MOTO G5 CEDRIC XT1676 Only the led lights up, HELP PLEASE - Moto G5 Questions & Answers

solved
TheFixItMan said:
This guide is for hard bricked Moto G5 Cedric
Hard bricked means a device which can not enter bootloader mode normally
This method has now been confirmed working
XT1672 32gb version (also works with XT1670 XT1671 and XT1676)
Download mmcblk0 image from here
Thanks to @jcbotelho for providing image
Requirements
Freshly formatted microSD card of at least 32gb
7zip
Linux mint live usb/dvd
USB card reader
Method
The BEST method to flash the sdcard with mmcbk0.img file is to use LINUX!
Windows user have no need to install Linux in pc, you can run Linux from a bootable usb-stick or pendrive that is at least 8gb
0) Put the Moto g5 on mains charge until you have finished flashing the sdcard so it's fully charged ready for the boot test!
1) Run linux, preferable cinnamon or mate versions of linux Mint
2) Insert the sdcard in pc or card reader and open "Disks" app
3) In "Disks" app select sdcard and you will see the sdcard partitions
4) Press "-" to delete the partition (delete all partitions if there is more than one)
5) Press "+" to create a new one and name it mmcblk0, set FAT(FAT32) file format and press "CREATE"
6) Press "Play" button to mount the sdcard, look to see what path the sdcard has (/dev/sd??) and then close the "Disks" app
7) Go to Desktop, open "Computer" and navigate to the location when the img file is extracted (mmcblk0.img)
8) Open the window where img file is with root (right click on window and select "open as root")
9) In root window open the Terminal (right click on window and select "open terminal")
no need to type "su" in terminal, it has root already (see notes if using Linux live usb/dvd)
10) Type in terminal the comand written below and dont forget to eliminate that "1" from the sdcard path,
that "1" can make the differnce betwen phone boot or not!!!!!
Things to note
Linux Live dvd doesn't have open as root so just open in terminal and add sudo to the start of the commands
I've included this in the commands below
If you get a status error just remove status=progress from the terminal command below
Terminal comands
- if your sdcard is seen like " /dev/sdb1"
in terminal aply that comand:
sudo dd bs=4M if=mmcblk0.img of=/dev/sdb status=progress oflag=sync
-if your sdcard is seen like " /dev/mmcblk0p1"
in terminal aply that comand:
sudo dd bs=4M if=mmcblk0.img of=/dev/mmcblk0 status=progress oflag=sync
and the flashing process should start
when it finishes, test the sdcard in the phone and it should boot!
If you get a size error of the sdcard in terminal you have to change the sdcard and try again!
Thanks to vaserbanix for the guide
Re-flash Stock Firmware
Once the phone is in bootloader mode you can flash stock firmware via fastboot
Note that in order to flash gpt the firmware MUST be the same or newer than the version currently on your phone
Once you have firmware that is the same or newer than your current version you can remove the sd card and run these commands (assuming you have fastboot all setup on your pc)
fastboot oem fb_mode_set
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash dsp adspso.bin
fastboot flash oem oem.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot erase cache
fastboot erase userdata
fastboot erase customize (ignore any error)
fastboot erase clogo (ignore any error)
fastboot oem fb_mode_clear
fastboot reboot
Imei fix
If your imei is 0 then follow instructions from here
You should be able to restore stock after & keep imei
Click to expand...
Click to collapse
https://forum.xda-developers.com/g5/how-to/rooted-moto-g5-run-morning-post-image-t3776012
Something went wrong and now it does not start, only the led lights when it is connected to the pc. Only Qualcomm HS-USB QDLoader 9008 appears in the device manager.
I have tried several blankflash (1, 2, 3) but it does not work.
Also with Qfil and the same result.
Code:
greeting device for command mode
ReadFile() failed, error=31
opening device: \\.\COM3
OKAY [ 0.023s]
greeting device for command mode
ReadFile() failed, error=995
opening device: \\.\COM3
opening device: \\.\COM3
OKAY [ 0.008s]
greeting device for command mode
OKAY [ 0.010s]
identifying device
...serial = 0x1B9ACE0A
...chip-id = 0x4F
...chip-rev = 0x0
...sv-sbl = 0x1
OKAY [ 0.038s]
finding files
...programmer = programmer.mbn
...singleimage = singleimage.bin
OKAY [ 0.020s]
validating files
OKAY [ 0.002s]
switching to download mode
OKAY [ 0.004s]
greeting device for image downloading
OKAY [ 0.002s]
sending programmer
Unexpected packet: 4. Was expecting: 3
FAILED (blank-flash:sahara-transfer-image:send-image:unexpected packet)
:crying:
thanks in advance

Its call Hardbrick, dont have for now any flashbank for motog5

Seriously ? And do you know if there will be?

takoa said:
Seriously ? And do you know if there will be?
Click to expand...
Click to collapse
It will never be released officially - Motorola don't release these files - they are either leaked or someone modifies existing files
You can try
www.kriztekblog.com/2016/10/how-to-flash-qualcomm-mbn-firmware-qpst-tool.html/amp
The firehose file I'll put in the attachment below - Unzip it
Make sure you install everything & put all files in root of c: keep paths short with no spaces eg c:/flashtool
Iv no idea what else maybe required as I don't have this device anymore & even if I did I'd only test it if my device needed reimaging
Your only other option is a motherboard replacement or a repair shop with the equipment to reimage devices eg via a j-tag

more files are missing
TheFixItMan said:
It will never be released officially - Motorola don't release these files - they are either leaked or someone modifies existing files
You can try
www.kriztekblog.com/2016/10/how-to-flash-qualcomm-mbn-firmware-qpst-tool.html/amp
The firehose file I'll put in the attachment below - Unzip it
Make sure you install everything & put all files in root of c: keep paths short with no spaces eg c:/flashtool
Iv no idea what else maybe required as I don't have this device anymore & even if I did I'd only test it if my device needed reimaging
Your only other option is a motherboard replacement or a repair shop with the equipment to reimage devices eg via a j-tag
Click to expand...
Click to collapse
you will have the other path and xml files missing, Has someone already worked with you? tendras los demas archivos path y xml que falta, alguien ya le funciono con exito este metodo?

oxxo.andatti said:
you will have the other path and xml files missing, Has someone already worked with you? tendras los demas archivos path y xml que falta, alguien ya le funciono con exito este metodo?
Click to expand...
Click to collapse
You will either have to find one that works or develop your own if the ones that come with the program don't work
Like I said - I no longer have this phone & Iv tested nothing - I can provide ideas it's up to you to research alot of searching & come up with the solution

I have tried all the possible ways that I have found here and on the net ... and nothing. Still the same. Hopefully it will be soon the release of blankflash. I look forward to it. ?

work for me
takoa said:
I have tried all the possible ways that I have found here and on the net ... and nothing. Still the same. Hopefully it will be soon the release of blankflash. I look forward to it.
Click to expand...
Click to collapse
I found something that revive meu cedric that was only with LED blinking...
when conected to pc was found something like qualcomm 9008...
I'll get those files at my windows pc and can send to you
but is a kind of blankflash, write the bootloader and flash the room...
maybe i can get those files tomorow

carlapazin said:
I found something that revive meu cedric that was only with LED blinking...
when conected to pc was found something like qualcomm 9008...
I'll get those files at my windows pc and can send to you
but is a kind of blankflash, write the bootloader and flash the room...
maybe i can get those files tomorow
Click to expand...
Click to collapse
please, as soon as possible
thank you very much
:fingers-crossed::fingers-crossed::fingers-crossed:

files
takoa said:
please, as soon as possible
thank you very much
:fingers-crossed::fingers-crossed::fingers-crossed:
Click to expand...
Click to collapse
done!
just follow the sequence:
1 - blankflash
2 - bootloader gpt
then you can write de ROM with RSD or ADB
let me know if i could help you
drive.google.com/open?id=1pFMczSqIaw9qOPIuU2bywKEAgpeF41v_

carlapazin said:
done!
just follow the sequence:
1 - blankflash
2 - bootloader gpt
then you can write de ROM with RSD or ADB
let me know if i could help you
drive.google.com/open?id=1pFMczSqIaw9qOPIuU2bywKEAgpeF41v_
Click to expand...
Click to collapse
carla that so works in the Motorola cedric already proven it?

NABECKER16 said:
carla that so works in the Motorola cedric already proven it?
Click to expand...
Click to collapse
It works fo me!

carlapazin said:
It works fo me!
Click to expand...
Click to collapse
do you think it works on my moto g5 xt1672 from at & t mex

carlapazin said:
done!
just follow the sequence:
1 - blankflash
2 - bootloader gpt
then you can write de ROM with RSD or ADB
let me know if i could help you
drive.google.com/open?id=1pFMczSqIaw9qOPIuU2bywKEAgpeF41v_
Click to expand...
Click to collapse
it does not work
can you tell us what steps you have followed, the operating system you use, the driver used and so on?

not working in xt1672

takoa said:
it does not work
can you tell us what steps you have followed, the operating system you use, the driver used and so on?
Click to expand...
Click to collapse
I did with battery fully charged!
The bootloader of my XT1676 was locked
used the .bat file in:
1 - blankflash (the phone will restart on fastbot mode)
then the .bat file on 2 - bootloader gpt
again in fastboot mode, you can flash the early rom using ADB or RSD Lite.
my OS = Windows 7 (test mode active)
and the driver i've downloaded from anywere here at xda....
on windows the phone is show qualcomm 9008 (something like that)
oh yeah! uninstall all motorola drivers and just keep the qualcomm!!!
if u don't find those drivers, i can upload
---------- Post added 27th April 2018 at 12:04 AM ---------- Previous post was 26th April 2018 at 11:59 PM ----------
NABECKER16 said:
not working in xt1672
Click to expand...
Click to collapse
Sorry, bro...
Mine is XT1676... but I'm from Brazil... and the official model here is XT1672... I can look for something to ya

carlapazin said:
I did with battery fully charged!
The bootloader of my XT1676 was locked
used the .bat file in:
1 - blankflash (the phone will restart on fastbot mode)
then the .bat file on 2 - bootloader gpt
again in fastboot mode, you can flash the early rom using ADB or RSD Lite.
my OS = Windows 7 (test mode active)
and the driver i've downloaded from anywere here at xda....
on windows the phone is show qualcomm 9008 (something like that)
oh yeah! uninstall all motorola drivers and just keep the qualcomm!!!
if u don't find those drivers, i can upload
---------- Post added 27th April 2018 at 12:04 AM ---------- Previous post was 26th April 2018 at 11:59 PM ----------
Sorry, bro...
Mine is XT1676... but I'm from Brazil... and the official model here is XT1672... I can look for something to ya
Click to expand...
Click to collapse
takoa said:
[ 0.000] Opening device: \\.\COM5
[ 0.000] Detecting device
[ 0.000] ...cpu.id = 79 (0x4f)
[ 0.000] ...cpu.sn = 463130122 (0x1b9ace0a)
[ 0.000] Opening singleimage
[ 0.000] ERROR: error opening singleimage
[ 0.000] Check qboot_log.txt for more details
[ 0.000] Total time: 0.010s
[ 0.000]
[ 0.000] qboot version 3.40
[ 0.000]
[ 0.000] DEVICE {
[ 0.000] name = "\\.\COM5",
[ 0.000] flags = "0x64",
[ 0.000] addr = "0x28FE6C",
[ 0.000] sahara.current_mode = "3",
[ 0.000] api.buffer = "0x24F0020",
[ 0.000] cpu.serial = "463130122",
[ 0.000] cpu.id = "79",
[ 0.000] cpu.sv_sbl = "1",
[ 0.000] api.bnr = "0x652D78",
[ 0.000] }
[ 0.000]
[ 0.000]
[ 0.000] Backup & Restore {
[ 0.000] num_entries = 0,
[ 0.000] restoring = "false",
[ 0.000] backup_error = "not started",
[ 0.000] restore_error = "not started",
[ 0.000] }
[ 0.000]
Click to expand...
Click to collapse

takoa said:
Click to expand...
Click to collapse
let's find another singleImage.... that's the only i've got
sorry, man

carlapazin said:
let's find another singleImage.... that's the only i've got
sorry, man
Click to expand...
Click to collapse
Maybe the image is corrupted when you uploaded it, since it cant be opened.

carlapazin said:
let's find another singleImage.... that's the only i've got
sorry, man
Click to expand...
Click to collapse
Hi. What I do not understand is because it does not work and it gives error being my terminal is the same model as yours, xt1676.
Use w7x64, unlocked bootloader, test mode, compilation 7601 and the correct qualcomm drivers.
Something I have or have overlooked.

Related

Samsung Galaxy Nexus SCH-I515 Will not go past google start screen

The phone will power on with a google logo and on the bottom of the screen a lock symbol. Anyone ever deal with something like and maybe have a solution.
joester818 said:
The phone will power on with a google logo and on the bottom of the screen a lock symbol. Anyone ever deal with something like and maybe have a solution.
Click to expand...
Click to collapse
the lock symbol means your phones bootloader has been unlocked allowing for custom development. i assume you have bought the device second hand as you obviously didnt unlock it yourself.
to make your phone boot i suggest cleaning your devices cache.
-power off device
-hold power up+down while pressing power button
-use the volume buttons to scroll down to recovery and press power to select
-after google logo disappears a little android with a blue thingy will come up, at this point hold the power button then press volume up and another selection screen will come up.
-select clean cache and then press power to select. when this is done reboot your device.
im not 100% sure this is your problem but its worth a try.
I was stuck at the same screen this morning. I tried booting into CWM Recovery from Jelly Bean and my phone wasn't having any part of it. I kept waiting and eventually pulled the battery. Luckily, I was able to boot into the ROM on my second battery pull. I doubt this helps though, just my two cents.
joester818 said:
The phone will power on with a google logo and on the bottom of the screen a lock symbol. Anyone ever deal with something like and maybe have a solution.
Click to expand...
Click to collapse
me too same problem.how to solve?
can you tell me about this?or Anybody have..?
Boot into boot loader. Flash stock. Flash clockwork. Flash a rom that works
Yes had the same issue. I had to walk away and give it time and I came up.
How long have u let it go?
Sent from my Galaxy Nexus using xda app-developers app
animal24 said:
Boot into boot loader. Flash stock. Flash clockwork. Flash a rom that works
Click to expand...
Click to collapse
Thanks to reply
but i don't understand about flash. i can do fastboot mode only then...............what do? which software help me to flash?
i download [mysid-icl53f-factory-65895fa8.zip] file from goo.im but this is zip file.no software.
so please help me out.
sattar_00977 said:
Thanks to reply
but i don't understand about flash. i can do fastboot mode only then...............what do? which software help me to flash?
i download [mysid-icl53f-factory-65895fa8.zip] file from goo.im but this is zip file.no software.
so please help me out.
Click to expand...
Click to collapse
the newest released stock images are here https://developers.google.com/android/nexus/images
down towards the bottom should be imm76k for the mysid
its a zip, but inside, there is a bootloader, 2 radios, and a system image, maybe some other tidbits
so just unzip it to the same directory as your fastboot.exe
assuming you're unlocked.
fastboot flash bootloader bootloader-toro-primela03.img
fastboot reboot-bootloader
fastboot flash radio radio-toro-i515.fc05.img
fastboot reboot-bootloader
fastboot flash radio-cdma radio-cdma-toro-i515.fa04.img
fastboot reboot-bootloader
fastboot -w update image-mysid-imm76k.zip
fastboot reboot-bootloader
after that i always boot into recovery and do another factory reset, but thats me.
enjoy!
animal24 said:
the newest released stock images are here https://developers.google.com/android/nexus/images
down towards the bottom should be imm76k for the mysid
its a zip, but inside, there is a bootloader, 2 radios, and a system image, maybe some other tidbits
so just unzip it to the same directory as your fastboot.exe
assuming you're unlocked.
fastboot flash bootloader bootloader-toro-primela03.img
fastboot reboot-bootloader
fastboot flash radio radio-toro-i515.fc05.img
fastboot reboot-bootloader
fastboot flash radio-cdma radio-cdma-toro-i515.fa04.img
fastboot reboot-bootloader
fastboot -w update image-mysid-imm76k.zip
fastboot reboot-bootloader
after that i always boot into recovery and do another factory reset, but thats me.
enjoy!
Click to expand...
Click to collapse
on fastboot mode show follow status on screen
Code:
FASTBOOT MODE
PRODUCT NAME-tuna
VARRIANT -toro
HW VERSION-9
BOOTLODER VERSION-PRIMKK15
BASEBAND VERSION-I515.EK02 CDMA-I515.EK05
CARRIER INFO-NONE
SERIAL NUMBER-0146970F11019005
SIGNING-production
LOCK STATE-UNLOCKED
so i download [mysid-icl53f-factory-65895fa8]
but while flashing stop on
sending 'boot' (4074 KB)...
OKAY [ 0.420s]
writing 'boot'...
full log is
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\sattar>cd C:\Users\sattar\Desktop\mysid-icl53f
C:\Users\sattar\Desktop\mysid-icl53f>fastboot-windows
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
C:\Users\sattar\Desktop\mysid-icl53f>fastboot flash bootloader bootloader-toro-p
rimekk15.img
< waiting for device >
sending 'bootloader' (2308 KB)...
OKAY [ 0.241s]
writing 'bootloader'...
OKAY [ 20.830s]
finished. total time: 21.074s
C:\Users\sattar\Desktop\mysid-icl53f>fastboot flash radio radio-toro-i515.ek02.i
mg
sending 'radio' (10496 KB)...
OKAY [ 1.069s]
writing 'radio'...
FAILED (remote: Unknown Partition)
finished. total time: 1.082s
C:\Users\sattar\Desktop\mysid-icl53f>fastboot flash radio radio-toro-i515.ek02.i
mg
sending 'radio' (10496 KB)...
OKAY [ 1.061s]
writing 'radio'...
FAILED (status read failed (Too many links))
finished. total time: 42.821s
C:\Users\sattar\Desktop\mysid-icl53f>fastboot -w update image-mysid-icl53f
error: failed to load 'image-mysid-icl53f'
C:\Users\sattar\Desktop\mysid-icl53f>fastboot -w update image-mysid-icl53f.zip
archive does not contain 'boot.sig'
archive does not contain 'recovery.sig'
archive does not contain 'system.sig'
--------------------------------------------
Bootloader Version...: PRIMEKK15
Baseband Version.....: I515.EK02
Serial Number........: 0146970F11019005
--------------------------------------------
checking product...
OKAY [ 0.008s]
checking version-bootloader...
OKAY [ 0.009s]
checking version-baseband...
OKAY [ 0.009s]
checking version-cdma...
OKAY [ 0.009s]
sending 'boot' (4074 KB)...
OKAY [ 0.420s]
writing 'boot'...
what happean this?
You skipped the part where it was suggested to go download the IMM76K image. I'd start there. You're trying to flash an older build.
Cilraaz said:
You skipped the part where it was suggested to go download the IMM76K image. I'd start there. You're trying to flash an older build.
Click to expand...
Click to collapse
still no luck. try all image but not sucess. what i do?
sattar_00977 said:
still no luck. try all image but not sucess. what i do?
Click to expand...
Click to collapse
Try flashing the images one by one, instead of using "fastboot update". See here.
efrant said:
Try flashing the images one by one, instead of using "fastboot update". See here.
Click to expand...
Click to collapse
really i am a fool. i can't understand even many people teach me.
i extract all file like this on desktop.
Uploaded with ImageShack.us
it,s right?
Then first i write bootloader
C:\Users\sattar\Desktop\mysid-icl53f>fastboot flash bootloader bootloader-toro-p
rimekk15.img
sending 'bootloader' (2308 KB)...
OKAY [ 0.241s]
writing 'bootloader'...
OKAY [ 20.832s]
finished. total time: 21.075s
Click to expand...
Click to collapse
it's done
then try radio it take upto 1 hour but not sucess
this time show fastboot status --flash radio on buttom of screen
i wait upto 1 hour but sucess then i remove
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\sattar>cd C:\Users\sattar\Desktop\mysid-icl53f
C:\Users\sattar\Desktop\mysid-icl53f>fastboot-windows
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
C:\Users\sattar\Desktop\mysid-icl53f>fastboot oem unlock
...
FAILED (remote: Already Unlocked)
finished. total time: 0.009s
C:\Users\sattar\Desktop\mysid-icl53f>fastboot reboot bootloder
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address
-n <page size> specify the nand page size. default:
2048
C:\Users\sattar\Desktop\mysid-icl53f>fastboot reboot bootloader
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address
-n <page size> specify the nand page size. default:
2048
C:\Users\sattar\Desktop\mysid-icl53f>fastboot flash bootloader bootloader-toro-p
rimekk15.img
sending 'bootloader' (2308 KB)...
OKAY [ 0.241s]
writing 'bootloader'...
OKAY [ 20.832s]
finished. total time: 21.075s
C:\Users\sattar\Desktop\mysid-icl53f>fastboot flash radio radio-toro-i515.ek02.i
mg
sending 'radio' (10496 KB)...
OKAY [ 1.067s]
writing 'radio'...
Click to expand...
Click to collapse
sattar_00977 said:
really i am a fool. i can't understand even many people teach me.
i extract all file like this on desktop.
it,s right?
Then first i write bootloader
it's done
then try radio it take upto 1 hour but not sucess
this time show fastboot status --flash radio on buttom of screen
i wait upto 1 hour but sucess then i remove
Click to expand...
Click to collapse
I can't view your screen shot. It's too small.
Your reboot command didn't work because you are missing the dash. It is "fastboot reboot-bootloader" not "fastboot reboot bootloader".
Not sure why the radio is not flashing for you. Try skipping it and move to the next image.
Sent from my Galaxy Nexus using Tapatalk 2
I have this same but problem but I tried what Efrant suggested doing from the bootloader and it appeared to work, my phone booted up and was back to stock. I continued to test restating it and it would go through the google splash screen only about 5-10 times to boot, so i thought that it was fine and continued to use my phone throuhgout the day.
Well I restarted it again later and it went right back into the bootloop. I flashed to stock again following Efrants directions and it worked for a little but soon went back into the bootloop.
What else can I do? I dont want to have to get a new one through Asurion because you never know what kind of ****furb you'll get and its 50$..
Don't mean to hijack but I can't find answers anywhere else!
jigawut said:
I have this same but problem but I tried what Efrant suggested doing from the bootloader and it appeared to work, my phone booted up and was back to stock. I continued to test restating it and it would go through the google splash screen only about 5-10 times to boot, so i thought that it was fine and continued to use my phone throuhgout the day.
Well I restarted it again later and it went right back into the bootloop. I flashed to stock again following Efrants directions and it worked for a little but soon went back into the bootloop.
What else can I do? I dont want to have to get a new one through Asurion because you never know what kind of ****furb you'll get and its 50$..
Don't mean to hijack but I can't find answers anywhere else!
Click to expand...
Click to collapse
That is very strange. If you successfully flashed ALL the stock images as per that guide, and the device boots properly, but you are still getting bootloops, it is either an app that you have installed that is causing it, or a hardware issue.
finitestruggle said:
the lock symbol means your phones bootloader has been unlocked allowing for custom development. i assume you have bought the device second hand as you obviously didnt unlock it yourself.
to make your phone boot i suggest cleaning your devices cache.
-power off device
-hold power up+down while pressing power button
-use the volume buttons to scroll down to recovery and press power to select
-after google logo disappears a little android with a blue thingy will come up, at this point hold the power button then press volume up and another selection screen will come up.
-select clean cache and then press power to select. when this is done reboot your device.
im not 100% sure this is your problem but its worth a try.
Click to expand...
Click to collapse
Doesn't this mean he is locked, not unlocked.the lock symbol has to be one of an open lock.this could be why flashing falls.
joester818 said:
The phone will power on with a google logo and on the bottom of the screen a lock symbol. Anyone ever deal with something like and maybe have a solution.
Click to expand...
Click to collapse
Sent from my Galaxy Nexus using Tapatalk 2
koftheworld said:
Doesn't this mean he is locked, not unlocked.the lock symbol has to be one of an open lock.this could be why flashing falls.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
If it was locked there would be no symbol
efrant said:
That is very strange. If you successfully flashed ALL the stock images as per that guide, and the device boots properly, but you are still getting bootloops, it is either an app that you have installed that is causing it, or a hardware issue.
Click to expand...
Click to collapse
Yes I'm pretty sure all the images flashed succesfully but when i did the last one it said something about something not being available, not home right now or else I'd check. I really hope this isnt a hardware problem but I don't see how it could be. When it started doing this I was downloading a bunch of files on my phone at work and it randomlly restarted and went into the bootloop. Is there anything I could try before getting a replacement?
how many time take for flashing?
i need tested working fastboot.exe for window.

Steps to flash Android 4.3 factory image without losing data

NOTE: Bootloader should be unlocked for this method to work. Root not required.
1) Download the factory image relevant to your Galaxy Nexus from the below page.
https://developers.google.com/android/nexus/images#takju
2) Unzip the .tgz file and keep it under, say C:/
3) Edit the "flash-all.bat" and remove the "-w" parameter from "fastboot -w update image-takju-jwr66v.zip"
4) Delete "userdata.img" from "image-takju-jwr66v.zip".
5) Copy fastboot.exe file into the “takju-jwr66v” directory.
6) Reboot and keep the phone in fastboot mode. [ a) Turn on USB Debugging b) Turn off your Phone c) Hold down Volume UP + Volume Down + Power buttons ]
7) Issue the command "flash-all.bat".
8) Wait for the process to finish, and then the Galaxy Nexus will reboot upgraded with stock Android 4.3
9) Cheers and enjoy !!!
Logs below for even better understanding
=========================================
C:\gn4life\takju-jwr66v-factory-c2ef855e\takju-jwr66v>dir
Volume in drive C is OSDisk
Volume Serial Number is C49E-94F0
Directory of C:\gn4life\takju-jwr66v-factory-c2ef855e\takju-jwr66v
07/24/2013 11:25 PM <DIR> .
07/24/2013 11:25 PM <DIR> ..
05/07/2010 11:48 AM 578,611 adb.exe
05/07/2010 11:48 AM 96,256 AdbWinApi.dll
05/07/2010 11:48 AM 60,928 AdbWinUsbApi.dll
07/12/2013 03:56 AM 2,363,392 bootloader-maguro-primemd04.img
05/07/2010 11:48 AM 336,613 fastboot.exe
07/24/2013 11:08 PM 953 flash-all.bat
07/12/2013 03:56 AM 956 flash-all.bat.bak
07/12/2013 03:56 AM 827 flash-all.sh
07/12/2013 03:56 AM 785 flash-base.sh
07/24/2013 11:09 PM 295,614,131 image-takju-jwr66v.zip
07/12/2013 03:56 AM 12,583,168 radio-maguro-i9250xxlj1.img
11 File(s) 311,636,620 bytes
2 Dir(s) 7,925,932,032 bytes free
C:\gn4life\takju-jwr66v-factory-c2ef855e\takju-jwr66v>
C:\gn4life\takju-jwr66v-factory-c2ef855e\takju-jwr66v>flash-all.bat
sending 'bootloader' (2308 KB)... OKAY [ 0.314s]
writing 'bootloader'... OKAY [ 1.478s]
finished. total time: 1.793s
rebooting into bootloader... OKAY [ 0.006s]
finished. total time: 0.006s
< waiting for device >
sending 'radio' (12288 KB)... OKAY [ 1.675s]
writing 'radio'... OKAY [ 1.856s]
finished. total time: 3.532s
rebooting into bootloader... OKAY [ 0.007s]
finished. total time: 0.007s
archive does not contain 'boot.sig'
archive does not contain 'recovery.sig'
archive does not contain 'system.sig'
--------------------------------------------
Bootloader Version...: PRIMEMD04
Baseband Version.....: I9250XXLJ1
Serial Number........: 0149BDCB0D012016
--------------------------------------------
checking product... OKAY [ 0.006s]
checking version-bootloader... OKAY [ 0.008s]
checking version-baseband... OKAY [ 0.007s]
sending 'boot' (4376 KB)... OKAY [ 0.709s]
writing 'boot'... OKAY [ 0.506s]
sending 'recovery' (4924 KB)... OKAY [ 0.662s]
writing 'recovery'... OKAY [ 0.689s]
sending 'system' (479244 KB)... OKAY [ 65.013s]
writing 'system'... OKAY [ 48.280s]
rebooting...
finished. total time: 115.913s
Press any key to exit...
So it's not just my bootloader that got slower. Yours also made you <waiting for device> each time the process rebooted the bootloader. It never happened before.
Sent from my Galaxy Nexus using Tapatalk 4 Beta
beekay201 said:
So it's not just my bootloader that got slower. Yours also made you <waiting for device> each time the process rebooted the bootloader. It never happened before.
Sent from my Galaxy Nexus using Tapatalk 4 Beta
Click to expand...
Click to collapse
yessssssssssss worked for me
Caused a bootloop for me and when I tried to reboot in recovery I got red triangle and Android. Didn't give any error messages.
Am just going to do full wipe now and retry.
Worked like a charm
Did what the post said and got 4.3 without losing any data.
Thanks!
Color me suspicious, but I bet there's a good reason that the -w is there...
flash successful without losing data.. but camera lag still exist on my gnex, and vitamio got multiple crash after rebooting. Anybody got the same experience?
I did get a bootloop by this method until I flashed by loosing data
omegagt said:
I did get a bootloop by this method until I flashed by loosing data
Click to expand...
Click to collapse
your gnex must be unlock to do this flashing process, maybe that's why you get the bootloop
banditnich said:
your gnex must be unlock to do this flashing process, maybe that's why you get the bootloop
Click to expand...
Click to collapse
I have updated my original post with this info. Thanks...
theillustratedlife said:
Color me suspicious, but I bet there's a good reason that the -w is there...
Click to expand...
Click to collapse
Got bootloop so I did full wipe and lost all data but all works fine.
omegagt said:
I did get a bootloop by this method until I flashed by loosing data
Click to expand...
Click to collapse
Same.
banditnich said:
your gnex must be unlock to do this flashing process, maybe that's why you get the bootloop
Click to expand...
Click to collapse
My GNex hasn't even been carrier locked(they don't do that in Belgium) and my bootloader has been unlocked since I got this phone.
Sent from my Galaxy Nexus using Tapatalk 4 Beta
sui785 said:
Got bootloop so I did full wipe and lost all data but all works fine.
Same.
My GNex hasn't even been carrier locked(they don't do that in Belgium) and my bootloader has been unlocked since I got this phone.
Sent from my Galaxy Nexus using Tapatalk 4 Beta
Click to expand...
Click to collapse
Unlock refers to the bootloader not to carrier locking.
banditnich said:
flash successful without losing data.. but camera lag still exist on my gnex, and vitamio got multiple crash after rebooting. Anybody got the same experience?
Click to expand...
Click to collapse
Mine is still lagging when screen rotates, but if you deactivate screen rotation it works just fine.
I updated my UNLOCKED takju like this, and it seems to work ok:
- Download and unpack takju-jwr66v-factory-c2ef855e.tgz to some folder (gives you a subfolder called takju-jwr66v)
- Unpack file image-takju-jwr66v.zip (found in folder above, gives you files boot.img, recovery.img, system.img ..)
- Connect phone, make sure to activate debugging first
- Check with command adb devices , this should show you an id for your phone
Something like this:
List of devices attached
0149C25E0A011009 device
Go to folder takju-jwr66v and issue commands below
- fastboot flash bootloader bootloader-maguro-primemd04.img
- fastboot reboot-bootloader
- fastboot flash radio radio-maguro-i9250xxlj1.img
- fastboot reboot-bootloader
Go to folder image-takju-jwr66v
- fastboot flash boot boot.img
- fastboot flash recovery recovery.img
- fastboot flash system system.img
- fastboot reboot
DO NOT flash userdata.img !!
Gryph Lionheart said:
Mine is still lagging when screen rotates, but if you deactivate screen rotation it works just fine.
Click to expand...
Click to collapse
So I'm not the only one with the lagging camera bug, well camera work fine too with screen rotation disabled on 4.2.2.
Camera bug supposed to be fix in 4.3... maybe must do clean flash will do the trick...
But I'm too lazy to do backup and restore all apps and data on my phone right now, and already used to using another camera apps lately so the bug doesn't bother me that much to do clean flash all over again.
banditnich said:
So I'm not the only one with the lagging camera bug, well camera work fine too with screen rotation disabled on 4.2.2.
Camera bug supposed to be fix in 4.3... maybe must do clean flash will do the trick...
But I'm too lazy to do backup and restore all apps and data on my phone right now, and already used to using another camera apps lately so the bug doesn't bother me that much to do clean flash all over again.
Click to expand...
Click to collapse
Everything is working fine for me. No bugs.
This isn't working for me.
I typed in adb reboot bootloader to get into fast boot.
Then I ran the flash-all.bat file and it said "AdbWinApi.dll" not found. After adding this .dll to the folder a command shell opens with "waiting for device". Already turned on USB debugging and connected it to PC.
One issue though is that even though USB debugging is on, I can still connect to the phone as a media device and see all my files. I think you're not supposed to be able to access the phone's file while USB debugging is on.
So basically all the bat file does is has it stuck on "waiting for device." Although in fastboot if I type in "fastboot devices" it shows something like "X57U31581759 fastboot".
------------- Update ------------
So after watching a few youtube videos I found the problem: bad original instructions.
First the phone is to be on ANDROID, connected to the computer with USB debugging on. You can check to see if the device is connected using: adb devices
Then click the .bat file and it'll say "waiting for devices". Then I use another command shell and typed in : adb reboot bootloader to get into fastboot. This makes the .bat file work successfully.
If you start the procedure already rebooted into fastboot like steps 6 & 7 suggests, you'll be stuck on "waiting for devices" all day. Basically step 7 should be done before step 6.
Something wrong then, because I use flash-all.sh directly from fastboot, never had such an issue.
beekay201 said:
Something wrong then, because I use flash-all.sh directly from fastboot, never had such an issue.
Click to expand...
Click to collapse
Mine too, never had such issue. The flash all bat file executed from fastboot and its working flawlessly.
Sent from my Galaxy Nexus using Tapatalk 4
Didn't work for me either... Got bootloop... I had to wipe everything.

Help Help help !!! Deep Cable / Flash Cable Moto Z2 Force

Hi everybody.
As I know that it is possible that someone wants to know why I need a deep cable here is a super summary of my catastrophe:
I made a root in my Z2 Force with the bootloader unlocked (thanks to the number that Motorola gives to do that) and with the SU, after that I knew (not before, damn) that some applications don't work on root cell phones (****) among these my bank app, Netflix app, Fox app (**** **** ****), even using the Root Cloak app and others like that the result is that they don't work, so I needed to return to the unroot state, until there everything manageable, buuuuuuuuut, when I had to flash the stock ROM I downloaded the wrong version (fuuuuuuuck), the result was that the cell phone doesn't recognize the SIM cards, doesn't allow the use of WIFI, my IMEI was lost (wtf!) and when I try to flash again (in fastboot) with the correct ROM stock the bootloader doesn't leave me because it says "Flashing_locked", (what? but if I already unlocked it before !, well no, the ****ing cell phone doesn't recognize that, if I try to unblock it through the fastboot commands give as results that the process was satisfactory, but when restarting the bootloader it says NO, I'm still locked mother****er ! ...........
Well, that's why I need a deep cable, to flash with the (foolish) "Flasing_locked" status. So, the problem is basically that I found on the Internet those who do the deep cable with micro-usb, I haven't found how to do it with a usb-c cable. In the cases with micro-usb you only have to bridge the black and green wires and "ta dah" everything is done, in others I also see in micro-usb the pin 4 is jumpered with pin 1 in the micro-usb connector, but on the usb-c cable I have something like 20 pins and more than 4 cables, so I don't know how I can do the deep cable with a usb-c.
Please, I need help :crying:
I think there is another way to go about this than putting your devices into Qualcomm 9008. That is what you are wanting the EDL Deep Cable for, right? Instead of that, why not try this thread here, https://forum.xda-developers.com/z2-force/how-to/how-to-return-to-stock-sprint-t3694783, and see if Uzephi's method doesnt get you back to stock. If for some reason his flashall doesnt work, then I would suggest using a blankflash for your version of Android to wipe the slate clean and then use the return to stock method for your device.
fast69mopar said:
I think there is another way to go about this than putting your devices into Qualcomm 9008. That is what you are wanting the EDL Deep Cable for, right? Instead of that, why not try this thread here, https://forum.xda-developers.com/z2-force/how-to/how-to-return-to-stock-sprint-t3694783, and see if Uzephi's method doesnt get you back to stock. If for some reason his flashall doesnt work, then I would suggest using a blankflash for your version of Android to wipe the slate clean and then use the return to stock method for your device.
Click to expand...
Click to collapse
Okay ! I'm going to try those two options and I'll write you what happens.
Thanks !
Well, I'm here again.
I tried the two methods that you kindly indicated to me:
1. https://forum.xda-developers.com/z2-...print-t3694783 The Flashall.bat file really does not do anything different than being an automated flash of what you can usually do manually, I mean, it does the flash using the fastboot file by file, so because it's the same process (but automated) I got the same result, when the Flashall.bat file tries to send / flash the files the response status is Failed, because the flashing status in the bootloader is locked.
2. Blankflash metod. This method seems to work when the cell phone is bricked and does not enter the bootloader, and that is not my case because I can access the cell phone, for example if I connect the cell phone to the computer in:
a) the boot manager mode, the "Device Manager" recognizes it as "Android Device / Motorola ADB Interface"
b) started the ROM (and activated the "USB Debugging"), the "Device Manager" also recognizes it as "Android Device / Motorola ADB Interface"
c) QCOM mode (selected from the bootloader) the "Device Manager" recognizes it as "Qualcomm HS-USB Diagnostics 9092".
Anyway, if I run the blank-flash file in:
a) bootloader mode, the CMD shows "waiting device" and does nothing
b) started the ROM (and activated the "USB Debugging"), the CMD shows "waiting device" and does nothing
c) QCOM mode (selected from the bootloader), the CMD shows "waiting for the device" and does nothing (this same result with or without the activation of "USB Debugging")
So I'm still the same, I think my only option is Deep Cable, what do you think?
Loperaco said:
Well, I'm here again.
I tried the two methods that you kindly indicated to me:
1. https://forum.xda-developers.com/z2-...print-t3694783 The Flashall.bat file really does not do anything different than being an automated flash of what you can usually do manually, I mean, it does the flash using the fastboot file by file, so because it's the same process (but automated) I got the same result, when the Flashall.bat file tries to send / flash the files the response status is Failed, because the flashing status in the bootloader is locked.
2. Blankflash metod. This method seems to work when the cell phone is bricked and does not enter the bootloader, and that is not my case because I can access the cell phone, for example if I connect the cell phone to the computer in:
a) the boot manager mode, the "Device Manager" recognizes it as "Android Device / Motorola ADB Interface"
b) started the ROM (and activated the "USB Debugging"), the "Device Manager" also recognizes it as "Android Device / Motorola ADB Interface"
c) QCOM mode (selected from the bootloader) the "Device Manager" recognizes it as "Qualcomm HS-USB Diagnostics 9092".
Anyway, if I run the blank-flash file in:
a) bootloader mode, the CMD shows "waiting device" and does nothing
b) started the ROM (and activated the "USB Debugging"), the CMD shows "waiting device" and does nothing
c) QCOM mode (selected from the bootloader), the CMD shows "waiting for the device" and does nothing (this same result with or without the activation of "USB Debugging")
So I'm still the same, I think my only option is Deep Cable, what do you think?
Click to expand...
Click to collapse
To use blankflash you need to be in 9008 mode, since you have adb working try issuing the command 'adb reboot-edl' or 'adb reboot edl' can't recall at the moment. You'll know when you're in edl/9008 mode because the screen will be blank and the device will recognize as 9008. If you can't reboot to edl through adb, go to fastboot and try 'fastboot oem blankflash' again you'll know when you're ready for blankflash because the device will recognize as 9008. If the commands don't take, boot into QCOM mode and try 'fastboot oem blankflash'
*To unlock the bootloader you need to select oem unlock in settings. If it's greyed out you need to connect to internet and sign into google. Try bluetooth connection or a cable since wifi and mobile is borked at the moment.
41rw4lk said:
To use blankflash you need to be in 9008 mode, since you have adb working try issuing the command 'adb reboot-edl' or 'adb reboot edl' can't recall at the moment. You'll know when you're in edl/9008 mode because the screen will be blank and the device will recognize as 9008. If you can't reboot to edl through adb, go to fastboot and try 'fastboot oem blankflash' again you'll know when you're ready for blankflash because the device will recognize as 9008. If the commands don't take, boot into QCOM mode and try 'fastboot oem blankflash'
*To unlock the bootloader you need to select oem unlock in settings. If it's greyed out you need to connect to internet and sign into google. Try bluetooth connection or a cable since wifi and mobile is borked at the moment.
Click to expand...
Click to collapse
Hi.
I have fresh news.
The first thing I tried was to enable the option to unlock the OEM because that option was in gray, try to connect the internet via USB cable and no option worked, but when connecting by bluetooth (which is not easy either for those who don’t know how) I did it! and once connected, I enabled the option again, so I activated it to allow me to unlock the OEM, but when restarting the bootloader to verify it was still showing the status "Flashing_locked" (sad face).
Even knowing this, try the options in this order and with these results:
1. Try the command 'adb reboot-edl' or 'adb reboot edl'. The first command that the console recognized was 'adb reboot -edl' but once accepted by the CMD the cell phone was rebooted alone and went back to the ROM, that is, it was not blank.
2. Go to fastboot and try 'fastboot oem blankflash'. When doing this the result obtained in the CMD was “(bootloader) Command Restricted FAILED (remote failure) finished. total time: 0.006s”, probably due to the fact that the bootloader still indicates "Flashing_locked".
3. Boot into QCOM mode and try 'fastboot oem blankflash'. When I start the QCOM option from the bootloader the cell phone automatically loads the ROM, after this I activated the USB Debugging and ran the command in question but the result was "<waiting for any device>" and nothing happens. I tried the command again without activating the USB Debugging and nothing happened either. If I enter the command "fastboot devices" the command does not give any results, I give way to the next line as if nothing happened.
4. I was sad after all this so I decided to retry everything, starting with the command to put the phone in mode 9008, so, just out of curiosity I tried the second sentence you wrote, that is, 'adb reboot edl' (without the line in the middle before the word “edl”), this command also recognized it but this time if it went to blank (yeah !!!). So after accomplishing this I followed the instructions of https://forum.xda-developers.com/z2-force/help/hard-bricked-blankflash-z2-force-t3705789, but the result when executing the Blank-Flash file was:
[ 0.000] Opening device: \\.\COM11
[ 0.001] Detecting device
[ 0.004] ...cpu.id = 94 (0x5e)
[ 0.005] ...cpu.sn = 3632543294 (0xd884363e)
[ 0.005] Opening singleimage
[ 0.005] Loading package
[ 0.009] ...filename = pkg.xml
[ 0.012] Loading programmer
[ 0.012] ...filename = programmer.elf
[ 0.013] Sending programmer
[ 0.091] ReadFile() failed, GetLastError()=0
[ 0.644] Unexpected command, expecting 3 or 18 or 4, got 1 instead.
[ 0.644] ERROR: sahara_download()->general error
[ 0.644] Check qboot_log.txt for more details
[ 0.645] Total time: 0.646s
[ 0.645]
[ 0.645] qboot version 3.85
[ 0.645]
[ 0.645] DEVICE {
[ 0.645] name = "\\.\COM11",
[ 0.645] flags = "0x64",
[ 0.645] addr = "0x28FD74",
[ 0.645] sahara.current_mode = "0",
[ 0.645] api.buffer = "0x2160020",
[ 0.645] cpu.serial = "3632543294",
[ 0.645] cpu.id = "94",
[ 0.645] cpu.sv_sbl = "0",
[ 0.645] cpu.name = "MSM8998",
[ 0.645] storage.type = "UFS",
[ 0.645] sahara.programmer = "programmer.elf",
[ 0.645] api.bnr = "0x20C7ED0",
[ 0.645] }
[ 0.645]
[ 0.645]
[ 0.645] Backup & Restore {
[ 0.645] num_entries = 0,
[ 0.645] restoring = "false",
[ 0.645] backup_error = "not started",
[ 0.645] restore_error = "not started",
[ 0.645] }
[ 0.645]​When executing the "blank-flash" file again, the result obtained was:
[ 0.000] Opening device: \\.\COM11
[ 0.001] Detecting device
[ 34.005] ERROR: sahara_greet_device()->change_mode()->do_hello()->IO error
[ 34.005] Check qboot_log.txt for more details
[ 34.005] Total time: 34.006s
[ 34.005]
[ 34.005] qboot version 3.85
[ 34.005]
[ 34.005] DEVICE {
[ 34.005] name = "\\.\COM11",
[ 34.005] flags = "0x64",
[ 34.005] addr = "0x28FD74",
[ 34.005] api.bnr = "0x612CA8",
[ 34.005] }
[ 34.005]
[ 34.005]
[ 34.005] Backup & Restore {
[ 34.005] num_entries = 0,
[ 34.005] restoring = "false",
[ 34.005] backup_error = "not started",
[ 34.005] restore_error = "not started",
[ 34.005] }
[ 34.005]​I thought I had made a worse mistake, but turning off the cell phone normally returned to enter the ROM without problem.
At this point I was left with no more ideas...
You need drivers so that your pc and the phone can communicate, here is a link and it also has a verified blankflash.zip that has worked many times for others in the past. The process is a bit hit and miss, meaning it can be finicky on some pcs. Make sure you use a usb 2.0 port off the mobo, and not a 3.0+ or a hub port, they're not all so universal and can cause problems, so stick to 2.0 mobo ports.
https://forum.xda-developers.com/showpost.php?p=77623934&postcount=5
41rw4lk said:
You need drivers so that your pc and the phone can communicate, here is a link and it also has a verified blankflash.zip that has worked many times for others in the past. The process is a bit hit and miss, meaning it can be finicky on some pcs. Make sure you use a usb 2.0 port off the mobo, and not a 3.0+ or a hub port, they're not all so universal and can cause problems, so stick to 2.0 mobo ports.
https://forum.xda-developers.com/showpost.php?p=77623934&postcount=5
Click to expand...
Click to collapse
Hiiiii.
Well, the file in the forum that you gave me works! I mean, it does something new, it generates a successful process and it was reinitiated to the bootloader, once there I noticed that there was a changed item "Software status: Official" (previously said modified), but the ítem of "Flashing_locked" is still the same ...
Anyway I tried to flash the stock ROM with that and I have the same result whenhen I get to the command "fastboot flash bootloader bootloader.img", here are the results:
(bootloader) is-logical:bootloader: not found
Sending 'bootloader' (9884 KB) OKAY [ 0.266s]
Writing 'bootloader' (bootloader) Validating 'boot
loader.default.xml'
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) flash permission denied
(bootloader) Cancelling 'bootloader.default.xml'
FAILED (remote: '')
fastboot: error: Command failed
Another new thing found: in "bootloader logs" mode it says:
SSM: abl cvs roll back 0,1
Fastboot Reason: UTAG bootmode configured as fastboot
I feel that I am closer to each step, please continue to help me.
What firmware are you trying to flash? At this point it might be easier to use the lenovo moto smart assistant tool to do a rescue on your phone. Do a 'fastboot reboot bootloader' to get a fresh bootloader session, and run the lmsa tool and see it it will recover your phone. Either way, let me know what firmware you're trying to flash.
First of all, you need to make sure you are xt1789-? ? If x is 3, then he is the s version. You only need to install the rom of the corresponding carrier. I remember that the installation tool can choose whether to install the baseband and bp/bl lock (maybe)So your xt1789-? ? What is it?
Refer to the version number in the link image https://m.facebook.com/story.php?story_fbid=624595458056701&id=100015187571561
41rw4lk said:
What firmware are you trying to flash? At this point it might be easier to use the lenovo moto smart assistant tool to do a rescue on your phone. Do a 'fastboot reboot bootloader' to get a fresh bootloader session, and run the lmsa tool and see it it will recover your phone. Either way, let me know what firmware you're trying to flash.
Click to expand...
Click to collapse
Hi again !
I followed his advice to use the "lenovo moto smart assistant tool" but as a result I got that my device isn't supported by the software (see attached image).
On the other hand, regarding the firmware that I'm trying to recover, I don't know if I remembered that I told him to install a wrong ROM at the beginning of my problem, and I never backed up my original ROM, so I do not really have the least idea of ​​what is my stock ROM (for Colombia - South America), if I search for firmware I find many categorized with letters at the beginning (AMXBR, AMXCO, AMXLA, AMXMX, ATT, ATTM, LRA, OPENMX, RETAIL, RETAPAC, RETBR, RETCN, RETEU, RETIN, RETLA, RETRU , SPRINT, TEFBR, TIMBR, TIMIT, TMO, USC, VFEU, VZW) ... investigate how I can know which was the original of my phone (after having made a mess) and can not find any reference in this regard.
I keep trying.
潇霄小云 said:
First of all, you need to make sure you are xt1789-? ? If x is 3, then he is the s version. You only need to install the rom of the corresponding carrier. I remember that the installation tool can choose whether to install the baseband and bp/bl lock (maybe)So your xt1789-? ? What is it?
Refer to the version number in the link image https://m.facebook.com/story.php?story_fbid=624595458056701&id=100015187571561
Click to expand...
Click to collapse
Hi 潇 霄 小云!
I am sure it is an XT1789-05 however I do not know which firmware corresponds to me (never look before deleting my stock ROM) and when looking for the firmware of my device there are many with many letters at the beginning (AMXBR, AMXCO, AMXLA, AMXMX, ATT, ATTM, LRA, OPENMX, RETAIL, RETAPAC, RETBR, RETCN, RETEU, RETIN, RETLA, RETRU , SPRINT, TEFBR, TIMBR, TIMIT, TMO, USC, VFEU, VZW), so I do not know which one corresponds to me for Colombia (South America).
You can not see my model in the image you send me ...
Thanks for the help, I'm still investigating!
Loperaco said:
Hi again !
I followed his advice to use the "lenovo moto smart assistant tool" but as a result I got that my device isn't supported by the software (see attached image).
On the other hand, regarding the firmware that I'm trying to recover, I don't know if I remembered that I told him to install a wrong ROM at the beginning of my problem, and I never backed up my original ROM, so I do not really have the least idea of ​​what is my stock ROM (for Colombia - South America), if I search for firmware I find many categorized with letters at the beginning (AMXBR, AMXCO, AMXLA, AMXMX, ATT, ATTM, LRA, OPENMX, RETAIL, RETAPAC, RETBR, RETCN, RETEU, RETIN, RETLA, RETRU , SPRINT, TEFBR, TIMBR, TIMIT, TMO, USC, VFEU, VZW) ... investigate how I can know which was the original of my phone (after having made a mess) and can not find any reference in this regard.
I keep trying.
Click to expand...
Click to collapse
Well your device is showing -05, that's Mexico and South America I believe. There should be a model printed by the charge port on the phone. As for which firmware, look at your sim and see if you can get an idea from there, or if you can ask whomever you got your phone from. Do you remember what provider was listed under the software update channel originally? Your sim should be able to get you some info as to who the provider is even if it's just a subsidy of a major carrier.
Hi there !
Well today I have very good news!
At last I managed to reinstall everything. How it happened? So I went back to the steps in this way:
1. Having a wrong ROM version (it does not correspond to my stock) connect by bluethooth the cell phone to access the internet, so the cell phone recognized that the OEM had already been authorized and allowed me to access the option and change it (because before it was gray).
2. Go to the bootloader and find the indication "Flashing_locked", but as I knew I had already given the authorization from within the ROM I opened a console and wrote the command "fastboot oem unlock" AND RECOGNIZED IT!, Restart the bootloader and voila! the message already said "Flashing_unlocked"
3. After this it was a matter of trying (without lying) something like six firmware XT1789-05 version because I had no idea what mine was, it took me a long time because some left me without Wi-Fi again, but Finally, I managed to locate one that looked like the one I had (RETLA XT1789-05_NASH_RETLA_DS_8.0.0_OPXS27.109-34-19_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml), so I tried hard there, but still shows a warning that a version is installed of the different operating system, but it works for me and that's how it will stay for a couple of months.
4. Then I was able to install the TWRP and the Magisk without any problems.
5. Problems that I had: Warning of the bootloader without blocking, Notice of the different operating system, Application of finding my device does not work (it stays looking for the cell phone and never locates it).
Many thanks to 41rw4lk, without your help this would have been impossible.
I hope to share my experience with someone else who may have my problem or something like it!
Postscript: Finally, they never gave me instructions on how to make the Deep Cable when the cell phone is a USB-C type port (lol), so if the data appears I would still be interested only in general knowledge.

Z00ED ZE500KL partition error

My phone wich i never unlocked nor tried flashing with custom roms before started losing functionalities like part of the settings menu, for example the sim cards menu, not loading up or apps not loading/crashing and massive battery use, which i then solved by flashing a raw original rom file using fastboot from a nice guy on youtube with my exact model. youtube.com/watch?v=pOShAjiDeo0 , his 3 gig raw file and flashall.bat did everything with just one bat executable for me after extracting his package
This worked flawlessly to revive the phone five times to its out of the box original state, in the last 6-8 months after each time the phone started having these weird glitches as if it forgot parts of its systemfiles im assuming . (and the phones built in recovery factory reset thing didnt do anything to fix the phone)
Yesterday while in the mids of using the phone on the loo surfing the web all apps i was using started crashing instantly after opening them so i was like, ok lets flash again for the sixt time like we have done before, only this time, it gave me FAILED error at the partitioning stage. Im suspecting my partition is corrupted this time , as even the recovery mode of the phone does not load , it just keeps rebooting when i press the volume down button while powering on the phone. Fastboot still works when holding the volume up button and is the only thing working at this time
flashall.bat (@ECHO OFF FOR /F "delims=" %%i IN ('dir "%~dp0" /B ^| findstr /I "raw"') DO ( SET RAW=%%i )
fastboot flash all -f "%RAW%"
fastboot oem adb_enable
fastboot continue )
/////////////////////////////////////////////////
// WIPE-DISABLE
/////////////////////////////////////////////////
/////////////////////////////////////////////////
// ASUS Fastboot Tool (Android L)
// Version V4.0 (2015/06/16)
/////////////////////////////////////////////////
/////////////////////////////////////////////////
// ASUS_PROJECT_NAME = ZE500KL
/////////////////////////////////////////////////
/////////////////////////////////////////////////
// CPU ID = 705
/////////////////////////////////////////////////
/////////////////////////////////////////////////
// RE-PARTITION ENABLE
/////////////////////////////////////////////////
/////////////////////////////////////////////////
// ASUS_RAW_VERSION = V1
/////////////////////////////////////////////////
target reported max download size of 268435456 bytes
sending 'partition' CRC (0x446454cf)...
OKAY [ 0.005s]
writing 'CRC'...
OKAY [ 0.001s]
sending 'partition' (33 KB)...
OKAY [ 0.004s]
writing 'partition'...
FAILED (remote: failed to write partition)
finished. total time: 0.029s
...
OKAY [ 0.001s]
finished. total time: 0.002s
resuming boot...
FAILED (command write failed (No such file or directory))
finished. total time: 0.003s
Thanks for reading, my first time dabling in all this stuff as id hate to see a perfectly good screen and ram and device going to waste because of a corrupted storage system, partition issue. How to i go about recreating the partition in such a case ? all i have to work with is fastboot, i never got this adb stuff to list the device)

EDL mode and test point of the Moto G 5G Plus?

Hello I have a hardbrick that so far I cannot solve, because I want to close the bootloader, the fastboot rejects any command that I enter (including the "fastboot oem unlock") and when turning on motorola it generates the error 0xC2224571 "No valid operating system could be found. The device will not boot ". I thought about doing a "Blankflash", but I don't know what the Motorola "test point" is. Does anyone know how to do it and get to EDL mode?
seems a/b partition problem.
try fastboot flash recovery_a twrp.img
fastboot flash recovery_b twrp.img
shadowchaos said:
seems a/b partition problem.
try fastboot flash recovery_a twrp.img
fastboot flash recovery_b twrp.img
Click to expand...
Click to collapse
I already tried that of recovery_a and recovery_b, and nothing happens, that gives CMD:
1) fastboot flash recovery_a twrp-3.5.0-0-nairo.img
Sending 'recovery_a' (59392 KB) OKAY [ 1.827s]
Writing 'recovery_a' (bootloader) flash permission denied
FAILED (remote: '')
fastboot: error: Command failed
2) fastboot flash recovery_b twrp-3.5.0-0-nairo.img
Sending 'recovery_b' (59392 KB) OKAY [ 1.308s]
Writing 'recovery_b' (bootloader) flash permission denied
FAILED (remote: '')
fastboot: error: Command failed
Also, everything I try to flash ends with this message "flash (bootloader) permission denied".
supermafari2.0 said:
I already tried that of recovery_a and recovery_b, and nothing happens, that gives CMD:
1) fastboot flash recovery_a twrp-3.5.0-0-nairo.img
Sending 'recovery_a' (59392 KB) OKAY [ 1.827s]
Writing 'recovery_a' (bootloader) flash permission denied
FAILED (remote: '')
fastboot: error: Command failed
2) fastboot flash recovery_b twrp-3.5.0-0-nairo.img
Sending 'recovery_b' (59392 KB) OKAY [ 1.308s]
Writing 'recovery_b' (bootloader) flash permission denied
FAILED (remote: '')
fastboot: error: Command failed
Also, everything I try to flash ends with this message "flash (bootloader) permission denied".
Click to expand...
Click to collapse
Could you describe what moves at last time which causes this situation?
supermafari2.0 said:
I already tried that of recovery_a and recovery_b, and nothing happens, that gives CMD:
1) fastboot flash recovery_a twrp-3.5.0-0-nairo.img
Sending 'recovery_a' (59392 KB) OKAY [ 1.827s]
Writing 'recovery_a' (bootloader) flash permission denied
FAILED (remote: '')
fastboot: error: Command failed
2) fastboot flash recovery_b twrp-3.5.0-0-nairo.img
Sending 'recovery_b' (59392 KB) OKAY [ 1.308s]
Writing 'recovery_b' (bootloader) flash permission denied
FAILED (remote: '')
fastboot: error: Command failed
Also, everything I try to flash ends with this message "flash (bootloader) permission denied".
Click to expand...
Click to collapse
Hey, can I ask you how did you manage to unbrick it? My phone doesn't get recognized via fastboot. It seems dead but when I connect it to the pc, it gets recognized as "Qualcomm HS-USB QDLoader 9008".
What can I do next?
Try a blank flash for your phone.
Hello,
I am in a similar situation and also interested in the test point for EDL mode, so rather than opening a new thread I figured I'd reply here.
As it stands, my phone has the /e/ project ROM and recovery flashed on it, the "Allow OEM unlock" option is disabled, and the bootloader is locked. Meaning, the OS doesn't get recognized and doesn't boot, flashing is disallowed across the board, fastboot oem unlock <UNLOCK_KEY> is rejected, and fastboot boot <any recovery stock or otherwise>.img fails.
fastboot oem blankflash returns "Command Restricted" and well, subsequently tells me it failed.
So my own ignorance left myself with a rather expensive paperweight and the last resort I believe is to flash a stock ROM in EDL mode. I have found a teardown video of the device and seen a few test points there (including 3 under the large heatsinking graphite film), and I'm ready to remove the back cover on mine. It seems that the EDL test point isn't documented... If need be, I could try to find the test points myself. I just need more info to not short and break anything.
Edit: so I've gone and done it. Stabbed all visible test points, one of them scores at 1.8v, one at 1.5v, the rest at 0v. [EDIT] Some actually show something below 0.5v.
The 1.8v test point is connected to a trace going to the connector's pin. Another pad goes just beside that pin. It is very enticing right now to try and bridge them, however I'm not confident those are the EDL test points and I may short something I don't want to. I'm gonna get resistors.
The missing connector tells me it's a connector that's important for Motorola, and clearly not for the end-user. This is a cost-saving measure, don't need to run extensive tests when the device is finalized, you only need the test points to... enable EDL? Ahah. The fact the connector pads are still there is because designing the rerouting to remove them also costs money.
The 1.5v test point is between the screen and bottom daughterboard flexible flat cables connectors. Without certainty, I believe it may be a voltage for one of those or both.
Attached is the photo of the test points around the missing connector, if that helps at all.
Edit2: I found this post about trying for test points. I'm lacking resistors right now to further test. https://forum.xda-developers.com/t/phone-doesnt-boot-even-in-edl-mode.4411915/#post-87260675
Edit3: welp, bridging the points linked to the missing connector pads did nothing. What I tried is keep the phone off, bridge the points, plug the USB, but it keeps sending me to "OS not found" error or fastboot, depending on if fb_mode_set or fb_mode_clear have been used.
Hey @Awilen please keep us posted. I too want to play with this phone, but am frustrated by lack of easy access to EDL mode (to unbrick). (I want to try to roll my own GSI/AOSP build + Moto proprietary drivers, which will likely not boot the first thirty or so times I try it.)
FWIW, I tried this method and a pre-bought cable that allegedly does the same thing- no dice either.
The fact that there ARE EDL IMAGES out there gives me hope.
This repository has some other tricks to try, if you are brave enough:
Use a edl cable (Short D+ with GND) and force reboot the phone (either vol up + power pressing for more than 20 seconds or disconnect battery), works with emmc + ufs flash (this will only work if XBL/SBL isn't broken)
If emmc flash is used, remove battery, short DAT0 with gnd, connect battery, then remove short.
If a ufs flash is used, things are very much more complicated. You will need to open the ufs die and short the clk line on boot, some boards have special test points for that.
Some devices have boot config resistors, if you find the right ones you may enforce booting to sdcard instead of flash.
(I've tried #1)
FWIW, I've never had any success with any "EDL cable" on any device, but that could be entirely due to timing/incompetence on my part.
A few devices I've been able to find EDL test points.
On some non-Qualcomm devices I have gotten to ROM bootloader by using a 100 ohm resistor (for safety, instead of a dead short) from some random test point near eMMC to ground.
Hey @Renate the cable works on my OnePlus (which, also, has a key sequence to do it, making the cable superfluous), so I know that isn't the issue here. I just don't want to unglue the phone and risk breaking something just to play. Once the battery becomes useless and that's inevitable, then I'll probably become a MB-shortin'-mo-fo.
SomeRandomGuy said:
This repository has some other tricks to try, if you are brave enough:
Use a edl cable (Short D+ with GND) and force reboot the phone (either vol up + power pressing for more than 20 seconds or disconnect battery), works with emmc + ufs flash (this will only work if XBL/SBL isn't broken)
If emmc flash is used, remove battery, short DAT0 with gnd, connect battery, then remove short.
If a ufs flash is used, things are very much more complicated. You will need to open the ufs die and short the clk line on boot, some boards have special test points for that.
Some devices have boot config resistors, if you find the right ones you may enforce booting to sdcard instead of flash.
(I've tried #1)
Click to expand...
Click to collapse
Hey! I was waiting on my EDL cable. I just tried it... no dice. No dice at all. I believe I've exhausted all non-intrusive tricks in the book, the next step is cleanly desoldering the EM shield over the processor and flash/RAM combo ICs.
Since the device is out of warranty anyway, I'll try for a repair shop to desolder it, as the only powerful-enough heat source I have is a large heat gun blowing 150°C, 450°C or 600°C air. Other than that I have a 60W soldering iron, I doubt that'll be enough.
The only problem with the desoldering is that the EM shield is part of the cooling solution for the processor/RAM/Flash ICs. It will need to be reapplied.
Edit: I made a thread on the e.foundation forums listing everything I tried: https://community.e.foundation/t/bo...and-wont-boot-am-i-out-of-luck/43362?u=awilen
Awilen said:
Edit: I made a thread on the e.foundation forums listing everything I tried: https://community.e.foundation/t/bo...and-wont-boot-am-i-out-of-luck/43362?u=awilen
Click to expand...
Click to collapse
TIL “fastboot oem qcom-on” and “fastboot oem qcom-off” are a thing.
For my part, to this day I cannot find a way to access this mode, I still have my theories, since on one page I found "official" diagrams of this motorola and the phrase "EDL" is indicated at various points, but I don't really know how to interpret them on the motherboard, I'll leave the link in case someone wants to review it, it's from a Brazilian page:
Motorola_Moto_G_5G XT2075 - LEMCELL.COM.BR.zip
drive.google.com
In that one there are several files, with more technical specifications, in case someone wants to review it and see what they find useful out there, to see if it is possible to reach EDL mode on this model.
The missing connector I shot in my photos is a JTAG connector. Make of that what you will.
I have desoldered the EMI shield above the SoC/eMCP area and there's no dice there either. The traces are hidden, the parts are BGAs, there's no "pin" to short there. The schematics may or may not have confirmed my suspicion the physical trace for the clock signal to the eMCP is unreachable, making reaching EDL mode through "PBL panic from not being able to access the flash" impossible.
The SMDs around the eMCP may or may not seem to all be related to power delivery smoothing, and shorting those is blue smoke waiting to happen. I'll resolder the shield later, I don't think there's any point in desoldering it in the future for the purpose of reaching EDL mode.
There are official blankflash utilities freely available. I have no doubt EDL mode is accessible. This connector must be just how.
BREAKTHROUGH TIME! I GOT INTO QCOM 9008 MODE!
In the attached photo are the EDL pads. Happy flashing!
Edit: now I'm getting some progress, but nothing is working. Here's the two logs I get, the first just after connecting, the second after having tried once already:
Code:
$ sudo ./qcom blank-flash
**** Log buffer [000001] 2022-12-02_19:02:50 ****
[ 0.000] Opening device: /dev/ttyUSB0
[ 0.000] Detecting device
[ 5.889] ERROR: sahara_greet_device()->change_mode()->do_hello()->Invalid command received in current state
[ 5.889] Check qboot_log.txt for more details
[ 5.889] Total time: 5.889s
[ 5.889]
[ 5.889] qboot version 3.86
[ 5.889]
[ 5.889] DEVICE {
[ 5.889] name = "/dev/ttyUSB0",
[ 5.889] flags = "0x60",
[ 5.889] addr = "0xFECAF690",
[ 5.889] serial_nix.device_pathname = "/sys/bus/usb/devices/1-3.2/1-3.2:1.0/ttyUSB0",
[ 5.889] api.bnr = "0x1FE4210",
[ 5.889] }
[ 5.889]
[ 5.889]
[ 5.889] Backup & Restore {
[ 5.889] num_entries = 0,
[ 5.889] restoring = "false",
[ 5.889] backup_error = "not started",
[ 5.889] restore_error = "not started",
[ 5.889] }
[ 5.889]
Code:
$ sudo ./qcom blank-flash
**** Log buffer [000001] 2022-12-02_19:03:50 ****
[ 0.000] Opening device: /dev/ttyUSB0
[ 0.343] Detecting device
[ 34.920] ERROR: sahara_greet_device()->change_mode()->do_hello()->IO error
[ 34.920] Check qboot_log.txt for more details
[ 34.920] Total time: 34.920s
[ 34.920]
[ 34.920] qboot version 3.86
[ 34.920]
[ 34.920] DEVICE {
[ 34.920] name = "/dev/ttyUSB0",
[ 34.920] flags = "0x60",
[ 34.920] addr = "0xAEF35240",
[ 34.920] serial_nix.device_pathname = "/sys/bus/usb/devices/1-3.2/1-3.2:1.0/ttyUSB0",
[ 34.920] api.bnr = "0x21BC210",
[ 34.920] }
[ 34.920]
[ 34.920]
[ 34.920] Backup & Restore {
[ 34.920] num_entries = 0,
[ 34.920] restoring = "false",
[ 34.920] backup_error = "not started",
[ 34.920] restore_error = "not started",
[ 34.920] }
[ 34.920]
Edit 2: I got a blankflash to work! Now I don't know... This is what I got:
Code:
D:\blankflash>.\qboot.exe blank-flash
Motorola qboot utility version 3.86
[ -0.000] Opening device: \\.\COM3
[ -0.000] Detecting device
[ -0.000] ...cpu.id = 286 (0x11e)
[ -0.000] ...cpu.sn = 3786473903 (0xe1b101af)
[ -0.000] Opening singleimage
[ -0.000] Loading package
[ -0.000] ...filename = pkg.xml
[ -0.000] Loading programmer
[ -0.000] ...filename = programmer.elf
[ -0.000] Sending programmer
[ 0.109] Handling things over to programmer
[ 0.109] Identifying CPU version
[ 0.109] Waiting for firehose to get ready
[ 3.220] ReadFile() failed, GetLastError()=0
[ 3.330] ...SM_SAIPAN 2.0
[ 3.330] Determining target secure state
[ 3.330] ...secure = yes
[ 3.377] Configuring device...
[ 3.377] Skipping UFS provsioning as target is secure
[ 3.377] Configuring device...
[ 3.470] Flashing GPT...
[ 3.470] Flashing partition with gpt.bin
[ 3.470] Initializing storage
[ 3.517] ...blksz = 4096
[ 3.580] ReadFile() failed, GetLastError()=0
[ 4.049] Re-initializing storage...
[ 4.049] Initializing storage
[ 4.361] Flashing bootloader...
[ 4.361] Wiping ddr
[ 4.392] Flashing abl_a with abl.elf
[ 4.439] Flashing aop_a with aop.mbn
[ 4.486] Flashing qupfw_a with qupfw.elf
[ 4.517] Flashing tz_a with tz.mbn
[ 4.783] Flashing hyp_a with hyp.mbn
[ 4.839] Flashing devcfg_a with devcfg.mbn
[ 4.854] Flashing keymaster_a with keymaster.mbn
[ 4.901] Flashing storsec_a with storsec.mbn
[ 4.933] Flashing uefisecapp_a with uefi_sec.mbn
[ 5.089] Flashing prov_a with prov64.mbn
[ 5.104] Flashing xbl_config_a with xbl_config.elf
[ 5.151] Flashing xbl_a with xbl.elf
[ 5.649] Rebooting to fastboot
[ 5.665] Total time: 5.665s
Somehow it worked, I got to flash another phone's blankflash (a "Racer" codenamed phone apparently) on it and the ABL (the thing that tells me it won't boot because it didn't find a valid system) changed visually. Now I'll try to unlock the bootloader, or flash a system on it.
Edit 3: Mmh. After clearing that EDL mode flashing worked, the system is still flashing-locked, secured, and fastboot oem unlock <unique_key> isn't working.
so you activated the qcom, but it is not responding to the blankflash? at least it's an advance, maybe it's a blankflash problem or do you think it's some kind of board protection?
Later I will try on my own on my board
Congrats on your quest. Were you literally shorting them, or did you use a resistor? You had to touch all three together?
I guess I still am confused how there is a blankflash out there for this phone, but no way to trigger EDL without a hardware kit. I just ran through all the key combinations (V+,V-, PWR) and USB in/out just to make sure I didn't miss something... no dice to EDL.
supermafari2.0 said:
so you activated the qcom, but it is not responding to the blankflash? at least it's an advance, maybe it's a blankflash problem or do you think it's some kind of board protection?
Later I will try on my own on my board
Click to expand...
Click to collapse
I am confident EDL mode flashing worked. I used a different phone's blankflash that had the same SoC and it worked, giving me a visually different "No OS found" error screen. I posted the log of the blanking process. The "Allow OEM Unlock" bit is still set to "disabled" after blanking, such that I still can't use "fastboot oem unlock" successfully.
There's this line that makes me think the system is still intact: "Skipping UFS provsioning as target is secure", meaning the UFS filesystem might have not been actually blanked. Since singleimage.bin is a signed binary, there's no way to force UFS provisioning or modify it in any other way. I think the only way in will be with a firehose and QFIL... Except I haven't found one for this SoC. The programmer.elf is the firehose, but again that needs to be signed to be useful after getting extracted.
SomeRandomGuy said:
Congrats on your quest. Were you literally shorting them, or did you use a resistor? You had to touch all three together?
I guess I still am confused how there is a blankflash out there for this phone, but no way to trigger EDL without a hardware kit. I just ran through all the key combinations (V+,V-, PWR) and USB in/out just to make sure I didn't miss something... no dice to EDL.
Click to expand...
Click to collapse
I marked two pads of the missing connector with a green rectangle (I reused the photo I posted earlier on which I had already marked the test points' voltages, disregard the test points). I shorted them with only one voltmeter probe.
The idea is that the EDL pads I marked in green are connected to a 1.8V supply and a pin on the SoC with "infinite resistance", so there's no need for an additional resistor. You are not at risk of shorting anything and cause a major disaster on pins on the row of the green rectangle. The connector is very small, so stab confidently in the middle of the row of pads!
The (V+, PWR) combination may be available in development units, and be disabled in production units at the hardware level (missing components).
(Keep in mind I'm talking in hypotheticals at times to keep up plausible deniability regarding the files posted earlier by supermafari2.0... Those are surely under copyright.)
Layers of security upon layers of security just to get a stock firmware on an empty filesystem on my own device... This is getting old...
Edit: I have, out of boredom, decomposed the singleimage.bin into its various files. Here is the file format:
Code:
* SINGLE_N_LONELY Header [256 bytes]
* FILE:
Header:
* file name: 248 bytes (name + "\0" padding)
* file size: 8 bytes, little-endian
Data:
* data: file size in bytes
* 0xA0 padding if (file size % 4096) != 0 : file size + 4096 - (file size % 4096) bytes
[* FILE...]
* LONELY_N_SINGLE Footer [256 bytes]
Do note the 4096 magic number is the flash sector size, thus is device-dependant. In singleimage.bin, there was gpt.bin which also follows the same format. Among the files is programmer.elf, a strong candidate to be a firehose, I'll try to use with QFIL tomorrow. I do take note of Motorola's attempt at psychological warfare.
So I tried the programmer I found in the singleimage.bin file, it's indeed capable of programming through QFIL! (Do note I needed to get QFIL through QPST to get it to work.) However now I'm faced with this as I'm trying to flash recovery.img to get to recovery and get recovery to reinstall a working system:
Code:
INFO: TARGET SAID: 'ERROR: range restricted: lun=5, start_sector=142688, num_sectors=25600'
I guess the programmer checks for the flash being in a locked state, so it's time to try to patch the programmer to force the flash, if at all possible...
Edit: guessed right. The programmer has a routine that does various checks. It isn't encrypted, but I found data that could indicate the file is signed. I didn't see either the PEEK or POKE strings in there, meaning these primitives weren't included in the programmer, so there's no way to manually poke any image by hand, or just enable that blasted "Allow OEM unlock" bit (the fact I don't know where it is not withstanding.)
I think that's the end of the line for my device. At this point the only way it will ever work again will be either getting a patched and signed firehose (unlikely), or getting Motorola to reflash a stock image internally (even more unlikely) or just changing the motherboard (which defeats the purpose of searching how to get the device back in working order after messing up!)

Categories

Resources