Related
@MikeChannon removed OP. please close
what? lol
hi ionioni,
many thanks for your tool. I could successfully create a signed bios file. During the flashing process, i believe, it shows no errors. But after a automatically reboot just the teclast logo appears.
I did a "RESTORE DEFAULT" and "SAVE AND RESET" but when i try to flash android with the mirek tool, it shows the same error message (get_path:344...) .
Do you have any suggestions what i can try to restore a working state?
Thank you.
the_dude_84 said:
During the flashing process, i believe, it shows no errors. But after a automatically reboot just the teclast logo appears
Click to expand...
Click to collapse
at the end of the bios flashing, before the reboot, did you received a "RESTORE COMPLETED! Rebooting the tab to load new BIOS!" message? if not, what messages you got when flashing? what are the steps you are doing? more details ... this tool job is to write a (user provided) bios file, not fixing specific stuff (other) on your tab
later edit: the error 'get_path:344' is normal to be shown. the x98 bootloader (efilinux file) will at first try to get a handle for the device (disk) it was started from, but when it is run directly from the bios, ie dnx mode (normally it loads/executes from his EFI partition on mmc) the call returns no handle (as it should) and this is causing the message. is a normal message if starting from dnx, what is not normal, is if after that the bootloader won't be able to load and execute the kernel from the passed boot image.
the tablet just restarts without such a message you named. I used my prevously saves bios with your tool and flash it. What steps i can do to convince the tablet to start the kernel?
Did you repair the saved BIOS before flash by this new tool?
You have to change from FE FE at 400Dh and 400Eh address to FF FF with a hex editor!
updated OP with v2 of the tool as it seems these x98 tabs are not having the most conforming EFI firmware in the bios (it 'forgets' the consistent mapped device so i hard-coded it in the tool, it would have map to the same path anyways as it is a consistent /virtual/ disk that is used as environment during the flashing, so this 'patch' just helps the non-conforming devices /such as x98 so far/ not limits)
blackbile said:
Did you repair the saved BIOS before flash by this new tool?
You have to change from FE FE at 400Dh and 400Eh address to FF FF with a hex editor!
Click to expand...
Click to collapse
do you know what those two bytes are about? can anyone say that he bricked his tab by flashing a FE FE bios? (i have flashed my bios back dozen times so far on my Lenovo and did not knew about this until read someplace on these posts so i checked my backup bios file and sure thing it did have the FE FE inside at that offset... i guess is something wrong with my tab since it did not bricked )
joke aside, i cannot say whether this IS or IS NOT true, but what i can say is that there were two users i assisted in flashing back their bios backup (on x98 models) and both had FE FE at that offset and they did NOT BRICKED ( @florent.m was on ant the other don't recall)... i wish i knew more about WHY this needs to be done, not just YOU MUST instructions... what i know is that area belongs to the nvram of TXE region (is the EFFSOSID partition of it) but since Intel takes care that no one has access to TXE related info i sure would be interested in someone saying what those two bytes are accounted for (and more of course)...
again someone who has a flash programmer can check easily and safely (i have but as i said i cannot hard-brick it )
I'm still not able to flash. I get this error message upon running fastboot boot image_name.img
Code:
INVALID size (7586586 bytes) for pushed package! This tool will only accept a (md5) BIOS file for input. You MUST run md5add.exe on your BIOS file and push the file it produces.
ABORTING
I did run md5add on the img and I did run fastboot boot on the image it produced (16 bytes larger than the original). What am I doing wrong?
BTW, by pushing does it mean that I have to run anything else besides those 2 commands on fastboot?
andrepd said:
I'm still not able to flash. I get this error message upon running fastboot boot image_name.img
Code:
INVALID size (7586586 bytes) for pushed package! This tool will only accept a (md5) BIOS file for input. You MUST run md5add.exe on your BIOS file and push the file it produces.
ABORTING
I did run md5add on the img and I did run fastboot boot on the image it produced (16 bytes larger than the original). What am I doing wrong?
BTW, by pushing does it mean that I have to run anything else besides those 2 commands on fastboot?
Click to expand...
Click to collapse
read the op again !!! and do exactly the steps detailed there!!! you need to use YOUR signed bios file generated with md5add ... instead you are WRONGLY!!! using some boot image file (luckily for you there is a size check too, otherwise you would have been flashing a kernel on your bios chip, oh boy...)
again:
the first instruction pushes the bios efi flasher tool
the second one pushes YOUR bios (signed) file that you want to flash on your bios chip. to make sure that the bios file that is wrote by the tool is not altered during the transfer i added the extra md5 signing step, so before it will start the effective flashing the efi tool will check the bios file received against the md5 signature appended (this step is normally not needed, but on some PC could be that the usb transfer misbehaves)
Thanks a lot for your efforts and help!!!
ionioni said:
read the op again !!! and do exactly the steps detailed there!!! you need to use YOUR signed bios file generated with md5add ... instead you are WRONGLY!!! using some boot image file (luckily for you there is a size check too, otherwise you would have been flashing a kernel on your bios chip, oh boy...)
again:
the first instruction pushes the bios efi flasher tool
the second one pushes YOUR bios (signed) file that you want to flash on your bios chip. to make sure that the bios file that is wrote by the tool is not altered during the transfer i added the extra md5 signing step, so before it will start the effective flashing the efi tool will check the bios file received against the md5 signature appended (this step is normally not needed, but on some PC could be that the usb transfer misbehaves)
Click to expand...
Click to collapse
But the image I'm flashing isn't even 7586586 bytes... I'm flashing with this tool as per this post http://forum.xda-developers.com/showpost.php?p=64854157&postcount=26 (img in the OP of that thread)
Sorry I'm a bit confused... Is that boot image the wrong one to flash then?
Thank you very much!
I think it worked and is waiting for input or is even done already, but I'm quite cautious now, so I don't want to press anything yet
It says:
FPT operation passed
_
Click to expand...
Click to collapse
In the flash.bat from another tool (TTT-Update the BIOS on your X98 Air II/3G to the latest dual boot version) it should write that status to a log file and continue with either flash passed or failed, but apparently it doesn't continue automatically in my case.
Hope anyone knows if it is safe to do anything. I've pressed the power button shortly as a confirmation command, but that doesn't do anything.
andrepd said:
But the image I'm flashing isn't even 7586586 bytes... I'm flashing with this tool as per this post http://forum.xda-developers.com/showpost.php?p=64854157&postcount=26 (img in the OP of that thread)
Sorry I'm a bit confused... Is that boot image the wrong one to flash then?
Click to expand...
Click to collapse
This is a DIFFERENT tool! that one you are refering to already has a BIOS file in it...
This one flashes a bios file YOU MUST provide!
Bolsnerk said:
Thank you very much!
I think it worked and is waiting for input or is even done already, but I'm quite cautious now, so I don't want to press anything yet
It says:
In the flash.bat from another tool (TTT-Update the BIOS on your X98 Air II/3G to the latest dual boot version) it should write that status to a log file and continue with either flash passed or failed, but apparently it doesn't continue automatically in my case.
Hope anyone knows if it is safe to do anything. I've pressed the power button shortly as a confirmation command, but that doesn't do anything.
Click to expand...
Click to collapse
As said on some x98 devices (having a specific bios?) it seems that after the bios is flashed 100% it hangs... not so much you can do but force a power off/reboot ... you should be fine
ionioni said:
This is a DIFFERENT tool! that one you are refering to already has a BIOS file in it...
This one flashes a bios file YOU MUST provide!
Click to expand...
Click to collapse
Okay, I got it working, phew, I was being a total noob and confusing everything. I took the dual boot BIOS, added the md5 hash with the tool you provided and flashed it with your tool. Everything went well. Thank you for your work and sorry for being a total moron
andrepd said:
Okay, I got it working, phew, I was being a total noob and confusing everything. I took the dual boot BIOS, added the md5 hash with the tool you provided and flashed it with your tool. Everything went well. Thank you for your work and sorry for being a total moron
Click to expand...
Click to collapse
Excellent!
ionioni said:
do you know what those two bytes are about? can anyone say that he bricked his tab by flashing a FE FE bios? (i have flashed my bios back dozen times so far on my Lenovo and did not knew about this until read someplace on these posts so i checked my backup bios file and sure thing it did have the FE FE inside at that offset... i guess is something wrong with my tab since it did not bricked )
joke aside, i cannot say whether this IS or IS NOT true, but what i can say is that there were two users i assisted in flashing back their bios backup (on x98 models) and both had FE FE at that offset and they did NOT BRICKED ( @florent.m was on ant the other don't recall)... i wish i knew more about WHY this needs to be done, not just YOU MUST instructions... what i know is that area belongs to the nvram of TXE region (is the EFFSOSID partition of it) but since Intel takes care that no one has access to TXE related info i sure would be interested in someone saying what those two bytes are accounted for (and more of course)...
again someone who has a flash programmer can check easily and safely (i have but as i said i cannot hard-brick it )
Click to expand...
Click to collapse
IonIoni,
All,
1st - thanks again for your tool, it saved my tablet (teclast C5J8)
2nd - yes the boot file I provided to Ionioni was untouched, a direct copy of the bios as dumped by mirek backup tool, and up to now, everything is working fine, either on android, or on Windows 10.
and when I say everything fine......I want to say as before..........the GPS is still not working (((((((
thanks a lot,
Cheers,
Florent
Holy moley, the last 24 hours have been intense, that is how old my x98 air iii is, and I have read over a thousand pages here on XDA in that time, i've also managed to soft brick it trying to flash a dual boot bios as per Techknights/Techtablets guides, not sure why or where exactly things went bad, now i'm stuck in a boot loop, red Chinese symbols with a tiny arrow beside it, but reading this gives me some hope, no idea how to follow the simple instructions above when you say..
" IMPORTANT: run the md5add tool on your bios file md5add.exe your_bios_file your_signed_bios_file. "
tried a few things and got nowhere, I tried to open the bios file that you said to place in the same folder as the other two files, with the md5add tool and a small window flashed on screen for a millisecond then disappeared, that's all no file was produced lol
Also not sure what this part means too..
"start in dnx mode and input:
fastboot flash osloader bios_flasher.efi.."
I can get into dnx mode ok but thats all how do I input anything?
My head is fried but I will stay up and try again, it's 5am (Ireland)
Am I missing an elephant in the room? like some other software the everyone else has already installed except noobs like me?
pilot error said:
Holy moley, the last 24 hours have been intense, that is how old my x98 air iii is, and I have read over a thousand pages here on XDA in that time, i've also managed to soft brick it trying to flash a dual boot bios as per Techknights/Techtablets guides, not sure why or where exactly things went bad, now i'm stuck in a boot loop, red Chinese symbols with a tiny arrow beside it, but reading this gives me some hope, no idea how to follow the simple instructions above when you say..
" IMPORTANT: run the md5add tool on your bios file md5add.exe your_bios_file your_signed_bios_file. "
tried a few things and got nowhere, I tried to open the bios file that you said to place in the same folder as the other two files, with the md5add tool and a small window flashed on screen for a millisecond then disappeared, that's all no file was produced lol
Also not sure what this part means too..
"start in dnx mode and input:
fastboot flash osloader bios_flasher.efi.."
I can get into dnx mode ok but thats all how do I input anything?
My head is fried but I will stay up and try again, it's 5am (Ireland)
Am I missing an elephant in the room? like some other software the everyone else has already installed except noobs like me?
Click to expand...
Click to collapse
i wonder how could the instructions in this op be more simple...
you must:
1. find a BIOS file for you model, make sure it is the CORRECT one or you might hard-brick when you flash it
2. sign the file using the md5add tool, this will create a new file, the signed bios file
3. start in dnx mode and load the efi bios flasher tool and then you bios signed file (the steps are in the op)
ionioni said:
i wonder how could the instructions in this op be more simple...
you must:
1. find a BIOS file for you model, make sure it is the CORRECT one or you might hard-brick when you flash it
2. sign the file using the md5add tool, this will create a new file, the signed bios file
3. start in dnx mode and load the efi bios flasher tool and then you bios signed file (the steps are in the op)
Click to expand...
Click to collapse
You know what ionioni, they may be simple to you, but this is my FIRST android tab, its only two days old and it's soft bricked on the very first try at bios flashing from following equally simple instructions from techtablets, flashing new bios from within android using update ifwi.apk, I did exactly that chose the 2.02 dual boot bios that everyone else used, copied it to internal storage and pressed the button.
That is all I did to ruin this tablet lol
What techtablets did NOT mention is he was already rooted on mirek190 v6, that is why my tab is softbricked, not because I chose the wrong files.
No idea how to do this step.. "sign the file using the md5add tool", when i search about it, the only results are back in here?
Can you point me in the right direction to learn about md5add?
Thnk you..
pilot error said:
You know what ionioni, they may be simple to you, but this is my FIRST android tab, its only two days old and it's soft bricked on the very first try at bios flashing from following equally simple instructions from techtablets, flashing new bios from within android using update ifwi.apk, I did exactly that chose the 2.02 dual boot bios that everyone else used, copied it to internal storage and pressed the button.
That is all I did to ruin this tablet lol
What techtablets did NOT mention is he was already rooted on mirek190 v6, that is why my tab is softbricked, not because I chose the wrong files.
No idea how to do this step.. "sign the file using the md5add tool", when i search about it, the only results are back in here?
Can you point me in the right direction to learn about md5add?
Thnk you..
Click to expand...
Click to collapse
i give you the tools and the how-to use them...
again, you need to do this:
1. FIND a bios file for your tab model, ask around and some other owner can point you at it, but take care as this is the file that will be programmed in your tablet so if it is not good you will HARD-BRICK (ask ten times before using it once)
2. after you have found the file, use the md5add tool to sign, if for eg the file is named some_bios_file.bin you can input at a command prompt:
md5add.exe some_bios_file.bin signed_bios.bin (the signed_bios.bin file will be generated)
3. start your tab in dnx mode and input:
fastboot flash osloader bios_flasher.efi
fastboot boot signed_bios.bin and this will start the flashing process... messages will be shown on your tab screen while progressing...
the md5add.exe and bios_flasher.efi files can be found in the attachment to the first post (op)
the bios file is your responsibility to find
when done if the bios file you used is correct you should be able to use again the tab (ie no more bootloop)
i must repeat: be careful what bios file you use, if it's a wrong one you can HARD-BRICK! ask around for that...
UPDATE 09/20/2016 - Root is now available for the SM-T285 (custom ROM and SM-T280 to follow) see post for details (http://forum.xda-developers.com/showpost.php?p=68777842&postcount=27)
After some work I've managed to debloat my Galaxy Tab A(6) 7.0 LTE (SM-T285/T280). We all know that with a locked bootloader we
can at least do customizations with the system partition:
Here is a simple guide with hopes that more people with the device can continue to allow for more ROM customizations:
Tools/Requirements:
================
- Ubuntu as my OS
- make sure you have adb installed and running (See the android developers guide on how to do this)
- Heimdall 1.4.1
- A copy of the stock firmware zip from samsung for your device
- 7zip to be able to unzip the firmware from above
- Android AOSP fsutils simg2img and make_ext4fs (Attached) (note that your make_ext4fs needs to be patched to be able to generate samsung patches easily see gist) for some reason samsung chose to use a slightly different sparse file layout for this device. Using the stock make_ext4fs to generate an image will cause heimdall ( ad Odin) to stop data uploads after the first packet stream.
Or if you still want to use stock make_ext4fs you can try using Chainfire's sgs4ext4fs and run this after you generate your system.img, I haven't tried this route personally myself.
Step By Step (Part 1 - Mount stock system.img for modification)
==========
1. Create a folder to do your work like samsing_kitchen for example. Place your
stock firmware package there
Code:
mkdir samsung_kitchen
cd samsung_kitchen
2. Extract your stock firmware's system.img using 7zip
Code:
7z x XTC-T285XXU0APCN-20160421170750.zip
7z x T285XXU0APCN_T285OLB0APC6_T285XXU0APCN_HOME.tar.md5
Should see a couple of image files, one of them is system.img.
3. Create mount point and convert from sparse image to mountable image and then mount it
Code:
mkdir system
simg2img system.img system.img.raw
sudo mount -t ext4 -o loop system.img.raw ./system
The contents of the system image should now be visible inside the system folder you
just created. You can now proceed to modifiying it (e.g. remove apps)
(Part 2 - Repackage image for flashing to device)
=================================================
DISCLAIMER: As always make sure you backup your important files in case
something goes wrong! I will not be responsible for any losses resulting from this
activity. Also this activity may void your warranty.
Prequisites:
- Make sure you have heimdall properly working.
- Make sure you have oem unlock. This should be visible in developer settings
To know if it is enabled/disable FRP protection should be disabled when you go
in Odin mode.
1. pull the file_contexts file from .your device ( or download the attached in this post).
Code:
adb pull file_contexts
on a connected device in developer mode. You will need this file so that the permissions are properly set when building the image
2. Exit from system back to your working folder (e.g. samsing_kitchen ) and run
the following:
Code:
sudo make_ext4fs -s -l 2147483648 -S file_contexts -a system new_system.img ./system
This should create a flashable image called new_system.img
3. Restart your SM-T285 into Odin Mode (Power-off, then hold home vol-down + power until Odin Mode shows up)
4. Flash using Heimdall
Code:
heimdall flash --SYSTEM new_system.img
Your device should automatically restart after this. If something goes wrong you can always flash the original system image back.
Making an ODIN flashable image
----------------------------------------
To create an image compatible with ODIN (tar.md5) make sure you have a copy of the stock image zip from samsung and extract (using 7zip) its contents to a folder:
An extracted file should look like this:
Code:
boot.img
cache.img
hidden.img
nvitem.bin
recovery.img
SPRDCP.img
SPRDGDSP.img
SPRDLTEDSP.img
SPRDWDSP.img
system.img
replace the stock system.img with the one you created from above:
Code:
cp ../new_system.img system.img
tar and md5 it:
Code:
tar -H ustar -c boot.img cache.img hidden.img recovery.img SPRDCP.img SPRDGDSP.img SPRDLTEDSP.img SPRDWDSP.img system.img >T285_CUSTOM.tar
md5sum -t T285_CUSTOM.tar > T285_CUSTOM.tar
mv T285_CUSTOM.tar T285_CUSTOM.tar.md5
as per ashyx this should also work as well:
Code:
tar -H ustar -c system.img > system.tar
md5sum -t system.tar > sytem.tar
mv system.tar system.tar.md5
Optionally Zip it if you want:
Code:
7z a T285_CUSTOM.zip T285_CUSTOM.tar.md5
This guide should work for the T280 as well, though I can't confirm it since I don't have access to that model.
Petition for samsung to unlock the device:
https://www.change.org/p/samsung-unlock-the-bootloader-for-the-samsung-galaxy-tab-a-7-0-2016?recruiter=286570213&utm_source=petitions_share&utm_medium=copylink
Custom ROM to enable move apps to sd (apps2sd like support):
http://forum.xda-developers.com/android/development/rom-samsung-galaxy-tab-7-0-lte-2016-sm-t3455788
@jedld
Nice guide, just a few things though.
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Regarding the chunk size, Chainfire created sgs4ext4fs to deal with this, it just needs to be run afterwards on the sparse image to patch the headers.
What is the source for the make_ext4fs patch or did you create this patch?
Lastly some people may prefer to use ODIN to flash.
So maybe you could add to the guide that the image can be repacked into a ODIN flashable tar using 7-zip.
By the way the guide will work for the T280 too, so you may want to add that.
Thanks.
ashyx said:
@jedld
Nice guide, just a few things though.
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Regarding the chunk size, Chainfire created sgs4ext4fs to deal with this, it just needs to be run afterwards on the sparse image to patch the headers.
What is the source for the make_ext4fs patch or did you create this patch?
Lastly some people may prefer to use ODIN to flash.
So maybe you could add to the guide that the image can be repacked into a ODIN flashable tar using 7-zip.
By the way the guide will work for the T280 too, so you may want to add that.
Thanks.
Click to expand...
Click to collapse
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Click to expand...
Click to collapse
I remember encountering a boot loop without that, let me check again and I'll update the guide.
What is the source for the make_ext4fs patch or did you create this patch?
Click to expand...
Click to collapse
Just applied the following patch on latest aosp sources:
https://gist.github.com/jedld/4f388496bda03b349f5744f367749a67
There is a magic number used which I can't figure out, the value is different between SM-T285 ROMS coming from different regions.
Nice to hear about sgs4ext4fs though, probably wouldn't be able to know based on the problem I encountered that the tool also applies unless someone pointed it out.
https://www.change.org/p/samsung-unl...edium=copyLink
Petition for unlocked bootloader for samsung, please sign
http://samsung4android.ru/?ipub=422
any thoguth on this?
klemen241 said:
http://samsung4android.ru/?ipub=422
any thoguth on this?
Click to expand...
Click to collapse
ashyx already tried everything. CF-auto root requires an unlocked recovery, the tablet won't even accept a repacked recovery image. Besides the guy in the video wasn't even using a SM-T285, if you look closely the files he used were for the SM-T550.
klemen241 said:
https://www.change.org/p/samsung-unl...edium=copyLink
Petition for unlocked bootloader for samsung, please sign
Click to expand...
Click to collapse
link is broken though, you must have used the auto truncated link, use this instead:
https://www.change.org/p/samsung-un...edium=copylink&recuruit_context=copylink_long
What about those custom roms? As far as i can see we can use modified stock rom. Can we go anywhere with that? And can someone explain how to make external storage bigger with SD?
SM-T285M with locked bootloader - research ...
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
klemen241 said:
What about those custom roms? As far as i can see we can use modified stock rom. Can we go anywhere with that? And can someone explain how to make external storage bigger with SD?
Click to expand...
Click to collapse
There are a number of things we can already do with a custom system.img like debloat, enable universal sd r/w, customizing apps, probably theming and fonts are also possible. Hopefully more people can come up with mods.
Unfortunately we need root/unlocked boot.img to do important things to fix the weakness of this device like changing partition sizes, enable apps2sd support, xposed framework, having customizable cpu performance governors/overclocking etc.
TopTongueBarry said:
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
Click to expand...
Click to collapse
i was wondering the same thing, if ther is any chance of unlocking it on earlier versions.
Also i sent email to samsung support again, maybe they will be sick of us begging and release the lock
klemen241 said:
i was wondering the same thing, if ther is any chance of unlocking it on earlier versions.
Also i sent email to samsung support again, maybe they will be sick of us begging and release the lock
Click to expand...
Click to collapse
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=t285m
---------- Post added at 02:46 AM ---------- Previous post was at 02:36 AM ----------
TopTongueBarry said:
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
Click to expand...
Click to collapse
UPDATE: I was able to get the 3/10 stock factory rom flashed without changing the pit. Replaced the hidden.img file in this rom with a renamed copy of the boot.img from the same rom. Flashing does fail in the very end, but it completes before failing so I simply rebooted immediately into Odin mode again to flash jedid's debloated system.img for the T285. Done this a couple times now and the device comes up just fine. About device and Phone Info Samsung confirm it is running the 3/10 build.
Bad news is the bootloader is locked in this build too. No hope unless someone can do something with the source. See prior post.
is open source same for t280? i have 280 not 285
klemen241 said:
is open source same for t280? i have 280 not 285
Click to expand...
Click to collapse
not sure how having the kernel source would help since we can't even change the kernel on the device which is kinda awkward for samsung. Besides I remember ashyx having compilation issues with spreadtrum kernel sources by samsung and not just for this device.
TopTongueBarry said:
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=t285m
---------- Post added at 02:46 AM ---------- Previous post was at 02:36 AM ----------
UPDATE: I was able to get the 3/10 stock factory rom flashed without changing the pit. Replaced the hidden.img file in this rom with a renamed copy of the boot.img from the same rom. Flashing does fail in the very end, but it completes before failing so I simply rebooted immediately into Odin mode again to flash jedid's debloated system.img for the T285. Done this a couple times now and the device comes up just fine. About device and Phone Info Samsung confirm it is running the 3/10 build.
Bad news is the bootloader is locked in this build too. No hope unless someone can do something with the source. See prior post.
Click to expand...
Click to collapse
I remember flashing an earlier build thinking the same thing and yep the bootloader is still locked. Aside from that I ran kingroot to see if there was anything exploitable... did'nt work. What I haven't tried is to see if superuser is disabled in this kernel though.
jedld said:
After some work I've managed to debloat my Galaxy Tab A(6) 7.0 LTE (SM-T285/T280). We all know that with a locked bootloader we
can at least do customizations with the system partition:
Here is a simple guide with hopes that more people with the device can continue to allow for more ROM customizations:
Tools/Requirements:
================
- Ubuntu as my OS
- make sure you have adb installed and running (See the android developers guide on how to do this)
- Heimdall 1.4.1
- A copy of the stock firmware zip from samsung for your device
- 7zip to be able to unzip the firmware from above
- Android AOSP fsutils simg2img and make_ext4fs (Attached) (note that your make_ext4fs needs to be patched to be able to generate samsung patches easily see gist) for some reason samsung chose to use a slightly different sparse file layout for this device. Using the stock make_ext4fs to generate an image will cause heimdall ( ad Odin) to stop data uploads after the first packet stream.
Or if you still want to use stock make_ext4fs you can try using Chainfire's sgs4ext4fs and run this after you generate your system.img, I haven't tried this route personally myself.
Step By Step (Part 1 - Mount stock system.img for modification)
==========
1. Create a folder to do your work like samsing_kitchen for example. Place your
stock firmware package there
Code:
mkdir samsung_kitchen
cd samsung_kitchen
2. Extract your stock firmware's system.img using 7zip
Code:
7z x XTC-T285XXU0APCN-20160421170750.zip
7z x T285XXU0APCN_T285OLB0APC6_T285XXU0APCN_HOME.tar.md5
Should see a couple of image files, one of them is system.img.
3. Create mount point and convert from sparse image to mountable image and then mount it
Code:
mkdir system
simg2img system.img system.img.raw
sudo mount -t ext4 -o loop system.img.raw ./system
The contents of the system image should now be visible inside the system folder you
just created. You can now proceed to modifiying it (e.g. remove apps)
(Part 2 - Repackage image for flashing to device)
=================================================
DISCLAIMER: As always make sure you backup your important files in case
something goes wrong! I will not be responsible for any losses resulting from this
activity. Also this activity may void your warranty.
Prequisites:
- Make sure you have heimdall properly working.
- Make sure you have oem unlock. This should be visible in developer settings
To know if it is enabled/disable FRP protection should be disabled when you go
in Odin mode.
1. pull the file_contexts file from .your device.
Code:
adb pull file_contexts
on a connected device in developer mode. You will need this file so that the permissions are properly set when building the image
2. Exit from system back to your working folder (e.g. samsing_kitchen ) and run
the following:
Code:
sudo make_ext4fs -s -l 2147483648 -S file_contexts -a system new_system.img ./system
This should create a flashable image called new_system.img
3. Restart your SM-T285 into Odin Mode (Power-off, then hold home vol-down + power until Odin Mode shows up)
4. Flash using Heimdall
Code:
heimdall flash --SYSTEM new_system.img
Your device should automatically restart after this. If something goes wrong you can always flash the original system image back.
Making an ODIN flashable image
----------------------------------------
To create an image compatible with ODIN (tar.md5) make sure you have a copy of the stock image zip from samsung and extract (using 7zip) its contents to a folder:
An extracted file should look like this:
Code:
boot.img
cache.img
hidden.img
nvitem.bin
recovery.img
SPRDCP.img
SPRDGDSP.img
SPRDLTEDSP.img
SPRDWDSP.img
system.img
replace the stock system.img with the one you created from above:
Code:
cp ../new_system.img system.img
tar and md5 it:
Code:
tar -H ustar -c boot.img cache.img hidden.img recovery.img SPRDCP.img SPRDGDSP.img SPRDLTEDSP.img SPRDWDSP.img system.img >T285_CUSTOM.tar
md5sum -t T285_CUSTOM.tar > T285_CUSTOM.tar
mv T285_CUSTOM.tar T285_CUSTOM.tar.md5
Optionally Zip it if you want:
Code:
7z a T285_CUSTOM.zip T285_CUSTOM.tar.md5
This guide should work for the T280 as well, though I can't confirm it since I don't have access to that model.
Click to expand...
Click to collapse
Anyway to do this on a windows machine?????
lohtse said:
Anyway to do this on a windows machine?????
Click to expand...
Click to collapse
Not sure though since you need to be able to mount an ext4 image, make modifications to it and then write it back. Plus the tools required to write the image back properly are only available in linux so I doubt there will be one for windows unless someone puts in effort to make something for it. The best I can do is to make a docker image where you can run it under windows with those tools if anyone is interested.
Just a note regarding the guide, it's not really necessary to add all the other partition images when creating the ODIN flashable tar.
All that is required is:
tar cvf system.tar system.img
jedld said:
Not sure though since you need to be able to mount an ext4 image, make modifications to it and then write it back. Plus the tools required to write the image back properly are only available in linux so I doubt there will be one for windows unless someone puts in effort to make something for it. The best I can do is to make a docker image where you can run it under windows with those tools if anyone is interested.
Click to expand...
Click to collapse
is there no way to create a set of files(zip etc) we windows users could flash using odin? would be a huge help if that could be done! also anyone have a link to a stock rom??
and finally I noticed that the US samsung site has a pdf manual for this tablet that refers to marshmallow!!!!!
http://www.samsung.com/us/business/support/owners/product/SM-T280NZWAXAR
lohtse said:
is there no way to create a set of files(zip etc) we windows users could flash using odin? would be a huge help if that could be done! also anyone have a link to a stock rom??
and finally I noticed that the US samsung site has a pdf manual for this tablet that refers to marshmallow!!!!!
http://www.samsung.com/us/business/support/owners/product/SM-T280NZWAXAR
Click to expand...
Click to collapse
I highly doubt this thing will get mm. [emoji52]
As should be well known, using the current CM14.1 OTA update results in a bootloop into recovery.
I was able to get out of bootloop by zeroing the FOTA and MISC partitions. But, turns out, something in there was important. I can no longer connect to WiFi. (I ran a full reset, wiped system + reinstalled, so I'm fairly certain it was my dumb a** wiping the MISC partition without making a backup first. In fairness, I'd just come home from an 18 hour shift, but I should have known better.)
I'm requesting an image of the misc partition from anyone on here with a working LG G4 H811. The phone can be running any ROM, and prior to flashing was ideally running V20P or V20O (the two stock T-Mo MM builds). The resulting raw image should be 16,777,216 bytes. Compressed as a ZIP, it should be around 31 KB.
Process to generate a image of misc is as follows:
Reboot into TWRP recovery.
Run "adb shell" or open a recovery terminal.
Run "ls /dev/block/platform/*/by-name/misc" to identify the path to your misc partition.
Mine is "/dev/block/platform/f9824900.sdhci/by-name/misc"
Run "dd if=/dev/block/platform/f9824900.sdhci/by-name/misc of=/sdcard/misc.img"
Replace "f9824900.sdhci" if appropriate for your device, using the value found in step 3.
You now have a file misc.img in your storage directory. You can either use "adb pull /sdcard/misc.img" to download it onto your PC, or you can upload it directly using XDA mobile.
If anyone here can follow the above steps and upload the resulting image, I'd be deeply grateful.
Thanks in advance!
aorbiy said:
As should be well known, using the current CM14.1 OTA update results in a bootloop into recovery.
I was able to get out of bootloop by zeroing the FOTA and MISC partitions. But, turns out, something in there was important. I can no longer connect to WiFi. (I ran a full reset, wiped system + reinstalled, so I'm fairly certain it was my dumb a** wiping the MISC partition without making a backup first. In fairness, I'd just come home from an 18 hour shift, but I should have known better.)
I'm requesting an image of the misc partition from anyone on here with a working LG G4 H811. The phone can be running any ROM, and prior to flashing was ideally running V20P or V20O (the two stock T-Mo MM builds). The resulting raw image should be 16,777,216 bytes. Compressed as a ZIP, it should be around 31 KB.
Process to generate a image of misc is as follows:
Reboot into TWRP recovery.
Run "adb shell" or open a recovery terminal.
Run "ls /dev/block/platform/*/by-name/misc" to identify the path to your misc partition.
Mine is "/dev/block/platform/f9824900.sdhci/by-name/misc"
Run "dd if=/dev/block/platform/f9824900.sdhci/by-name/misc of=/sdcard/misc.img"
Replace "f9824900.sdhci" if appropriate for your device, using the value found in step 3.
You now have a file misc.img in your storage directory. You can either use "adb pull /sdcard/misc.img" to download it onto your PC, or you can upload it directly using XDA mobile.
If anyone here can follow the above steps and upload the resulting image, I'd be deeply grateful.
Thanks in advance!
Click to expand...
Click to collapse
you can download it from here
you've been served....
TURBO
And WiFi works. Beautiful.
BTW, I pulled this up in a hex editor, and noticed the lines "recovery --wipe_data".
Do you know if this have any special meaning, like the next OTA I receive (that works) will wipe data? (I don't really care if it will, but could be useful to know.)
Edit: Nevermind, found the answer at http://forum.xda-developers.com/showpost.php?p=54355114&postcount=486
Thanks for the help! Have a beer on me!
aorbiy said:
And WiFi works. Beautiful.
BTW, I pulled this up in a hex editor, and noticed the lines "recovery --wipe_data".
Do you know if this have any special meaning, like the next OTA I receive (that works) will wipe data? (I don't really care if it will, but could be useful to know.)
Edit: Nevermind, found the answer at http://forum.xda-developers.com/showpost.php?p=54355114&postcount=486
Thanks for the help! Have a beer on me!
Click to expand...
Click to collapse
thank you. my pleasure...... please, allow me to be the first to hit thanks on you.....
TURBO
could someone with this model run these and give me the images
dd if=/dev/block/platform/.../.../by-name/nvram of=/sdcard/nvram.img
dd if=/dev/block/platform/.../.../by-name/nvdata of=/sdcard/nvdata.img
suckme69 said:
Admin Note: This is a special Q&A-formatted thread. Please follow this link to view it in your browser: http://xda.tv/post75038379
Click to expand...
Click to collapse
I would, but those are not block partitions that can be pulled like that.
Sent from my Moto E (4) Plus using XDA Labs
i dont know the excact block but my imie wifi baseband and bluetooth do not work ans was told i flashed my nv ram wouldyou know how to repair this?
Those are not block partitions on this device. I think they are only on Mediatek devices and your XT1776 is Qualcomm. You should probably try flashing stock firmware with fastboot or RSDlite. Download the one with owens_sprint_7.1.1 in the title.
i have like 5 times and i get null imei
Try flashing this modem/fsg:
https://www.androidfilehost.com/?fid=962157660013069126
nope did nothing
https://youtu.be/I8V9ud4PGUk
thats how i been flashing because in windows 10 rsd lite dont work
You should thank me later !
Copy and paste.
Click Here ! #Post8
EDIT : i don't have that device anymore. so i can't help you with this. unable to remind the full directory name.
EDIT : Here is the correct path.
---- For MediaTek Variant ----
Nvram :
dd if=/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/nvram of=/sdcard/nvram.img
Nvdata :
dd if=/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/nvdata of=/sdcard/nvdata.img
---- For Qualcomm Variant ----
Nvram :
dd if=/dev/block/bootdevice/by-name/nvram of=/sdcard/nvram.img
Nvdata :
dd if=/dev/block/bootdevice/by-name/nvdata of=/sdcard/nvdata.img
They are not at that path on the Qualcomm variant. I'd post a screenshot if I could here.
drop here you device recovery.fstab data.
how do i get that?
https://github.com/ReimuHakurei/twrp_device_motorola_owens/blob/twrp/twrp.fstab
did anyone figure anything out?
Yes, your phone is probably basically a tablet now. When your problem started, what exactly did you do? Did you flash LineageOS or something without activating the phone on stock firmware first? Did you run any fastboot erase commands like fastboot erase recovery? If so, you should not ever do either of those. The only thing I can say to try, is to remove the sim card, flash stock firmware, boot the phone to the setupwizard and then power it off. Next re-insert the sim card and turn the phone back on. If you don't get it to connect now, or if you didn't activate it already, try calling your carrier customer service and see if they can help you.
In MediaTek, variant IMEI stored in Nvram partition (non-volatile random access memory). whereas in Qualcomm Variant it is stored in raw EFS, modemst1 & modemst2 partition. Probably you lose your device nvdata and it is of no use. Service center guy can fix this by replacing a small chip within the motherboard (in my case its *PCB*). After all this you will get a new imei number.
Hope this helps.
i flashed the files in the order my flash file said i generated the commands by hand because i could not find any on xda for my device
@suckme69 Try this, either with adb with the OS booted or with a terminal emulator on your device, type:
reboot nvbackup
With terminal emulator you'll have to type su then enter for su permissions. Hope this works!
thanks for your guys help but i finally figured it out for some reason my modem image from my sprint stock package i downloaded didn't work or i wrote the sequence wrong.but i decided to flash the partition package for boot on my sprint phone from getoffmylawns forum but it was giving my crashing for my phone ,phone has crashed but i got service!. so i opened up the boost flash package and got the modem image off there. after flashing my stock firmware package threw the boot-loader i then flashed the modem i pulled from the boost partition zip . i was also flashing threw Ubuntu with the rsd lite someone posted because rsd lite doesn't work with windows 10 .and the reason i decided to flash the boost package because well it was the same model phone and the carriers boost and sprint are the same they use the same towers and sprint owns boost so i saw no harm done.
Hi there
Thanks to all other guys here who have made helpful development to tame this beautiful =)
To crossflash models other than LG G8 please read post 3.
Before asking any question please read the troubleshooting section at the bottom of the page.
If you still need some specific help I would appreciate if you bring it up just in the thread instead of sending direct messages.
LG has made things difficult in flashing custom and even stock roms by this new OPID thing! It prevents us from crossflashing but we have been able to use TWRP and change the system and some other partitions to have a different rom. We had to make some changes into OP partition using HxD editor.
But now, through this tutorial, we're able to flash any rom without the need to change OPID in OP partition. Also, there is no need to root or unlock boot-loader.
I was successful to do this on some G8 (LMG820UM) but I AM NOT RESPONSIBLE FOR ANY HARM TO YOUR PHONE!
By continuing to read the following instructions you are actually accepting the risk.
IMPORTANT!
first, MAKE A FULL BACKUP OF ALL PARTITIONS; and I mean it!!!
at least, for your sake, make a backup of "modemst1, modemst2, fsg, fsc, ftm" partitions, for emergency.
Requirements
QPST and Qualcomm USB Driver (get)
LGE SM8150 Firehose (get)
LGUP 1.16.0.3 (get)
LGUP_Common.dll (get)
UI_Config.lgl (get)
LG Mobile Driver 4.4.2 (get)
Preparation
1. Install QPST and Qualcomm USB Driver.
2. Install LGUP.
3. Find the folder named "model" in the installation directory of LGUP, then Create a folder named "common" in the "model" folder.
4. Move "LGUP_Common.dll" and "UI_Config.lgl" into "common" folder. Change the attribute of "UI_Config.lgl" to read only.
5. Install LG Mobile Driver 4.4.2.
Steps
A)
1. Open QFIL.
2. Change "Storage Type" to UFS.
3. Select "Flat Build".
4. Browse for "LGE SM8150 Firehose" and pick it.
5. Now, connect the phone to PC and boot into EDL mode.
6. Open "Select Port" and select the phone, press OK.
7. In "Tools" open the "Partition Manager".
B)
!!!BE CAREFUL TO DO EXACTLY AS THE INSTRUCTIONS SAY OR YOU WILL BRICK THE PHONE!!!
1. Make a backup of and erase these 7 partitions: FTM, Modem_A, Modem_B, SID_A, SID_B, OP_A, OP_B.
1.1. You have to left-click on a partition then right-click on it and select "Manage Partition Data".
1.2. In the pop-up window, you have 4 choices: I. Erase (to erase data on the partition), II. Read Data (to dump or back up the partition), III. Load Image (to restore the partition), IV. Close (to close the window).
1.3. First dump/back up the partition by choosing "Read Data" then Erase it.
2. Close the "Partition Manager" window.
3. Wait for 5 seconds then press Vol- and Power until it restarts.
3.1. Immediately after rebooting, Release the Vol- and Power buttons and press Vol+ to get into Download Mode.
Note: Do not let the phone to begin to boot! If it begins to boot, it may regenerate the SID and FTM partitions data and so you need to redo the whole step B.
C)
1. Open LGUP.
2. Pick your favorite KDZ.
3. Select "PARTITION DL".
4. Press Start. And a pop-up window will appear. In this window you can select which partitions to be flashed.
5. Here, uncheck these partitions: SID_A and SID_B. It will make it able to bypass the OPID Mismatched Error.
6. If you are in Sprint or other platforms you will get the message whether to change the model or not. Of course you know what to do =)
after completing the process it will boot up in some minutes and before starting the customization it will do one restart. just be patient.
ERRORS, QUESTIONS, TROUBLESHOOTING
1. Can I crossflash V50, V60, G8X or other LG devices using this method?
I did it on V50. Maybe it'll work on your devices maybe won't. There's one way to find out; make backup and give it a try.
2. SN is gone, zero, etc.
Restore your original FTM.
3. I can't get into recovery.
Restore the original FTM.
4. I got NT-Code error.
It's been discussed many times in the thread and some solutions have been presented (such as this one, thanks to @animo214 and this, thanks to @kt-Froggy as well as this one, thanks to @StvOchi ). However, you can ignore it if the phone got network.
Note: You need to disable verity on the phone in advance otherwise changes in cust_path_mapping.cfg won't be saved.
5. IMEI is lost, zero, null etc.
Restore LUN5 partitions. If you have no backup it should be repaired using Octopus box. Go to 16.
6. I got "permanently locked" error.
This is because of IMPL lock and you have to restore LUN5 partitions. In case of having no backup you should use Octopus box.
7. All partitions are deleted accidentally.
Follow this instructions.
8. I need to get into PDM mode.
Unzip and restore the attached PDM to FTM partition. Remember, you need to restore your FTM to get into OS.
9. Can I use another phone's LUN5 backup?
NO.
10. Can I use another phone's FTM backup?
Yes. All partitions can be restored from another phone's backup except LUN5 partitions.
11. My phone is stuck in boot-loop.
Restore the original FTM and if it doesn't help redo the whole crossflash process and use a different KDZ this time.
12. Which KDZ is the best (for any matter of use)?
I do not know.
13. Can I crossflash from any source variant to Korean variant or vice versa?
Yes it is possible but you may get error on opening stock camera application because of hardware differences. There are some methods to solve the issue which you can search and find them.
14. Can I downgrade using this method?
Yes.
15. I erased partitions (ftm, op_a, op_b, modem_a, modem_b, sid_a, sid_b) but it still does not let me to crossflash.
Redo the whole process and this time make backup of and erase these partitions too, on both sides A and B: vendor, product, system, boot and userdata. Do not make backup of userdata partition.
16. How can I write IMEI?
A) Dump modem_a and create a copy of it. Then open it in UltraISO and remove IMEIPROT files from image folder. Save and restore it in place of modem_a and modem_b partitions.
B) Make backup of FTM and then flash or restore the PDM file (attached) into your ftm partition. Restart the phone; you'll get into PDM mode.
C) Open Tutty (attached). Select "Serial" in protocol and the proper port of your phone's modem driver. Click open. To test if you have selected the proper port number type "at" and hit enter it should respond"ok". Type the code at%imei=# (replace # with your IMEI) and hit enter. It doesn't matter you get "error" or "ok" after that, just check if IMEI is written via this code at%imei=?. If IMEI is written so you'll have the right MEID and ESN too.
D) Restore the original ftm and modem_a in place of modem_a and modem_b. Restart the phone.
I've already tested this method on V30, V50 and G8. Remember, if the phone has IMPL lock it'll throw "perm. locked" error even if you have written the IMEI.
17. I have lost GPT files of my LG G8, G8X, G8S, V50, etc. and Qfil partition manager does not show anything in the list.
You need to flash GPT files to your device with fh_loader (see this, part C). For that matter use KDZ_Tools to Extract DZ from a KDZ of your device. Then extract the DZ using -c at the end of extracting command. For example: unkdz -f FILE_NAME.kdz -c. It will extract all files besides all GPTs.
18. Which are the LUN5 partitions?
SM8150 has 7 physical partitions known as LUNs which are numbered from 0 to 6. Each LUN is split into several partitions. In Qfil Partition Manager you can see all partitions except those of LUN3 and LUN6 which are hidden. The number of LUNs are shown under the first column named LUN. Therefore, all partitions in front of number 5 are LUN5 partitions.
Some pictures of flashing my LMG820UM, unlocked from Sprint, into OPEN_CA 20j. In normal mode you cannot flash SPR_US to OPEN_CA which is shown in the pictures. But using this thread instruction it allows to flash, even it asks to change the model from SPR_US to OPEN_CA
Until performing the instructions, it shows the "id: 2(SPR_US)" on the Download Mode screen, but after that it cannot recognize the phone model id and shows "id: 0()"
Have fun ^_^
LG K31 Crossflashing:
To crossflash LG K31 go to this guide. Thanks to @Wish39.
LG Stylo 6 Crossflashing:
To crossflash LG Stylo 6 using LG K71 Android 12 firmware see this. Thanks to @Wish39.
LG V50 Crossflashing:
I had two LG V50 (LMV450) to which I flashed Korean Andorid 12 using the method mentioned in the first post. I cannot guarantee that it will work on every V50. After corssflashing I found out that one of them had the problem of draining battery due to not getting into deep sleep mode. To overcome the issue, I reflashed it via "Chip Erase" this time, and then again reflashed it but in the same way mentioned for crossflashing in the first post. Of course, I had created backup and at the end I restored LUN5 partitions.
Hey nice! It's great to have options. I'm currently using us Open OP on my Sprint device (of course totc changed). It's working fine and not sure of any reason to change.
Although, if we do get a11 firmware available, that will change things for sure.
Thanks, nice work!
great, thank you
netmsm said:
Some pictures of flashing my LMG820UM, unlocked from Sprint, into OPEN_CA 20j. In normal mode you cannot flash SPR_US to OPEN_CA which is shown in the pictures. But using this thread instruction it allows to flash, even it asks to change the model from SPR_US to OPEN_CA
Until performing the instructions, it shows the "id: 2(SPR_US)" on the Download Mode screen, but after that it cannot recognize the phone model id and shows "id: 0()"
Have fun ^_^
Click to expand...
Click to collapse
Idk when i opened lgup it's only have 3 option refurbished, upgrade n fota update
Azs5165 said:
Idk when i opened lgup it's only have 3 option refurbished, upgrade n fota update
Click to expand...
Click to collapse
You didnt follow preparation correctly I guess?
netmsm said:
Some pictures of flashing my LMG820UM, unlocked from Sprint, into OPEN_CA 20j. In normal mode you cannot flash SPR_US to OPEN_CA which is shown in the pictures. But using this thread instruction it allows to flash, even it asks to change the model from SPR_US to OPEN_CA
Until performing the instructions, it shows the "id: 2(SPR_US)" on the Download Mode screen, but after that it cannot recognize the phone model id and shows "id: 0()"
Have fun ^_^
Click to expand...
Click to collapse
What OPID does it get assigned once you boot the device? OPEN_CA?
AsItLies said:
Hey nice! It's great to have options. I'm currently using us Open OP on my Sprint device (of course totc changed). It's working fine and not sure of any reason to change.
Although, if we do get a11 firmware available, that will change things for sure.
Thanks, nice work!
Click to expand...
Click to collapse
Like the a11 korean one?
cloud1250000 said:
You didnt follow preparation correctly I guess?
Click to expand...
Click to collapse
I had tried with my lmg850um9 sprint,i accidentally erase entire flash before but i successfull flash with other g8x em kdz but get opid missmatched
Azs5165 said:
Idk when i opened lgup it's only have 3 option refurbished, upgrade n fota update
Click to expand...
Click to collapse
i got the same problem, just 3 options
Just did this successfully, thanks OP. If yer only getting partial options on lgup, remember from the OP, you HAVE to change the UI file to be READ ONLY (do it in properties).
I didn't get the 'change model' pop up, but still worked, although device is still seen as 'um' not 'qm'. My serial # is missing (that's a simple edit in ftm), but the imei is there.
Definitely worked though, now have us op with april security patch.
Will take a few mins to get a root explorer to see what totc says... that should be interesting
AsItLies said:
Just did this successfully, thanks OP. If yer only getting partial options on lgup, remember from the OP, you HAVE to change the UI file to be READ ONLY (do it in properties).
I didn't get the 'change model' pop up, but still worked, although device is still seen as 'um' not 'qm'. My serial # is missing (that's a simple edit in ftm), but the imei is there.
Definitely worked though, now have us op with april security patch.
Will take a few mins to get a root explorer to see what totc says... that should be interesting
Click to expand...
Click to collapse
How to make it?srry i cant understand
alright, G8x Sprint succesfully crossflashed to OPEN CA
Azs5165 said:
Idk when i opened lgup it's only have 3 option refurbished, upgrade n fota update
Click to expand...
Click to collapse
Sebastian Thiago said:
i got the same problem, just 3 options
Click to expand...
Click to collapse
Azs5165 said:
How to make it?srry i cant understand
Click to expand...
Click to collapse
Follow preparation.
cloud1250000 said:
What OPID does it get assigned once you boot the device? OPEN_CA?
Click to expand...
Click to collapse
AsItLies said:
Will take a few mins to get a root explorer to see what totc says... that should be interesting
Click to expand...
Click to collapse
Actually it doesn't change OPID. By not flashing SID partitions we can bypass checking OPID and hence the error.
I checked it now it was OPEN_CA.
Azs5165 said:
I had tried with my lmg850um9 sprint,i accidentally erase entire flash before but i successfull flash with other g8x em kdz but get opid missmatched
Click to expand...
Click to collapse
Follow the steps in part C.
netmsm said:
Actually it doesn't change OPID. By not flashing SID partitions we can bypass checking OPID and hence the error.
I checked it now it was OPEN_CA.
Click to expand...
Click to collapse
curious how the sprint v50 will react to this.. I`ll try this guide when korean A11 gets release.. I'll let you know..
Also.. if it doesn`t change OPID you would get OPID mismatched error on boot.. so..
cloud1250000 said:
Also.. if it doesn`t change OPID you would get OPID mismatched error on boot.. so..
Click to expand...
Click to collapse
If SID partitions are flashed then yes it will throw OPID Mismatched Error. This is why we suggest using "Partition DL" flashing method, unchecking SID partitions.
netmsm said:
If SID partitions are flashed then yes it will throw OPID Mismatched Error. This is why we suggest using "Partition DL" flashing method, unchecking SID partitions.
Click to expand...
Click to collapse
yes but it has to generate new one with proper OPID no? when you load download mode now, does it still says id: 0? i doubt that
cloud1250000 said:
yes but it has to generate new one with proper OPID no? when you load download mode now, does it still says id: 0? i doubt that
Click to expand...
Click to collapse
That's right it generates the original OPID in download mode.
It is probable that some or all data related to OPID are stored in Modemsts partitions to which the SID partition bridges the OPID check function, in boot process. All that we do is to destroy the bridge.
netmsm said:
That's right it generates the original OPID in download mode.
It is probable that some or all data related to OPID are stored in Modemsts partitions to which the SID partition bridges the OPID check function, in boot process. All that we do is to destroy the bridge.
Click to expand...
Click to collapse
can you check which mcfg is used? (field test > mcfg status)