Database Develop

Bootloader: unlock vs. bypass?

I posted this on the 20A thread, but I think it might need its own thread to get more exposure.
My 1st Android (Sony Xperia X10) also had a locked bootloader. The devs found a way to bypass it in order to load custom kernels:
Xperia X10 bootloader bypass
Not sure if anyone looked at this before, but would something like this be possible on our phone?
If it's nothing... well, it was worth the try!

We also discussed 2ndinit from defy development. The trouble is our devs would rather use unlocked bootloader, and our main devs are already unlocked
Sent from my rooted P880

@non4 said:
We also discussed 2ndinit from defy development. The trouble is our devs would rather use unlocked bootloader, and our main devs are already unlocked
Click to expand...
Click to collapse
So nobody actually tried to see if it works or not?

well, regarding kholk couldn't do it, i guess it won't work

i think the v20 unlock is not a real unlock.
when the phone power-up, system boot from tegra3 inner ROM, it decode EBT partition into RAM and execute it, here it is the bootloader. according to boot parameter bootloader will load LNX(normal start android) or SOS(recovery). the two partition store in android boot rom format, with a rom header, linux kernel, root fs(adbd, init and scripts ...), extend data(digital certificate of the rom). bootloader will check the digital certificate with a public key in EKS partition. if we modify some data in LNX or SOS on a locked phone without re-sign, it will hang-up here.
so the unlock of v20 is only remove the digital certificate check, let us flush the 3rd-party roms (LNX and SOS)
for we can not access tegra iROM, we can not modify the encryptde bootloader too. our phone can flash android os only
other linux base os must be build into android boot rom format and flush into LUX or SOS partition also.
FASTBOOT mode is an android way to flush the device through usb, on v20, the command "adb reboot fastboot" will reboot the phone into fastboot mode, (caution: the 1st time use this command will unlock your phone and manufacturer reset without any warning !!!) but use command "fastboot getvar all" will show us :
(bootloader) product: X3
(bootloader) secure: yes
(bootloader) unlocked: no
(bootloader) partition-size:bootloader:
an other way goto fastboot mode is command "adb reboot oem-unlock", phone screen show some tip how to flush and reboot, but after some test, i found the "fastboot boot <bootimg>" will not work (can upload but not boot, don't known why), this command can only help programmer test there roms without flush the device.
APX mode is nvidia flush mode, pull out battery, press vol+ vol- power buttom and connect usb cable to pc, pc will find a new nvidia device, and waitting for nvflash commands. but our p880 will response 0x4 error only either lock or unlock. it because LG set the cpu into ODM mode by flush the FUSE (on-chip One Time Program unit), nobody can change.
BYPASS is a software resolution to fast reboot into another linux kernel after the offical linux system startup. it need the "kexec" kernel api. by the kernel source of out phone, kernel\arch\arm\configs\x3_defconfig defines "# CONFIG_KEXEC is not set" , so the v10? kernel does not support kexec, we need impletment it ourself. for all kernel module need correct kernel source tree and configs. other device's 2nd-boot will not work on p880. and v20 kernel source not released currently, nothing we can do ....

So if we have the source a skilled dev could bypass the security ?
Sent from my LG-P880 using xda app-developers app

Cant boot properly after twrp succeeded to install, mes - shuts itself of after 5 sec

Recently on linux I unlocked the bootloader which worked out nicely. I also proceeded with installing twrp after reading that other users had succeed in installing it. I used adb through the terminal, I can confirm from the terminal twrp was successfully installed I had no errors. But when I restarted the phone I got this message: "Your device is corrupt it cant be trusted and will not boot. Your device will be powered off in 5 seconds. ".
If I did not use the recommended command from Somcom3X the twrp install would fail. I cant not boot my phone but I can enter flashboot when I connect my phone to my computer. Now when I enter flashboot and enter adb devices in the terminal my device does not show up. There has to be something that can be done through flashboot to solve this problem.
https://forum.xda-developers.com/essential-phone/help/partition-t3733811

Flash stock firmware with flashtool if device is detected.
If not try to flash fota kernel only in recovery partition.
Envoyé de mon H8266 en utilisant Tapatalk

Root after flashing TWRP or it will not boot i guess

niaboc79 said:
Flash stock firmware with flashtool if device is detected.
If not try to flash fota kernel only in recovery partition.
Envoyé de mon H8266 en utilisant Tapatalk
Click to expand...
Click to collapse
The device doe not get detected at all through the terminal, I have tried with windows 10 as well it does not find device with adb devices there either. I can not enter recovery mode when I press volume down and power on for a few seconds it just vibrates and will not turn on. But if I press the power button like normal the same corrupted message comes up. I have tried getting it detected on windows 10 have not had any success yet. Can driver Driver Signature in win 10 cause that device will not get detected.

Bofahad said:
Root after flashing TWRP or it will not boot i guess
Click to expand...
Click to collapse
This cant be right I have flashed TWRP many times before and succeed on Galaxy S3, Galaxy S3 GT-I9300, and LG G4. I have never had a problem like this before that I need to root after flashing TWRP.

I hope that not a new "security feature" of the new Sony flagship...
Which hardware revision do you own?

MartinX3 said:
I hope that not a new "security feature" of the new Sony flagship...
Which hardware revision do you own?
Click to expand...
Click to collapse
Currently the xz2. I find it really strange how TWRP did not get flashed correctly when there was no error in the terminal. Doing the flashing in linux should also work. I have always flashed TWRP after unlocking the bootloader before when I did it on Galaxy S3, Galaxy S3-GTI9300, and LG G4.
My xz2 is now being detected as an android device now in the device manager at least there is some progress. I had to go back to Windows 7 now and install adb and the android driver. When I now try to update the driver in device manager in other devices under android it fails.
https://forum.xda-developers.com/crossdevice-dev/sony/minitut-installing-adb-drivers-sony-t3185585
I would think this driver would work in windows 7 but maybe only 10. Does disabling driver signature in 10 have any effect.
https://developer.sony.com/develop/drivers/

EternalSwift said:
I also proceeded with installing twrp...
Click to expand...
Click to collapse
Where did you get xz2 twrp from?
As for your issue, I don't know if that helps out, but at least in xperia xa2, which also has new treble partition design (A/B), official twrp installation (boot/flashing) is kinda different, see here!

That's because of A/B partitioning we don't need recovery partition anymore right?
But hasn't Sony always had some issues with the recovery partition that's why we used fota recovery back in the days?

Haldi4803 said:
That's because of A/B partitioning we don't need recovery partition anymore right?
But hasn't Sony always had some issues with the recovery partition that's why we used fota recovery back in the days?
Click to expand...
Click to collapse
No, Sony hadn't issues with it.
They implemented the recovery into the boot image directly on the Xperia devices.
That has nothing to do with the alpha beta partitions.
I also work at the moment on twrp for the xz2.
I think I collected the right drivers and fstab and so on, but still need to try how to compile it with the synced Omni sources.

EternalSwift said:
Recently on linux I unlocked the bootloader which worked out nicely. I also proceeded with installing twrp after reading that other users had succeed in installing it. I used adb through the terminal, I can confirm from the terminal twrp was successfully installed I had no errors. But when I restarted the phone I got this message: "Your device is corrupt it cant be trusted and will not boot. Your device will be powered off in 5 seconds. ".
If I did not use the recommended command from Somcom3X the twrp install would fail. I cant not boot my phone but I can enter flashboot when I connect my phone to my computer. Now when I enter flashboot and enter adb devices in the terminal my device does not show up. There has to be something that can be done through flashboot to solve this problem.
https://forum.xda-developers.com/essential-phone/help/partition-t3733811
Click to expand...
Click to collapse
Can you test this twrp build for me?
https://forum.xda-developers.com/xp...recovery-twrp-3-2-2-0-touch-recovery-t3821597

Moto X4 Bricked - no fastboot - USB 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL

Hi,
i have a pretty bricked Moto X4 - I unlocked the bootloader and bootet twrp via
"fastboot boot twrp-3.2.3-1-payton.img"
I wiped and installed lineage-15.1-20190206-nightly-payton-signed.zip via sideload.
After rebooting the machine is dead. No screen. No fastboot. Power + up or down do not lead to anything.
I can get it to a stage where it shows up on the USB bus as:
Bus 002 Device 119: ID 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL mode)
But no adb or fastboot and screen is pitch black.
And chance of reanimating this device?
Flo

Short answer, yes; you should be 'fine'.
I don't have the time at the moment to get you any details nor do I know of what side effects there are after fixing this.

dougo007 said:
Short answer, yes; you should be 'fine'.
I don't have the time at the moment to get you any details nor do I know of what side effects there are after fixing this.
Click to expand...
Click to collapse
I got my way after opening 150 Tabs ob various sites a bit further.
I can get back to fastboot and flash a new bootloader.
But whenever i go back to flashing lineageos -> BOOM. Back to black screen
Here is currently my procedure:
Code:
blankflash/qboot blank-flash blankflash/singleimage.bin
fastboot flash partition PAYTON_FI_OPWS28.46-21-12_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml/gpt.bin
fastboot flash bootloader PAYTON_FI_OPWS28.46-21-12_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml/bootloader.img
fastboot reload-bootloader
fastboot boot twrp-3.2.3-1-payton.img
-> format data
-> wipe system
adb sideload lineage-15.1-20190206-nightly-payton-signed.zip
-> reboot recovery
-> Black screen
My guess is that i am missing something important. After flashing my HTC 10 for 100s of times without any hassle i am puzzled.
Flo

flohoff said:
I got my way after opening 150 Tabs ob various sites a bit further.
I can get back to fastboot and flash a new bootloader.
But whenever i go back to flashing lineageos -> BOOM. Back to black screen
Here is currently my procedure:
Code:
blankflash/qboot blank-flash blankflash/singleimage.bin
fastboot flash partition PAYTON_FI_OPWS28.46-21-12_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml/gpt.bin
fastboot flash bootloader PAYTON_FI_OPWS28.46-21-12_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml/bootloader.img
fastboot reload-bootloader
fastboot boot twrp-3.2.3-1-payton.img
-> format data
-> wipe system
adb sideload lineage-15.1-20190206-nightly-payton-signed.zip
-> reboot recovery
-> Black screen
My guess is that i am missing something important. After flashing my HTC 10 for 100s of times without any hassle i am puzzled.
Flo
Click to expand...
Click to collapse
You need to flash the lineage zip with twrp. You can't sideload. Just remember it installs to the opposite slot.
Read this thread https://forum.xda-developers.com/moto-x4/development/rom-lineage-os-15-1-t3802265

ptn107 said:
You need to flash the lineage zip with twrp. You can't sideload. Just remember it installs to the opposite slot.
Read this thread https://forum.xda-developers.com/moto-x4/development/rom-lineage-os-15-1-t3802265
Click to expand...
Click to collapse
I know i have 2 system partitions - But after flashing Lineage with or without TWRP the bootloader is gone - I cant power on with power up/down and get to the bootloaders fastboot menu. And from my understanding the bootloader is not part of the A/B partitioning - right?
So i am puzzled on what is going on. Flashing LineageOS from TWRP breaks something on the phone letting the Bootloader fail and go back to the QDL safe mode.
Flo

flohoff said:
I know i have 2 system partitions - But after flashing Lineage with or without TWRP the bootloader is gone - I cant power on with power up/down and get to the bootloaders fastboot menu. And from my understanding the bootloader is not part of the A/B partitioning - right?
So i am puzzled on what is going on. Flashing LineageOS from TWRP breaks something on the phone letting the Bootloader fail and go back to the QDL safe mode.
Click to expand...
Click to collapse
Okay - got a bit further - Side B never had a bootloader - Stock did never do a software update so side B never had been flashed. Now it does not fall back to QDL mode anymore. Still lineageos does not boot.
So i guess i fail some partition content from Stock ROM in the B side.
Flo

I'm glad you're fining your way.
I would suggest a complete flash of stock based on your variant ex. XT1900-1.
Make sure your phone is still good and start from step one.
Then make sure you use the copy partitions zip; I think is what was screwing up someone before.
Either it was that or they tried to flash multiple things at the same time (magisk, google, TWRP).

dougo007 said:
I'm glad you're fining your way.
I would suggest a complete flash of stock based on your variant ex. XT1900-1.
Click to expand...
Click to collapse
I am having a hard time identifying which of the STOCK images belong to which Moto X4 variant.
For me its a XT1900-7 - And i have a page listing hundrets of variants of images but i fail to identify anything common.
I tried looking for strings in the image binaries and failed.
Am am booting to LineageOS now after flashing side B with stuff i found - i am not shure whether it fits my Phone model.
Flo

Based on this:
https://forum.xda-developers.com/showpost.php?p=76816113&postcount=92
It appears that the XT1900-1 firmware runs on a XT1900-7 device, but I'm not 100% about LTE coverage (US vs EU)
---------- Post added at 08:04 PM ---------- Previous post was at 07:51 PM ----------
Here is the best 'visual' as too see how many partitions are used.
https://www.xda-developers.com/how-...ess-updates-affect-custom-development-on-xda/
There are two copies of everything but there is no dedicated recovery or cache partition anymore in an A/B treble system.
Based on your question of the boot loader, I'm not sure you used the copy partitions zip (although I'm not 100% what it does but I assume it means all of the content in A is copied to B).
If something doesn't seem to be running properly, I'd suggest flashing the firmware from here:
https://forum.xda-developers.com/showpost.php?p=77490529&postcount=2
Use the one listed last and run this in bootloader.

@flohoff, I had the same problem when I tried to install LineageOS 15.1 without copying partitions (A→B ) first. It's frustrating that the LineageOS install instructions don't mention this step.
After using BlankFlash to unbrick it, and reading the LineageOS 15.1 install instructions here on XDA, and copying the partitions, I soon succeeded. Have you managed to get past this as well?

Op3t bricked

HI there,
a few days ago I wanted to clean flash on my OP3T Havoc OS beta (the one based on Android 11) over the current stable Havoc OS based on Android 10. I ended up making a huge mistake wiping everything including system partition and data partition including Downloads and Personal Files. So now all I have left is a functioning TWRP recovery, an unlocked bootloader; the device is encrypted but has no OS on it! I don't have a backup. My main problem is I can't fastboot or adb the device - not on the black screen I get after the oneplus symbol during boot - and not in TWRP or Bootloader mode because the telephone is not recognized in device manager on my win 10 machine, same on another linux machine, the device is not recognized by adb or fastboot. Next thing I want to try is usb stick OTG and go from there.
Anyway, thanks for reading. Do you guys have any suggestions?

realtobman said:
...So now all I have left is a functioning TWRP recovery, an unlocked bootloader; the device is encrypted but has no OS on it! I don't have a backup. My main problem is I can't fastboot or adb the device - not on the black screen I get after the oneplus symbol during boot
...
Next thing I want to try is usb stick OTG and go from there.
Anyway, thanks for reading. Do you guys have any suggestions?
Click to expand...
Click to collapse
Using OTG is the way I'd go also if the phone isn't recognised by the PC.
You said your phone has an unlocked bootloader and that you get a black screen when the phone boots.
With an unlocked bootloader you should be getting the warning screen (see picture) which disappears after 5 seconds. And you should be able to select fastboot or recovery, etc by pressing the volume button.
Sent from my OnePlus 3T using XDA Labs

realtobman said:
HI there,
a few days ago I wanted to clean flash on my OP3T Havoc OS beta (the one based on Android 11) over the current stable Havoc OS based on Android 10. I ended up making a huge mistake wiping everything including system partition and data partition including Downloads and Personal Files. So now all I have left is a functioning TWRP recovery, an unlocked bootloader; the device is encrypted but has no OS on it! I don't have a backup. My main problem is I can't fastboot or adb the device - not on the black screen I get after the oneplus symbol during boot - and not in TWRP or Bootloader mode because the telephone is not recognized in device manager on my win 10 machine, same on another linux machine, the device is not recognized by adb or fastboot. Next thing I want to try is usb stick OTG and go from there.
Anyway, thanks for reading. Do you guys have any suggestions?
Click to expand...
Click to collapse
I'm having the same problem, did you manage to fix it?

My suggestion is that you purchase an OTG (bout $10++) then place any ROM inside. After that, flash it on your phone through TWRP. If that doesn't work and somehow your partitions are all messed up, there's always the unbrick method here: https://forum.xda-developers.com/t/op3t-latest-9-0-6-collection-of-unbrick-tools.3896765/

realtobman said:
HI there,
a few days ago I wanted to clean flash on my OP3T Havoc OS beta (the one based on Android 11) over the current stable Havoc OS based on Android 10. I ended up making a huge mistake wiping everything including system partition and data partition including Downloads and Personal Files. So now all I have left is a functioning TWRP recovery, an unlocked bootloader; the device is encrypted but has no OS on it! I don't have a backup. My main problem is I can't fastboot or adb the device - not on the black screen I get after the oneplus symbol during boot - and not in TWRP or Bootloader mode because the telephone is not recognized in device manager on my win 10 machine, same on another linux machine, the device is not recognized by adb or fastboot. Next thing I want to try is usb stick OTG and go from there.
Anyway, thanks for reading. Do you guys have any suggestions?
Click to expand...
Click to collapse
get a sd card please

Phone to phone flash copy -> hard brick. What went wrong?

Hi all,
It looks like questions about bricking tend not to get replies...
hard brick
So I tried to relock my BL and restore it to the stock so I could send my phone to the lab for a broken screen replacement. I flashed stock OS, it worked great, messed around with locking the BL with the flashtool, and all I left was restoring my...
forum.xda-developers.com
Hard bricked z3c?
Hi All, I think i have hard bricked my sony xperia z3 compact (d5803). My z3c had unlocked bootloader, was rooted and run on [ROM][5.1.1|STOCK][D5803|D5833] 23.4.A.1.264 SLiM 4.4, with twrp 2.8.7.0 as bootloader. Was doing a factory reset when...
forum.xda-developers.com
... but hey, it's just a post.
I copied the internal memory contents from one of my Z3Cs to another one and now the one that was overwritten does seems bricked.
The copy was done with basically:
Code:
new # dd if=/dev/block/mmcblk0 of=/external_sd/mmcblk0_new.dd
# backup
old # dd if=/dev/block/mmcblk0 of=/external_sd/mmcblk0_old.dd
# copy new:/external_sd/mmcblk0_new.dd to old:/external_sd/mmcblk0_new.dd
# overwrite
old # dd if=/external_sd/mmcblk0_new.dd of=/dev/block/mmcblk0
Power, Power + volume up or down, and camera buttons do nothing. If the phone is plugged in to charge off USB, the notification light slowly blinks red (it is in a pre-boot loop). If I hold the power button while it's plugged in, the notification light is solid red. Holding down other buttons doesn't change the behavior. I tried unplugging the battery and plugging it back in, but it made no difference. Plugging the phone into a PC doesn't show a USB device.
Why didn't it work? And, I guess, is it totally unrecoverable?

Download an older version of flashtool (0.9.18.6) because I couldn't get the newer versions to work and I flashed a stock kitkat rom: http://forum.xda-developers.com/z3-compact/general/list-stock-firmwares-d5803-d5833-t2906706 (Specifically the "23.0.A.2.93 - Unbranded - USA (1289-7524)" version - make sure you get the right version for your model). With this process, you don't need to turn your phone on. Just make sure you know how to use flashtool correctly.

Kenora_I said:
Download an older version of flashtool (0.9.18.6) because I couldn't get the newer versions to work and I flashed a stock kitkat rom: http://forum.xda-developers.com/z3-compact/general/list-stock-firmwares-d5803-d5833-t2906706 (Specifically the "23.0.A.2.93 - Unbranded - USA (1289-7524)" version - make sure you get the right version for your model). With this process, you don't need to turn your phone on. Just make sure you know how to use flashtool correctly.
Click to expand...
Click to collapse
Thanks, but flashtool requires a functioning USB interface on the phone, right?
Is there maybe some trick I haven't tried yet with the buttons that would make the phone present a USB interface to the host PC?
I'm on Linux using dmesg --follow so I'm certain that the host is not seeing a USB device appear. Nothing happens even if I hold the power button to get the solid red light behavior, but maybe I'm doing something out of order.

Have you installed the drivers for the phone?

you can't flash TA from one phone to another, if you saved it. might explain why

@ascendant512 Yes, what you did was foolish, and is totally unrecoverable (at least as far as anyone outside of Sony knows). The main flash chip itself that you entirely cloned bit-for-bit from one phone to another contains a bunch of data on it that is specific to that particular phone itself (not specific to just that model of phone, but specific to that unique, individual unit).
We don't 100% know exactly how it works, but that data is ciphered and is somehow tied to a serial# or IMEI# or something else that exists outside of the contents of main flash (probably somehow being used as the encryption key, or at least part of the key). If the two don't match up (the ciphered data stored on main flash and whatever it is being checked against outside of main flash), that data is indecipherable, the phone will not boot, and you are left with a brick. (The bootloader chain-of-trust is broken and it won't even kick over to a recovery mode.)
If you had instead cloned individual partitions (e.g., boot/kernel, system, userdata, etc.) rather than the entire flash chip, this could have been avoided. The specific partition that you cloned which ended up killing your target phone was the 'TA' partition. This is the one that has all of the critical, phone-specific data in it. If you overwrite/scramble/trash the contents of that partition (which would include taking a copy of TA from one phone and writing that copy to another phone of the same model), your phone is done for. We lack the knowledge or tools to re-generate the contents of that partition, and even if we didn't, you would likely need to de-solder the flash chip from the mainboard to write the corrected TA partition contents back to it.

@nira
I don't think it was that foolish since Google suggested that it does work for many Android phones, but thanks for the info about TA. It's much more helpful and informative than responding to "no dmesg" with "USB drivers"
I was trying to do this because the GPS doesn't work on one of the phones. I tried to clean the contacts of the antennae, but it made no difference, only ever picks up 0-3 satellites. Looks like I'm stuck buying a third Z3C to have working GPS.

ascendant512 said:
I don't think it was that foolish since Google suggested that it does work for many Android phones, but thanks for the info about TA. It's much more helpful and informative than responding to "no dmesg" with "USB drivers"
I was trying to do this because the GPS doesn't work on one of the phones. I tried to clean the contacts of the antennae, but it made no difference, only ever picks up 0-3 satellites. Looks like I'm stuck buying a third Z3C to have working GPS.
Click to expand...
Click to collapse
TA is a Sony "innovation" that you won't really find on other Android handsets (at least by that particular name).
Given how diverse the Android manufacturing ecosystem is, it's very tricky to extrapolate to a bunch of models (or even vendors) what might be true for a few, and thus, I would by nature be very hesitant to ever do a full-clone of seemingly-identical devices until I had first read up on and understood all of the intricacies of the *specific* model I was working with, because you never know what is easily undo-able and what isn't.
If you compare partition tables between different models of handsets, about the only commonalities when it comes to Android fixed-storage partition structure is 'boot', 'system', 'cache', and '[user]data'. There are typically tons of other various vendor-specific partitions storing who-knows-what data often with who-knows-what filesystems that (as your unfortunate particular story bears out) can be vital to the operation of the device as a whole. (It does seem foolhardy to me that manufacturers would choose to store those bits on the same storage medium as the rest of the system and user data, rather than in a separate ROM chip, but this is aggravatingly common in the world of embedded systems, probably as a cost-cutting measure...)
I *am* sorry for your loss, though...

So I've gone on adventure trying to prepare a new Z3C with working GPS and the adventure seems to have ended in failure.
I can describe some of the journey, and maybe there is advice on what bricked the phone or possibly a way to unbrick it as it is not in as poor condition as the previous one.
The phone arrived new in box with the Sony holographic stickers; I immediately followed the bootloader unlock procedure without any hiccups (to the best of my memory, it arrived with firmware 23.5.A.1.291).
The first failure was getting the phone to boot TWRP. For my previous z3c, this was the TWRP I used.
However, booting it with fastboot boot twrp-3.3.1-0.4-z3c.img
returns the error:
Code:
Booting FAILED (remote: 'dtb not found')
fastboot: error: Command failed
The device forums are sparse on this error, what it means, or how to fix it, but I'm used to TWRP being incredibly flaky. I did find that there is a combination of requirements from a kernel somewhere on the device which boots recovery requiring LZMA support, as it is the compression method for newer TWRPs.
The TWRP 3.2 from that post, as well as older TWRPs such as 3.1.1 were usable to boot, and led to the new phone's very brief peak operating state, in which I was able to flash and boot an old CarbonROM 5.1/Android 7 zip. However, TWRP 3.2 predates the phone's renaming from aries to z3c, and that version of TWRP would not flash the latest CarbonROM and Android 10.
From here, things only went downhill. Retrieving images from my Z3C which currently runs current CarbonROM, I overwrite the boot, FOTAKernel and userdata partitions from the old phone using a process like this:
Bash:
losetup --find --partscan --verbose backup.dd
dd if=/dev/loop0p14 of=backup_boot_14.dd
dd if=backup_boot_14.dd of=/dev/block/mmcblk0p14
Where backup.dd is a copy of mmcblk0 on the working phone and partition 14 is the one labeled "boot" in the GPT (16 is FOTAKernel and userdata is 25). The phone has never successfully booted into anything since, and these are some of the things I've tried to do to fix it:
Using Xperifirm 5.6.1 I downloaded firmware 3.5.A.1.291-R5D for US
Using flashtool 0.9.33.0 I assembled a ftf using the components "fotakernel.sin, kernel.sin and system.sin"
After flashing this group to the phone, it would boot loop the stock firmware (boot animation, freeze, reboot, do "optimizing apps", repeat). The stock firmware would also recognize my encrypted userdata and prompt to decrypt it until I used fastboot to clear the userdata partition.
That's the last time that flashtool worked, though. I later learned that there are preassembled ftfs that can be found, and got the one from this post:
[List][FTF] Stock Firmwares + Concept (18/10/2016)
Please, don't be lazy! If you've never flashed a "z3 compact" before, please read carefully all the warnings and the instructions for beginners. Before any question, read all the FAQs. Any suggestion is welcome! :) WARNINGS This process will...
forum.xda-developers.com
Whenever flashing anything to anywhere using flashtool, it spits out these errors:
flashsystem.X10FlashException: ERR_SEVERITY="MINOR";ERR_CODE="0017";ERR_DYNAMIC="80080021";
I haven't found anything anywhere that explains what these mean, or how to solve them.
I've tried checking and unchecking the various boxes in flashtool's flash mode that cause it to skip steps in the flashing process like so:
Flash the D5803_23.5.A.1.291_Customised_Nordic with default settings
When the first step fails out, restart the flash process
Uncheck the box for that step and let it start. It errors out on the next step
Repeat until only system is left that failed.
However, this does not seem to have accomplished anything productive. I also tried
fastboot flash:raw boot backup_boot_14.dd
and
fastboot flash boot boot.img (from CarbonROM's zip)
As well as the above with recovery and FOTAKernel from various TWRPs.
The phone isn't hard bricked, it boots into fastboot mode with vol+ and flash recovery mode with vol-. fastboot boot twrp.img has a few different behaviors depending on the TWRP version:
Nailyk's twrp_z3c_2019-03-13 from
https://www.reddit.com/r/LineageOS/comments/edwnzf
will boot to a black screen. No adb available.
The previously successful TWRP 3.2.3-0 without LZMA compression from NeoArian boots to a SONY logo notably without the Xperia logo on the bottom.
Newer versions of TWRP (3.3+) or lineage-18.1-20210914-recovery-z3c continue to fail with the "dtb not found" error.
It seems almost certain that the path to a working phone will be through flashing it back to stock using flashtool, but I don't see a way to make flashtool work or what is causing the errors.