Hey guys, even though I don't post here much, I've done my share of rooting, unlocking, and flashing roms. This post is going to very general, philosophical, long, and technical, and I've tried to research these things myself to no avail, so I really hope someone can put me on the right track. I have a few questions to ask, and if you want you can skip to the TLDR, but first I have a little background on my questions:
Pretty much any guide you can find on rooting, unlocking, and flashing devices here on XDA comes with the warning that you can "brick" your device and void your warranty. Before I started hacking Android devices, I was installing various Linux distros on all sorts of PCs, and I didn't once hear anything about the possibility of bricking your PC, or loosing your warranty from installing Linux on it. The reason why, is because no matter what you do to the software on your PC, there is always the option of installing another operating system, and usually restoring the software to a factory state, because messing with software does nothing to affect your PC's BIOS. However, on most Android devices, we run into trouble flashing custom operating systems on our phone because the bootloader isn't typically as open as a PC's BIOS.
I recently purchased a refurbished Nexus 7, and I've really enjoyed it, because the flashing process has been similar to my experience installing Linux distros on various PCs, at least in terms of "openness"; I can always relock the bootloader, and I can always flash back the stock rom without having to worry about bricking my device (I don't mess with overvolting or overclocking, because that actually does prove a potential hardware danger to your device). My first Android device was a Motorola Atrix 4g, which I rooted and unlocked, but I was sad to find out that the device doesn't have a bootloader that you can re-lock, which means for any warranty purposes, I was screwed. After learning this about the Atrix, I started researching more about the bootloader on Android devices, and even after some extensive Google searching, and looking at XDA posts, I was still confused. So, TLDR; here are my questions:
1. Where is the bootloader on Android typically stored? Is it on the same flash storage as the rest of the OS, a PROM, EPROM, or EEPROM?
2. Along the lines of question one, is fastboot (on devices that have it) part of the bootloader?
3. On a device with an EEPROM bootloader, shouldn't it be possible to restore the bootloader to it's original factory state even if a command like "fastboot oem lock" doesn't work with the device? I realize that if possible, this process could brick your device if anything goes wrong, just like flashing the BIOS on your PC could brick it if something goes wrong, but the idea is that you could do this if you needed to return the device for warranty purposes and you've unlocked the bootloader.
4. Shouldn't flashing ROMs and rooting a phone with an unocked bootloader with fastboot enabled be just as safe as installing a Linux distro on a PC as long as you have a copy of the stock ROM of the device?
5. What devices come with a fully open bootloader? (I define this as a device that can boot into fastboot mode, and can be trivially unlocked, or locked with the commands "fastboot oem unlock" and "fastboot oem lock") All the Nexus devices (at least the new ones anyway) are like this, and apparently the Motorola Xoom is too, but I don't know of any other devices like this, and it would be helpful to have a list, because I like the idea of always being able to completely restore the device to it's factory state. Is there a better term for what I define here as a "fully open bootloader"?
6. What devices come with a bootloader that is unlocked by default? I believe the Nokia N900 is like this, (in fact, I've heard Nokia encouraged flashing as a standard update method for the N900) but I'm not sure about any others.
7. Why is getting new/custom Android images working on different mobile devices so difficult? To explain this more, I'll go back to the analogy of installing an os on a PC: When you download a Linux distro to be installed on a PC, you don't have to download a specific one for your device, you just have to choose the right architecture and things generally work right out of the box. I know there are driver issues sometimes, but it's still different than developing an alternate mobile OS; you usually have to deploy images for specific devices, and even then oftentimes a lot of the features don't work. Is this because mobile device drivers are not yet as standardized as device drivers for PCs are, because OEMs don't usually release the source code for their device's hardware, a combination of the two, or something completely different?
bump
Mostly about your fastboot question. Flashing it from a hard bricked state requires special tools and most of all access physically or though the USB port. If the bootloader is gone and there is no low level initial driver or boot component it may be impossible to re-flash. APX mode is one example of a mode you can access on the original N7 but the bootloader has a specific Secure Boot Key (SBK) unique to each device which is why those people who hadhard bricked their N7's could not restore through APX but some other Asus devices worked with APX and nvflash software.
I am thinking APX mode was some type of port to the Tegra 3 Arm SoC to access low level diagnostics commands not to far off from JTAG at the processor level!!
I would also like to know more about fastboot and from a recent risky test I performed link below:
http://forum.xda-developers.com/showthread.php?t=2391072
My conclusion is the fastboot on the N7's must be some type of eeprom unlike that one found on a PC Motherboard BIOS or an AppleMAC Main Board called EFIbios. Even new PC motherboards are now coming with EFI Bios chips like Gigabyte and Asus. Even USB flash drives have a rom with some boot code in them. These are probably also flash-able with the right tools.
The fastboot bootloader can also be programmed just like that on a PC or MAC Motherboard with a specific tool, fastboot, while the android is in fastboot mode using a fastboot command, like fastboot flash bootloader 4.23-grouper.img for example. So there are fastboot updates for this chip.
I don't think this part of the bootloader can be part of the flash ram as the OS partitions are on android devices. Some will say it has an area on the ram nand memory but I am starting to feel it resides on a chip of its own such as the newer SPI or I2C EEPROM memory chips which I have programmed myself using Microchip PICKIT 2 and PICKIT 3 developmental boards and using Microchip's MPLAB IDE software to write the programs.
I am trying to see if there is a second chip just for the bootloader by viewing the schematics of the N7 original model 2012 since I cannot find the new model FHD 2013.
Check this pdf out it mentions different bootloader's used and fastboot is mentioned in that document!!
http://www.ti.com/lit/an/spraag0e/spraag0e.pdf
If someone can point us to some white paper or PDF on this it would be great because my exhaustive google search could not dig up anything!!
Found Schematic check out the iROM boot code chip. That's probably where the fastboot code resides.
Related
Hey guys,
The power button on my phone stopped working this morning (without water damage). I'm preparing the phone to return to Samsung warranty, and in the process of reseting to stock and re-locking the OEM I noted that the phone does not respond to fastboot commands in the bootloader despite this working on the same system a week ago, no change in drivers or anything else. I installed PDAnet, still broken on Win 7 although I can reboot with adb.
I then tried this on OSX, again I can reboot with ADB, but the phone is unresponsive in fastboot.
I have three working hypotheses and I'm hoping someone can help me:
a) in some process of flashing my phone and being an uninformed n00b maybe I flashed something I shouldn't have or used some combination of partial fastboot flashes I shouldn't have. has this happened to anyone else?
b) whatever hardware damage knocked out the power button might have partially knocked out the bootloader
c) I just have really bad luck with driver set up and I just happened to mess up two different computer driver configurations but the phone is fine. to this end, I am setting up another Win 7 system fresh on a virtual drive as I'm typing, though I have little faith it will be different
update: fastboot commands didn't work on the other windows 7 virtual system, although adb reboot bootloader did
freaking a this is annoying.
i have a fully stock ROM and radio, anybody to know how to flash a new recovery image and lock the bootloader without accessing fastboot? Just have to get this ready to go back to Samsung so they can fix their own hardware mess ups.
they are 2 different drivers.
As much as I don't like using/recommending the Galaxy Nexus Toolkit (only because I feel it's better to actually learn everything you're doing), it's the easiest way I've found to get the Fastboot drivers installed.
http://forum.xda-developers.com/showthread.php?t=1392310
Thanks guys for your comments.
I've tried Android SDK drivers, PDANet, Universal Naked Driver, and now the one click toolkit mentioned above, some on three different operating systems (Win 7, Win 8, OSx) on 32 and 64 bit.
The wierdest part is that under device manager, no device shows up when the phone is in fastboot, no is there any noise or any recognition of the device being connected at all. It is completely, 100% silent. (again, ADB works when the phone is booted).
I recognize that this may not be possible, but does anyone know how to flash a recovery image without being in the bootloader mode?
If fastboot isnt working like it should, and you are sure it isnt user error, then take it for warranty.
Sent from my i9250
yeah fastboot + the power button (which was defunk in clockwork mod) are back online again, dunno for how long. agreed seems like a hardware/warranty issue.
Recoveries can be flashed with ROM Manager assuming you have SuperUser permissions, but otherwise you or the toolkit need fastboot working.
Sent from my Galaxy Nexus using xda app-developers app
Evening all.
I've spent about three hours this afternoon verbally lubricating my phone and computer over this "Rooting" thing.
Now, when it comes to technology, I'm reasonably savvy, but this is really starting to grate a bit. I've found various ways of doing it, all involving unlocking the hidden menu via "Volume down" and "Power" which isn't a problem.
After that, I open the DOS prompt and input the unlock command to get it to do the whole code generation thing. Except my phone doesn't respond, even though I have HTC Sync installed. I also uninstalled all the drivers for the phone through Device Manager, turned debugging off, and connected it as a total noob might to add music to it to allow the computer to reinstall the drivers it thinks it needs.
I still haven't had any success with it at all, and being at my wits' end, a guy I know pointed me in the direction of this site.
I also see that when I access the hidden boot menu on the phone, at the top of the screen it says "Locked". All the youtube videos I have seen on the subject have phones that say "Unlocked" at the top of the screen - I'm guessing this is one of my problems as well. Can someone kindly help me out with this please??
Thanks folks.
R
Just re-read the thread and realised I didn't actually say what phone it is!! I have the HTC Desire 300 on Tesco. (which in reality is o2) The machine I'm trying to do it on is running Windows 8.1, sadly, although I am unsure if that makes a difference.
Firstly, addressing the 'Locked' status in boot-loader.
All phones (mostly) come with a locked boot-loader. The phones in the Youtube videos already have the 'Unlocked' status simply because they have unlocked their boot-loader already, which is what you're trying to achieve.
I assume the command you are trying is 'fastboot oem get_identifier_token' and the problem is your PC wont detect your phone. Try the command 'fastboot devieces', it will show all connected devices or an empty line if no devices are detected.
Here is a list of solutions which will most likely fix your problem
Make sure you are using a usb2 port and not a usb3 port
In the boot-loader menu make sure you have selected the 'FASTBOOT' option and that it says 'FASTBOOT' inside of a red box and not 'HBOOT'
Try re-download Fastboot from this thread http://forum.xda-developers.com/showthread.php?t=2588979
Tried all of your solutions. As I understand it, the issue is the fact that the machine is running Windows 8.1. The issue lies with the ADB drivers and the fact that they don't like the OS. I can get the DOS shell to run no problem, but because I cannot get the correct drivers for Windows 8, it just comes up with "waiting for Device", and I have to force stop it through the Task Manager menu.
Ok guys I really need you help. I honestly feel like im losing it as I have not been able to make any progress with this. Believe me I have tried other threads to no avail....
Ok so, I bought this phone but the problem with it is that I cant use google pay due to its unlocked bootloader (bought it like this second hand). I'm on really old firmware (6.0.1, 1 September 2016 Security Patch) as you can see very behind from Oreo or whatever the latest firmware is because I cant get OTA updates due to the unlocked bootloader.
I'm literally just asking for a simple, noob friendly guide which will allow we to relock it and update to the latest firmware so my phone will be perfectly fine for work use.
Please guys. Apologies if I sound annoyed but this has been bugging me for ages. Let me know if I should add anything else.
Much appreciated guys!
EDIT: I Used this guide: https://forum.xda-developers.com/moto-z-play/how-to/guide-relock-bootloader-to-lasted-stock-t3718190 and followed it exactly and enable USB debugging but keep getting "<waiting for any device>"?
bump
Hmm, with the 'waiting for device' issue, do you have the Motorola drivers installed on the computer? https://support.motorola.com/uk/en/drivers Also, if you are running Windows 10 or 8.1, verify that you have driver signature enforcement disabled on your computer, so the Motorola fastboot driver can load properly: https://www.howtogeek.com/167723/ho...8.1-so-that-you-can-install-unsigned-drivers/ or you can try to manually load the fastboot driver when your device is connected to your computer. This should then help your computer communicate with your device when you boot your device to the bootloader for flashing the stock ROM.
Verify also that you have a high quality USB data cable (preferably the original cable) and that you've got your device connected to a powered USB 2.0 or 3.0 port. Double-check the communication between your computer and your device - boot your device to the bootloader, connect to your computer. Open the ADB terminal and enter 'fastboot devices' (without quotes) into the terminal. Press Enter. If communication is working, this command should return your device serial number.
For that guide as well, you do not need to be on a custom ROM to follow it. If you do get your device talking, then extract the stock ROM as per the guide to your ADB folder, and execute both sets of commands to re-lock your bootloader. Be aware that the re-locking will erase your device, so back up if you have not already. OTA updates are not dependent on unlocked/locked bootloader status - as long as you have a firmware build that was deployed on the retgb software channel, you should get OTA updates regardless of whether your bootloader is unlocked or not. However, as you correctly point out, Android Pay does care about the bootloader unlocked status, however, rooting with magisk (to hide your bootloader unlocked status) may help you get Android Pay working if you want to keep your bootloader unlocked. Depending on your work IT requirements though, you may want a locked bootloader and no root to be compliant with the IT regulations.
Good luck either way.
echo92 said:
Hmm, with the 'waiting for device' issue, do you have the Motorola drivers installed on the computer?.
Click to expand...
Click to collapse
I have now installed the program but get "There are no updates for your device at this time. Current Version: N/A"? My USB debugging is enabled.
Thanks for the detailed reply mate. Im going to get some new cables and follow your advice. Might take me a few days as i'm busy with work but definitely am looking forward to fixing my phone once and for all!
Omg it works. I downloaded the Motorola program and opened up adb minimal fastboot whilst in usb debugging. I just pasted everything and it started to work!...oh I also held the volume down button whilst the phone was turning on so it went to a screen with the android mascot. Then I pasted the codes to adbmininal fastboot.
Thanks for all you help mate !!
You can get OTA updates even if your bootloader is unlocked.
I may have royally mucked up my Nexus 7, but I am hoping there will be a way to rescue this.
Basically, a bit of knowledge that I thought meant I could get out of everything has probably led to me being a bit too careless with what I was trying, and I have done a great many stupid things with the tablet today.
I can get the Nexus into fastboot mode, but apart from that, all it will do is sit on the Google logo. I believe I have wiped the OS and although I had TWRP, I think I may have wiped this too.
I cannot get my Windows 10 laptop to recognise the Nexus when I plug it in - possibly due to poor attempts to update drivers. "fastboot devices" lists nothing, and I cannot see an entry for Android devices in Device Manager. I have read that a Windows computer will not detect an unknown device if it is plugged in while in fastboot mode, is this correct?
Does anyone have any suggestions as to how I might manage to get any sort of ROM onto my tablet that may allow me to reflash it and get it working?
(Data recovery is not a concern - at least I did that before I started playing)
Thanks
kitiara2016 said:
I may have royally mucked up my Nexus 7, but I am hoping there will be a way to rescue this. Basically, a bit of knowledge that I thought meant I could get out of everything has probably led to me being a bit too careless with what I was trying, and I have done a great many stupid things with the tablet today. I can get the Nexus into fastboot mode, but apart from that, all it will do is sit on the Google logo. I believe I have wiped the OS and although I had TWRP, I think I may have wiped this too. I cannot get my Windows 10 laptop to recognise the Nexus when I plug it in - possibly due to poor attempts to update drivers. "fastboot devices" lists nothing, and I cannot see an entry for Android devices in Device Manager. I have read that a Windows computer will not detect an unknown device if it is plugged in while in fastboot mode, is this correct? Does anyone have any suggestions as to how I might manage to get any sort of ROM onto my tablet that may allow me to reflash it and get it working? (Data recovery is not a concern - at least I did that before I started playing) Thanks
Click to expand...
Click to collapse
Have a look at this thread. Check if this app detects it.
UsbTreeView does detect it (yay) and it is now showing in device manager and fastboot devices lists it.
Hopefully now I will be able to "talk" to the nexus and get twrp/ROM back installed - at least there is a glimmer of hope.
Thanks
Hello to all! Thank you for taking the time to read my post and questions!
While I'm quite PC savvy, I've never had the extra funds to invest in mobile devices such as tablets, but as luck would have it a buddy found a handful of old G Pad 8.3 (aka LG V510) tablets at a local dump early last year and dropped them off to me to play with. I successfully unlocked and rooted them all and was able to use the LG Flash tool to flash the proper 4.4.4 stock ROM to them, as well as using the mobile support tool (which is now defunct) at one point in mid 2021 to do updates from LG itself.
Not long after getting the tablets running I became sidetracked with other must do projects for months and these tablets languished here. Recently I pulled them back out, as I have more time to investigate uses for them at present.
The first tablet I moded allowed me to run Ubuntu and log into it from my desktop with VNC. No problems there. I can even install my mail server on it now that Linux is more exposed.
The next tablet I tried to mod I accidentally flashed the wrong firmware to... Bricked..... No power, no noise, no vibrate. All that I can see for any sort of response from the tablet is seeing Quallcomms 9008 mode in the Windows device manager, or Qualcomm, Inc. Gobi Wireless Modem (QDL mode) in Linux. Holding the power button for 15 secs will make the port reset but it doesn't change in any other way. the CPU is running as it stays warm until I disconnect the battery.
I have spent over 2 months trying to resolve this issue, using both Windows 7 & 10, as well as Linux, and so far no luck. I've downloaded MANY gigs of files. With Qfil and other similar tools, its constant sahara errors or firehose errors, despite having what appears to be the proper files for the firehose. The LG Flash tool tries to read it but then says the device is "differente", giving an F0000002 error, so I'd presume the wrong firmware flashed caused a change to the version number somewhere... So now the proper version won't flash with that tool...
On Linux, the only halfway encouraging responses I get is using a tool called EMMC_Recover. That tool on Linux has allowed me to send some partitions to the bricked device over USB, but certain partitions such as boot.bin, and a couple other needed partitions, EMMC_Recover responds back with a 256 error, which is an I/O error, so I would assume something is locked or not rooted proper any more on the bricked device after flashing the wrong firmware?
I have a good copy of a backup of one of the working tablets with stock ROM at 4.4.4, but have not been successful in getting the files all back onto the bricked device so it will boot.
I have also tried booting from an SD card, setting the card up a few diff ways as instructed online, but it made no difference. Button combinations combined with battery disconnects and reconnects while connecting the USB cable seem to make zero difference in its behavior. it's just plain dead other than the few things I could do with EMMC_Recover.
Other things I have tried included making up a 910k cable, which made no noticeable difference. Shorting the D+ to GND, no difference. Making sure the battery was fully charged on a working tablet, since it will not charged on a bricked tablet, but again no difference.
I realize that some devices have test points that need to be jumpered to flash them but where the device is already in 9008 mode I dont see the need, nor could I find any info what so ever about test points on the G Pad 8.3. The most I could find is a boot config setting in the service manual for this device, but the points are unclear in that manual and would take some time to trace out, if even possible short of removing the CPU/EMMC from the mother board.
I also read last night that while these devices can show as 9008 mode, that sometimes its not fully in that mode, but I cant confirm that myself. Does anyone know for sure?
JTAG sounds like its been an option for some bricked devices, but I dont have funds to risk on buying a box that may or may not work. The JTAG port pads are exposed on the edge of the board with no connector soldered on, but the chances of getting wires soldered onto that spot effectively and have the pads not tear away from the board are slim.
I'm also not sure what software would be used if I was to make my own JTAG device using something like a Pro-Micro ATMEL device. The JTAG hardware can be made, but I dont have the knowledge needed as to what to flash and where and how, and an extensive search really didn't answer those questions...
I'm not usually one to bother others with hardware or software issues, as I can usually work it out myself over enough time, but I seem to of run out of viable options after a couple hundred hrs of extensive reading and trial and error, so I am hoping someone here might have some other suggestions to try. Any help would be greatly appreciated.
Thanks to all for what you all do to help many people in need each and every day here!
So after making a few more attempts at various methods of de-bricking this tablet from Qualcomm 9008 mode, I've decided that I'm going to attempt to get 6 wires soldered onto the Jtag port, to see if i can program it with a stm32 "blue pill" that is flashed to be a Jtag programmer. Whether this works or not, and whether i can get the few wires soldered on the tiny pads or not, remains to be seen. I dont see any other viable way to fix this short of removing the cpu / ram stack, but I dont have a proper socket or programmer for that anyway.
I also dont have a hot air soldering tool, so putting a tiny socket on the Jtag pads is out of the question. Though I am game at some point to build such a tool. I was hoping to find attaching points away from those pads that are easier to solder to, but after probng with the meter only 1 is available at an alternate spot, the rest appear to go directly to the CPU.
AS far as the SD card boot method goes, clearly something does try to happen. I did set up a card with the full image and partitions from a working tablet, and edited the fstab and other files to reflect where the files were located, then repacked the boot and recovery loaders. I Then booted the patched boot image to a working tablet with the SD card in. It boot and ran either normal Android mode or TWRP recovery with no hesitation.
However, when I tried the same thing in the bricked tablet, it still didn't boot. It was clear that certain key combinations made a difference in how warm the processor runs, when the SD card was installed, but it ran cooler with the SD card out, so it does attempt to do something, but I have no idea what it is doing... So that method for now is a fail short of someone having another suggestion to try.
I have a question. Has anyone here on this forum succeeded or failed at Jtagging one of these tablets, or knows of anyone who has tried Jtagging one before? I really hate to put hrs into trying to get wires soldered on only to find that the Jtag port isn't enabled, or doesn't work proper unless some other step is taken, so any advice would be very welcome
Thanks again to all of you who took the time to read my initial post. I didn't expect to get so many views with such an old but very viable device, which I really would hate to throw away if it can be salvaged!! Thanks again for your time!!