How to Develop a Blank Flash? - Moto G5 Questions & Answers

Like several others, I have been trying to recover a MotoG5 with BlankFlash, but all the files I tried gave an error, because I believe they were made based on different ROM distributions. I would like to know how to develop ... What exists in singleimage.bin ... how is "qboot.exe" done ...
Does anyone here have this knowledge to share? Someone who has done something like that?

rada80 said:
Like several others, I have been trying to recover a MotoG5 with BlankFlash, but all the files I tried gave an error, because I believe they were made based on different ROM distributions. I would like to know how to develop ... What exists in singleimage.bin ... how is "qboot.exe" done ...
Does anyone here have this knowledge to share? Someone who has done something like that?
Click to expand...
Click to collapse
I have two news for you!
First: Welcome to the group of fu** with Moto g5 xt1672 / 70 ... locked in the led.
Second: There is 1 whole month that I'm trying and neither jtag worked.
Here in Brazil I already took the device in several specialists and already tried several tutorials, all without success.
There is one I sent shortly to a member here on the forum.
This tutorial I enivei believe I did not understand right as it is done because the bastard of the videio does not know how to explain correctly or I'm kind of dumb to try.
I can not send links here because I am new to the forum, if you want you can send me an email in which I forward youtube links for you to try:
[email protected]
good luck!! If you find out let us know!

comment
silasmvg said:
I have two news for you!
First: Welcome to the group of fu** with Moto g5 xt1672 / 70 ... locked in the led.
Second: There is 1 whole month that I'm trying and neither jtag worked.
Here in Brazil I already took the device in several specialists and already tried several tutorials, all without success.
There is one I sent shortly to a member here on the forum.
This tutorial I enivei believe I did not understand right as it is done because the bastard of the videio does not know how to explain correctly or I'm kind of dumb to try.
I can not send links here because I am new to the forum, if you want you can send me an email in which I forward youtube links for you to try:
[email protected]
good luck!! If you find out let us know!
Click to expand...
Click to collapse
I have an xt1671 device that suffered hardbrik if they manage to run the blankflash with success agalon know so I can revive my device thanks
tengo un dispositivo xt1671 que sufrio hardbrik si logran ejecutar el blankflash con exito agalon saber para que pueda revivir mi dispositivo gracias

There's a way to restore the bootloader, however, a very specific stock rom will have to be flashed from fastboot afterwards, which I don't know of.

To the best of my knowledge, I don't think you can develop blankflashes.
1)Blankflashes are digitally signed by the OEM, and likely are not usable if you edit them (as that breaks the signatures).
2)Singleimage.bin appears to contain the various bootloader images, with an accompanying XML file (I guess hex locations of the images in the singleimage.bin), and GPT.bin, whereas qboot.exe seems to handle the communication and verification (from looking at other blankflash logs).
a)Qboot.exe appears to contact your device via Sahara protocol (to attempt to reach the primary bootloader) https://github.com/openpst/sahara and seems to verify the CPU and device.
b)If the CPU and device are verified, the programmer is then loaded and sent to your device to verify the bootloader version on your device. Presumably, this step is to prevent you from flashing older bootloaders and possibly opening security holes https://forum.xda-developers.com/showpost.php?p=62191317&postcount=2112 If the programmer is satisfied your bootloader is not newer than the blankflash bootloader, it then opens the firehose connection to begin downloading and flashing a new bootloader to your device.
It seems that from the blankflashes I've noted, most of the failures seem to happen with 2b) - i.e. the programmer verification or with 2a), the blankflash just can't communicate with your device. With 2b), that may fail if your corrupted bootloader is newer than the blankflash bootloader - it'll just reject the flash or hang at 'waiting for firehose'. As mentioned here, though, https://github.com/openpst/sahara you'd need updated/new blankflash files with an updated programmer specific to the Motorola MSM8937 platform. Getting those files is quite difficult - OEMs like Motorola do not like giving them out (most of the blankflashes we have on XDA are old leaks), presumably as having a signed blankflash that can access the bootloader may be a security risk (as this Aleph article may demonstrate https://alephsecurity.com/2018/01/22/qualcomm-edl-1/ ) However, without a proper programmer, then the bootloader images may not flash onto your device.
You may wish to look into either a G5S or G6 Play blankflash if they are around, as they are based on the Snapdragon 430. I do not know if their bootloaders are compatible with the G5, so I cannot recommend to flash/attempt to flash a blankflash not meant for your device. Failing that, your other options are to pay for a motherboard repair or to invest in a new device.

echo92 said:
To the best of my knowledge, I don't think you can develop blankflashes.
1)Blankflashes are digitally signed by the OEM, and likely are not usable if you edit them (as that breaks the signatures).
2)Singleimage.bin appears to contain the various bootloader images, with an accompanying XML file (I guess hex locations of the images in the singleimage.bin), and GPT.bin, whereas qboot.exe seems to handle the communication and verification (from looking at other blankflash logs).
a)Qboot.exe appears to contact your device via Sahara protocol (to attempt to reach the primary bootloader) https://github.com/openpst/sahara and seems to verify the CPU and device.
b)If the CPU and device are verified, the programmer is then loaded and sent to your device to verify the bootloader version on your device. Presumably, this step is to prevent you from flashing older bootloaders and possibly opening security holes https://forum.xda-developers.com/showpost.php?p=62191317&postcount=2112 If the programmer is satisfied your bootloader is not newer than the blankflash bootloader, it then opens the firehose connection to begin downloading and flashing a new bootloader to your device.
It seems that from the blankflashes I've noted, most of the failures seem to happen with 2b) - i.e. the programmer verification or with 2a), the blankflash just can't communicate with your device. With 2b), that may fail if your corrupted bootloader is newer than the blankflash bootloader - it'll just reject the flash or hang at 'waiting for firehose'. As mentioned here, though, https://github.com/openpst/sahara you'd need updated/new blankflash files with an updated programmer specific to the Motorola MSM8937 platform. Getting those files is quite difficult - OEMs like Motorola do not like giving them out (most of the blankflashes we have on XDA are old leaks), presumably as having a signed blankflash that can access the bootloader may be a security risk (as this Aleph article may demonstrate https://alephsecurity.com/2018/01/22/qualcomm-edl-1/ ) However, without a proper programmer, then the bootloader images may not flash onto your device.
You may wish to look into either a G5S or G6 Play blankflash if they are around, as they are based on the Snapdragon 430. I do not know if their bootloaders are compatible with the G5, so I cannot recommend to flash/attempt to flash a blankflash not meant for your device. Failing that, your other options are to pay for a motherboard repair or to invest in a new device.
Click to expand...
Click to collapse
You are very correct and I agree with you! By the jtag I managed to do all this, but the error occurs in the signature and I do not know to do the correct programming.
The way I found it is to wait for the leak of this oem.

silasmvg said:
You are very correct and I agree with you! By the jtag I managed to do all this, but the error occurs in the signature and I do not know to do the correct programming.
The way I found it is to wait for the leak of this oem.
Click to expand...
Click to collapse
, I own a Moto G5 XT1677 which i bought in Nov. 2017. Got android 8.1 Oreo update in Oct 2018. I was playing PUBG on 30 Dec 2018 and suddenly my screen freez and no button was responsive. I removed the battery and reinserted and tried powering it on but no response. Tried chargring but only a led on side of speaker was blinking. I tried by pressing vol+ and vol- and power button together/ vol- and power button ALSO for short time and more than 3 mins too but still coludnot get any response from phone. I tried flashing in every possible way by downloadin the cedric stock file from XDA but could not revive the phone (since cannot get that flashing/fastboot screen). I WAS ONLY GETTING TO SEE HS-USB qdLoader 9008 diagnostic (COM 4) port in QFIL tool on my laptop and cannot get anything to proceed to use that port. I sent it to service center and they were saying that they cannot get the boot loader on phone. Before that they were saying motherboard issues then said Power IC issue fir which again motherboard is to be replaced and the price was exceeding the price of the phone.
I WANT TO GIVE A FINAL TRY AS THE PHONE IS JUST 1 YEAR AND 1 MONTH OLD. NEED SOME EXPERT ADVICE TO REVIVE THE PHONE. PLEASE HELP ME AS CANNOT AFFORD TO A NEW ONE NOW.

HIMANSHU SWAIN said:
, I own a Moto G5 XT1677 which i bought in Nov. 2017. Got android 8.1 Oreo update in Oct 2018. I was playing PUBG on 30 Dec 2018 and suddenly my screen freez and no button was responsive. I removed the battery and reinserted and tried powering it on but no response. Tried chargring but only a led on side of speaker was blinking. I tried by pressing vol+ and vol- and power button together/ vol- and power button ALSO for short time and more than 3 mins too but still coludnot get any response from phone. I tried flashing in every possible way by downloadin the cedric stock file from XDA but could not revive the phone (since cannot get that flashing/fastboot screen). I WAS ONLY GETTING TO SEE HS-USB qdLoader 9008 diagnostic (COM 4) port in QFIL tool on my laptop and cannot get anything to proceed to use that port. I sent it to service center and they were saying that they cannot get the boot loader on phone. Before that they were saying motherboard issues then said Power IC issue fir which again motherboard is to be replaced and the price was exceeding the price of the phone.
I WANT TO GIVE A FINAL TRY AS THE PHONE IS JUST 1 YEAR AND 1 MONTH OLD. NEED SOME EXPERT ADVICE TO REVIVE THE PHONE. PLEASE HELP ME AS CANNOT AFFORD TO A NEW ONE NOW.
Click to expand...
Click to collapse
You can revive your device from this thread
https://forum.xda-developers.com/g5...-run-morning-post-image-t3776012/post76190059
And use this mmcblk0 file from here:-
https://drive.google.com/file/d/1Nw50H-XCsrxsFXdBeyo_a0CV4WGcZDIJ/view?usp=drivesdk

Related

Help..Pixel XL in HS-USB QDloader 9008 mode.

Hello, Iam having a bricked Google Pixel XL 128GB with black screen, no fastboot, no recovery(phone only detected as HS-USB QDLoader 9008).
Is there anyway to unbrick the phone?
What was your setup before this happened? What were you trying to do before this happened?
chapelfreak said:
What was your setup before this happened? What were you trying to do before this happened?
Click to expand...
Click to collapse
Bad Flash on OTA update
Hey... Actually, there's no easy way to get the pixel back up and running. I tried to read a bit about the issue on different phones. I'm not sure it could be of some use for our device.. It also involves, either having someone to pull a full backup of his phone for you which you'll have to find... Or finding special Qualcomm files and firmware used for flashing using Qualcomm tool QFIL... I haven't found Qualcomm files/firmware on the internet yet... And i'm not 100% sure the first solution would work either, since we have now different system partitions.
If you don't have any warranty on your phone, you could try it. Otherwise, send it back. There's likely no way to recover personnal datas anyway...
Also about getting out of EDL mode, i've read in the N6P forum, someone saying you'll have to push the power button for no less than 40 seconds. Try it maybe and try to reboot into bootloader afterward...
Good luck...
5.1 said:
Hey... Actually, there's no easy way to get the pixel back up and running. I tried to read a bit about the issue on different phones. I'm not sure it could be of some use for our device.. It also involves, either having someone to pull a full backup of his phone for you which you'll have to find... Or finding special Qualcomm files and firmware used for flashing using Qualcomm tool QFIL... I haven't found Qualcomm files/firmware on the internet yet... And i'm not 100% sure the first solution would work either, since we have now different system partitions.
If you don't have any warranty on your phone, you could try it. Otherwise, send it back. There's likely no way to recover personnal datas anyway...
Also about getting out of EDL mode, i've read in the N6P forum, someone saying you'll have to push the power button for no less than 40 seconds. Try it maybe and try to reboot into bootloader afterward...
Good luck...
Click to expand...
Click to collapse
I tried QFIL, MSMToolDownloader(from OnePlus 3T), MiFlash, etc. They all ask RawProgramm0.xml, Patch0.xml, MSM8996..mbn, and xxx_firehose_emmc_8996.xxx specifically for our Google Pixel XL 128GB. None of them are available yet.
droidan said:
I tried QFIL, MSMToolDownloader(from OnePlus 3T), MiFlash, etc. They all ask RawProgramm0.xml, Patch0.xml, MSM8996..mbn, and xxx_firehose_emmc_8996.xxx specifically for our Google Pixel XL 128GB. None of them are available yet.
Click to expand...
Click to collapse
Yeah I haven't found anything either. I think it will take some time before someone share those.
Check this thread:
https://forum.xda-developers.com/yureka/help/question-qualcomm-download-mode-k-t3068040
This part:
2. REVIVING YOUR YU BACK
2.a NEW "Qualcomm HS-USB QDLoader 9008" MODE
As I said earlier, since our phone has a different partition layout, I don't know if the same process can be achieved. Also you'll have to pull the IMG from a working device.
You don't have a valid warranty?
5.1 said:
Yeah I haven't found anything either. I think it will take some time before someone share those.
Check this thread:
https://forum.xda-developers.com/yureka/help/question-qualcomm-download-mode-k-t3068040
This part:
2. REVIVING YOUR YU BACK
2.a NEW "Qualcomm HS-USB QDLoader 9008" MODE
As I said earlier, since our phone has a different partition layout, I don't know if the same process can be achieved. Also you'll have to pull the IMG from a working device.
You don't have a valid warranty?
Click to expand...
Click to collapse
Thank you for your reply and information.
I believe I have an OLD 9008 mode.
Here's what I have found:
1. The 8996 firehose is specific to the device. Other 8996 version do not work. (Oneplus 3T, ZUK, Xiaomi, LEECO)
2. Quote from Ghassani on Le Pro3 bricked thread:
"Since it was suggested to contact me about this issue, I am going to answer here what I told the OP through email:
This is a hard brick. Meaning, you probably flashed a wrong SBL partition, or you flashed in the wrong order, or in the wrong mode.
When this happens, and the device has secure boot enabled (which all production devices do) you only have two options:
1) Using a signed recovery programmer to send via emergency mode (Sahara mode), then transferring to that programmers protocol (streaming DLOAD or the newer firehose). From there you can recover the emmc.
2) JTAG on the emmc for direct recovery.
It is easy to find these programmer files, both signed and unsigned. The problem is each device is using a different private key generated by the OEM to build the SoC. Without a properly signed programmer, Sahara will reject the programmer and go into a no-interrupt loop until you power cycle the device. Pretty much all OEMs do not give out these files. The ones you can find floating around for various devices are generally leaked, or rarely given out by the OEM. For most devices, JTAG is the only option.
I have a small collection of both signed and unsigned programmer files on this github repository:
https://github.com/ghassani/openpst-assets
If anyone has properly signed files for devices I do not have, please send them in to me and I can add them or you can put in a pull request directly to the repository and add it that way."
Hopefully someone from Google/HTC can share those 3 files.(eMMc_firehose_8996.elf, rawprogram0.xml and patch0.xml for Google Pixel XL 128GB)
Or maybe I can ask Google assistant to leak the files..lol
droidan said:
Bad Flash on OTA update
Click to expand...
Click to collapse
What does that mean? Were you rooted, unlocked? If so return the device, no?
droidan said:
I tried QFIL, MSMToolDownloader(from OnePlus 3T), MiFlash, etc. They all ask RawProgramm0.xml, Patch0.xml, MSM8996..mbn, and xxx_firehose_emmc_8996.xxx specifically for our Google Pixel XL 128GB. None of them are available yet.
Click to expand...
Click to collapse
Sent from my Pixel using XDA-Developers Legacy app
droidan said:
Thank you for your reply and information.
I believe I have an OLD 9008 mode.
Here's what I have found:
1. The 8996 firehose is specific to the device. Other 8996 version do not work. (Oneplus 3T, ZUK, Xiaomi, LEECO)
2. Quote from Ghassani on Le Pro3 bricked thread:
"Since it was suggested to contact me about this issue, I am going to answer here what I told the OP through email:
This is a hard brick. Meaning, you probably flashed a wrong SBL partition, or you flashed in the wrong order, or in the wrong mode.
When this happens, and the device has secure boot enabled (which all production devices do) you only have two options:
1) Using a signed recovery programmer to send via emergency mode (Sahara mode), then transferring to that programmers protocol (streaming DLOAD or the newer firehose). From there you can recover the emmc.
2) JTAG on the emmc for direct recovery.
It is easy to find these programmer files, both signed and unsigned. The problem is each device is using a different private key generated by the OEM to build the SoC. Without a properly signed programmer, Sahara will reject the programmer and go into a no-interrupt loop until you power cycle the device. Pretty much all OEMs do not give out these files. The ones you can find floating around for various devices are generally leaked, or rarely given out by the OEM. For most devices, JTAG is the only option.
I have a small collection of both signed and unsigned programmer files on this github repository:
https://github.com/ghassani/openpst-assets
If anyone has properly signed files for devices I do not have, please send them in to me and I can add them or you can put in a pull request directly to the repository and add it that way."
Hopefully someone from Google/HTC can share those 3 files.(eMMc_firehose_8996.elf, rawprogram0.xml and patch0.xml for Google Pixel XL 128GB)
Or maybe I can ask Google assistant to leak the files..lol
Click to expand...
Click to collapse
Yeah, unless someone leaks official programmer, you are SOL...
Good luck... :good:
Hi guys,
I've opened a similar thread on google forum - related to pixel 128gb being bricked and in chipset download mode.
If there are enough bricked pixels out there perhaps google will (hopefully) share those files?
Cheers,
Dan
The deluge of bricked Pixels resulting from the Oreo update continues...
I did, however, find these pages posted in the last couple weeks, and wondering if they're the answer to the Q's posted earlier ITT (sry I'm too new to post live links, so you'll have to paste these):
- androidauthority.com/download-android-8-0-oreo-794622/
- androidauthority.com/install-android-oreo-758342/
- developers.google.com/android/ota
Earlier ITT, posters were saying that they couldn't find the firmware or other files that would allow someone to recover from the hard-bricked state...but are those 'official' factory images and OTAs what they were saying they needed, but which they couldn't find at the time? In short, might we now actually have the files necessary to save our bricked Pixels without engaging in Macguyvering that would void the warranty?
Out of curiosity, was your bootloader locked prior to running into this issue?
Pain-N-Panic said:
Out of curiosity, was your bootloader locked prior to running into this issue?
Click to expand...
Click to collapse
I assume so...I bought the Pixel directly from Google, so assumed I was getting the purest Android installation possible / no provider bloatware etc...if i'm not mistaken, the bootloader would have been Locked when I initially received the phone, right?...if so, then yes it would still have been locked when it bricked, as I didn't take any actions to unlock it (nor would i know how)
hopefully files will be shared soon for sure it is exists
I have the same problem and all I can do is rma.
Is it possible to pull the files from a working pixel?
I wonder if the files in question would hold the key to VZW Pixel XL customers to somehow use /find an exploit to gain temp root to ultimately unlock their bootloader.
mattwheat said:
I wonder if the files in question would hold the key to VZW Pixel XL customers to somehow use /find an exploit to gain temp root to ultimately unlock their bootloader.
Click to expand...
Click to collapse
Maybe that's why they aren't giving the files
This happened to mine as well
Went from 8.0 to 8.1 - wiped data and re-locked bootloader. Ran fine for two days then powered down and now I'm in this qualcomm mode. Thankfully I purchased the 2-year through Google. Unfortunately their support is dogsh**.
Update: Ok Google's support rep was actually pretty solid but their system is awful. I'm already on a refurb and it doesn't have the IMEI printed on the sim tray. Either way they worked it out and I'm down $80 for the deductible.
I have the same problem

[SOLVED] PLEASE HELP - HardBricked my OnePlus 5T

Dear Community,
I just searched the past 2 days for a solution but I've not been lucky
Therefore I'd like to ask for help in this forum and hope there is some additional hint or hack I could try...:
So here's the situation:
OnePlus 5T (8/128) with a non booting or not "useful" OS (see last point what I've tried)
No TWRP or CWM
Stock Recovery present
Bootloader Locked
Allow Bootloader to be unlocked = FALSE
What I've already tried yet:
Flashing TWRP --> Not possible Bootloader Locked
Flashing regarding any other kinds like "update" or "flash all" as provided with TOOL_ALL_IN_ONE
ADB Sideload any available ROMS (Original "full" OP5T / FreedomOS / Omni8) --> ADB stops at 47% in Stock Recovery regardless of size of the ZIP file
Tried different versions of ADB (32 & 64 Bit / older & new / also with the LargeAddressAware approach / and on multiple PC's) --> Always same error (47%)
Stumbled upon the possibility to EmergencyDownload a factory flash due to Qualcomm chipset using the MSM-Download-Tool --> Only OnePlus 5 ROM available (no "T")
Mentioned EDL procedure works and OS is booting BUT neither Touchscreen nor USB OTG (for external mouse support) is working --> So I can't navigate and allow Bootloader to be unlocked again
Unfortunately I'm now stuck and have no more idea how to unbrick my phone again
What would help:
Any source to MSM-Download-Tool packed with a correct ROM for the OnePlus 5T
A Workaround to just flash TWRP via MSM-Download-Tool or Qualcomm's QFIL application in EDL mode
Some "hack" to bypass the locked Bootloader situation
Every appreciated Input you might have that I'm currently not aware of...
So PLEASE let me know of any approach that I could try or if you might have found a link or something else to a solution that might help me out of this disaster...
Many thanks in advance!
Tryouts due to your feedback:
@dreinulldrei - "fastboot boot recovery.img" tried with the original 5T Recovery.img also with blu_spark TWRP --> no luck...
SOLVED SOLUTION:
As the EDL factory flash ROM is currently not (or will never officially be) available public getting in contact with the OnePlus support team is required.
They have such a recovery tool (MSM-Download-Tool) with an appropriate ROM and are able to flash the device during a remote support session conducted via chat.
So by starting a chat on the OnePlus Support page and describing your situation will lead to scheduled time slot where a Level-2 technician will do all required steps remotely.
(All files are password protected and the technician ensures they are deleted at the end of the session so I'm unfortunately not able to provide the sources for DIY purposes...)
Following. I would think there would be some way to flash some sort of signed image via fastboot...
U flashed a 5 os to it, using the msmtool try to extract those files from 5t os, I will do it when I get home and so u can try it, i can't guarantee anything though, would u like me to do that for u
Bradl79 said:
U flashed a 5 os to it, using the msmtool try to extract those files from 5t os, I will do it when I get home and so u can try it, i can't guarantee anything though, would u like me to do that for u
Click to expand...
Click to collapse
Thanks for your input - I'm really not aware of how to generate such *.ops ROM files as this is what the MSM Tool expects...
But if there is a way and you are able to extract and produce a MSM flashable file I would be very happy to try!
I would recommend trying to boot a OP5T recovery, you might have flashed some OP5 rom including OP5 recovery. Just go into fastboot (power on with volume up pressed down), then via cmd:
fastboot boot recovery.img
Since OP does not offer the recovery to be downloaded, it will need to be downloaded from a working device. Lacking the cable right where I am, but I am sure someone else can help out.
crakerjac said:
Following. I would think there would be some way to flash some sort of signed image via fastboot...
Click to expand...
Click to collapse
Thanks for the input - I forgot to mention I also tried the 2 original available OP5T "full" ZIP ROM's (think they should be signed...)
Will add this to the initial Post but I assume also no chance here...
dreinulldrei said:
I would recommend trying to boot a OP5T recovery, you might have flashed some OP5 rom including OP5 recovery. Just go into fastboot (power on with volume up pressed down), then via cmd:
fastboot boot recovery.img
Since OP does not offer the recovery to be downloaded, it will need to be downloaded from a working device. Lacking the cable right where I am, but I am sure someone else can help out.
Click to expand...
Click to collapse
Ohhh good point - I also think there is the "wrong" recovery (from 5) currently on my phone (because also there the touchscreen behaves unexpectedly...)
But unfortunately with your command I get the "Your device is corrupted. It can't be trusted and will not boot" message.
Tried this with the original 5T Recovery.img I managed to obtain and also with the blu_spark TWRP - no luck...
Edit: Ignore, misread previous post.
U may have to make a call to oneplus so they can restore for u
Submit a ticket to One Plus
You are going to have to submit a ticket, they will arrange a time to help you by unbricking the phone remotely.
I just had to do this myself this week, and it got done today.
I do have the 5t unbricking files but I cannot access the archive because it's password protected.
One important this you didn't mention is how this happened.
OnePlus may be able to help with this one, but all root guides explicitly include the phrase "at your own risk."
blackknightavalon said:
OnePlus may be able to help with this one, but all root guides explicitly include the phrase "at your own risk."
Click to expand...
Click to collapse
Bradl79 said:
U may have to make a call to oneplus so they can restore for u
Click to expand...
Click to collapse
WMerkens said:
You are going to have to submit a ticket, they will arrange a time to help you by unbricking the phone remotely.
I just had to do this myself this week, and it got done today.
I do have the 5t unbricking files but I cannot access the archive because it's password protected.
Click to expand...
Click to collapse
Thanks for all your advice - so I will arrange a support chat/ticket as soon as possible and inform about the result in this thread.
Didn't thought that OnePlus Support Team would even care about such bricks (no warranty / own risk / "playing" with root / etc...)
But as indeed they seem to help like @WMerkens experienced I would be very happy to have a working device again
CodeXter said:
Thanks for all your advice - so I will arrange a support chat/ticket as soon as possible and inform about the result in this thread.
Didn't thought that OnePlus Support Team would even care about such bricks (no warranty / own risk / "playing" with root / etc...)
But as indeed they seem to help like @WMerkens experienced I would be very happy to have a working device again
Click to expand...
Click to collapse
don't know why you would think that OP wouldn't help...they have said from day one that unlocking/rooting does not void your warranty. Heck they encourage it. I assume you are the same person on the OP forum w/ this problem. Hopefully after you get this resolved you will have learned to NEVER EVER RELOCK your phone unless you do the whole factory image qualcomm recovery tool bit. and experienced OP folks on this forum know any claims of a "hardbricked" OP phone is ALWAYS not true.
Yeah oneplus used to be good about and does a remote session to restore, this was back in the one plus one days though, but I think they still do it
---------- Post added at 03:25 AM ---------- Previous post was at 02:54 AM ----------
WMerkens said:
You are going to have to submit a ticket, they will arrange a time to help you by unbricking the phone remotely.
I just had to do this myself this week, and it got done today.
I do have the 5t unbricking files but I cannot access the archive because it's password protected.
Click to expand...
Click to collapse
Awwww I wish we could get them, do they use the msmtool too?
How I bricked a 5t
I got the phone and I had installed twrp, that went fine. I was looking at magick systemless rooter when the phone then kicked in with a OTA update, I chose to ignore it the first time. It occurred again a few minutes and in my haste I let it do it's job but it did not complete correctly. I rebooted and the phone complained about corruption to the OS, I got in again but made the dumb mistake of re enabling the OEM lock and because I thought that might be causing the problem. I rebooted again but now I could not boot any more into the OS, it complained I was corrupted and go to google to see what to do.
So I was left with a bricked phone.
I could do bootloader but not recovery and I could not unlock the bootloader.
I could not get in via adb usb debug, So after much research I download the OnePlus 5 unbricking pack and learned a whole lot about qualicom and EDL mode, plus I learned a lot about the QFIL tools and restoring a phone. I did the 5 unbrick but my screen ended up upside down but the touch was right side up, which resulted in a very hard to use phone.
I tried the QFIL method but I was missing a mdb file to be able to talk to the phone.
So I gave up submitted a ticket and after much bad co-ordination on their part got a level 2 tech to debrick the phone remotely.
They do a reverse VPN and connect to your computer, they tell you to have 2 files archive ready in a folder on your desktop (they supply the links). They install the EDL driver and unpack the debrick archive. The archives are password protected, they run the tool and restore the phone
back to factory.
They erase the unpacked archives after they are done.
jerrywmilton said:
don't know why you would think that OP wouldn't help...they have said from day one that unlocking/rooting does not void your warranty. Heck they encourage it. I assume you are the same person on the OP forum w/ this problem. Hopefully after you get this resolved you will have learned to NEVER EVER RELOCK your phone unless you do the whole factory image qualcomm recovery tool bit. and experienced OP folks on this forum know any claims of a "hardbricked" OP phone is ALWAYS not true.
Click to expand...
Click to collapse
Oh yes I've learned my lesson on this :angel: --> Never ever set OEM to be unlocked to NO again
Obviously I do not exactly know what wrong procedure made me stuck in this situation but I just wanted to revert every single step back one by one to see which element brings me back to a valid SafetyNet situation...
I've been with the OnePlus "family" since the OP1 but never needed any direct support from the vendor - so every time there's a first time and so for me now...
Thus I really didn't know OP staff is actively doing remote support for their devices - but thumbs up for that! :good:
(BTW: I'm not the guy from the OP forum)
Bradl79 said:
Yeah oneplus used to be good about and does a remote session to restore, this was back in the one plus one days though, but I think they still do it
---------- Post added at 03:25 AM ---------- Previous post was at 02:54 AM ----------
Awwww I wish we could get them, do they use the msmtool too?
Click to expand...
Click to collapse
Yes basically it's the same archive as the 5 unbrick pack but it's for 5t, OnePlus 5T OxygenOS 4.7.2-171116.zip is the archive and you can look in it and you see the ops file is for dumpling not cheesburger, which is the code name for 5t. I saw the MsmDownloadTool is 4.0.8
Bradl79 said:
Yeah oneplus used to be good about and does a remote session to restore, this was back in the one plus one days though, but I think they still do it
---------- Post added at 03:25 AM ---------- Previous post was at 02:54 AM ----------
Awwww I wish we could get them, do they use the msmtool too?
Click to expand...
Click to collapse
I just had a chat with them before and got mailed a link to the MSMTool incl. ROM for the OP5T (dumpling)
But unfortunatley support files from OnePlus are password protected Nevertheless here the original vendor link:
https://onepluscn-my.sharepoint.com/personal/sheva_liu_oneplus_net/_layouts/15/guestaccess.aspx?docid=0fde9596c72744b4fb9c073ca5d87edbe&authkey=AQPXKRi7pdIzZX-5WH_pwWg&e=1030aa0046da4d1aa9189020027d9c93
So I have to wait for my remote support schedule on Saturday to have the L2 technician entering the password and do the rest.
Would be able to do this myself but OnePlus obviously wants to protect their sources what I have to accept, respect and be patient for...
So, never turn off the OEM Unlocking?

Anyone have blankflash or xml files for G5?

Hi, I recently hard bricked my G5, warranty was voided about 3 months ago, the phone doesn't boot or show any signal of life, only when is plugged to usb or charger the led blinks, I've tried a lot of methods and nothing, I really need to revive my G5 guys, please help me :crying:
for now, as we are many, we only have a nice and expensive paperweight
takoa said:
for now, as we are many, we only have a nice and expensive paperweight
Click to expand...
Click to collapse
I need the rawprogram and patch0 files, do you have?
if don't have, do you have the singleimage.bin of this device?
I found a blankflash but the singleimage file is for the G4 Plus I guess and give me an error when I run the .bat, I need these files to have any hope
bluepupkim said:
I need the rawprogram and patch0 files, do you have?
if don't have, do you have the singleimage.bin of this device?
I found a blankflash but the singleimage file is for the G4 Plus I guess and give me an error when I run the .bat, I need these files to have any hope
Click to expand...
Click to collapse
They don't exist except on a Motorola server locked away from the public
In other words they haven't been leaked - please read the countless other threads we have about this
I found this tutorial: http://tatooine.xyz/groups/topic/view/page/1/group_id/4/topic_id/4
I tried and nothing, I'm running out of hope

It’s now easy to bypass MediaTek’s SP Flash Tool authentication

Article here
What do you think? Will this finally let us unbrick redmi note 8 pro without mi authorized account?
Did some dev look into this yet?
yes i've tested it it works. i couldnt do anything with it though but it shouldnt be that hard to let us flash cfw and twrp or unlock the bootloader using spflashtool right. this thing is huge i mean granted its not the easiest to do but honestly its not even that hard if you know what you're doing which you should if you're on xda, it took about 10 mins on me
it is possible, we're just waiting for a dev to implement it, right now there isnt much you can do w sp flash tools
wentaas said:
it is possible, we're just waiting for a dev to implement it, right now there isnt much you can do w sp flash tools
Click to expand...
Click to collapse
Why not? The scatter file is sitting there on /images folder in every fastboot rom distribution. Look for MT6785_Android_scatter.txt.
After that, your device should be a blank slate. The rest, is up to you.
Well, I think flashing vanilla rom should be your priority, since everything can be done when your device is up-and-running. And extra cautious of course.
kekesed97 said:
Why not? The scatter file is sitting there on /images folder in every fastboot rom distribution. Look for MT6785_Android_scatter.txt.
After that, your device should be a blank slate. The rest, is up to you.
Click to expand...
Click to collapse
wdym by blank state? and is that safe to do?
wentaas said:
wdym by blank state? and is that safe to do?
Click to expand...
Click to collapse
Not a blank state, a blank slate. You know, a blank board which you can write or draw anything you like? But that's not important right now.
Theoritically it should safe. It's like removing a boulder that blocking your way.
If you have access to SPFT, theoritically you should be able to flash your vanilla ROM, given the security measures are null (or rather, bypassed). If your device is chinese based you should flash chinese ROM there. Do a wipe and lock procedure. Let the bootloader locked for now, since you can unlock it later. Do not do crossflash there, without bootloader unlock (this should be a common sense).
But theory is a theory. I can't test it since my device is up-and-running.
My knowledge may be obsolete, since the last device I flashed was MT6572 back on its glory days, no security measures and bootloader was unlocked back then. You can't flash only and only if your eMMC is damaged, which is the worst case (oppo phones was prone to eMMC failure back then, and that happened to me). But afaik the flash process isn't changed that much, just an additional security measure was added, so I think my knowledge still apply.
Additional note: try to flash without nvram and nvdata to avoid losing IMEI (someone from Redmi Note 9 forum lose his IMEI).
kekesed97 said:
Not a blank state, a blank slate. You know, a blank board which you can write or draw anything you like? But that's not important right now.
Theoritically it should safe. It's like removing a boulder that blocking your way.
If you have access to SPFT, theoritically you should be able to flash your vanilla ROM, given the security measures are null (or rather, bypassed). If your device is chinese based you should flash chinese ROM there. Do a wipe and lock procedure. Let the bootloader locked for now, since you can unlock it later. Do not do crossflash there, without bootloader unlock (this should be a common sense).
But theory is a theory. I can't test it since my device is up-and-running.
My knowledge may be obsolete, since the last device I flashed was MT6572 back on its glory days, no security measures and bootloader was unlocked back then. You can't flash only and only if your eMMC is damaged, which is the worst case (oppo phones was prone to eMMC failure back then, and that happened to me). But afaik the flash process isn't changed that much, just an additional security measure was added, so I think my knowledge still apply.
Additional note: try to flash without nvram and nvdata to avoid losing IMEI (someone from Redmi Note 9 forum lose his IMEI).
Click to expand...
Click to collapse
ooh thanks for the explanation, to be clear, my phone is working fine right now but i hate miui. so my intention was to unlock the bootloader if possible, or install cfw and twrp if its not, or if thats not possible either, just installing a custom rom (probably aosp a11)
wentaas said:
ooh thanks for the explanation, to be clear, my phone is working fine right now but i hate miui. so my intention was to unlock the bootloader if possible, or install cfw and twrp if its not, or if thats not possible either, just installing a custom rom (probably aosp a11)
Click to expand...
Click to collapse
Well, for unlocking bootloader there's no other method than the official one. But in some cases the waiting time could be forever (well, many failed attempts would lead to loong waiting time, practically doesn't worth the wait).
My device was resurrected (around May 20, when everyone make a fuss about the lockout). And it can do UBL and root just fine, and tripped AVB many times. It's pretty safe to say tripping AVB on device with unlocked bootloader is recoverable. Just do fastboot flash via MiFlash Pro, and you are set! But never do "Flash and Lock" operation. It would lead to the lockout. You would regret it.
kekesed97 said:
You can't flash only and only if your eMMC is damaged, which is the worst case (oppo phones was prone to eMMC failure back then, and that happened to me)
Click to expand...
Click to collapse
Thanks for sharing your experience. This eMMC failure is because of Oppo or Mediatek? I have a Realme C12.
3 guys 'hard bricked' their devices. No sign of life. Flashing in SP Flash Tools results 'RAM_EXCEPTION (0xC0050005)'. Not able to readback too. It seems like eMMC replacement is only solution.
What are your ideas in this?
Thanks
HemanthJabalpuri said:
Thanks for sharing your experience. This eMMC failure is because of Oppo or Mediatek? I have a Realme C12.
3 guys 'hard bricked' their devices. No sign of life. Flashing in SP Flash Tools results 'RAM_EXCEPTION (0xC0050005)'. Not able to readback too. It seems like eMMC replacement is only solution.
What are your ideas in this?
Thanks
Click to expand...
Click to collapse
Maybe because oppo tried to cut corners since they're using mediatek? I don't see any reason for them to not cut the corner any further. It was 2015, it have a mediocre specs with mediocre quality for their price.
It's been a long ago, I forgotten the error messages. I'm afraid you are facing a worst case scenario.
If you can pull out your eMMC and put that on a jtag reader, there's might be a slight chance of revival.

Question Anyone bricked/EDL/9008 their ROG 6?

Follow and complain here.
Let ASUS know their bootloader implementation is VERY NOT FRIENDLY to us. I've been modding my Android devices since the Android 2 era and this is the first time I encountered an UNOFFICIALLY UNRECOVERABLE state which is a HORRIBLE experience.
Me? Have played with
Samsung(S5 to S9 and Tab/Odin is a good thing)
XiaomiRedmiPoco(Main device for me today, very modder friendly and robust)
Huawei(Remember when they allow applying for BL unlock?)
Apple(LOL jailbreak from A4 SoC until iPhone X(meantime Samsung S8 looks gorgeous) lost my interest)
And various small brands or exited market big brands(honorable mention Lenovo LePhone C101. My first smart device/Android and received big community support at the good old time)
ASUS. Fix your buggy BL. Fix your policy. Release everything we need to fix OUR DEVICES of OURSELVES. Just ONE step closer to perfect.
Just imagine how stupid is this:
Everytime you want to update you operating system, your UEFI/BIOS firmware might break.
And worse, that you don't have free official resources to fix it?
And can it be worse? Yes! Your Warranty is maybe void because you may unlocked bootloader, now supposedly only ASUS service center have the file to fix it.
Ha now it's interesting. That's the era of ANTITRUST. Even Apple won't do it(Worst case DFU, easily fixable using OFFICIAL iTunes).
WT*?
yeah dude i'm bricked up rn
Paid here, paid there.
Yeah sure.
Exploit people.
Perhaps instead of ranting about asus, you could tell us what you have done exactly to brick your device, and someone might be able to help you ? can you get into fastboot at all?
EDIT: quoted content removed.
Never use this firmware, because it has not been modified, 100% of fingerprints and IMEI will be lost after use. You need to modify the firmware before you can flash it.
mahdibassam said:
Perhaps instead of ranting about asus, you could tell us what you have done exactly to brick your device, and someone might be able to help you ? can you get into fastboot at all?
Click to expand...
Click to collapse
Trying to flash img unpacked from update zip. Which you should NOT do. Because Android 12 dynamic partition.
iMoc said:
Trying to flash img unpacked from update zip. Which you should NOT do. Because Android 12 dynamic partition.
Click to expand...
Click to collapse
Ok, yes you definitely should not do that
So just wondering, you went and grabbed some img files and made the decision to flash them, why is this any fault of asus?
mahdibassam said:
Ok, yes you definitely should not do that
So just wondering, you went and grabbed some img files and made the decision to flash them, why is this any fault of asus?
Click to expand...
Click to collapse
1\ The fastboot code in their bootloader have bugs, any CORRECT command you type can easily break bootloader then stuck you in 9008.
2\ The normal update method failed because THEIR UPDATER did do things wrong.
3\ They refuse to provide official ROM to let yourself fix it. SEND IT TO ME TO FIX IT, AND I MIGHT CHARGE YOU SOME.
....\
N\ You go talk to Apple about it because they are experts about saying YOU USED IT WRONG.
Anyone asked for help gets it for free so far.
All devs on my chat group agree at least fastboot flashable should be available on the official download page.
MOD EDIT: off topic content removed
Did you manage to unbrick your phone?
I managed to semi hard brick my phone. Can get into fastboot but unable to start recovery mode from fast boot and phone doesn't show up from adb devices.
I guess I'll start a new thread but any tips?
insideoft said:
Did you manage to unbrick your phone?
I managed to semi hard brick my phone. Can get into fastboot but unable to start recovery mode from fast boot and phone doesn't show up from adb devices.
I guess I'll start a new thread but any tips?
Click to expand...
Click to collapse
If you can boot into fastboot you can just flash the RAW ROM file available a few days ago. It's not bricked in this case.
Moderator Information
Hello everyone,
I have cleaned the thread from off topic contents and posts. Please focus on problem solving related discussion, not finger pointing or flaming each other. We all come here to solve the issues and learn some new stuffs.
Thanks.
iMoc said:
If you can boot into fastboot you can just flash the RAW ROM file available a few days ago. It's not bricked in this case.
Click to expand...
Click to collapse
Sorry long time ago since I was into this stuff previosly.
That fixed it, thanks for the help!
same here

Categories

Resources