Believe it or not I finally figured out a workaround to unlock DIAG Port without root access on my SM-G975U1 which was quite a time consuming process, I am on the most recent ETL1 FW. Dialer codes sadly weren't part of the workaround which would've made this a single step.
My device is recognized by QPST, EFS Explorerer, Service Programming, QFIL, etc... and Window's DM confirms it as 'Qualcomm HS-USB Diagnostics 90B8 (COM11)'.
During the process I took a few wrong turns, messing up my mobile data and IMS Registration, but thankfully I was able to return it to normal.
I would like to factory reset and flash with non-home CSC, but being it was such a lengthy process, I'd like to do more testing while the system is 'messy' so I don't have to flash, then test DIAG mode on a clean system then have to flash again if I make a mistake which I most likely will.
My IMEI is in no need of rescue, but does anyone have any idea if I can use any of these programs to gain further privileges to the system? I have an idea about the basic functionality of QPST, but being that I'm not root, nor have I been on a Qualcomm device, I'm not quite sure how I can take advantage of this particular opportunity to use a function that generally wouldn't benefit a root user in the same way it could potentially benefit me and other non root users.
What I'm most interested in is if QFIL can be used to flash a modified boot.img? That's definitely not the entirety of my curiosity though and would love to hear any and all advantages this could have with non rooted users.
Thank you in advance to anyone who can assist me and other's who will benefit from DIAG Port usage as non-root. The guide will be posted in this thread once I'm able to do some testing with QPST and its related programs, so all answers will be seen here, coming from their original poster.
On this current endeavour I could certainly use some much appreciated guidance from someone more knowledgeable on these programs. I've read about QFIL being used to flash modified boot images which gave me the idea; although that's not the only thing I'm interested in achieving.
***Mods, if there is anywhere acceptable this thread can be moved to where I'll get more replies would you please transfer?
I definitely could use some input about DIAG Mode, QPST, and QFIL and I'm not too sure this is the right place to find it.***
It looks like it is possible to load a boot image using QFIL, or eMMC and QPST Software Download, though I know there is more involved. I wonder if it's possible to inject root into stock FW, I have all the Samsung signatures that I assume would be needed.
I made some changes to the EFS using the Explorer just to have some fun with it, but now onto figuring out exactly how DIAG can benefit non-root users.
I'm guessing the lack of replies mostly has something to do with the development tax on US Snapdragon model's BL unlock.
I'm not too sure how many of us without root, if any, have successfully enabled DIAG. Any suggestions always welcome!
I've used QPST/QFIL recently to write factory firmware to an LG G7 One that had some bizarro retail demo firmware on it, so I'm a wee bit familiar with using it.
QPST/QFIL needs a programmer file (aka the firehose) that is at least specific to the SoC of the device and often specific to the SoC AND manufacturer. I don't even know if firehose files exist for Samsung devices.
Hai Karate said:
I've used QPST/QFIL recently to write factory firmware to an LG G7 One that had some bizarro retail demo firmware on it, so I'm a wee bit familiar with using it.
QPST/QFIL needs a programmer file (aka the firehose) that is at least specific to the SoC of the device and often specific to the SoC AND manufacturer. I don't even know if firehose files exist for Samsung devices.
Click to expand...
Click to collapse
Dude I appreciate you replying, it seems like S10+ forums are dead; besides the guys charging the developer's tax for a BL unlock.
I've seen mentions of Firehose in one or two of program's options themselves but didn't realize it was necessary for flashing with QFIL; i might as well grab it while it's on my mind.
In your opinion do you see any use of DIAG mode outside of flashing and IMEI restore and EFS backup?
I appreciate any help you can give me in advance man.
Related
I've been curious about how the Bootloader is locked down and why it's so difficult/impossible to unlock. How does the mfg get the initial load onto the device when it's manufactured?
I read that this bootloader has some 2048 encryption and that it's impossible to crack. However, I feel like there should be a way to alter the systems firmware from a PC or some kind of connection to the device.
Buchez said:
I've been curious about how the Bootloader is locked down and why it's so difficult/impossible to unlock. How does the mfg get the initial load onto the device when it's manufactured?
I read that this bootloader has some 2048 encryption and that it's impossible to crack. However, I feel like there should be a way to alter the systems firmware from a PC or some kind of connection to the device.
Click to expand...
Click to collapse
The way I read it somewhere is this,
There are efuses built into the processor/motherboard/memory/whatever that the new bootloader "blows" when it is installed. These efuses are necessary pathways for the older bootloaders, hence why they won't install. I don't believe the new bootloader is "locked" per say, it just prevents earlier versions from being installed. There is also a guide somewhere on these forums to recover your device from a brick if you tried to downgrade the bootloader. The new bootloader also doesn't prevent you from installing earlier roms, as long as they are flashable from recovery. Just do not try to use Odin to revert to an earlier rom. That's what causes the bricks, and although there is a procedure to recover, it doesn't sound easy and you end up back on MJB when you're done anyway. Hope that helped.
To whoever wrote the original post I referred to above, my apologies for not giving credit.
Thanks for the reply.
I'm pretty solid with flashing ROM's and such. I have been wondering if it would be possible to use a regular PC and some cool software to reset or reformat the firmware on the system.
Here is a link to the article I was reading:
http://rootzwiki.com/news/att-locks-down-its-galaxy-s-iv-bootloader/
Say I have brand new S3 hardware right off the factory floor. How does that system get injected with the software? When the factories get damaged or "Bricked" units back and refurb them, how do they do that. I know that you can use the SD card trick to jump your phone back to life, but there has to be some master way to do this
Buchez said:
Thanks for the reply.
I'm pretty solid with flashing ROM's and such. I have been wondering if it would be possible to use a regular PC and some cool software to reset or reformat the firmware on the system.
Here is a link to the article I was reading:
http://rootzwiki.com/news/att-locks-down-its-galaxy-s-iv-bootloader/
Say I have brand new S3 hardware right off the factory floor. How does that system get injected with the software? When the factories get damaged or "Bricked" units back and refurb them, how do they do that. I know that you can use the SD card trick to jump your phone back to life, but there has to be some master way to do this
Click to expand...
Click to collapse
I don't have an S3, I'm on the S3 section because my mom broke her phone, so this is speculation based on when I owned an Optimus G:
There are qualcomm tools that can fix a lot more than Odin and Fastboot can, apparently, and manufacturers have access to those. When I had an Atrix 4G someone told me they replace the entire board when eFuses are burned incorrectly, but that sounds really expensive. Anyway, just my 2 cents, i'm out~
Alright, let me preface this with a few things... I am FAR from new to android, rooting, linux, exploits, or almost anything embedded (UART, JTAG, SPI, I2C, etc...). I am by no means a guru though...
I am attempting to root this device; it is an unlocked LG G4 US Cellular branded, MM 6.0 lgus991 22a rollback 2, and I am so far at a total impasse... I'll explain my situation.
No fastboot.
Bootloader is locked, and I cannot unlock it. If I try and check "Enable oem unlock" it unchecks itself, and reading through the dmesg it references a file stating two errors; one for lack of permissions, and another for no file(same filename though; likely trying to create the file, being denied, then trying to edit a non-existing file). I forget the exact file name but I have the name of it saved somewhere(persis1234 or something like that, I just don't remember the exact path, I can post it later if it makes a difference).
I have had minor success with the dirtycow exploit, but mostly just replacing files and nothing getting anywhere, or the phone quickly reboots if I replace certain system files(ifconfig, toybox, toolbox, etc...) When it works,it says I have root, but it is VERY limited due to selinux, and the context. Also unable to get a root shell open.
Selinux is protected and I haven't been able to find a way to make it permissive as of yet. Past attempts of editing the recovery or init have resulted in "secure boot error 1003"; phone reboots, and then still stock...
If I grenade this thing, I will only slightly give a f**k. I am not above pulling this thing apart and trying to JTAG my way in if I need to, as it is not my only device. Which seems to me to be the only way at the moment aside from finding another kernel exploit like dirtycow or rowhammer... Unless someone else has another idea, but for now I am going to pursue the JTAG route.
Would something that I already own like a buspirate, RPI, or Arduino Mega, be enough or would I need something like a busblaster? I just don't want to spend more than I need to. I'd rather spend the money on a new phone than something like a medusa pro or something like that.
Any help is appreciated
Why not to flash TOT and then proceed with unlock through lg unlock tool? Maybe it fix the fastboot issue.
aanarchyy said:
Alright, let me preface this with a few things... I am FAR from new to android, rooting, linux, exploits, or almost anything embedded (UART, JTAG, SPI, I2C, etc...). I am by no means a guru though...
I am attempting to root this device; it is an unlocked LG G4 US Cellular branded, MM 6.0 lgus991 22a rollback 2, and I am so far at a total impasse... I'll explain my situation.
No fastboot.
Bootloader is locked, and I cannot unlock it. If I try and check "Enable oem unlock" it unchecks itself, and reading through the dmesg it references a file stating two errors; one for lack of permissions, and another for no file(same filename though; likely trying to create the file, being denied, then trying to edit a non-existing file). I forget the exact file name but I have the name of it saved somewhere(persis1234 or something like that, I just don't remember the exact path, I can post it later if it makes a difference).
I have had minor success with the dirtycow exploit, but mostly just replacing files and nothing getting anywhere, or the phone quickly reboots if I replace certain system files(ifconfig, toybox, toolbox, etc...) When it works,it says I have root, but it is VERY limited due to selinux, and the context. Also unable to get a root shell open.
Selinux is protected and I haven't been able to find a way to make it permissive as of yet. Past attempts of editing the recovery or init have resulted in "secure boot error 1003"; phone reboots, and then still stock...
If I grenade this thing, I will only slightly give a f**k. I am not above pulling this thing apart and trying to JTAG my way in if I need to, as it is not my only device. Which seems to me to be the only way at the moment aside from finding another kernel exploit like dirtycow or rowhammer... Unless someone else has another idea, but for now I am going to pursue the JTAG route.
Would something that I already own like a buspirate, RPI, or Arduino Mega, be enough or would I need something like a busblaster? I just don't want to spend more than I need to. I'd rather spend the money on a new phone than something like a medusa pro or something like that.
Any help is appreciated
Click to expand...
Click to collapse
I am new to LG devices so perhaps this is a bit different(had mostly Samsung or HTC). But from what I can find, that won't help unless it's pre-rooted or my bootloader is unlocked. And I am unable to find a pre-rooted TOT. Unless I am just completely missing something here...
I am not trying to go to stock, the device is already stock and functions mostly alright(aside from the inability to add a Verizon APN, so I'm stuck with 3g). But also attempting to have a bit of a failsafe if I wanton flash something I shouldn't have and still have a recovery option. Which is why I brought up the JTAG option, as I'm sure I would use it in more than just this device.
Not sure why you are attempting to reinvent the wheel with a device that has been out for 2 years....
LG devices are very different from Samsung and HTC. You should read up on the LGUP tool to flash .kdz and .tot file to put the device as close to stock as possible before any further attempts.
Could also look at entering hidden menu options via the dialer in order to select/modify apn settings.
TWRPinFish can be found here in the development section. Will likely be your only option if you cannot fully unlock the bootloader.
Since the Tmo and ATT/international versions allowed bootloader unlock, other variants didn't see as much support. Was easy for us... Sorry to say(for you).
Wish ya the best of luck though
Just a quick remark could jtag be used in such a way to make the boolloader thinks it is something else and maybe trick it in to doing something?????
ElfinJNoty said:
Not sure why you are attempting to reinvent the wheel with a device that has been out for 2 years....
LG devices are very different from Samsung and HTC. You should read up on the LGUP tool to flash .kdz and .tot file to put the device as close to stock as possible before any further attempts.
Could also look at entering hidden menu options via the dialer in order to select/modify apn settings.
TWRPinFish can be found here in the development section. Will likely be your only option if you cannot fully unlock the bootloader.
Since the Tmo and ATT/international versions allowed bootloader unlock, other variants didn't see as much support. Was easy for us... Sorry to say(for you).
Wish ya the best of luck though
Click to expand...
Click to collapse
I don't really see this as reinventing the wheel as right now there is no root for this device, I am looking for a way to do it though. Which is why I was asking about JTAG/eMMc programming as a viable option to do this, especially if I may have a few borked flash attempts, it would be a nice fail-safe.
Most dialer codes do not work, and the few that do, pop up a menu saying "This program does not work on your phone"; even though I can see some info behind the toast, I cannot scroll and as soon as I click ok, it closes.
TWRPinFIsH is a no-go, need to be rooted and be able to disable SELinux, neither of which I can do.
The name of the file that stores the "oem unlock" seems to be /dev/block/platform/soc.0/f9824900.sdhci/by-name/persis1234
Would someone that is able to oem unlock be able to tell me what the contents of that file are?
aanarchyy said:
The name of the file that stores the "oem unlock" seems to be /dev/block/platform/soc.0/f9824900.sdhci/by-name/persis1234
Would someone that is able to oem unlock be able to tell me what the contents of that file are?
Click to expand...
Click to collapse
I own a T-Mobile h811
Running ResurrectionRemix Nougat
.../persis1234 not present
I have an LG H812 and I have the same as previous post - the directory is there but no persis1234 file. The directory you are indicating contains a list of the partitions that are present on the phone's internal memory.
Hi
I'm new to the forum but have been doing a fair amount of research. I am stuck now though and would like a bit of help.
My situation is that I have a Xperia XA1 ultra (I know I should post in that device specific forum but not much seems to be happening there) I have a very specific problem that I have treated like a forensics problem.
The phone is locked by a pattern which has been guessed by another person so many times that the gatekeeper only allows one entry per day provided the phone is charged otherwise the timer resets.
It has not been rooted and ADB is disabled.
I have connected to it through fastboot and what I can gather is that it is running Android Oreo.
The system details are as follows:
Product: XA1 Ultra G3221
Build Number: 48.1.A.0.129
Chipset: Mediatek MT6757 Helio P20
Bootloader: Locked
My research has led me to the possibility of loading a recovery image into the RAM of the phone and accessing ADB that way. I tried this with a TWRP image but obviously it didn't work. There is a company called Cellebrite that claims to be able to load it's own boot/recovery image into the bootloader and gain entry that way, however the license is something like £10,000. I'm definitely not a commercial customer.
The final option for me would be to dump the memory via JTAG or chipoff, the contents would be encrypted but I found a blog where somebody had managed to find the location of the gesture.key file while the system was encrypted. I can't remember what the site was called though, it took me ages to find last time.
My main questions are does Sony sign the boot image with it's own keys or does it use the standard Android Verified Boot?
Does Sony reuse the same keys for signing across devices? Likely not but maybe
Is there a way to send specific instructions to the RAM via fastboot?
Does anybody know of an exploit that could be used?
Is there a way to extract the boot.img and recover the Sony keys?
If there any other docs, resources or ways to get the data that could help, I will gladly read and/or try them. I think this forum is probably the biggest resource one though but after a while the specific information needed gets harder to find.
The main thing is that I don't unlock the bootloader and flash anything. It's all got to be live and non data damaging.
I tried MTPwn on the off chance that it would work but nope, it was a no go.
If there was a way to utilise the mediatek exploit to gain entry from fastboot that would be excellent, or to use fastboot to dump the memory.
Thanks for reading, I hope someone can help.
Your thread was quite confusing at first as I wasn't sure what to look for exactly :/
That being said, you have your phone locked and you want to unlock it. However you don't want to flash or reset your device, you don't have root permission, you don't have debugger mode on and you don't want to unlock the bootloader, correct?
Basically you're asking for the impossible...
All I can think of is FROST attack. See article for details and source code.
You can also send your device to your nearest Sony service center and they can probably fix it with no memory loss.
Other than that, you MUST hard reset your phone if you want it back.
However should you come to your mind and realize the reality of the situation where you shouldn't be picky about it then you can start with flashing custom recovery. Or using third-party programs like dr.fone.
XDHx86 said:
Your thread was quite confusing at first as I wasn't sure what to look for exactly :/
That being said, you have your phone locked and you want to unlock it. However you don't want to flash or reset your device, you don't have root permission, you don't have debugger mode on and you don't want to unlock the bootloader, correct?
Basically you're asking for the impossible...
All I can think of is FROST attack. See article for details and source code.
You can also send your device to your nearest Sony service center and they can probably fix it with no memory loss.
Other than that, you MUST hard reset your phone if you want it back.
However should you come to your mind and realize the reality of the situation where you shouldn't be picky about it then you can start with flashing custom recovery. Or using third-party programs like dr.fone.
Click to expand...
Click to collapse
Thanks for getting back to me, yes I realise it is asking for the impossible. I'll have a research around that article and see if I can find some information on how to write the program to dump the contents over USB. I tried Dr Fone but that only gave me the option of a hard reset.
My current line of attack is an exploit over USB called OATmeal, whereby a Raspberry Pi is used over OTG with a filesystem label of "../../data", it allows the filesystem of the phone to be mounted and data written off. It is a little complex and so I am struggling a bit with getting it to work. The team over at Project Zero have a good write-up of it so I'm following that and the POC at exploit-db to guide me through it.
I think I will be able to get the USB part to work but I'm not sure if I have to write a Java file to automatically run when /data is mounted, or if that's even possible.
Forenzo said:
My current line of attack is an exploit over USB called OATmeal
Click to expand...
Click to collapse
Not to make you frustrated, but this is an old exploit and I highly doubt it'd work on your device, unless your device security patch is older than 9-2018.
And you can't rollback on your security patch.
You should really consider flashing TWRP or other custom recovery. You have no other option.
XDHx86 said:
Not to make you frustrated, but this is an old exploit and I highly doubt it'd work on your device, unless your device security patch is older than 9-2018.
And you can't rollback on your security patch.
You should really consider flashing TWRP or other custom recovery. You have no other option.
Click to expand...
Click to collapse
Fortunately the device hasn't been updated since around 2-2018 or 3-2018 so any exploit I can find from then onwards that I can use will be great. I really do get that the only realistic option is to unlock the bootloader and flash the recovery but the data needs to be recovered and I absolutely don't want to wipe it.
If I can't do it then it will gather dust until the end of time...
It seems that no matter what I say you won't realize the situation you are in.
I can only suggest to NEVER mess with the phone circuits or the motherboard. No matter which stupid yoututbe tutorial you saw. Those guys are douchebags who only know how to get views and don't care for whatever you/they do to your device.
Needless to say messing with the circuits or the motherboard require dexterity and experience which I'm positive you don't have.
As I said before if you send it to an authorized service center, then they can help you with it without memory loss.
Sending you device to a service center isn't an insult or an act of low self esteem. Service centers exist for a reason, and they're basically geeks who are too passionate about electronics and decided to make a living out of it.
Or maybe you can somehow use the EDL mode on the phone.
In Qualcomm devices the EDL mode is locked and can only be accessed by an authorized person who have the security code of your device. I don't know if it even exist in MTK devices.
Should you actually manage to boot into EDL mode - Assuming it exists and is unlocked - then BEWARE: EDL mode is very low level and any command can directly affect the kernel or compromise the system. Don't use commands you're not sure what do they do.
You can use EDL mode to recover the data from the phone then wipe it clean, then restore the data.
You cannot access memory with EDL mode, but you can access the current image on your device. And from which you can get the key file.
EDL mode is a very very powerful tool (Much more powerful than debugging, fastboot, or anything you may know of) as it doesn't need unlocked bootloader to use it and through which you can do anything to your device including flashing other ROMs.
Good luck on your impossible quest. Make sure to post updates should you find yourself stuck.
Yes, I screwed up. Here's what happened:
>New Razr 5g aquired
>Rooted it first thing with magisk (TWRP was just temporarily booted iirc, not installed)
>No customROM, no other system modifications
>Used it only for a few weeks to play around, no magisk modules or mods installed (root was used pretty much just for AFWall+)
>Decided to sell it again (though the device itself is epic, android just isn't my thing if no real root is available)
>Reset the device through android settings
>In order to get rid of message at boot, re-locked the bootloader with normal single fastboot command
And that's basically it. Instead of Booting it now just displays "No operating system found". There also seems to be no recovery installed anymore.
I've tried everything google/XDA offered (not much, sadly). I've downloaded the stockROM firmware aswell (couldn't find one with the exact same build date but one shortly after and shortly before for the same model and channel/region/etc. - both didn't work, permission error due to locked bootloader).
The only thing I found that might help is EDL mode. I've tried forcing it (https://forum.xda-developers.com/t/...nbrick-your-moto.3042687/page-8#post-84347359) and everything else I could find, but no success.
I would very very very much appreciate any help. (P.S.: Should I try contacting Motorola? I bought the device from a private party so no going to the store option)
@sd_shadow mentioned an "EDL cable" in a thread. Googling brought me here: https://android.stackexchange.com/questions/221973/enter-edl-mode-in-motorola-devices
Does the method from the answer there really work, and is it worth a try? Anything else I need to be aware of before trying it?
Edit: Looking around a bit more about EDL, it seems I need special drivers. If anyone could hint me in that direction that'd be nice. Unless there's a better method, of course. I'm currently on Linux but I fear I might have to setup a Windows machine for this in order to install neccessary drivers/tools..
techHatesMe said:
@sd_shadow mentioned an "EDL cable" in a thread. Googling brought me here: https://android.stackexchange.com/questions/221973/enter-edl-mode-in-motorola-devices
Does the method from the answer there really work, and is it worth a try? Anything else I need to be aware of before trying it?
Edit: Looking around a bit more about EDL, it seems I need special drivers. If anyone could hint me in that direction that'd be nice. Unless there's a better method, of course. I'm currently on Linux but I fear I might have to setup a Windows machine for this in order to install neccessary drivers/tools..
Click to expand...
Click to collapse
Give this a try.This link has the mobile driver,and the firmware needed to recover it.
How to unbrick Motorola Razr 5G (Smith) 9008 EDL - ROM-Provider
step by step guide to unbrick Motorola Razr 5G by using the QCOM 9008 EDL Mod, tested method to fix hang on logo, bootloop, software bug
romprovider.com
techHatesMe said:
@sd_shadow mentioned an "EDL cable" in a thread. Googling brought me here: https://android.stackexchange.com/questions/221973/enter-edl-mode-in-motorola-devices
Does the method from the answer there really work, and is it worth a try? Anything else I need to be aware of before trying it?
Edit: Looking around a bit more about EDL, it seems I need special drivers. If anyone could hint me in that direction that'd be nice. Unless there's a better method, of course. I'm currently on Linux but I fear I might have to setup a Windows machine for this in order to install neccessary drivers/tools..
Click to expand...
Click to collapse
How did you go with this?
I have the same problem what happens??
hello!
I have been searching for the proper factory firmware for this phone. I found one but was missing the xml file or scatter file to flash with SP tool
I managed to unlock the bootloader using this tool
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
but i didn't go any further until find proper restore firmware.
You haven't gotten a hold of any firmware for the 5+ yet? I should have done a lil research before getting the 6 Pro!
It's bull**** tmobile or wingtech whoever it is isn't looking out for Jr. Dev crowd, which i am.
contevo said:
hello!
I have been searching for the proper factory firmware for this phone. I found one but was missing the xml file or scatter file to flash with SP tool
I managed to unlock the bootloader using this tool
GitHub - bkerler/mtkclient: MTK reverse engineering and flash tool
MTK reverse engineering and flash tool. Contribute to bkerler/mtkclient development by creating an account on GitHub.
github.com
but i didn't go any further until find proper restore firmware.
Click to expand...
Click to collapse
I know its been awhile, but I'm new, so... Did you ever get the stock firmware? I have it, just ask. I am wary of posting links
R41N MuTT said:
I know its been awhile, but I'm new, so... Did you ever get the stock firmware? I have it, just ask. I am wary of posting links
Click to expand...
Click to collapse
no i didn't. can you message me the link?
Need the firmware, too. Could I ask you please to message me as well?
contevo said:
no i didn't. can you message me the link?
Click to expand...
Click to collapse
Were you able to do anything with it? I tried every available method on Windows and Linux and I failed to flash with adb fastboot, failed with SP flash, failed to install TWRP, even though I followed every available method online. I tried to port TWRP, failed. Failed to do a ROM dump. Failed to extract payload.bin and/scatter file. Idk what the folk is up with this phone, but it's locked up tighter than a constipated nun. The file set is unlike anything else I've ever seen from mediatek or anyone else. People have made suggestions for this or that, but nothing has worked and there are no known working methods that I know of. I am not about to pore over the source code and meticulously comb through the code until I figure it out. This phone will likely be obsolete by then. Sh!t, we'll have flying cars and space travel by then. Apparently I'm not allowed to offer to use view bots to boost their ad ticker to make them money, but it's perfectly okay to solicit help for donations. One is spamming and the other isn't. But help is help and we're a 'community'. You figure they'd make enough with marketing as mainstream as they are. But apparently they don't want their ad ticker going up because they want people like is to take a hike. No help for us. Even though people with crappy phones make up the VAST majority of phone owners. Far fewer people are walking around with an s22 than they are a REVVL 4. I bet my last dollar. Xda really has changed a lot. I remember when I first started doing this I had an LG l38c Optimus dynamic. Xda was SO helpful then. They helped me figure out odin, got me into Android kitchen, adb etc. Hell, I fell in love with android development and hacking all over again because of this site. Now I can't even get a reply from anybody. Not even to tell me to go **** in my hat. This is just unreal. Thanks for all the help guys! You fell off, big time! I'd downvote you if I could. Sorry... I'm rambling... Anyway, if you figured out how to flash back to stock then please let me know. Thanks
smuskat said:
Need the firmware, too. Could I ask you please to message me as well?
Click to expand...
Click to collapse
Did you ever figure out how to flash back to stock? I've tried every known method every which way and nada.