables in installer itself
==============================================
How To
==============================================
1) extract system_new_dat_extractor.zip into a folder (preferable in a path where there are no name spaces)
2) place your rom zip file in the directory where you extracted
3) open the file system_image_extractor_V4.cmd
4) wait for it to extract everything
5) folder with extracted content will open automatically
6) have fun tweaking
*make sure to delete the created folders every time you want to extract
==============================================
Credits
==============================================
1) And_pda for imgextractor
2) xpirt for sdat2img.py
3) google
4) cyxx
5) ius
6) @aIecxs
==============================================
Change-log
==============================================
Code:
* initial release
-----------------------------
V2 supports Nougat
converts file_contexts.bin to file_contexts
-----------------------------
V3
[U]Now Supports[/U]
1) system.new.dat
2) system.new.dat.br
3) payload.bin
V4 (25-06-2019)
1) changed the entire script.
2) Fixed issues where user files got deleted automatically
-it was due spaces in path
source
Im testing m8
Note: make sure your environment variables path is correctly set for python and 7-Zip(set it in system properties-->advance-->environment variable-->path) @chiragkrishna, pls explain me or help me clear instructions. tks so much
romano19 said:
Note: make sure your environment variables path is correctly set for python and 7-Zip(set it in system properties-->advance-->environment variable-->path) @chiragkrishna, pls explain me or help me clear instructions. tks so much
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
add the location of your python(C:\Program Files (x86)\Python27) and 7-Zip(C:\Program Files\7-Zip) to the path!!!
Hello, nicie you made it, but how to repack it back to system.new.dat? Thanks for answering
supports system.new.dat from nougat?
Hi, I receive the following error:
WARNING
file_contexts not found!!
Click to expand...
Click to collapse
Jancar 52 mcpe said:
supports system.new.dat from nougat?
Click to expand...
Click to collapse
Wondering the same thing, will this work on Nougat, LineageOS 14.1 ROMs?
Neo3D said:
Wondering the same thing, will this work on Nougat, LineageOS 14.1 ROMs?
Click to expand...
Click to collapse
I asked this because it doesn't support the file_contexts.bin, if it does not detect it or it does not support it I can not recompress it again, and at the time of installing that compressed package with the other files gives error
Jancar 52 mcpe said:
supports system.new.dat from nougat?
Click to expand...
Click to collapse
Neo3D said:
Wondering the same thing, will this work on Nougat, LineageOS 14.1 ROMs?
Click to expand...
Click to collapse
Jancar 52 mcpe said:
I asked this because it doesn't support the file_contexts.bin, if it does not detect it or it does not support it I can not recompress it again, and at the time of installing that compressed package with the other files gives error
Click to expand...
Click to collapse
updated with Nougat support
converts file_contexts.bin to file_contexts text file
My simple script - Python not needed
Hi chiragkrishna, thank you for the tool.
Unfortunately it doesn't work for me, it gets stuck on the file_contexts.bin
In light of this I made my own super simple bat file, that extracted the whole system folder successfully.
Then I went a step further and created a EXE from the provided python script, so there would be no python requirement.
But you do have to manually unzip the system.transfer.list and system.new.dat files from your rom (turns out, no other files required for Nougat).
My simple script:
works on Nougat (tested on 7.1.2 NitrogenOS)
no Python needed
just unzip system.transfer.list and system.new.dat files, and place them in rom folder
run start.bat
minibraun said:
Hi chiragkrishna, thank you for the tool.
Unfortunately it doesn't work for me, it gets stuck on the file_contexts.bin
In light of this I made my own super simple bat file, that extracted the whole system folder successfully.
Then I went a step further and created a EXE from the provided python script, so there would be no python requirement.
But you do have to manually unzip the system.transfer.list and system.new.dat files from your rom (turns out, no other files required for Nougat).
My simple script:
works on Nougat (tested on 7.1.2 NitrogenOS)
no Python needed
just unzip system.transfer.list and system.new.dat files, and place them in rom folder
run start.bat
Click to expand...
Click to collapse
The most under appreciated post
Deleted
minibraun said:
Hi chiragkrishna, thank you for the tool.
Unfortunately it doesn't work for me, it gets stuck on the file_contexts.bin
In light of this I made my own super simple bat file, that extracted the whole system folder successfully.
Then I went a step further and created a EXE from the provided python script, so there would be no python requirement.
But you do have to manually unzip the system.transfer.list and system.new.dat files from your rom (turns out, no other files required for Nougat).
My simple script:
works on Nougat (tested on 7.1.2 NitrogenOS)
no Python needed
just unzip system.transfer.list and system.new.dat files, and place them in rom folder
run start.bat
Click to expand...
Click to collapse
Please start a new thread. As I use many extractors nothing is extract my system new data but your tool done. Great.
How can I repack the modified system in system.new.dat after extracting?
Mr.Ak said:
How can I repack the modified system in system.new.dat after extracting?
Click to expand...
Click to collapse
I have no idea, these tools are just for extracting.
I see people are having trouble all over the place.
You can try this tool and hope for the best:
https://forum.xda-developers.com/chef-central/android/tool-extract-repack-dat-img-android-5-8-t3670763
minibraun said:
I have no idea, these tools are just for extracting.
I see people are having trouble all over the place.
You can try this tool and hope for the best:
https://forum.xda-developers.com/chef-central/android/tool-extract-repack-dat-img-android-5-8-t3670763
Click to expand...
Click to collapse
Thank you for the recommendation.I tried almost every tool available,but haven't tried this one yet.I'll give this a try.Unfortunately,I have to dirty build the rom everytime to get the changes done.Hopefully,this tool will maybe able to repack fine.
minibraun said:
Hi chiragkrishna, thank you for the tool.
Unfortunately it doesn't work for me, it gets stuck on the file_contexts.bin
In light of this I made my own super simple bat file, that extracted the whole system folder successfully.
Then I went a step further and created a EXE from the provided python script, so there would be no python requirement.
But you do have to manually unzip the system.transfer.list and system.new.dat files from your rom (turns out, no other files required for Nougat).
My simple script:
works on Nougat (tested on 7.1.2 NitrogenOS)
no Python needed
just unzip system.transfer.list and system.new.dat files, and place them in rom folder
run start.bat
Click to expand...
Click to collapse
good work
minibraun said:
Hi chiragkrishna, thank you for the tool.
Unfortunately it doesn't work for me, it gets stuck on the file_contexts.bin
In light of this I made my own super simple bat file, that extracted the whole system folder successfully.
Then I went a step further and created a EXE from the provided python script, so there would be no python requirement.
But you do have to manually unzip the system.transfer.list and system.new.dat files from your rom (turns out, no other files required for Nougat).
My simple script:
works on Nougat (tested on 7.1.2 NitrogenOS)
no Python needed
just unzip system.transfer.list and system.new.dat files, and place them in rom folder
run start.bat
Click to expand...
Click to collapse
getting this error
------------------------------------
------------------------------------
SYSTEM.NEW.DAT to SYSTEM FOLDER
by minibraun
------------------------------------
------------------------------------
Extract system.transfer.list and system.new.dat from your ROM.zip into the ROM folder
------------------------------------
Press any key to continue . . .
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the file specified.
Could Not Find C:\WINDOWS\system32\system_statfile.txt
Extraction complete!
Press any key to continue . . .
minibraun said:
Hi chiragkrishna, thank you for the tool.
Unfortunately it doesn't work for me, it gets stuck on the file_contexts.bin
In light of this I made my own super simple bat file, that extracted the whole system folder successfully.
Then I went a step further and created a EXE from the provided python script, so there would be no python requirement.
But you do have to manually unzip the system.transfer.list and system.new.dat files from your rom (turns out, no other files required for Nougat).
My simple script:
works on Nougat (tested on 7.1.2 NitrogenOS)
no Python needed
just unzip system.transfer.list and system.new.dat files, and place them in rom folder
run start.bat
Click to expand...
Click to collapse
The link is not working, can you please update?
Acquire a similar scatter file for another device.
Use ADB to extract Partition information.
Edit similar Scatter using ADB and Device for Reference's.
Add the Partition information into the similar scatter.
Test scatter file for proper PMT & HW Chip ID.
Error & Repairs for HW ID Mismatch & PMT Changed.
Test Error repaired scatter to extract Preloader.
Extract preloader from BOOT_0.
Test Preloader with boot.img extraction & download.
Save Scatter file & Preloader into a safe place.
Use Scatter & Preloader for Memory Test.
Use Memory Test information for Read back of entire Memory.
Save Full Read back to a safe place.
Extract System.img, Boot.img, Recovery.img, NVram.img, NVDATA.img, frp.img, Etc.
Compile Firmware for SP Flash Tool.
Edit & Remove proprietary information from firmware for custom release.
Leave stock for stock Firmware extraction.
For Pure time consumption reasons, this guide may take me a while to complete, however the steps above should give you a rough idea of how everything is going to be written...
To start with, the information is so much at once, that I've made a video to help people go along with it...
The video is in 2 parts & in English... Please watch these first, that'll cover about everything in the steps except a few things like compilation of extracted IMG files.
The second video should be watched after the first video, so I've put that link in the description of video 1.
https://youtu.be/e2_U68EGSlY
OK... Now you've seen the instructions, you can work through extracting every partition you'll need for a firmware backup.... You don't need all of them !
After that, Copy the following files (you should now have them all ) to a new folder called Stock Firmware for SP Flash Tool ..
boot.img
cache.img
lk.img
logo.img
preloader.bin
recovery.img
secro.img
system.img
trustzone.bin or .img
userdata.img
MT*****_Android_scatter.txt
Now you need to edit the Scatter file using NotePad++ or another program that won't wreck line endings... Word pad & Notepad will wreck line endings and destroy the scatter file.
Edit the scatter file to now have the correct file names, eg.....
preloader_******_njh_gjb_.bin TO preloader.bin - The same as your copied file name.
boot_example_mt.img TO boot.img - The name of the file for boot.
Now the scatter file, Image's & Preloader should be all together...
ZIP the folder to remove empty space in .img files, Shrink the Firmware to a Zip file.....
You just need to extract the zip file and open the scatter file in SP Flash Tool v5.16+ .. Then select Download to do a firmware installation.
I will edit this guide in time, however I just wanted to get out how I do this on my MTK Device's... People keep asking me how to do it, so I released the video and this extra information for them... I don't make money on YouTube so everything here is provided free & I don't make any money from helping !!! Sorry about the terrible audio !
Hello!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Yesterday friend of mine brought N960F to my hands which was stuck in bootloop asking for help. He bricked phone by some flashing, but don't know details at all.
Phone was launching flashing mode normally, I was able to flash it through ODIN but it stuck on vendor.img.
I have tried to re-flash BL, then CSC only, but phone was in bootloop all-the-time.
I though that there is some problem with partitions, but CSC was about to flash after AP which stuck, so partitions couldn't be restored/repaired.
Went with flashing CSC only to force repartition phone, and then again AP package - same results, stuck into vendor.img.
I have got message on phone screen that flashing failed and asked to use Device Firmware Restore using Smart Switch. Installed SmartSwitch but Emergency Flashign haven't found any device. Reinstalled USB drivers from SmartSwitch. Appearantly, it detected USB device correctly after plugging in. But still Emergency Flashing detected no phone.
I have tried to flash firmware parts using fastboot. No fastboot device found. Tried adb reboot to bootloader. Still fastboot found nothing.
So completly stucked at bootloop at this stage. No any solutions found searching for keywords ODIN stuck vendor.img, ODIN stuck, bootloop, etc.
Decided to not look anything more online and try to develop solution straightly.
I have flashed TWRP, which worked.
How to force phone to enter twrp? Press VolUp, Bixby and PowerOn and HOLD for 20-30 seconds.
TWRP launched.
I have backed up everything before any further move.
I have got some files backed up, but vendor was empty.
Backed-up vendor image was EMPTY. Zero bytes.
In recovery.log:
/vendor | /dev/block/platform/11120000.ufs/by-name/VENDOR | Size: 648MB Used: 0MB Free: 647MB Backup Size: 0MB
Flags: Can_Be_Mounted Can_Be_Wiped Wipe_Available_in_GUI IsPresent Mount_Read_Only
Primary_Block_Device: /dev/block/platform/11120000.ufs/by-name/VENDOR
Click to expand...
Click to collapse
Why ODIN couldn't flash it? Perhaps ODIN bug, or bootloader bug, or ... who knows.
I have tried to install some CustomROM to see if VENDOR partition could be written using installation of custom rom.
I have installed NOBLEROM1.3_N9_S9_S9P. Installation went OK, without any problems.
After reboot, phone was still in BOOTLOOP.
I have forced to launch TWRP again and backed up VENDOR partition to see if it was actually written:
/vendor | /dev/block/platform/11120000.ufs/by-name/VENDOR | Size: 629MB Used: 498MB Free: 130MB Backup Size: 498MB
Flags: Can_Be_Mounted Can_Be_Wiped Wipe_Available_in_GUI IsPresent Mount_Read_Only
Primary_Block_Device: /dev/block/platform/11120000.ufs/by-name/VENDOR
Click to expand...
Click to collapse
Yes, vendor partition is actually low-level writeable.
I have tried at this stage to reflash AP package to see if low-level write of VENDOR partition repaired problem and allowed to flash VENDOR normally through ODIN.
But no, still stucked at VENDOR.
I have readen that TWRP have no capability to flash original custom ROM. Only .zip packages with custom images.
So I have prepared following solution to repair this phone and restore latest stock ROM:
1. Download and extract firmware TARs: AP, BL, CP, CSC.
2. Analyze which files was actually successfully flashed using Odin in AP tars:
<ID:0/008> boot.img
<ID:0/008> recovery.img
<ID:0/008> system.img
<ID:0/008> vendor.img < -- odin hangs here
3. AP actually contained: boot.img, dqmdbg.img, recovery.img, sytem.img, userdata.img, vendor.img
4. I have marked non-flashed files: userdata.img and vendor.img to be flashed OutOfBand
5. I have flashed AP package again using ODIN. After hangup, restarted ODIN pressed Vol-Down + Power for 7 seconds.
6. Phone displayed: Flash failed, please use flash emergency recovery using Smart Switch (but actually still USB bootloader was running).
7. Restarted ODIN and flashed rest of firmware packages successfully: CP, CSC. Also added as USERDATA TWRP package (to install TWRP previously overwritten by AP package, so TWRP could fire-up). It is important to add TWRP at userdata - so it is flashed at the end.
8. Phone was in bootloop again, forced to enter TWRP (volup, bixby, power for 20-30 seconds)
9. Missing vendor.img and userdata.img was lz4 unpacked, and converted to RAW images.
10. Vendor.img was pushed using ADB to /tmp folder
11. dd if=/tmp/vendor.raw of=/dev/block/platform/11120000.ufs/by-name/VENDOR
12. rm /tmp/vendor.raw
13. Userdata.raw was pushed into /tmp
14. dd if=/tmp/userdata.raw of=/dev/block/platform/11120000.ufs/by-name/USERDATA
Why tmp was selected?
We got ~4GB free in TMP (ramdisk?), in meanwhile I have lost access to internal memory through TWRP (0bytes) so i had to pick /tmp to rewrite image.
Also note that userdata.raw after conversion had 16GB, but was truncated to 4GB because of not enough free space in tmp.
This is not a problem, because userdata.img have actual payload of 1.6GB. I have checked raw file after truncated offset, and it was zeroed, so no problem.
At last It was stupid because we can push image directly to /dev/block ;-) Need to sleep a little more to avoid brainfogging.
REBOOTED and phone worked OK - UNBRICKED! Finally escaped from bootloop and back to life.
So I have decided to write software to easily flash and unbrick Your phones out-of-band using USB and TWRP easily.
Nothing hi-tech, but should be helpful as last-resort attempt to unbrick your phones.
I have also reworked solution that way to push converted files directly to /dev/block, skipping tmp.
You can flash all packages, or just those missing ones (as in my cases) to unbrick phone. It is all up to you.
Note that unbricking using NIDOO is actually limited to existing TWRP (or any other ADB capable recovery). Phone I got was in such state that TWRP was already installed.
HOW TO USE SOFTWARE:
First, decicde which parts of firmware You want to flash out-of-band. You can flash all of firmware parts, or just those failed and missing one.
Also, TWRP (or any ADB capable recovery) should be flashed and running at this stage. (read points 1-7 of previous listing)
Flashing target may be also adjusted for other phones, for my N960F that was "/dev/block/platform/11120000.ufs/by-name/", just place other target in app editbox. I guess it will be same for Galaxys using UFS.
Acceptable fileformat to OutOfBand USB flashing is lz4.
It is recommended to backup all avaiable phone partitions (incl. efs) before OOB flashing.
1. Download latest stock firmware package.
2. Rename firmware parts from: AP_N960FXXS8FUC4_CL19869079_QB38960104_REV00_user_low_ship_meta_OS10.tar.md5, to AP_N960FXXS8FUC4_CL19869079_QB38960104_REV00_user_low_ship_meta_OS10.tar
(cut md5)
3. Unpack each part to its subdirectory (WINRAR is ok for that, or any TAR unpacker, including tar)
4. Add LZ4 files to be OOB flashed to Flashing Queue.
5. Click FLASH and wait for results.
6. After flashing all files, phone will be rebooted.
TODO:
Software might be developed in future to add more features. I just had no time to implement TAR autoextraction of firmware package, MD5 verification, etc etc.
Had not so much free time, so wanted to make solution avaiable.
So any futher developments depends on my free time and laziness ;-)
Converted RAW images might be also flashed to memory chip directly.... for that need parse partition PIT table to obtain offsets and of course direct flashing method ;-)
REMEMBER:
While bootloop, to enter download mode keep VolDown+Bixby.
While bootloop, to force TWRP keep VolUp+Bixby+Power.
CREDITS:
Software pack contain Tiny ADB portable, posted by @K3V1991
Software pack contain lz4 binary implementation, credits to all contributors https://github.com/lz4/lz4
Software pack contain simg2img, credits to all contributors https://github.com/anestisb/android-simg2img
App Icon made by Smashicons from www.flaticon.com
CONTACT:
WhatsApp +48 503552016
EMail piotr [ at ] karwos.hk
ABOUT AUTHOR:
Former GSM Business developer between 2005 and 2014, one and only developer of Cyclone Box Device for Nokia Mobile Phones.
DOWNLOAD LINK:
http://www.karwosgsm.pl/nidoo.rar
hi karwos... thaks for your interesting toolkit.... i have encountered a similar situation as yours.... odin stucked at vendor.img.... followed your instructions but unfortunately i was unable to flash the 2 files as shown in the image attachment... would appreciate if u could help share your thoughts on the failure to flash with the adb error... cheers...