Hey guys
It all started with an OEM unlock and wanting to have Nougat update after flashing TWRP. Mobile network stopped working after flashing Nougat update ROM. Trying to fix that ended up with a hard brick (That's right. Only response I get from the phone is notification LED and Vibration)
Have been trying to fix it for past two weeks and all were dead ends. QFIL, QcomDloader and MI flash tool are some of the tools I have tried and given up. What left is MB swap. Need to be back to India in order to do it economically. Here in UK, I can get a new phone for the money to fix this one.
Do you guys know any ways I can try? Is there a firehose programmer available for P2a42's chipset? I have factory image for P2 with me (P2a42_S232_170320_ROW_fastboot).
ADB and fastboot are not recognising the phone. Device manager recognises it as Qualcomm HS-USB QLoader 9008 (COMX), value for X changes.
Below is the log for MI Flash tool.
[0.15 COM4]:[COM4]:start flash.
[2.18 COM4]:cannot receive hello packet,MiFlash is trying to reset status!
[4.77 COM4]:cannot receive hello packet,MiFlash is trying to reset status!
[7.27 COM4]:try to reset status.
[8.46 COM4]:write time out try agian 96
[9.97 COM4]:write time out try agian 97
[11.47 COM4]:write time out try agian 98
[13.00 COM4]:write time out try agian 99
[14.51 COM4]:write time out try agian 100
[15.13 COM4]:error:The write timed out.
[15.14 COM4]:error:The write timed out.
Any help is much appreciated. If you can't help, better not answer, as the admin says.
Did you get the firehouse file for flashing?
I have the same issue.
sisqin1 said:
Did you get the firehouse file for flashing?
I have the same issue.
Click to expand...
Click to collapse
Nope. I tried the firehose for P1. But not working. Can someone with a working P2 take a download and share? I know at least 3 people having the same issue.
Ronin1986 said:
Nope. I tried the firehose for P1. But not working. Can someone with a working P2 take a download and share? I know at least 3 people having the same issue.
Click to expand...
Click to collapse
It depends as how far you are bricked guys.
Are you able to enter fastboot?
Does the Lenovo P2 enter fastboot by itself?
You can use the factory images using fastboot to restore functionality.
I haven't come across a firehose for the Lenovo P2.
Usually those firehose flashers are signed to match the device's signature.
Unless someone leaks it somehow. I don't see how Mi-Flasher or QPST can work.
Both require the proper signed firehose.
celoxocis said:
It depends as how far you are bricked guys.
Are you able to enter fastboot?
Does the Lenovo P2 enter fastboot by itself?
You can use the factory images using fastboot to restore functionality.
I haven't come across a firehose for the Lenovo P2.
Usually those firehose flashers are signed to match the device's signature.
Unless someone leaks it somehow. I don't see how Mi-Flasher or QPST can work.
Both require the proper signed firehose.
Click to expand...
Click to collapse
From what I read, I think he is unable to access fastboot. So fastboot restore won't work
Siva Mk said:
From what I read, I think he is unable to access fastboot. So fastboot restore won't work
Click to expand...
Click to collapse
to my knowledge. previous firehose's weren't signed. you could use them from other devices with the same chipset.
i know that the SD820's uses a signed firehose. my main phone is as SD820. as the SD625 is from the same chipset-series (QC 2016).
they have added that "security feature" to prevent what was possible in the past.
in the old chipsets i would have recommend by try looking for a firehose that was successfully used on a device with the same chipset.
google search term would be "prog_emmc_firehose_8953" but as they are all signed now. the best hope would be:
A: wait for a leak for an EDL factory flasher. the chinese will probably leak one for the P2c72, it's just a matter of time.
B: try third party solutions such as this
remember we already have factory images. that can be flashed. currently only by fastboot.
those packages already contain the critical parts like: rawprogram0.xml and the images itself
all that is required is the proper signed firehose.
I am able to enter fastboot mode and also able to downgrade / upgrade from MM to N.
But the issue is with the modem, i am unable to make or receive any calls.
The carrier name shows up but there is no connectivity.
celoxocis said:
to my knowledge. previous firehose's weren't signed. you could use them from other devices with the same chipset.
i know that the SD820's uses a signed firehose. my main phone is as SD820. as the SD625 is from the same chipset-series (QC 2016).
they have added that "security feature" to prevent what was possible in the past.
in the old chipsets i would have recommend by try looking for a firehose that was successfully used on a device with the same chipset.
google search term would be "prog_emmc_firehose_8953" but as they are all signed now. the best hope would be:
A: wait for a leak for an EDL factory flasher. the chinese will probably leak one for the P2c72, it's just a matter of time.
B: try third party solutions such as this
remember we already have factory images. that can be flashed. currently only by fastboot.
those packages already contain the critical parts like: rawprogram0.xml and the images itself
all that is required is the proper signed firehose.
Click to expand...
Click to collapse
So if i have a P2c72 and yet the model say P2a42 in About Phone.. should i wait a certain time before unlocking my Leno device? I have exp. unlocking and using fastboot to do the neccesary for applying TWRP, and rooting.
Wmateria said:
So if i have a P2c72 and yet the model say P2a42 in About Phone.. should i wait a certain time before unlocking my Leno device? I have exp. unlocking and using fastboot to do the neccesary for applying TWRP, and rooting.
Click to expand...
Click to collapse
If you're asking about the 14 days wait then yes
---------- Post added at 03:53 AM ---------- Previous post was at 03:50 AM ----------
celoxocis said:
to my knowledge. previous firehose's weren't signed. you could use them from other devices with the same chipset.
i know that the SD820's uses a signed firehose. my main phone is as SD820. as the SD625 is from the same chipset-series (QC 2016).
they have added that "security feature" to prevent what was possible in the past.
in the old chipsets i would have recommend by try looking for a firehose that was successfully used on a device with the same chipset.
google search term would be "prog_emmc_firehose_8953" but as they are all signed now. the best hope would be:
A: wait for a leak for an EDL factory flasher. the chinese will probably leak one for the P2c72, it's just a matter of time.
B: try third party solutions such as this
remember we already have factory images. that can be flashed. currently only by fastboot.
those packages already contain the critical parts like: rawprogram0.xml and the images itself
all that is required is the proper signed firehose.
Click to expand...
Click to collapse
The firehose you mentioned is similar to that if Redmi note 3(I think). In that case miflash should work. Further more the XML file name maybe same but the file content maybe different. Don't have much knowledge on this. But have used all these.
No i'm asking is it safe to go through all that process.. cause it seems multiple people had had problems unlocking and flashing and end up bricking their phones. Oh and which TWRP to flash via ADB the 3.0.3-0 or the 3.1.0-3? I see that the 3.0.3.0 does not conform with the P2c72.. am trying to flash Lineage 13 that's why i ask about the 3.0.3-0.
Wmateria said:
No i'm asking is it safe to go through all that process.. cause it seems multiple people had had problems unlocking and flashing and end up bricking their phones. Oh and which TWRP to flash via ADB the 3.0.3-0 or the 3.1.0-3? I see that the 3.0.3.0 does not conform with the P2c72.. am trying to flash Lineage 13 that's why i ask about the 3.0.3-0.
Click to expand...
Click to collapse
I personally found TWRP bit too powerful. Be sure to read how to's and do's and don'ts before doing anything. One misstep, your device is bricked.
sisqin1 said:
I am able to enter fastboot mode and also able to downgrade / upgrade from MM to N.
But the issue is with the modem, i am unable to make or receive any calls.
The carrier name shows up but there is no connectivity.
Click to expand...
Click to collapse
I can't remember out of my head but I think the NON-HLOS.bin is included in the factory image package. It would be the one responsible for the modem.
Before you replace the partition make sure your device is the P2a42 or P2C72 and use appropriate modem image. You can't simply exchange them.
If exchanged wrongly. It could end up in:
A: bootloop
B: what you are describing. Unable to connect to a network.
My official TWRP can be used to flash that partition without entering fastboot.
Simply rename that .bin into *.img and select "install" browse the folder located and select "flash image". Select the image and select the modem partition, boot into system.
---------- Post added at 08:42 AM ---------- Previous post was at 08:32 AM ----------
Wmateria said:
So if i have a P2c72 and yet the model say P2a42 in About Phone.. should i wait a certain time before unlocking my Leno device? I have exp. unlocking and using fastboot to do the neccesary for applying TWRP, and rooting.
Click to expand...
Click to collapse
Sounds to me like you have one of those P2C72 which were flashed using the fastboot factory flasher with the P2a42 images. Leaving out the modem partition to make it multilingual. That Chinese shops, like to do to sell the Chinese version on the international market.
To answer your question, it depends all what your target is.
If you simply want to upgrade to stock Nougat.
You don't need to unlock the Bootloader.
As the fastboot factory flasher images are signed.
If you want root. That's another story.
Dump me your partition table details and I will see to build an TWRP that works for the P2C72.
I haven't read yet through all the threads and I'm not sure if the P2a42 TWRP works the P2c72.
It was probably already tested by users and
It should work but I think I saw at least one discrepancy in partition sizes when comparing the rawprogram0.xml file of both devices.
---------- Post added at 08:47 AM ---------- Previous post was at 08:42 AM ----------
Siva Mk said:
If you're asking about the 14 days wait then yes
---------- Post added at 03:53 AM ---------- Previous post was at 03:50 AM ----------
The firehose you mentioned is similar to that if Redmi note 3(I think). In that case miflash should work. Further more the XML file name maybe same but the file content maybe different. Don't have much knowledge on this. But have used all these.
Click to expand...
Click to collapse
I think you meant Redmi Note 4(x) codename mido. But like said above. To my knowledge the big change in the firehose's is they are all signed now.
I'm thinking it's due to the Chinese shops doing what I explained above and the company asking Snapdragon a way to prevent it. And we have what we have to today, signed firehose's that can only be used with the appropriate devices.
---------- Post added at 08:50 AM ---------- Previous post was at 08:47 AM ----------
Wmateria said:
No i'm asking is it safe to go through all that process.. cause it seems multiple people had had problems unlocking and flashing and end up bricking their phones. Oh and which TWRP to flash via ADB the 3.0.3-0 or the 3.1.0-3? I see that the 3.0.3.0 does not conform with the P2c72.. am trying to flash Lineage 13 that's why i ask about the 3.0.3-0.
Click to expand...
Click to collapse
Every TWRP outside my official TWRP thread is not based and compiled on sources but was "ported". Which introduces unknown issues. Stick with the TWRP's I made available. But like said. Dump me your partition table and in spare time I will build an P2C72 TWRP.
Hi celoxocis
Thank you for helping out!
My device is P2a42.
I have the NON-HLOS.bin which is included in the firmware file.
Just so i understand it correctly.
1) Update the TWRP recovery from https://forum.xda-developers.com/le...covery-unofficial-twrp-lenovo-p2-3-0-t3533659.
2) Rename the NON-HLOS.bin to NON-HLOS.img.
3) Flash it by using the "flash image" section.
4) Select the modem partation and boot into system.
I have an an Unlocked bootloader, when i tried previously to flash from fastboot using " fastboot flash modem NON-HLOS.bin " i used to get an error
writing 'modem'...
FAILED (remote: Do not allow to flash Bootloader image on Unlock device)
Would TWRP work flashing to modem partation?
celoxocis said:
I can't remember out of my head but I think the NON-HLOS.bin is included in the factory image package. It would be the one responsible for the modem.
Before you replace the partition make sure your device is the P2a42 or P2C72 and use appropriate modem image. You can't simply exchange them.
If exchanged wrongly. It could end up in:
A: bootloop
B: what you are describing. Unable to connect to a network.
My official TWRP can be used to flash that partition without entering fastboot.
Simply rename that .bin into *.img and select "install" browse the folder located and select "flash image". Select the image and select the modem partition, boot into system.
Click to expand...
Click to collapse
sisqin1 said:
Hi celoxocis
Thank you for helping out!
My device is P2a42.
I have the NON-HLOS.bin which is included in the firmware file.
Click to expand...
Click to collapse
That is correct.
However make sure your device is an P2c72 and use the proper NON-HLOS.bin file.
Best way would be to find the stock rom for the P2c72 and extract the zip file containing the right NON-HLOS.bin file.
As i stated I'm not sure the fastboot factory flasher package containts the NON-HLOS.bin file for the P2c72 its probably the one for the P2a42.
Thank you celoxocis,
My device is P2a42 which i have not changed or altered, do i still need to find the NON-HLOS.bin for P2c72 and flash it.
Or do i flash the NON-HLOS.bin for P2a42.
celoxocis said:
That is correct.
However make sure your device is an P2c72 and use the proper NON-HLOS.bin file.
Best way would be to find the stock rom for the P2c72 and extract the zip file containing the right NON-HLOS.bin file.
As i stated I'm not sure the fastboot factory flasher package containts the NON-HLOS.bin file for the P2c72 its probably the one for the P2a42.
Click to expand...
Click to collapse
sisqin1 said:
Thank you celoxocis,
My device is P2a42 which i have not changed or altered, do i still need to find the NON-HLOS.bin for P2c72 and flash it.
Or do i flash the NON-HLOS.bin for P2a42.
Click to expand...
Click to collapse
If you haven't changed and altered anything. Then there is no need to flash the modem partition.
The whole topic is about reviving a device?
I had used these commands and i was not able to make or receive calls.
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
I will try flashing the image and report back.
celoxocis said:
If you haven't changed and altered anything. Then there is no need to flash the modem partition.
The whole topic is about reviving a device?
Click to expand...
Click to collapse
sisqin1 said:
I had used these commands and i was not able to make or receive calls.
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
I will try flashing the image and report back.
Click to expand...
Click to collapse
I thought you said you didn't alter the device?
What's the sources of that NON-HLOS you flashed?
Make sure it is the right one.
It's simple.
P2A42 device must match NON-HLOS for P2a42
P2C72 device must match NON-HLOS for P2C72
You can NOT exchange them.
By alter I meant changing / flashing different firmware.
I have only unlocked the bootloader and downgraded to MM.
That's when I lost the network connectivity.
I ran the commands above to see if it resolves the issue and it did not.
I have the NON-HLOS for P2a42 which I downloaded. Bi when I try to flash using fast boot I get error.
Well, the only person i asked at the time that succesfully flashed roms was @Billytromp.. when he first attempted to flash DU Rom.. it didn't work and the LED flashed blue.. and then when flashed LOS 13.. it took 2 attempts for it to finally work. Um.. i dont think i can give you what you are asking since i have not dared to unlock and root my phone. Perhaps ask him since he is the only person i knew that has a P2c72.
Related
Hello, I am completely new so I apologize if this is the wrong place.
I wanted to be able to lock my bootloader but still use cyanogenmod, specifically, only allow roms that I have compiled myself and signed with my cert to work on my phone. I unpacked the stock recovery.img, and made the necessary changes to the ramdisk to replace the stock OnePlus key with my own. I then was then able to confirm that only my signed zips could be sideloaded, both official CM and OxygenOS zips failed - just as I wanted.
The issue is then that this only worked with an unlocked bootloader. When I locked it, the OP3 entered a boot cycle, with a strange graphical glitch appearing then the screen going black, again and again. I could then no longer boot to either recovery or cyanogenmod, nor could I unlock fastboot. This amazing guide got my phone working again.
I now have three questions. What prevented my phone booting after I locked it, how does the unbrick tool work, and is there anything I can alter, like certifications or hashes, lower down in the boot sequence to allow only my signed images to work (using the previous tool. I am unsure what QLoader is, some form of serial interface to the 820 to write to the storage chip?).
Thanks for any advice you can offer!
Update: I have unpacked boot.img provided in the unbrick tool. I cannot find any keys to modify in /res but I have found a file called "verify_keys". Does anyone know what I need to change in boot.img to allow my self-signed recovery and os to boot? Thanks
UPDATE 2:
From reading some Android notes it appears that instead of replacing the OEM key, you can also just use fastboot to flash keystores for self-signed recovery and roms. This still allows OEM signed images to run, but is certainly a step in the right direction. I have run into an issue with building a correct keystore. I can use keytool and import my previous certs, but "fastboot flash keystore examplename.keystore" fails. I saw "fastboot flash ssd keystore.dat" used, and it works with my current dot keystore file, but then after locking it fails to boot. I'm going to see how I can convert my .keystore to a .dat.
I've been meaning to ask this same question for a while now also, so I'm eager to see the response. I suspect the official OnePlus forums might be a good place to ask as well, since they are visited by engineers from OnePlus. For anyone else who's curious as to what's being discussed and better the understand the risks of an unlocked bootloader (and how to mitigate them), there's a brief article here as well as a paper.
It is always suggested that never re-lock the bootloader until there is valid reason to do it
JumboMan said:
It is always suggested that never re-lock the bootloader until there is valid reason to do it
Click to expand...
Click to collapse
Have you read any of the attached links in my last post? There are valid reasons for doing so.
Just to pose an oversimplified hypothetical, imagine going through immigration/customs in Saudi Arabia (or maybe even the U.S.) with a Android device that has an unlocked bootloader. The officer examines your possesions, then takes your laptop and phone into a back room. Your phone is powered down and encrypted so it's not like they can do anything, right? Wrong. They plug it into a forensics device and flash a surreptitious malware app onto /system before returning it back to you. Then, the next time you turn on your phone your encryption keys and all your data, all your communications are secretly transmitted. You never have a clue... With a locked bootloader and appropriate precautions, that would never be possible.
Update 3:
I am now following the official Android guide for creating a keystore. They show how to create a "keystore.img" not .dat, bu the error I got when trying "fastboot flash keystore ..." said something along the lines of the keystore not being a valid image. Hopefully this will work. After I get this working, I will move on to removing or damaging the OEM key, hence not even allowing OnePlus images to be sideloaded.
JumboMan said:
It is always suggested that never re-lock the bootloader until there is valid reason to do it
Click to expand...
Click to collapse
I do have a valid reason - security. An unlocked bootloader means any code can be flashed to my device. Even with encryption it is vulnerable to cold boot attacks, it makes it easier to bruteforce, and pulling encryption keys from memory.
chocol4te said:
I do have a valid reason - security. An unlocked bootloader means any code can be flashed to my device. Even with encryption it is vulnerable to cold boot attacks, it makes it easier to bruteforce, and pulling encryption keys from memory.
Click to expand...
Click to collapse
sir prefer not rooting and staying on stock ROM with locked bootloader.
emptyragnarok said:
sir prefer not rooting and staying on stock ROM with locked bootloader.
Click to expand...
Click to collapse
Look, I'm sorry, I don't need any more useless comments saying the solution to my problem is to not do anything like on every other forum I've tried. I am perfectly aware of how to lock the bootloader with a stock rom, but I don't want to use the stock rom. I want to use custom roms. From what I have done so far it appears to be possible, so don't tell me it's not, at least without a good reason.
In addition, the stock method isn't even the most secure the phone can be. OnePlus can still sign any code and run it on my device and hence requires my trust in a third party that I am unwilling to give. I only want my own code to run.
Update 4:
Using the unbrick utility, I have updated the MD5 partition with the checksums of my modified boot and recovery partitions. Unfortunately, I am now getting a checksum failed error, with both the MD5 and recovery partitions highlighted in red. So I was wrong about the checksum being compared with hashes in the MD5 partition. Does anyone know where the lowest level checksums are stored? Hopefully if I can change that, then locking the bootloader will be no issue.
chocol4te said:
Update 4:
Using the unbrick utility, I have updated the MD5 partition with the checksums of my modified boot and recovery partitions. Unfortunately, I am now getting a checksum failed error, with both the MD5 and recovery partitions highlighted in red. So I was wrong about the checksum being compared with hashes in the MD5 partition. Does anyone know where the lowest level checksums are stored? Hopefully if I can change that, then locking the bootloader will be no issue.
Click to expand...
Click to collapse
Bro I am not a prolike you but I understand your vision now,... and I am with you in that.... Open Source stuff and ANdroid as an Open source impify that only... We should have our custom code for locking and unlocking our bootloader so we can have the full control over our device.... If not and the guy that said that you can lock the bootloader with the stock rom didn't get that .. even with stock rom and recovery anyone can have the access of the phone by just unlocking the boot loader and that is simple. SO I GOT YOUR VISION AND I AM WITH YOU I WILL TRY TO UNDERSTAND THE LOCKING SYSTEM OF THE BOOT-LOADER AND I WILL TRY TO FIND THE LOCATION OF LOWER LEVEL CHECKSLUMS... WE will try and try untill we succeed.... I AM WITH YOU BRO!!!!!
indroider said:
Bro I am not a prolike you but I understand your vision now,... and I am with you in that.... Open Source stuff and ANdroid as an Open source impify that only... We should have our custom code for locking and unlocking our bootloader so we can have the full control over our device.... If not and the guy that said that you can lock the bootloader with the stock rom didn't get that .. even with stock rom and recovery anyone can have the access of the phone by just unlocking the boot loader and that is simple. SO I GOT YOUR VISION AND I AM WITH YOU I WILL TRY TO UNDERSTAND THE LOCKING SYSTEM OF THE BOOT-LOADER AND I WILL TRY TO FIND THE LOCATION OF LOWER LEVEL CHECKSLUMS... WE will try and try untill we succeed.... I AM WITH YOU BRO!!!!!
Click to expand...
Click to collapse
Thanks! I'm glad to hear it!
chocol4te said:
Thanks! I'm glad to hear it!
Click to expand...
Click to collapse
You're most welcome bro.
Did I just witness a major bro-down?
Awsome thread, I'd also like to put my OP3 in a state where only ROMs I signed my self will run...
Any further development??
Sent from my Pixel XL using XDA-Developers mobile app
---------- Post added at 05:42 PM ---------- Previous post was at 05:41 PM ----------
indieross said:
Did I just witness a major bro-down?
Click to expand...
Click to collapse
Whats a bro down?
Sent from my Pixel XL using XDA-Developers mobile app
indroider said:
Any further development??
Sent from my Pixel XL using XDA-Developers mobile app
---------- Post added at 05:42 PM ---------- Previous post was at 05:41 PM ----------
Whats a bro down?
Sent from my Pixel XL using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry, other stuff came up. I am still very interested in getting this to work, but I am really stuck if I can't understand why the MD5 verification error occurs when I use Loader to flash the modified images. I looked at CopperheadOS, and in their documentation they show how to re-lock the bootloader with a custom ROM. Here is the shell script they use to upload the OS.
Code:
fastboot flash bootloader bootloader-bullhead-bhz11f.img
fastboot reboot-bootloader
sleep 5
fastboot flash radio radio-bullhead-m8994f-2.6.33.2.14.img
fastboot reboot-bootloader
sleep 5
fastboot -w update image-bullhead-nbd90z.zip
As you can see they flash two images, boot loader and radio, then update the main ROM. Then apparently it boots fine and the bootloader is OEM locked inside the OS. This was for the Nexus 5X, but I want to find out if a similar process is possible on the OP3.
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
chocol4te said:
Sorry, other stuff came up. I am still very interested in getting this to work, but I am really stuck if I can't understand why the MD5 verification error occurs when I use Loader to flash the modified images. I looked at CopperheadOS, and in their documentation they show how to re-lock the bootloader with a custom ROM. Here is the shell script they use to upload the OS.
As you can see they flash two images, boot loader and radio, then update the main ROM. Then apparently it boots fine and the bootloader is OEM locked inside the OS. This was for the Nexus 5X, but I want to find out if a similar process is possible on the OP3.
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
Click to expand...
Click to collapse
Ok.. Great to hear... Let me if you need any help.. I m here
chocol4te said:
Sorry, other stuff came up. I am still very interested in getting this to work ... ...
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
Click to expand...
Click to collapse
This sounds exactly like what I was looking for. Have you been able to progress? Do you think that the bootloader and the radio are somehow linked in the boot verification sequence?
---------- Post added at 05:51 AM ---------- Previous post was at 05:43 AM ----------
chocol4te said:
UPDATE 2:
From reading some Android notes it appears that instead of replacing the OEM key, you can also just use fastboot to flash keystores for self-signed recovery and roms. This still allows OEM signed images to run, but is certainly a step in the right direction. I have run into an issue with building a correct keystore. I can use keytool and import my previous certs, but "fastboot flash keystore examplename.keystore" fails. I saw "fastboot flash ssd keystore.dat" used, and it works with my current dot keystore file, but then after locking it fails to boot. I'm going to see how I can convert my .keystore to a .dat.
Click to expand...
Click to collapse
Have you read this: https://mjg59.dreamwidth.org/31765.html
Please don't ask why (the answer will be: "because I'm stupid"), but I relocked my bootloader and now my Swift 2 Plus won't boot anymore. When turning it on, it vibrates and the Wileyfox logo flashes for less than a second. After that the screen stays black and nothing happens. Same thing when I try to boot into recovery. I can only boot into the bootloader but I can't flash any images or unlock it again ("FAILED (remote: oem unlock is not allowed)").
Is there any way I can revive my phone or is it lost?
I think your only way is to flash twrp again with fastboot install method :
//twrp.me/devices/wileyfoxswift2.html
And then flash the stock rom :
//cyngn.com/support
hope it will helps you!
---------- Post added at 02:07 PM ---------- Previous post was at 02:05 PM ----------
Sorry, I'm a new user so I can't post link, you've just have to ad "https" at the beginning of the line.
Thanks for answering, but I can't do that, because the bootloader is locked and protected from unlocking. I guess the only thing I can do is ask the support if they can provide the mbn and xml files that are needed for unbricking with QFIL (I can boot into edl mode as I recently found out). They probably won't but it's worth a shot.
If you use the signed zip ( not the fastboot image) the default recovery should be able to install it.
It doesn't boot to recovery. Only fastboot and edl mode work.
You could try flashing fastboot image from http://cyngn.com/support
Sent from my Swift 2 using XDA-Developers mobile app
Thanks, but that doesn't work with a locked bootloader (already tried).
It seems like the only way to revive it is with QFIL, but for doing that it needs the matching mbn and xml files that aren't included in the factory images. Wileyfox support wasn't helpful, either.
xrmnx said:
Thanks, but that doesn't work with a locked bootloader (already tried).
Click to expand...
Click to collapse
Can't we put the dirty cow bug to a use now? It should work on the phone unless it has the latest security patches, right? And with root privileges you should be able to flash a new recovery or reset the phone.:fingers-crossed:
I'm actually not sure, if I still have root privileges. It could be that I turned it off inside the SuperSU app.
I tried to flash the stock rom and that didn't work, though. Do I have to do something different than usually to flash with root privileges?
boa05 said:
Can't we put the dirty cow bug to a use now? It should work on the phone unless it has the latest security patches, right? And with root privileges you should be able to flash a new recovery or reset the phone.:fingers-crossed:
Click to expand...
Click to collapse
I read a little about dirty cow, now (didn't know much about it before), but if I understand it right, I need adb to upload files onto the phone, right? Sadly, adb doesn't work. Only fastboot :/
Hmmm, there is a similar thread for the Nexus 5X. You might want to check it out if you haven't already ( http://forum.xda-developers.com/nexus-5x/help/nexus-5x-permanently-bricked-locked-t3232105/page2 ).
A few of the suggestions were to try with:
Code:
fastboot flashing unlock
or
Code:
fastboot format userdata
fastboot format cache
I don't know if it will be of any help but it is worth a shot.
You could try to flash individual portions of the stock image like the recovery or the userdata but I doubt that it will be successful.
PS: From the thread above, for some reason removing the SIM card allowed them to enter recovery.
Thanks, but none of these solutions works. Already tried all of them a couple of times....
Hmmm, how about you try to trick it then?
Grab the official signed firmware, place it on SD Card and try with:
Code:
fastboot update <path/to/zip>
or this one to try to wipe the device? (dunno if the command is still in use, though)
Code:
fastboot -w
If this doesn't work as well, I guess it will be a waiting game for QFIL files.
Pak0St said:
Hmmm, how about you try to trick it then?
Grab the official signed firmware, place it on SD Card and try with:
or this one to try to wipe the device? (dunno if the command is still in use, though)
If this doesn't work as well, I guess it will be a waiting game for QFIL files.
Click to expand...
Click to collapse
I tried to flash/update every official rom (with and without -w) there is, but I never put it on an SD-card. Does that make a difference? If so, this might be one ofhe stupidest mistakes I ever made :/
I'll try in a few days. Not much time, at the moment...
Yes... Waiting for QFIL files is what I'm prepared for...
The idea with the SDCard is just a random thought. There is a slight chance to trigger the allowed update policies.
Usually you place the update.zip through adb (not possible in this situation) but placing it on the sdcard is possible.
Still, QFIL is the safest bet once someone uploads the files.
Pak0St said:
Still, QFIL is the safest bet once someone uploads the files.
Click to expand...
Click to collapse
That's what I thought. Since I couldn't find any (yet), is there a way to extract the QFIL files from a working phone (I bought another one since I needed a phone)? I don't think so, but I hope I'm wrong...
xrmnx said:
That's what I thought. Since I couldn't find any (yet), is there a way to extract the QFIL files from a working phone (I bought another one since I needed a phone)? I don't think so, but I hope I'm wrong...
Click to expand...
Click to collapse
I'm in the same boat here, same phone and same issue. Did you find a way to fix it? already searched all internet for a fix. Thanks a lot
Sorry, but for some reason I never saw your answer... I never found a solution either, though
how to unlock bootloader
Use fast boot to unlock the bootloader again.
connect your Swift 2 to your PC and in a command prompt type the following "fastboot oem unlock"
When you press enter, check the phone and using the volume keys you need to select yes and then press power to execute.
Your bootloader should then be unlocked again. Good Luck.
Hi, I'm begging you all for help.
Please, even if you don't know the answer, share any sort of advice.
I'm not a newbie (25+ years story of Unix/Reversing), but I know nothing about radio.
Here's a list of symptoms:
1) Sometimes the WIFI MAC Address comes up as 02:00:00:00:00:00 and IMEI isn't available, then they both magically come up (without rebooting, after the SIM Is read - see n. 2)
2) It keeps powering ON & OFF the SIM and switching between Connected , No Signal , Emergency. Sometimes taking the SIM out & back in helps. Selecting the Preferred Network Type from the modem debug screen keeps it connected for long periods.
3) It won't search for alternative networks to Register Manually
3) IMS Registration is showing as Not Registered always, even while it's connected: Voice + Data (?!?)
4) From the Debug Info only 1 cell appears as SRV = R+N and has a CELL ID, so it seems it connects only to 1 cell at a time.
I can't post screenshots as I lost my old username here, so I signed-up again.
Nothing works, it was a new phone. I wanna die.
Thank you all for your help.
Thanks.
I have problems with modem and camera wgen updating ta android 9.
I would recomend you to rollback to 10.2.1.0
I would use this method
1. Backup your media files to your computer
2. Unlock bootloader
3. Download fastboot china version of 10.2.1.0 and Flash it with mi flash (choose wipe but dont lock!)
4. Flash orange fox twrp with fastboot
5 wipe all partitions exvept internal storage with orangefox
6. Download 10.2.1.0 from xiaomi.eu and flash it with orangefox
Tell me is you want direct links to all files that you need.
If you still have problems after downgrading I can prove my persist and modem files
Good luck
eliaztheone said:
I would recomend you to rollback to 10.2.1.0
Click to expand...
Click to collapse
@eliaztheone thank you for your reply and your offer about the files, I'll take it if necessary.
Just one question: won't that trigger Anti-Rollback ?
(I don't need to stay on MIUI: do I have other options?)
DoYouWantFriesWithThat said:
@eliaztheone thank you for your reply and your offer about the files, I'll take it if necessary.
Just one question: won't that trigger Anti-Rollback ?
(I don't need to stay on MIUI: do I have other options?)
Click to expand...
Click to collapse
Your anti rollback is already triggered on 4. Thats the arb value on 10.2 too. As long as you dont flash older miui 9 firmware you should be ok...
eliaztheone said:
Your anti rollback is already triggered on 4. Thats the arb value on 10.2 too. As long as you dont flash older miui 9 firmware you should be ok...
Click to expand...
Click to collapse
The roll-back went well but the phone is still unstable.
I'm not sure why: did the Persist get corrupted? Or the EFS partition? I have some backups but I'm not sure what to do.
Can you provide the files that you mentioned, or maybe some pointers?
What could be wrong with the phone?
Thanks a lot @eliaztheone
DoYouWantFriesWithThat said:
The roll-back went well but the phone is still unstable.
I'm not sure why: did the Persist get corrupted? Or the EFS partition? I have some backups but I'm not sure what to do.
Can you provide the files that you mentioned, or maybe some pointers?
What could be wrong with the phone?
Thanks a lot @eliaztheone
Click to expand...
Click to collapse
I can give you my efs and persist backup if you want? Then you can use partitions backup and restorev from playstore.
You need to be rooted with magisk to restore
Are you on the xiaomi.eu version of 10.2.1.0 and is it the 8.1 version or 9.0?
eliaztheone said:
I can give you my efs and persist backup if you want? Then you can use partitions backup and restorev from playstore.
You need to be rooted with magisk to restore
Are you on the xiaomi.eu version of 10.2.1.0 and is it the 8.1 version or 9.0?
Click to expand...
Click to collapse
I am on Xiaomi.eu 10.2 with Android 9 now, as you suggested. Rooted & with Magisk.
I have backups of my old PERSIST from the China 9.x ROM. Should I flash that (or do I risk bricking) ?
I was reading on persist.img and I don't understand one thing: if it's different for every phone, why there's a persist.img in every Fastboot ROM ?
EDIT: I flashed my old Persists (tried various ones), and the problem.....persists! :') lol
So I'm back to my most recent Persist and still in need for help.
PS: if it helps for a diagnosis, any time the modem resets the SIM it dumps a lot of logs in /ramdump
DoYouWantFriesWithThat said:
I am on Xiaomi.eu 10.2 with Android 9 now, as you suggested. Rooted & with Magisk.
I have backups of my old PERSIST from the China 9.x ROM. Should I flash that (or do I risk bricking) ?
I was reading on persist.img and I don't understand one thing: if it's different for every phone, why there's a persist.img in every Fastboot ROM ?
EDIT: I flashed my old Persists (tried various ones), and the problem.....persists! :') lol
So I'm back to my most recent Persist and still in need for help.
PS: if it helps for a diagnosis, any time the modem resets the SIM it dumps a lot of logs in /ramdump
Click to expand...
Click to collapse
Sorry I was not clear with my guide.. You needed to flash the android 8.1 version of 10.2.1.0 . I guess that wont help either but maybe so try it..
Try it and if it does not work. I will make backup of my persist and efs and modem and send them to you and after that u need to change to your imei numbers with qualcom app..
eliaztheone said:
Sorry I was not clear with my guide.. You needed to flash the android 8.1 version of 10.2.1.0 . I guess that wont help either but maybe so try it..
Try it and if it does not work. I will make backup of my persist and efs and modem and send them to you and after that u need to change to your imei numbers with qualcom app..
Click to expand...
Click to collapse
I tried it following this guide to restore the Persist partition (https://forum.xda-developers.com/xi...guide-restoring-persist-partition-to-t3906424 - via Fastboot, not EDL) , and right after flashing the SIM was working fine on 4G/LTE and the phone didn't present any problems.
Then I opened up Google-Maps and gave it permission to read the GPS and it went crazy: not reading the SIM anymore, rebooting, etc. And turning GPS off now won't help. So I guess the problem is with the Modem and the fact that it connects to only 1 Cell - no idea why.
@eliaztheone
eliaztheone said:
Sorry I was not clear with my guide.. You needed to flash the android 8.1 version of 10.2.1.0 . I guess that wont help either but maybe so try it..
Try it and if it does not work. I will make backup of my persist and efs and modem and send them to you and after that u need to change to your imei numbers with qualcom app..
Click to expand...
Click to collapse
I am on 10.2.1.0 - Android 8.1 now. In addition to what you suggested I restored the persist.img via Fastboot (not EDL) following this guide on XDA .
Right after flashing the phone didn't present any problems (SIM/4G was working without hiccups). As I opened up Google-Maps and gave it permission to read the GPS it went crazy: not reading the SIM anymore, rebooting, etc. Turning GPS off now won't help, it constantly reboots - I have to use Airplane Mode.
So I guess the problem is still in the Modem. Maybe it's the fact that it connects to only 1 Cell, apparently.
@eliaztheone if you can provide the files I'll try one last time. Thank you.
I will upload them tonight hopefully. You need to be on 10.2.1.0 oreo xiaomi.eu version.
You also need to be rooted with magisk so you can restore them with partition backup and restore
---------- Post added at 07:33 PM ---------- Previous post was at 07:28 PM ----------
Did you try to flash modem_fix_ysl.zip? It resets the modem.img and modemst1.img and modemst2.img
Take your time, thank you.
While inspecting the ramdump I noticed the following:
[ 21.864464] [c:1] [p:<003975, android.vending>] Fatal error on the modem.
[ 21.864522] [c:1] [p:<003975, android.vending>] modem subsystem failure reason: rflm_diag_error.cc:361:[email protected]_qlnk.cpp:1090 [9,3] RF stuck in QLINK start s.
[ 21.864530] [c:1] [p:<003975, android.vending>] subsys-restart: subsystem_restart_dev(): Restart sequence requested for modem, restart_level = RELATED.
There's many SELinux odd log entries too, not sure if that's normal. When I disabled SELinux from the terminal the 4G immediately picked up...totally weird
eliaztheone said:
[/COLOR]Did you try to flash modem_fix_ysl.zip? It resets the modem.img and modemst1.img and modemst2.img
Click to expand...
Click to collapse
I'll try to flash it, thank you.
I am on 10.2.1.0 oreo xiaomi.eu. Do you think it makes sense to try a custom ROM ?
Thank you.
EDIT:
- I flashed modem_fix_ysl.zip but it didn't have any effect.
- I find the ramdumps from the china ROM much cleaner and errorless than the Xiaomi.eu ROM, just saying
I have sent you a pm
Have you guys found a solution? I have the exactly same problem on Mi Max 3 4/64Gb version. I'm on MIUI Global Stable 10.3.5.0. I was on China stable and had issues,so i flashed Global Stable fastboot rom using Mi Flash Tool(flash all option),and It doesn't solve the problem.I have unlocked bootloader,and no previous system backup.
Also i tried flashing NON-HLOS.bin file from Global Stable fastboot ROM using command : fastboot flash modem NON-HLOS.bin
Also i tried something that worked on my old redmi 4,after NON-HLOS.bin flash,executed fastboot commands :
fastboot erase modemst1 and modemst2,but no luck because of "partition is write protected" error.
Have you found what's the cause of this problem?Is it hardware?Is it corrupted modem files?Will custom rom solve it? Please, any help,any suggestion will be appreciated. I'll try everything to fix it. Thank you in advance.
@ghost baby
I tried the following:
- reflashing Global ROM
- flashing Xiaomi.eu ROM as per instructions of of Eliaztheone
- restoring a backup of old China ROM
- reflashing China ROM
- analyzing the ramdumps (memory dumps & system/radio-modem logs)
- EDL flashing (with `fastboot oem edl` - not with the deep-flash cable)
All the reflashes included overwriting the EFS (modemst1/2) & PERSIST partitions, automatically (in bulk) or manually, taken from various sources including those that Eliaztheone kindly sent to me. The EDL flashing didn't work because I had no authorization on my Xiaomi account (I've tried all combinations of SDR programmers & old versions of MiFlash - none works) so I've then tried to get a remote authorization, also without success: the guy from UNBRICK.RU told me that Xiaomi revoked all authorizations lately to push out of business the remote-auth-flashers.
From my understanding of the ramdumps the problem seems to be an internal modem fault. Since ARB wasn't triggered when I rolled back to China ROM, I suspect that the fault is a hardware (or very low-level SW) software in the radio modem, and so it can be maybe fixed only by EDL flashing.
That's why I resorted to finding a local authorized service center this week. But I have to see how much money they ask me: if they ask too much I might as well buy a new OPPO or REALME phone, which are cheap & open (at least more than ****ty Xiaomi). If the service center pisses me off you'll see the result in the news.
Support the right to repair movement.
I hope this helps.
DoYouWantFriesWithThat said:
@ghost baby
I tried the following:
- reflashing Global ROM
- flashing Xiaomi.eu ROM as per instructions of of Eliaztheone
- restoring a backup of old China ROM
- reflashing China ROM
- analyzing the ramdumps (memory dumps & system/radio-modem logs)
- EDL flashing (with `fastboot oem edl` - not with the deep-flash cable)
All the reflashes included overwriting the EFS (modemst1/2) & PERSIST partitions, automatically (in bulk) or manually, taken from various sources including those that Eliaztheone kindly sent to me. The EDL flashing didn't work because I had no authorization on my Xiaomi account (I've tried all combinations of SDR programmers & old versions of MiFlash - none works) so I've then tried to get a remote authorization, also without success: the guy from UNBRICK.RU told me that Xiaomi revoked all authorizations lately to push out of business the remote-auth-flashers.
From my understanding of the ramdumps the problem seems to be an internal modem fault. Since ARB wasn't triggered when I rolled back to China ROM, I suspect that the fault is a hardware (or very low-level SW) software in the radio modem, and so it can be maybe fixed only by EDL flashing.
That's why I resorted to finding a local authorized service center this week. But I have to see how much money they ask me: if they ask too much I might as well buy a new OPPO or REALME phone, which are cheap & open (at least more than ****ty Xiaomi). If the service center pisses me off you'll see the result in the news.
Support the right to repair movement.
I hope this helps.
Click to expand...
Click to collapse
Thank you man, I'll try everything you said tommorow. The device hardware is awesome,and i really want to support xiaomi,only if they had solution for this problem. Also i think keeping ARB on unlocked bootloader is a bad decision,it really makes this whole process harder.
I'm hoping you get you phone fixed and looking forward to see how this will end.
Thanks for helping me man.
(Sorry for bad English)
---------- Post added at 10:35 PM ---------- Previous post was at 10:33 PM ----------
Maybe someone's QCN file can help us?
DoYouWantFriesWithThat said:
@ghost baby
I tried the following:
- reflashing Global ROM
- flashing Xiaomi.eu ROM as per instructions of of Eliaztheone
- restoring a backup of old China ROM
- reflashing China ROM
- analyzing the ramdumps (memory dumps & system/radio-modem logs)
- EDL flashing (with `fastboot oem edl` - not with the deep-flash cable)
All the reflashes included overwriting the EFS (modemst1/2) & PERSIST partitions, automatically (in bulk) or manually, taken from various sources including those that Eliaztheone kindly sent to me. The EDL flashing didn't work because I had no authorization on my Xiaomi account (I've tried all combinations of SDR programmers & old versions of MiFlash - none works) so I've then tried to get a remote authorization, also without success: the guy from UNBRICK.RU told me that Xiaomi revoked all authorizations lately to push out of business the remote-auth-flashers.
From my understanding of the ramdumps the problem seems to be an internal modem fault. Since ARB wasn't triggered when I rolled back to China ROM, I suspect that the fault is a hardware (or very low-level SW) software in the radio modem, and so it can be maybe fixed only by EDL flashing.
That's why I resorted to finding a local authorized service center this week. But I have to see how much money they ask me: if they ask too much I might as well buy a new OPPO or REALME phone, which are cheap & open (at least more than ****ty Xiaomi). If the service center pisses me off you'll see the result in the news.
Support the right to repair movement.
I hope this helps.
Click to expand...
Click to collapse
Maybe someone's QCN file can help us?[/QUOTE]
All authorizations has been locked down for a while now, learned that the hard way during in the early days of ARB4 and i tried to flash a stable rom with a lower ARB number and my phone bricked. IThen i found someone to flash a beta rom by remote with authroization; costed me 15 USD. EDL flash was the only way if you still have fastboot. I worked with the service guy because he also wants to figure out the problem also. After bricking my device 4 times, I got the right recovery to use and then TWRP Recovery worked for the 4GB version. I got the 6GB version also and the people who sold me the phone had already unlocked the bootloader, I had to double check to see using command prompt. The i flashed the Recovery i was given to by a user on the AOSiP thread, thinks its Page 7, its a TWRP CN Recovery.. and it worked in both devices.
@Wmateria can you give me the contact of this person who gave you the remote Auth ?
I just phoned Xiaomi and they told me that Xiaomi's warranty is only valid at national level (read: each european country collects phones sold on its territory, and sends them to specific labs).
Wmateria said:
Maybe someone's QCN file can help us?
Click to expand...
Click to collapse
The QCN won't help cause we can't access EDL anyway even via QFIL.
If anyone has a contact for remote Auth, I'd appreciate if he/she could share it.
Thanks.
DoYouWantFriesWithThat said:
@Wmateria can you give me the contact of this person who gave you the remote Auth ?
I just phoned Xiaomi and they told me that Xiaomi's warranty is only valid at national level (read: each european country collects phones sold on its territory, and sends them to specific labs).
The QCN won't help cause we can't access EDL anyway even via QFIL.
If anyone has a contact for remote Auth, I'd appreciate if he/she could share it.
Thanks.
Click to expand...
Click to collapse
I found some article that shows how to flash QCN file form DIAG mode,and how to enter that mode. I'll try and keep you updated.
Wmateria said:
Maybe someone's QCN file can help us?
Click to expand...
Click to collapse
All authorizations has been locked down for a while now, learned that the hard way during in the early days of ARB4 and i tried to flash a stable rom with a lower ARB number and my phone bricked. IThen i found someone to flash a beta rom by remote with authroization; costed me 15 USD. EDL flash was the only way if you still have fastboot. I worked with the service guy because he also wants to figure out the problem also. After bricking my device 4 times, I got the right recovery to use and then TWRP Recovery worked for the 4GB version. I got the 6GB version also and the people who sold me the phone had already unlocked the bootloader, I had to double check to see using command prompt. The i flashed the Recovery i was given to by a user on the AOSiP thread, thinks its Page 7, its a TWRP CN Recovery.. and it worked in both devices.[/QUOTE]
Did EDL flash solved the problem?
This wil be a list of firmware sources and a bit of explanation in different firmware versions and builds. This information has been gathered over the past few weeks, mainly by helping others to find the proper stock roms.
First of all, there seem to be multiple regions that have different firmware’s, and there seem to be different software channels per region or per region per provider. ( for instance vfeu vs reteu )
The phone model is XT2041-X where the X can stand for 1 to 4
The development name / moto name is called: Sofiar ( XT2041-1/3)
the development name for the US name is: Sofia ( xt2041-4 )
The easiest way to find the proper firmware would be via the Lenovo rescue and smart assistant ( LMSA)
you can download it from here: https://download.lenovo.com/consumer/mobiles/rescue_and_smart_v5.0.0.25_setup.exe
Since a few days support has been added to rescue the g8 power
you can download the current firmware for your device via the rescue page.
Manual selection of firmware sources:
So far, every source on the internet points to the lolinet mirror
see https://mirrors.lolinet.com/firmware/moto/sofiar/official/
US version: https://mirrors.lolinet.com/firmware/moto/sofia/official/
a 2nd source would be the moto updates tracker, but I expect that everything you find here Will appear on lolinet
US: https://t.me/s/MotoUpdatesTracker?q=#sofia
The rest of the world: https://t.me/s/MotoUpdatesTracker?q=#sofiar
so far I have not been able to find any other sources. I hope this helps a bit in downloading / finding the stock firmware for your phone.
If you find any other / better source, please let me know, I'll add it to this first post.
Thanks
I successfully updated mine and regained root.
I will post manual update guide later.
A side note: the following must be flashed in fastbootd (fastboot reboot fastbootd or adb reboot fastboot)
boot.img, recovery.img, vbmeta.img, super, dtbo.img
@mingkee Pls can you share manual update guide? THX
endva3 said:
@mingkee Pls can you share manual update guide? THX
Click to expand...
Click to collapse
There's a simple method using LMSA rescue method, but make sure you backup your phone because your phone will be wiped during the process.
Hi, I'm running into a little problem. I used the lolinet link to download the factory ROM for my Moto G Power (Best Buy unlocked, on Verizon). I downloaded the sofia VZW factory ROM first (thinking because I'm on Verizon). I used Magisk to patch the boot.img and fastbooted it. After reboot, I lost the touch screen and cell service -- could not unlock the phone. So I thought no big deal, I'll just reflash the unpatched boot.img from the sofia retus ROM this time. However, I still do not have touch screen. Does anyone have the factory boot.img for QPM30.80.50-1 that originally came with this G Power? Thanks in advance.
quangtran1 said:
Hi, I'm running into a little problem. I used the lolinet link to download the factory ROM for my Moto G Power (Best Buy unlocked, on Verizon). I downloaded the sofia VZW factory ROM first (thinking because I'm on Verizon). I used Magisk to patch the boot.img and fastbooted it. After reboot, I lost the touch screen and cell service -- could not unlock the phone. So I thought no big deal, I'll just reflash the unpatched boot.img from the sofia retus ROM this time. However, I still do not have touch screen. Does anyone have the factory boot.img for QPM30.80.50-1 that originally came with this G Power? Thanks in advance.
Click to expand...
Click to collapse
You may have patched unmatched build number.
Solution: flash full ROM
LMSA rescue is the simplest method but it will wipe the phone
Thanks! That was what I ended up doing.
Is it possible to change fw xt2041-3 (PAHF0004PL) to XT2041-3 (PAHF0006GB)? I'm on the PL version (andoid security January 2020) and the GB version is May 2020. If possible, the bootloader must be unlocked? Can it be changed via any tool (mototool) or via adb commands?
Anyone have the boot.img for QPMS30.80-51-3?
I cant download the latest May update from their server. Some reason the link to download expired a few days after. So if anyone has another link or can just hook it up with the boot.img please
I couldnt get it with the rescue app either it was a lower version.
EDIT
Found it here
https://forum.xda-developers.com/showpost.php?p=82865201&postcount=73
Some lessons learned
pjottrr said:
The easiest way to find the proper firmware would be via the Lenovo rescue and smart assistant ( LMSA)
you can download it from here: https://download.lenovo.com/consumer/mobiles/rescue_and_smart_v5.0.0.25_setup.exe
Since a few days support has been added to rescue the g8 power
you can download the current firmware for your device via the rescue page.
Click to expand...
Click to collapse
In my case, you in fact cannot exactly download the "current" firmware via the rescue page - the phone's updater app thinks QPM30.80-51-3 is the latest version, but the rescue app installs the newer QPM30.80-109. Both are 5/1/2020 security patch level, but the boot.img files are most certainly not interchangeable.
I ended up in a bootloop which I had to rescue the phone to escape. I'd advise anyone wanting to root this phone to just rescue it first.
Also it's essential that you install the Motorola Device Manager/USB drivers in addition to LRSA, otherwise LRSA will incorrectly insist your phone is not in fastboot flash mode if you have to resort to rescuing from fastboot mode.
Finally, the rescue process will not work from a Windows VM under KVM, whether you have the USB device redirected or shared with the host. You need Windows running on bare metal.
Hope this saves someone the hours of annoyance I just went through trying to unbrick the damn thing.
Can jump from a carrier Rom to a unlocked version? And if yes, what's the unlocked phone rom? Cause I only see carrier versions.
Mikael1013 said:
Can jump from a carrier Rom to a unlocked version? And if yes, what's the unlocked phone rom? Cause I only see carrier versions.
Click to expand...
Click to collapse
Switching from a carrier rom to an unlocked version won't SIM unlock a phone (at least not to my knowledge), if that's your objective. But if you're looking to switch the retail flavor rom, try RETUS, specifically XT2041-4_SOFIA_RETUS_10_QPM30.80-13-2_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip.
rlrevell said:
In my case, you in fact cannot exactly download the "current" firmware via the rescue page - the phone's updater app thinks QPM30.80-51-3 is the latest version, but the rescue app installs the newer QPM30.80-109. Both are 5/1/2020 security patch level, but the boot.img files are most certainly not interchangeable.
I ended up in a bootloop which I had to rescue the phone to escape. I'd advise anyone wanting to root this phone to just rescue it first.
Also it's essential that you install the Motorola Device Manager/USB drivers in addition to LRSA, otherwise LRSA will incorrectly insist your phone is not in fastboot flash mode if you have to resort to rescuing from fastboot mode.
Finally, the rescue process will not work from a Windows VM under KVM, whether you have the USB device redirected or shared with the host. You need Windows running on bare metal.
Hope this saves someone the hours of annoyance I just went through trying to unbrick the damn thing.
Click to expand...
Click to collapse
Also a good word of advice before flashing a boot.bin
run the command
fastboot boot boot.bin
or whatever your boot.bin is called
Then you can test your patched file before patching it. Also even better once you get into Android you can open MAGISK and use direct install
TNS201 said:
Also a good word of advice before flashing a boot.bin
run the command
fastboot boot boot.bin
or whatever your boot.bin is called
Then you can test your patched file before patching it. Also even better once you get into Android you can open MAGISK and use direct install
Click to expand...
Click to collapse
I've never actually had this work on any device I've tried to root. Command not implemented or some such error was always the result. Does it work for you on this device?
The download link for the latest Google Fi firmware works again if anyone wants to grab it before it expires...again heh.
SOFIA_RETAIL_QPMS30.80-51-3
CodyF86 said:
The download link for the latest Google Fi firmware works again if anyone wants to grab it before it expires...again heh.
SOFIA_RETAIL_QPMS30.80-51-3
Click to expand...
Click to collapse
Do you have stock boot IMG by any chance? Thx in advance
freddienuxx said:
Do you have stock boot IMG by any chance? Thx in advance
Click to expand...
Click to collapse
sofia_80-51-3boot.img
CodyF86 said:
sofia_80-51-3boot.img
Click to expand...
Click to collapse
Thx man
rlrevell said:
I've never actually had this work on any device I've tried to root. Command not implemented or some such error was always the result. Does it work for you on this device?
Click to expand...
Click to collapse
yea when you are in bootloader with phone attached to the PC it should work
It worked on my pixel 2 xl and this phone
Does anybody have this file available? (Sorry for the spaces, I can't post a link...). The download link has expired.
t.me /motoupdatestracker/ 2752
filename: SOFIA_RETAIL_QPMS30.80-51-5_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
What's the difference between that and RETUS on lolinet? Is there any? Reason I'm asking is that I don't have any radios after that OTA (Google Fi) and flashing the boot.img from RETUS QPMS-30.80-51-5.
----- With the release of OOS13, the modem issue no longer exist. Thank you all for the support & help with this unfortunate issue, we had to endure.... -----
EXPLICITLY FOR TMOBILE 9 PRO(I'm not responsible for your failure to read or bricked issues, but will help assist.)
NO MORE MODEM FLASHING!!!
Now the Fun Part (SIMPLE)
Backup your damn data!!!
1. Run TmoEU MSM
2. local update 11.2.10.10AA zip
(Global very important)
3A. OTA update OOS12, OTA to OOS13
3B. Regardless at this point. Re-run TmoEu Msm to Lock-in Modem !!!
Now follow again...
Reboot... Unlock, Local update to 10.10AA, and take the updates to OOS13....
AS LONG AS YOU ONLY USE TmoEU MSM as your unbrick tool
OOS/COS DATA FIX FOR A12 (ROOT) {DEPRECIATED}
MAGISK Module zip provided below...
((((Going to OOS12 & OOS13, Global build will need to be updated prior to taking A12 update. Only way data retain module will work.....))))
(link)
[TMO] OOS/COS DATA FIX
TO CLARIFY THIS IS A ROOT ONLY FIX After gaining root install given module. Data is now retained. Even after reboot(s). No empty slot or waiting. Issue is TMO variant is showing multi sim. So props were added to make it like a conversion to...
forum.xda-developers.com
---------------------------------------------------------------------
---ONLY USE TO GO BACK FOR WARRANTY & TRADE PURPOSES
Use Tmobile MSM (Stock) to go back to complete stock. For warrenty, trade in purposes. No!, modem will not stick after ota, duh
[WARNING!!!]--Do not use IN or EU MSM or you will not be able to go back to Tmobile stock(which voids everything with warrty, etc)
INCASE YOU MESSED UP OR HAD NO CHOICE BUT TO SAVE DEVICE BY USING IN OR EU MSM'S. THERE IS A FIX!!.
-Modded MSM to take you back to TMobile Stock.....
TMO_MSM(IN-EU_Return-to-Stock)
TMO_MSM(IN-EU_Return-to-Stock).zip
drive.google.com
----------------------------------------------------------------
Now everything you need is available here on XDA, but for convenience it's right here.
DOWNLOADSAll Files Located Here!!!
---------------------------------------------------------------------
FASTBOOT IMGS(A11 only)
(DO NOT FLASH MODEM IMG VIA OOS A12 & A13)
(CRASH DUMP & DEATH WILL OCCUR)
- This will be left here for users with Non-Tmo variant, but have T-mobile service and need access to bands.
- Just use modem flasher, unzip and run .bat file (A11 only)
visit TG for T-mobile 9 pro for community growth and helpful conversations
Join «T-Mobile Oneplus 9 Pro Support» on TELEGRAM
Donations welcomed:
CASHAPP
PAYPAL
First off I can't stress enough how much time and effort was put into this process, no amount of modem flashing, no signal, and device sacrifice would stop us. Not to mention this variant is treated with extreme prejudice from OnePlus ......
Special Thanks to:
@Jhoopes517
for stumbling upon signal still being there. The amount of replicating is to die for
@FizzyAps
for not sleeping, not even taking a damn break until it was explained & able to process
Without him T-mobile variant would be left in the dark.. So please appreciate his hard work and much more simplicity to come and for providing fastboot script
@twinnfamous
For providing data retain module.
In my experience, using my own modem seemed to work better, not exactly sure why. I got slower speeds flashing someone else's modem.
Not sure how that truly would effect.
Since TWRP is now functional
I've added a twrp file to restore Tmobile modem (11.2.5.5)
follow twrp guide above {post #1}
My apologies everyone. I provided an update to the twrp backup (above). Fixed issue where backup file wasn't showing in twrp... Again extract file from zip, move to twrp file on device...
Do you think this modem could benefit me any on AA version using TMobile as my provider or any ups or downs? I guess I could always try after making a backup to my modern, do y'all think so? Edit- I just flashed it and everything seems to be ok so far. How I did it was I made a backup of my modem, & then replaced the files with the ones you posted. Thanks
Samuel Holland said:
Do you think this modem could benefit me any on AA version using TMobile as my provider or any ups or downs?
Click to expand...
Click to collapse
Of course. As a temporary fix. Definitely best to MSM tool back to Tmobile and backup your modem images.
**Always backup
Libra420T said:
This thread is created to provide all who need T-Mobile Modem.img, from loss of service due to an OTA, Flashing, or EU Conversion..
Also to prevent cluttering up other threads with same question.
--- FASTBOOT IMG (11.2.3.3)
Unzip image, move to PC
Reboot to Bootloader
fastboot command
"fastboot flash modem *modem.img"
*Replace modem with tmobile modem.
Flash A/B
---TWRP BACKUPS (11.2.5.5)
Unzip file, move to twrp folder
reboot recovery, Restore, Select file,
Flash on Modem partition, reboot
Good luck & Happy Flashing
**Edit:
If from Tmobile, flashing to custom rom service will be fine. since dual sim isn't a thing for NA..
-If using EU conversion to avoid unlock.bin, then you absolutely need to flash modem after every update...
***Reason to use:
OTA update causes Tmo modem to be replaced..
-EU does the same...
-Or just want Tmo modem instead of stock because you have tmobile service.
img=11.2.3.3 twrp zip=11.2.5.
Click to expand...
Click to collapse
anyone experience on qulacome dump crush page ??after flashing tmobile modem
?
car king said:
anyone experience on qulacome dump crush page ??after flashing tmobile modem
?
Click to expand...
Click to collapse
which process u using, fastboot or twrp?
Otherwise imgs are clean and work perfectly. Provide process if u don't mind..
Libra420T said:
which process u using, fastboot or twrp?
Otherwise imgs are clean and work perfectly. Provide process if u don't mind..
Click to expand...
Click to collapse
fastboot using on color os
load android 12 then downgrade to color os which i want to test out, need to flash modem to get data . the android 12 modem works fine ...only 4G so try to use Tmobile modem but no luck
Although I have managed to root, use Magisk, flash Omega multiple times, take OnePlus updates, I am unsure about the instructions in the first post. It seems like a mixture of steps and comments. Sorry for my noob-ness. Can I flash this modem (I am a TMobile user) using Franco Kernal Manager? If not can someone list the exact steps for fastboot?
Thanks, I appreciate it!
car king said:
fastboot using on color os
load android 12 then downgrade to color os which i want to test out, need to flash modem to get data . the android 12 modem works fine ...only 4G so try to use Tmobile modem but no luck
Click to expand...
Click to collapse
pretty sure android is issue. tmo modem came from A11 so not sure
I pulled the modem files to the 11.2.5.5 T-Mobile firmware for the OnePlus 9 Pro if you want them. If it helps anyone. I do seem to get much better service on the 5.5 modem than I did with the 2.2 modem.
In my room, I always got 1 to 2 bars. I now get 3 to 4. Granted, I use Wi-Fi most of the time, but my 5G is faster than the Wi-Fi here due to not being able to get good internet out here.
TheKnux said:
I pulled the modem files to the 11.2.5.5 T-Mobile firmware for the OnePlus 9 Pro if you want them. If it helps anyone. I do seem to get much better service on the 5.5 modem than I did with the 2.2 modem.
In my room, I always got 1 to 2 bars. I now get 3 to 4. Granted, I use Wi-Fi most of the time, but my 5G is faster than the Wi-Fi here due to not being able to get good internet out here.
Click to expand...
Click to collapse
yes of course if you have 5.5 img please upload , I only have 5.5 for twrp and 3.3 as img.
Okay, gimme a few. Gotta start up my ancient laptop and throw it on the otg drive, upload it to gdrive, and I'll post the link here.
Edit: Link Posted. https://drive.google.com/drive/folders/1LFEy0q58Dke1t_Uh7bdTxdp-wY0YFs_Z?usp=sharing
Modem_a/_b are fastboot flashable. Modemst1/st2 have to be flashed via fastbootd.
Fastboot flash modem_a modem_a.img
Fastboot flash mkdem_b modem_b.img
Fastboot reboot fastboot
Fastboot flash modemst1 modemst1.img
Fastboot flash modemst2 modemst2.img
Fastboot reboot
These can also be replaced in payload.bin firmware fastboot roms. Just extract via payload dumper, place these modem files into the rom, then fastboot flashall in fastbootd.
.
TheKnux said:
Okay, gimme a few. Gotta start up my ancient laptop and throw it on the otg drive, upload it to gdrive, and I'll post the link here.
Edit: Link Posted. https://drive.google.com/drive/folders/1LFEy0q58Dke1t_Uh7bdTxdp-wY0YFs_Z?usp=sharing
Modem_a/_b are fastboot flashable. Modemst1/st2 have to be flashed via fastbootd.
Fastboot flash modem_a modem_a.img
Fastboot flash mkdem_b mkdem_b.img
Fastboot reboot fastboot
Fastboot flash modemst1 modemst1.img
Fastboot flash modemst2 modemst2.img
Fastboot reboot
These can also be replaced in payload.bin firmware fastboot roms. Just extract via payload dumper, place these modem files into the rom, then fastboot flashall in fastbootd.
Click to expand...
Click to collapse
There is typo in the 2nd fastboot cmd.
I got the following error when fastboot flash modemst1/2...
fastboot flash modemst1 modemst1.img
target reported max download size of 805306368 bytes
sending 'modemst1' (3072 KB)...
OKAY [ 0.077s]
writing 'modemst1'...
FAILED (remote: Flashing is not allowed for Critical Partitions
)
Holy crap guys,
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
DON'T MESS WITH OR SHARE MODEMST1/2
It contains your device specific info, device specific NV data, IMEI, etc. Flashing someone else's modemst will screw up your device and lose all cellular capability (and you are completely SOL if you don't have a backup), and someone with your modemst might be able to clone your IMEI.
This is why my guides all tell you to back them up, so you can restore it in case something goes wrong. You should not be messing with it unless you know what you're doing.
The only modem file you need to flash on to a OP9P conversion is modem.bin, AKA NON-HLOS.
craznazn said:
Holy crap guys,
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
don't mess with or share modemst1/2
DON'T MESS WITH OR SHARE MODEMST1/2
It contains your device specific info and IMEI. Flashing someone else's modemst will screw up your device and lose your IMEI / all cellular capability (if you don't have a backup), and someone with your modemst might be able to clone your IMEI.
The only modem file you need to flash on to a OP9P is modem.bin, AKA NON-HLOS.
Click to expand...
Click to collapse
So flashing the 2 cmds below should still be good for modem, right?
fastboot flash modem_a modem_a.img
fastboot flash modem_b modem_b.img
avid_droid said:
Question: op9, I have converted from tmobile to Global(AA) and have experienced no calls inbound/outbound. Flashed non-hlos from Tmo and things got worse. Wondering if the 11.2.5.5 on AA will persist with issue or resolve. The one I flashed was from 11.2.3.3 I believe
Click to expand...
Click to collapse
Don't use a OP9P NON-HLOS on a OP9, there are obvious differences.
xpdragon said:
So flashing the 2 cmds below should still be good for modem, right?
fastboot flash modem_a modem_a.img
fastboot flash modem_b modem_b.img
Click to expand...
Click to collapse
Yes, that should be the only thing you touch