Hello,
I am following along, approximately, with this thread on zukfans.eu. I am posting here because for some reason my registration attempts on that website are flagged as possible spam. I see many users from that thread also participate here.
First some information about my Zuk Z2 (Z2131) config and steps so far:
ZUI Version: 1.9.044 ST
Android Version: 6.0.1
Problems: I do not necessarily need to be on the bleeding edge, however my device does not seem to support LTE network use in its current state, which is unacceptable.
Step 0: USB debugging is enabled and functional
Step 1: ADB and fastboot are installed and functional in Debian Jessie
Step 2: I successfully received the Zuk bootloader unlock file (thank you Google translate) and applied it via adb and fastboot. (I re-enabled developer mode and usb debugging + usb 2.0 support)
Step 3: I have downloaded and extracted the contents of 2.5.334 ST QPST provided by zukfans user m_atze.
A user on this forum, liveroy, indicates that a manual install process can be achieved without using the QPST gui (link to thread)
I am relatively inexperienced with flashing phone firmwares, and I gather from liveroy's note that there may be an underlying concept about flashing firmware that I do not understand. Instead of attempting to find a very specific guide that takes me step by step to flash my device using fastboot, can someone offer some general facts about flashing firmware that apply more generally? Can I simply flash the images given below in numeric order? Is it safe to simply flash the recovery.img, which seems to be much larger than the other component img files?
Here are the contents of the 2.5.334 stable QPST archive:
Code:
adspso.bin keymaster.mbn system_14.img system_31.img uefi.mbn userdata_27.img userdata_44.img userdata_61.img userdata_79.img
apdp.mbn lksecapp.mbn system_15.img system_32.img userdata_10.img userdata_28.img userdata_45.img userdata_62.img userdata_7.img
boot.img mdtp.img system_16.img system_33.img userdata_11.img userdata_29.img userdata_46.img userdata_63.img userdata_80.img
BTFM.bin msadp.mbn system_17.img system_34.img userdata_12.img userdata_2.img userdata_47.img userdata_64.img userdata_81.img
cache_1.img NON-HLOS.bin system_18.img system_35.img userdata_13.img userdata_30.img userdata_48.img userdata_65.img userdata_82.img
cache_2.img patch0.xml system_19.img system_36.img userdata_14.img userdata_31.img userdata_49.img userdata_66.img userdata_83.img
cache_3.img persist_1.img system_1.img system_37.img userdata_15.img userdata_32.img userdata_4.img userdata_67.img userdata_84.img
cmnlib64.mbn pmic.elf system_20.img system_38.img userdata_16.img userdata_33.img userdata_50.img userdata_68.img userdata_85.img
cmnlib.mbn prog_emmc_firehose_8996_ddr.elf system_21.img system_39.img userdata_17.img userdata_34.img userdata_51.img userdata_69.img userdata_86.img
devcfg.mbn prog_emmc_firehose_8996_lite.elf system_22.img system_3.img userdata_18.img userdata_35.img userdata_52.img userdata_6.img userdata_87.img
emmc_appsboot.mbn rawprogram0.xml system_23.img system_40.img userdata_19.img userdata_36.img userdata_53.img userdata_70.img userdata_88.img
factory_1.img recovery.img system_24.img system_41.img userdata_1.img userdata_37.img userdata_54.img userdata_71.img userdata_8.img
factory_2.img rpm.mbn system_25.img system_4.img userdata_20.img userdata_38.img userdata_55.img userdata_72.img userdata_9.img
factory_3.img sec.dat system_26.img system_5.img userdata_21.img userdata_39.img userdata_56.img userdata_73.img xbl.elf
factory_4.img splash.img system_27.img system_6.img userdata_22.img userdata_3.img userdata_57.img userdata_74.img
flash_local.xml system_10.img system_28.img system_7.img userdata_23.img userdata_40.img userdata_58.img userdata_75.img
gpt_backup0.bin system_11.img system_29.img system_8.img userdata_24.img userdata_41.img userdata_59.img userdata_76.img
gpt_main0.bin system_12.img system_2.img system_9.img userdata_25.img userdata_42.img userdata_5.img userdata_77.img
hyp.mbn system_13.img system_30.img tz.mbn userdata_26.img userdata_43.img userdata_60.img userdata_78.img
I'm running Ubuntu 14.04, when I flashed a stock image I found running either the QPST or Miflash software in a Vbox VM with USB passthrough worked without a hitch. Probably the easiest option.
Related
All the current upgrade methods involve ODIN or don't explain the heimdall version in depth..
I HAVE NOT TRIED THIS YET - waiting for confirmation from someone who knows more than me.
Heimdall 2.3.3 Update v0.9 - UNTESTED
1) Back everything up. Titanium etc..
2) Download the new Stock 2.3.3 file, as found in Overcome 2.0beta http://www.multiupload.com/F6D7U1RUHD
2) Extract GB-stock-safe.zip into a folder.Go into the folder.
3) Now extract the GB_Stock_Safe_v1.tar file into another folder.
3) Copy the gt-p1000_mr.pit and the correct modem.bin into the extracted GB_Stock_Safe_v1.tar folder. So all the required files in one place now.
4) Plug Tab into computer and go to Download mode. (You can do this, by shutting/powering down your Tab. Once shut/powered down, hold down the Volume Down button and the Power button together until Download screen appears) or much easier if you have adb
Code:
adb reboot download
5) (Once in Downlaod mode) From the command line, run this function from the folder where the GB_Stock_Safe_v1.tar file was extracted, and you copied the gt-p1000_mr.pit and modem.bin file.
Code:
heimdall flash --repartition --primary-boot boot.bin --cache cache.rfs --dbdata dbdata.rfs --factoryfs factoryfs.rfs --pit gt-p1000_mr.pit --modem modem.bin --param param.lfs --secondary-boot Sbl.bin --kernel zImage --verbose
6) basically the movinand.mst and hidden.rfs files are still in the folder but not referenced.
Is this correct !? Can someone confirm or deny please?
I'll update this post with corrections
Just used these instructions to take a stock Froyo Galaxy Tab to Gingerbread stock version (Overcome restock v5) using only Linux.. and then to CM7.
I installed the deb package from the Heimdall web site and installed it into my Ubuntu 10.10 install. Worked like a charm. Thanks a bunch for posting this. Saved me trying to mess around with Windows.
Already posted this mistakenly in the Galaxy S2 International forum...
These instructions are specific to Heimdall and T-Mobile Galaxy SII Hercules CM 10.1
Since this is my first post, I can't post in the CM10.1 nightlies for Hercules, where it'd probably be much more useful...
In any case, after many hours of torture, I was able to flash the mikeyman77 md5 file and successfully upgrade the firmware USING HEIMDALL on my T-Mobile Galaxy SII on Ubuntu 13.04 (usually only Odin the Great Bungholio can accomplish this).
Instructions:
1. Download mikeyman77 md5 file (search the CM10.1 nightly forum)
2. Delete md5 extension, leaving UVMC6.aio.tar
3. Extract files (best to do all of this in the home folder unless you want to cd to your chosen directory)
4. USB connect phone - download mode
5. Open terminal: heimdall detect
6. sudo heimdall flash --81 sbl2.mbn --71 rpm.mbn --69 sbl3.mbn --76 aboot.mbn --70 tz.mbn --12 amss.mbn --143 mdm.bin
*IMPORTANT: These numbers were taken from my phone's partition identifiers and corresponding files.
You may want to double check that those numbers are the same in your partitions, otherwise the upgrade will not complete successfully.
This can be checked by:
sudo heimdall print-pit
Phone should reboot - then in android terminal, check to see if your system firmware has upgraded by typing:
cat /sys/devices/platform/msm_rpm/fw_version
Number listed should be 2.0.67419 (usually from 2.0.1115)
Since upgrading firmware, have been RR and SOD free in 36 hours - only 1 instance of upside down screen on wake from sleep...
Hello
How flash rom with mac ? I found older instruction that doesn't work
Hi everyone, i have the same question, no news ??
I used the search tool on the forum, but nothing clear....
saw that Jodin3 could be an alternative to Odin but again, no links or anything, is it still possible with the s9 ? if yes, anyone has updated link with the software available ?
Thanks
I always used Heimdall when flashing my S4, I've not tried it with the S9, which I'm leaving stock for the time being, but I quickly rebooted to download mode and I don't see why it wouldn't work
From memory, Heimdall has a GUI, but I've always used command line, below is what I used to use to flash a new modem on the S4;
heimdall flash --APNHLOS NON-HLOS.bin --ABOOT aboot.mbn --MDM modem.bin --RPM rpm.mbn --SBL1 sbl1.mbn --SBL2 sbl2.mbn --SBL3 sbl3.mbn --TZ tz.mbn
Click to expand...
Click to collapse
and flashing recovery would be along the lines of;
heimdall flash --RECOVERY recovery.bin
Click to expand...
Click to collapse
--RECOVERY refers to a partition name on the device, while recovery.bin would be the recovery file to flash. If you want to flash anything else, then you'd want the appropriate partition name. heimdall print-pit will give you a list of all partitions on the device, partition names, and the name of the flash file, so it should be obvious what you need to do. You can probably use the Heimdall GUI too and it may well be easier, I'm just a CLI person so have never tried
---------- Post added at 12:09 PM ---------- Previous post was at 11:48 AM ----------
Assuming your Macs are running El-Capitan or latter, you'll need the unoffical 1.4.1 release of Heimdall ) rather than the 1.4.0 release from Glass Echidna
thanks for the help ! Recovery install, flash and root are all done !!
little sum up of the method :
Before Downloading & Installing JOdin 3, Here are some Requirements
1 - Install Java on your MAC OSX (in the google drive link below (jre-8u181-macosx-x64))
2 - Install Hemidall, (in the google drive link below(Heimdall-1.4.1-Unofficial-Signed))
3 - Get rid of Samsung Kies installed on your MacBook in case you have it installed
4 - Start Using JOdin3
5 - Let me know if i forgot anything so i can edit the post and don't get people confused.
Here is the google drive folder with everything needed to perform that on Mac OS !
https://drive.google.com/drive/folders/1k7SYCLH5hgJyZFf9CznTpxH6J-B6zJ0X?usp=sharing
and then pretty much follow the regular instructions that you can find here : https://forum.xda-developers.com/galaxy-s9/development/recovery-twrp-galaxy-s9-exynos-t3763858
Hey Geez,
thanks for summing that up! In the ODIN threads there are some reported difficulties with the older versions of ODIN (before 3.13.1 ) not supporting the new lz4 encryption of Oreo-images. Can you confirm that you flashed an Oreo image and that it works too? In other words, can Heimdall handle lz4?
Greetings!
wiggedy said:
Hey Geez,
thanks for summing that up! In the ODIN threads there are some reported difficulties with the older versions of ODIN (before 3.13.1 ) not supporting the new lz4 encryption of Oreo-images. Can you confirm that you flashed an Oreo image and that it works too? In other words, can Heimdall handle lz4?
Greetings!
Click to expand...
Click to collapse
Hey, no problem
Yeah i remember reading online that one should use the last version of ODIN available, did use the lats one available at the time (don't know if there are any updates since). i did flash an Oreo image (Lineage OS), and its working !
Hi all
I'm trying to flash and old kernel (boot.img) and system (super.img) to a S20 z1s exynos - SM-G980F/DS with a SW REV. higher than I would like...
I flashed TWRP sucessfully, this tripped knox, so I don't care at all about unsigned code running.
So I tried to:
1. disable AVB using a prebuilt vbmeta.img from here: https://forum.xda-developers.com/t/...root-s20-series-and-upgrade-firmware.4079353/
2. unpacking and then re-packing the stock firmware using "superr"s kitchen, but this produced a zip with which twrp was not happy with, even fixing a lot of updater-script errors... then again I think it does not help that my TWRP thinks the device is a z3s (no other twrp build available)...
3. flashing via ODIN obviously failed due to the device vs binary SW REV. difference.
4. flashing boot and super "by hand" in twrp -> error about SW REV. mismatch (DEVICE: X BINARY: X-1)
I have so many Questions to which I am unable to find answers, just suspicions/opinions....
Qs:
1. Can I simply disable all boot verification somehow?
2. how are vbmeta images created? do I need to fakesign my images? (vbmeta.img and vbmeta_samsung.img)
Thanks a lot for some clarifications
Defekkt said:
Hi all
I'm trying to flash and old kernel (boot.img) and system (super.img) to a S20 z1s exynos - SM-G980F/DS with a SW REV. higher than I would like...
I flashed TWRP sucessfully, this tripped knox, so I don't care at all about unsigned code running.
So I tried to:
1. disable AVB using a prebuilt vbmeta.img from here: https://forum.xda-developers.com/t/...root-s20-series-and-upgrade-firmware.4079353/
2. unpacking and then re-packing the stock firmware using "superr"s kitchen, but this produced a zip with which twrp was not happy with, even fixing a lot of updater-script errors... then again I think it does not help that my TWRP thinks the device is a z3s (no other twrp build available)...
3. flashing via ODIN obviously failed due to the device vs binary SW REV. difference.
4. flashing boot and super "by hand" in twrp -> error about SW REV. mismatch (DEVICE: X BINARY: X-1)
I have so many Questions to which I am unable to find answers, just suspicions/opinions....
Qs:
1. Can I simply disable all boot verification somehow?
2. how are vbmeta images created? do I need to fakesign my images? (vbmeta.img and vbmeta_samsung.img)
Thanks a lot for some clarifications
Click to expand...
Click to collapse
For these and other reasons, I quickly grew frustrated with SuperR's Kitchen and ultimately ended up rolling my own purpose-built solution that peels the layers of the onion of the Samsung package, gets to the point of mountable filesystem images, performs the desired transforms, and then packs everything back up into Odin-flashable .tar.md5 files. It's rough and minimalistic, but it works.
I'm not familiar with the error you mention, but usually those sorts of errors come from flashing a bootloader in Odin that is below the level of the one residing on the device. I haven't done much flashing via TWRP since I'm producing Odin-flashable output and I don't know why you'd have issues on boot.img or super.img. For my own sanity I don't regularly flash bootloader images. boot.img doesn't contain the booatloader though: it's the kernel and initramfs.
vbmeta.img files are generated with avbtool. I created one with a null signature which is identical to the ones floating around on the forum. I also cleaned up my fstab and manifests using the techniques of ianmacd's multidisabler.
sjevtic said:
For these and other reasons, I quickly grew frustrated with SuperR's Kitchen and ultimately ended up rolling my own purpose-built solution that peels the layers of the onion of the Samsung package, gets to the point of mountable filesystem images, performs the desired transforms, and then packs everything back up into Odin-flashable .tar.md5 files. It's rough and minimalistic, but it works.
I'm not familiar with the error you mention, but usually those sorts of errors come from flashing a bootloader in Odin that is below the level of the one residing on the device. I haven't done much flashing via TWRP since I'm producing Odin-flashable output and I don't know why you'd have issues on boot.img or super.img. For my own sanity I don't regularly flash bootloader images. boot.img doesn't contain the booatloader though: it's the kernel and initramfs.
vbmeta.img files are generated with avbtool. I created one with a null signature which is identical to the ones floating around on the forum. I also cleaned up my fstab and manifests using the techniques of ianmacd's multidisabler.
Click to expand...
Click to collapse
Thank you for your reply!
1. any chance you could list the steps you used to re-package a samsung rom?
2. is there a guide on how to create null-sigged vbmetas? can you use avbtool or do I need to manually edit the vbmeta file(s) ?
I did not try to downgrade the bootloader, just boot.img (kernel) and super (system, etc.).
Thanks in advance and best regards!
Sorry for the delay. I am on vacation and have not been regularly checking the forum.
To give you a conceptual overview of the workflow, here is the debug output my script generates for each step when trivially unpacking/repacking a Samsung firmware archive:
Extracting source zip.
Extracting .tar.md5 files.
Unlz4ing, unsparsing, and copying images.
Unpacking super.img.
Unpacking boot.img and up_param.bin.
Mounting filesystem images.
Applying main transforms.
Unmounting and checking filesystem images.
Repacking up_param.bin and boot.img.
Repacking super.img.
Sparsing, lz4ing, and copying images.
Archiving .tar.md5 files.
The real magic, of course, is in the transforms that are performed along the way, of which there are many. Most (notably those that are operations against the filesystem images) are performed during step 7, though some are performed before or after other steps by necessity. At some point I'll probably document this process a bit more and release the scripts since it is nontrivial.
Here is how I created my null vbmeta image:
Code:
avbtool make_vbmeta_image --flags 2 --padding_size 256 --output "${STEP_03_DIR}/BL/vbmeta.img"
I hard bricked an LG G7 ThinQ G710EAW by flashing the wrong firmware (T-Mobile) onto it via LGUP. It now goes into EDL mode after shorting test points, but I'm unable to revive it by following this unbrick thread. Loading up the partition images via Partition Manager in QFIL "succeeds", but it doesn't revive my phone. Doesn't get me to fastboot. Still nothing on screen.
I also tried the rawprogram*.xml option using the XMLs in that thread, but QFIL keeps erroring out that the partition sizes defined in the XML are different from what it sees on the device.
The OP for the thread seems to not be active any longer.
Can someone here please help me understand how to recover my phone?
Anyone? Happy to donate for help as well.
Bumping up this thread.
If I had another EAW motherboard, would it help unbrick my motherboard? Wondering how I can fix my phone
So, I was able to finally figure this all out, recover my LG G710EAW and bring it back to life! It was a mix of information from many threads. No boxes, and no payment to anyone. All free.
The OP of this thread is active but has completely stopped responding to his thread and to his DMs - he's likely uninterested in a 4-5 year old phone at this point. In his first post he mentioned creating rawprogram* XMLs by hand, and it taking hour+ to do so. However, I'm unsure why it took him that long and in the end the files don't even work for QFIL since the sector size in the XMLs (512B) is different from device sector size (4096B). Nevertheless, I was able to flash these via command line 'edl' which ignored the sector size, but it didn't recover the device.
Generating rawprogram XMLs is easy if you can figure out how to run this Python program mentioned in this thread. However, the files attached there no longer work in 2022, the links are dead, and Python 2.7 is a dinosaur. Someone in that thread mentioned a different, fixed, repo but it didn't work with Python 2.7 for the 'undz' part. After a lot of head banging, I tried Python3 and 'undz' worked.
Here are the steps:
- Download the firmware for your model in KDZ format
- Install QPST
- Install Python3.x
- Run: pip3 install setuptools zstandard
- Download ZIP for kdztools from the repo: https://github.com/ErickG233/kdztools (or the attachment)
- Unzip kdztools and CD into that directory kdztools-master. This version is bug-fixed and also generates rawprogram files for us.
- Copy the firmware KDZ into kdztools-master directory
- Run: python3 unkdz.py -f G710EAW30e_00_0916.kdz -x. This creates a DZ file in a new `kdzextracted` folder
- Move the extracted DZ file from the kdzextracted folder back one level up, into kdztools-master dir
- Run: python3 undz.py -f G71030q_00_user-signed-ARB0_OPEN_ESA_DS_OP_0916.dz -c
- This creates a dzextracted folder here with all the files needed to recover your phone. Now all we need are the rawprogram XMLs.
- Run: python3 undz.py -f G71030q_00_user-signed-ARB0_OPEN_ESA_DS_OP_0916.dz -r. This will create all the rawprogram XMLs you need to flash. No patch files are created, but that is OK.
- In my case, QFIL complained it couldn't find file "PrimaryGPT_0.bin", so I copied file gpt_main0.bin_0 and renamed the copy gpt_main0.bin_0_copy > PrimaryGPT_0.bin
- Load your phone into EDL mode. If you want to use test points, see the image in this thread.
- Load QFIL. Use the ELF programmer file from any of the threads linked thus far. Select flat build. Load all rawprogram XMLs generated previously. Hit cancel when it asks for patch file XMLs.
- Hit Download.
This will recover your phone so it's able to boot and all. However, in my case, the phone had lost serial number and IMEI numbers (dual SIM) as well.
- To restore your IMEI numbers, you will need your QCN file or a backup of your FSG (fsg.img) partition from before bricking. In my case, I had flashed, via LGUP, T-Mobile firmware on my Indian phone. I then dumped all the partitions using command line EDL. I have not used QCN method since it seems to require a lot of steps to put the phone into diagnostics mode. I had a backup of the FSG partition, so I used that instead.
- If you have a backup of your FSG partition, load QFIL > Partition Manager. Erase modemst1 modemst2 and fsg partitions. Then, load the backup FSG.img file onto FSG partition. Restart phone.
- Now, if you have the serial number from your bill or box, see this thread to restore it. Pay extra attention to the Firehose configuration section, or else, it may create some issues. It's best to restore S/N after restoring IMEI in my experience, but this could just be some randomness or bad Firehose config during S/N restore.
This happiness was short-lived. When I was flashing all these KDZ via QFIL and LGUP trying to get my IMEIs back, I once saw "This phone is permanently locked and cannot be unlocked". That seems to have taken out my second SIM slot.
Now, after a fresh QFIL flash (with erase before download), my first SIM slot is also dead.
Neither of the SIM slots work now.
This has been so frustrating!
urover said:
This happiness was short-lived. When I was flashing all these KDZ via QFIL and LGUP trying to get my IMEIs back, I once saw "This phone is permanently locked and cannot be unlocked". That seems to have taken out my second SIM slot.
Now, after a fresh QFIL flash (with erase before download), my first SIM slot is also dead.
Neither of the SIM slots work now.
This has been so frustrating!
Click to expand...
Click to collapse
Any luck in recovering the phone ??