Database Develop

[Tool] VS920 Repair Utility

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This utility will help you recover your IMEI / MEID from a bad flash.
WARNING:
This software only allows you to write to the device if the IMEI / MEID is zero'd out or does not contain anything.
DO NOT WRITE SOMETHING YOU DON'T WANT. IF YOU WRITE THE WRONG IMEI / MEID YOU ARE SCREWED.
I do not condone changing / modifying / tampering with the serial IT IS ILLEGAL. It is however legal to recover the original one, that is what this software will allow you to do.
I will not answer PM's because you typed the wrong serial number or because you tried something you shouldn't have. This is a fair warning. Make sure you type your original serial number in correctly the first time. Both boxes must match.
[How To Use]
1.) Plug device into computer.
2.) Select Internet Connection Mode, select Modem.
3.) Open device manager to see what COM your device is on.
4.) Open software and select the COM, there is two the device will connect on, you only need to write the information to one of them.
5.) Click on Connect.
6.) Type/Paste you're MEID/IMEI, verify it before you click Repair.
7.) Verify again.
8.) Click repair, wait for software to reboot your device.
9.) If the phone doesn't reboot after 1 Min, go ahead and reboot your device.
10.) Enjoy your ICS rom on your working VS920 device.
[Problems]
Q.) What do I need in order to run the software?
A.) Just dotnet 4.0
Q.) Where do I get my IMEI/MEID ?
A.) Remove the back, then remove the battery. There is a white sticker that say's IMEI. Type the whole string in the top box ignoring the last number its a checksum, you will see the last number being calculated on the IMEI field. Make sure it all matches up.
Q.) I didn't listen/read what you wrote about the 1 time write.
A.) I can't do anything for you.
Q.) The application is throwing an error.
A.) Please take a screen shot, and copy the error then paste here.
Q.) The application just randomly quites.
A.) Stop trying to log what the application is doing, quit any debuggers and try to open the app again.
Q.) My antivirus is picking this up a a virus/torjan why?
A.) Most antivirus suck anyway, they scan on the pe header of the file. If its unable to process it, it will automatically flag the program as a virus. I assure you there is no virus. All my software gets protected low level to prevent tampering with.
Q.) Was the license agreement really needed, its annoying!
A.) No it probably wasn't but to protect me, FTT, and XDA-Developers then yes. I put that there you are fully aware that it is an as is software and you are agreeing not to reverse engineer the software as well as agreeing that you are doing this at your own risk.
Video
How it works
Now while I tested this over and over on my two test devices and they work fine. This doesn't mean that it works fine on every machine. I built the app in less then a day. I have added as many checks as I can so it wont mess anything up.
DotNet Framework 4.0 Is needed.
Download Here
VS920 MEID Repair Utility 1.0
MD5 Sum
Exe: 142882a5de3ae3204704626933522fdc
Rar: 48dd4ab56710ce901af9e2e067d11e1f
DO NOT REPOST THIS ON ANY OTHER FORUMS, DO NOT LINK TO THIS FROM OUT SIDE OF XDA. I MONITOR ALL TRAFFIC ON THIS SITE. I WILL PULL THE FILES IF I HAVE TO.

Reserved for later use if i need it.

I'm getting a 404 on that link.

Link is fixed.

I would love for some success or fail stories, some feed back as well. Hopefully all success stories , but I know that never happens lol.
If I have helped you at all please don't forget to say thanks.

The rar file tested ok with 7Z.
I tried to download dotnet 4.0 and my Win7 64 bit machine asked if I wanted to re install it.
The program crashes before it opens.
A popup askes to check the web for a fix.
EDIT:
You sure that was Internet Modem, or Ethernet?
EDIT:
Fail either way.

Same results here. Also what language was this built in?

Hmm can you post a screen shot of the crash. Ill have to check it out. I have another machine ill run it on right now.

Wow I'm an idiot
No wonder it crashed.
dotNet 4.5 ughh...
You can try to install 4.5 if you want or ill have to recompile later tonight.

Application Crash
Code:
Faulting application name: VS920 MEID Repair Utility.exe, version: 1.0.0.0, time stamp: 0x4fc6f0df
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319
Exception code: 0xe0434352
Fault offset: 0x0000b9bc
Faulting process id: 0x2224
Faulting application start time: 0x01cd3eef4903a23f
Faulting application path: C:\Users\Blake\Desktop\VS920 MEID Repair Utility.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 874a351a-aae2-11e1-9249-f1c420cf0b5b
And the .Net crash
Code:
Application: VS920 MEID Repair Utility.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeLoadException
Stack:
at System.ModuleHandle.ResolveMethod(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32)
at System.ModuleHandle.ResolveMethodHandleInternalCore(System.Reflection.RuntimeModule, Int32, IntPtr[], Int32, IntPtr[], Int32)
at System.ModuleHandle.ResolveMethodHandleInternal(System.Reflection.RuntimeModule, Int32, System.RuntimeTypeHandle[], System.RuntimeTypeHandle[])
at System.Reflection.CustomAttributeData..ctor(System.Reflection.RuntimeModule, System.Reflection.CustomAttributeRecord)
at System.Reflection.CustomAttributeData.GetCustomAttributes(System.Reflection.RuntimeModule, Int32)
at System.Reflection.CustomAttributeData.GetCustomAttributesInternal(System.Reflection.RuntimeAssembly)
at System.Reflection.RuntimeAssembly.GetCustomAttributesData()
at System.Reflection.CustomAttributeData.GetCustomAttributes(System.Reflection.Assembly)
at System.Resources.ManifestBasedResourceGroveler.GetNeutralResourcesLanguage(System.Reflection.Assembly, System.Resources.UltimateResourceFallbackLocation ByRef)
at System.Resources.ResourceManager.CommonSatelliteAssemblyInit()
at System.Resources.ResourceManager..ctor(System.Type)
at System.ComponentModel.ComponentResourceManager..ctor(System.Type)
at ?1?.?3?.?28?()
at ?1?.?3?..ctor()
at ?1?.?7?.?67?()

amoamare said:
Hmm can you post a screen shot of the crash. Ill have to check it out. I have another machine ill run it on right now.
Click to expand...
Click to collapse
I used 7z to test the archive before I tried to run it.

TypeLoadException is thrown when the common language runtime cannot find the assembly, the type within the assembly, or cannot load the type.
My visual studio decided to default 4.5 framework. So until I can recompile, might just need to install dotNet 4.5
Dotnet 4.5 Beta Download link

EEEW a beta? Just kidding.
No problem, thank you for working so hard at this...

No problem.
4.5 is actually pretty stable for being a beta. I've been running it for months now with no issues that I noticed. Then again i'm on my dev machine and it hardly has issues :S except for it doesn't like wireless keyboards and mouse's ha.

Well it looks like it would do the trick.
It ran through all the motions.
Except I haven't tried the ICS update.
I was thinkin of waiting for a .bin file instead of trying to figure out where the hell the Phone Booth could be found.
I have little doubt that this will work for those that wave gotten stuck with the peek a boo IMEI.
Now if you had the time to work out something for my poor LG Fathom.
It got a case of amnesia or something.

cac2us,
If you wan't to try the ICS update, I can team view with you and show you how to use LGNPST in order to flash the .tot. Its pretty simple once you see it the first time.
People that are having Google Play Store issues and no 4G and Intermittent 3G is because there IMEI is zero'd out. I can log into the play store fine, use my internet fine etc, but when I zero'd my IMEI and MEID out it wouldn't download my e-mails or anything, I couldn't log into the play store it would just freeze.
Whats wrong with your Fathom?

Thanks, but if the only way is to use download mode, that's what killed my fathom's MEID.
So,... aw what the hell.
If I put it in download mode then the .tot file should get accepted?
And where the hell is that Phone Booth folder that I read about?
Fahthom got flashed too many times.
And in download mode. Then I spoofed at to be an HTC 6800, and now it won't change back.
I might have to pay the $99.00 for the newer Workshop to write it back.
Maybe if I send it to you along with a bucket of cash, and the box it came in you could maybe fix it?
That Google play store issue makes sense, just like my fathom won't activate without an MEID or an IMEI.

You don't need to flash in download mode.
Connect the phone to the computer, select internet for the connect and then select modem.
Make sure you have registered the dll regsrv32 "Path to dll";
After that open LGNPST you should see that it shows the model VS920. Click on the Phone settings button, then click read. Make sure it reads everything correctly. Close out of phone settings.
The Port will flash to say its done click on it to reactive the port.
Select upgrade and click browse.
Now in the window that pops up, down at the bottom where you can select a file. Don't worry about what it says. The box above it where you can type the location enter in *.* then click enter.
This will display all files. Now select the .tot file. "You can also rename .tot to .bin" once you select the file, click on upgrade. The flash should succeed fine now..
The reason people have crashing issues is because they would go to "Phonebook" section in the software and use that. The phonebook backup/restore is not used for upgrading the phone.
Also to answer your question, yes I could most likely repair it for you. No cost, just pay for shipping here and back.

OK, I'm ready to do it.
The only part "Make sure you have registered the dll regsrv32 "Path to dll";"
Isn't that file in the Windows\System32 folder?
How do I register it. I allready did the right click thing for the 920.dll while it sits in the Models folder of LGNPST folder.
I will PM you with the details of the Fathom.. Thanks..

Yes if your using the right click register, and you right clicked and registered and it returned with succeeded then the dll is registerd and your are good to go.

G925v Analysis, Rooting, Dev Files & Implications

So it happened day before yesterday, 8-22-17 @ ~5:50 PM, my Verizon S6 Edge (G925VZKE [64GB]) bricked out. No LED Light, nothing on Screen, nothing as if actually Hard Bricked. No booting, No download Mode, nothing. But it's not fully hard bricked actually. When I plug the device into my PC, Windows will either pop and say the device malfunctioned or it will read as "Exynos7420". I'm not quite sure what to do about it at the moment, I've read [a little] about what to do with phones in this mode using a "USB_Down_Load_32bit"/Multidownloader. I believe it to be stuck in a Diagnostic Mode I'm not versed in. This all happened while I was in the ADB Root Shell (su:s0) while the device was powered off and charging.
I am making this thread here for any devs you would want to use the knowledge and files here, to take the project further. As I cannot currently use my device at all. And I won't be getting a replacement S6 Edge for at least a month, maybe two. I love the S6, and will still choose it over most devices. I've been dedicated to researching and posting about the Samsung Exynos7420 Hardware since September 2016. That was when I came up with the plan for The Greyhat Root Project. You may recall my other thread once in the Original Development Forum & now in General. If you search "Greyhat Root" in google. My thread will be the first result. It gained a lot of traction, very very quickly. But is now dead, and the mods probably hate me for making a new thread. But I'm not trying to put new news out there this time.
It focused on how to use Kali Linux and Metasploit. It also focused on the articles at the time that was new exploit & malware research, that boasted of the possibilities we've now come to know as the Vault7 leaks. There's probably a reason I was a victim of the malware myself and I took down most of the posts. Most of the good file and resources I posted to that thread were either flagged by end users or removed by google. The real treasure of that thread is lost to the internet now, as that was the only backup I had of some of the critical files needed for the process. If you actually look through my individual posts all over, you will find some juicy tidbits of knowledge spread around this site that I've not compiled into one. A lot of it is still over my head as it was then, and partly why I took it down then. But I've been chipping away at that knowledge base everday for 10 months going on a year now. It's possible to root this device if One can take the knowledge of how to leverage the news worthy exploits from the past 2 years into a single repo/application. "Android-InsecureBankv2" is one example of such a platform. But as a teaching platform, it is not configured to provide a SuperSu Root Solution out of the box. It would still require modification of someone else's codebase w/Learning Curve.
No I have not managed to find a way to unlock the bootloader because I do not have a copy of IDA Pro or the Hex Rays Decompiler, and if I did, I still wouldn't know to use them fully. But I have managed to find quite a number of very possible attack vectors, if I can get some serious developers to take my sentiments seriously. I proved that when the posts about dirtycow were largely ignored due to device interest, and then @droidvoider helped make some of my ideas possible with the "Greyhat Root Console" he made. Realistically at this point I only wish I were an Assembler. I'm only one guy trying to poke at a Hardware/Software Package created by multiple departments of people in a conglomerate corporation. I only bring people together. I do know that in order to disassemble the Exynos7420 sboot, you're going to need to understand U-Boot on Arm64. A Uboot version dating back to either January 2016 or August 2015. I say those two dates because, The 4BOG7 files on my device date to August 2015, the 4AOJ1 files, to January 2016. Project Zero (who does a lot of tests on the G925v btw), posted in February 2017 about they found a way to bypass the KASLR feature of the stock kernel. A Kernel I do believe we can still flash to the device. It didn't gain much attention I don't think at the time because it was only one piece to the puzzle. That exploit wasn't patched until January. I know it sounds bad when I say it like this but, what this device truly needs is a friendly Botnet-C&C-Style rootkit that has it's client and server controlled by a User-Controlled, SuperSu-Style management application. Yes, it would be a rootkit you would never want to have someone else in control of. But if SuperSu were controlled by someone else other than the end user at the time, it would be just as bad. It's just a different approach to a yet unpublished methodology.
*
** The Device I refer to is currently flashed with:
******
** Full 4 File Firmware: COMBINATION_VZW_FA50_G925VVRU4AOJ1_VZW4AOJ1_CL5133452_QB6486176_REV02_user_mid_noship.tar
** BL: G925VVRU4AOJ1 ENG sboot.bin
** AP Kernel: G925VVRU4BOG7 ENG Kernel
** TrustZone Type: t-base-tui (Filenames suggesting Mobicore present as well)
******
Trying to enter Recovery Mode with the Combo firmware, in my experience, typically sends the device into a Panic and boots into "Upload Mode" if it does not simply reboot. The combination firmware does not supply a recovery.img that I've found. And inorder to recover the ENG Combination Recovery, you would have to disassemble the OJ1 ENG sboot.bin in IDA Pro and pull it out.
During the initial boot the device will enter its own recovery mode for a moment while it does its erasing stage. I used "nand erase all, re-partition, F.Reset Time, Phone Bootloader Update options in ODIN. During this breif moment with the "Erasing..." text on-screen, the phone is available in ADB Devices and shows up in recovery mode. Meaning ADB Shell should be accesible in recovery. If that's possible that means the device keystore should be accessible as well. The Recovery images tend to be bigger because the signatures are stored in the recovery from what I've read. Can't dirtycow patch anything it can see if your shell can't change it?
Using those files, I have full su authority anytime I am in ADB Shell, the shell runs within the "su:s0" context, and not the "shell:s0" context. Any and All changes are possible through the shell. Writing a new partition Table to '/dev/block/platform/15570000.ufs/sdb' using the "partx" tool, is probably what broke my phone. So in theory installing SuperSu in System Mode should work much the same as it did on G95x S8/Plus I'm gathering. @dragoodwael was correct in supposing "sdb" to be the bootloader overall, as I do now too. Once the reboot command was issued, I lost the ability to do anything at all. All thats possible now, is to find a tool that will communicate with the driver my PC's Device Manager loaded for my phone.
Every boot.img I've unpacked using Android Image Kitchen specified that a signature of "SEAndroid Type was found". BUT, the only boot.img/Kernel that did not specify that it was an "SEAndroid Type" while being unpacked, is the Stock boot.img from the 4AOJ1 Combination Firmware. Out of the 7 boot images I've unpacked, AIK determined the OJ1 Combination boot.img did NOT have an SEAndroid Signature on it.
boot.imgs I've unpacked:
1. N920A - PB2 Eng boot.img
2. N920A - FA51 Combi - PH1 boot.img
3. N920A - FA51 Combi - PL1 boot.img
4. G925V - FA50 Combi - OG2 boot.img
5. G925V - FA50 Combi - OJ1 boot.img
6. G925V - OG7 Stock boot.img
7. G925V - OG7 ENG boot.img
I'm not quite sure what that means yet, but I do know that the zip file I have that contains the 4AOJ1 factory Binary is not a tar.md5 like usual, it is just a normal .tar. What I'd LOVE to know is, can the 4AOJ1 stock boot.img be unpacked, then repacked, and retain its flashable characteristic. Because AIK does not register a standard signature. Does that mean the Oj1 boot.img uses a different mechanism for signature verification than a standard user binary, or is it simply signed with publicly available signing keys? It's a good question, what is different about its signature compared to other stock signatures. Even if we don't understand the signatures fully.
I'm also aware of the fact, that the Combination firmware doesn't actually contain a recovery.img to flash. Probably why the Device goes into Upload Mode and Panics when trying to boot recovery after using "nand flash all" and/or "re-partition" in ODIN. But if there were a Recovery Image for the OJ1 firmware, I imagine it would not have an SEAndroid signature on it as well. So there must be something to that.
I wonder what would happen if you tried to flash the OJ1 boot.img to the recovery partition as recovery.img like in the "EasyRecowvery" project, while using the full factory binary.
Is it possible that the newer "ustar" tar format used by Samsung in ODIN packages, could be using the custom fields available in a ustar header block to hold at least part of the signing mechanism? I believe so. And I say it because on my Device, it runs the Odin3 Engine (v1.1203), which looks an aweful lot like ODIN v1.12.3. Besides the naming conventions used there, ODIN expects to send/receive images within tar archives. Specifically USTAR format tar archives. So if the ODIN Engine on the phone is anything like the PC Client application, it expects USTAR format Tar archives as well. If it expects to read in a USTAR Header block, there are custom fields possible in known locations of the official tar files. Which when parsed correctly, should lead to finding the extra data after the payload 7-Zip refers to when the tar.md5 files are extracted. I'm of the mind the "Star" utility and not the the "Tar" utility is what we should be using to create and modify ODIN firmware the way our OEM's do. That is hypothesis on my part yes, but I don't think I'm very far off base.
Here is a man page on the "ustar" utility I found interesting and extremely in-depth: ustar(1) - unique standard tape archiver - Linux man page
If you want to see a list of files involved in all of this research, please refer to this folder here: https://drive.google.com/open?id=0B_EcHdXbjhT_dDRneE56WUg3Mlk
It contains all the files I've mentioned except for the OJ1 Firmware itself. This is all I'm posting for today, it's a sad day indeed. But I have to gather the bookmarks again to post the links to articles.

[CLOSED: REPLACED] [HELP NEEDED] Running a full custom ROM using the AVD tool of Andr

Hi everyone,
Today I'd like to dust an old subject that was quite discussed: emulating a custom Android ROM.
There are in threads arround here or in some Stack Overflow subjects (for instance) peoples talking about this, providing ideas or even complete tutorials.
These tutorials show how to use the SDK tools to create an Android Virtual Device to run the desired ROM.
But all these informations are purely deprecated and can't be applied exactly for new touch phones (higher than Jellybean you can't do that!)
Didn't realizing it yet and wanting to try it out I personnally downloaded the latest Android Studio software with the basic SDK tools.
I tried to run commands specified in the tutorials to test some things out (like creating an avd) and actually creating an avd this way is purely deprecated. Well.
 What a good start.
So instead I used the avd tool of the Studio software and I successfully created one.
Got into the C:\Users\%USERNAME%\.android\avd\avdname.avd folder to check components of the avd. I even read .2cow things files to know the location of the missing components (like system.img)
So I am almost done. I prepared my .img files to replace avd img basic components to test my emulated firmware out. But...
I have no idea where to start!!
I am missing some img files that would be necessary to run the avd correctly, like the kernel.img or userdata thing...
I just don't know what to replace or not, how to obtain necessary files without breaking something, I need help...
Here is finally the question of the subject:
Can somebody post out a complete updated tutorial on how to emulate a full custom rom using the AVD tool provided by Android Studio, please? (If possible of course)
This would be really nice and pretty useful for ROM development. I'm still experiencing things, trying to modify the close-to-my-devive avd I generated but this is just messing arround with things, I am pretty inexperienced so I don't think I could help...

Ok, no contribution as expected...
Fortunately I started reasearches despite the fact that I'm not a dev so I have a really really little idea of what I'm doing...
So here are what my researches led to (report with my memory, I will re-edit my post soon to add what I missed) :
Note: I used my SM-G361F pre-rooted ROM to test emulation.
==========*#1*==========
Operations:
•Created a close-to-device AVD (Same API Level etc.)
•Found out AVD dependencies folders: [C:\Users\%USERNAME%\.android \avd\x86 (I guess?)\(devicemodel).avd then another location containing kernel, system.img etc. thanks to .qcow2 files in the previously presented folder ("link" were in.)
•Made a backup of these folders **obvious**
•Edited some configurations (config.ini etc.) to make the final emulated system as close to the real device as possible to avoid incoherences
•Replaced some components of the AVD (build.prop, cache.img, userdata-qemu.img, etc.)
•Replaced the system image in the second folder
•After an hard struggle to get boot.img file of my device, decompiled it to get the ramdisk.img and kernel.img I used to replace kernel-qemu
Test:
•Starting the AVD from Android Studio
=> Outputs option "repair device"
•Attempted a repair: selected... My device SM-G361F to repair.
(=> Weird...)
•Repair seemed to work well according to the fact I could run the AVD
•Statut of the AVD: Black screen. Using power button and all doesn't make anything working: the AVD doesn't react.
=> Quiting made the emulator crash
Initial reason: see troubleshooting section
Result: FAIL
Troubleshooting:
•I shouldn't had to replace kernel-qemu by the stock extracted kernel: it has nothing to do with the actual system because it isn't purely system but device related. Will fix that next time
•ramdisk was badly recompiled: after extracting it from boot.img using Android Image Kitchen I recompiled it with the recompile.bat that ouputs two files: img-new.img (cannot figure what's its utility...) and new-ramdisk.cpio.gz that I simply renamed ramdisk.img. This could be the main reason why the AVD isn't working.
Will look up how to deal with ramdisk soon.
==========**2**==========
Operation:
•Restored the original kernel-qemu from backup
Test:
•The AVD still not show anything but quiting the emulator doesn't trigger any crash now.
Result: FAIL
Troubleshooting:
•As mentionned before will look up ramdisk.img file that seems problematic

Thread closed. But the project of emulating a custom rom is not abandoned.
Actually I didn't find a way to use the new AVD tool provided by Google to reach this goal. Instead I am heading over the new idea of creating a software generating an environment for Android emulation with given components (kernel, system, data etc. prealably extracted or, better, from a backup)
I hope I'll get help in the future because I'm pretty sure I won't be able to do such enormous task alone...
New thread here: https://forum.xda-developers.com/android/development/help-environment-builder-custom-rom-t3758360

Bootlooping with Android 12 beta preview

TL;DR- I'm trying to get back to Android 11 but I only have access to the fastboot menu since my phone is bootlooping. I'm fairly certain I hadn't enabled USB debugging when the phone was fully functional so I'm not sure if I can use ADB to do so. I also don't have the bootloader unlocked
I downloaded the 12 beta preview last week to try the new features, some UI bugs understandably but was mostly fine. A couple days ago while the screen was off and I just had the phone in my hand it randomly activated SOS mode so after a brief panic and cancelation of the 911 call I opted out of the beta immediately. The next morning after using my phone a bit I picked it up and noticed it was rebooting and was a little warm, and it's been bootlooping since then. I still remember the Andoid 12 UI being active so I'm pretty sure it hadn't reverted to the "new" 11 firmware yet.
I'm trying to revert back to 11 using the ADB on my PC, but I realized that I'm pretty sure I hadn't enabled USB debugging when my phone was still functional, so I'm not sure how to bypass that if I can at all. The web firmware flasher tool does detect my phone, but can't properly connect and I assume it's because the USB debugging isn't enabled.
Before I tried using the ADB I had attempted to perform a factory reset to fix the bootloop and the log messages said it was successfully done, but that didn't get it out of the loop.

@jet flyer
I didn't see the word "locked" or "recovery" anywhere in your post. If you are bootloader unlocked, you use fastboot to flash a full image. If you are BL locked, that should have been in your TL;DR. If you are BL locked, you can still flash a full OTA without having usb debug enabled. You just need to have the latest fastboot/adb binaries installed. Download the rescue OTA, put it in your adb folder and then from recovery mode, use the update via adb option. You do NOT need usb debug enabled to do this. You do however need a working Recovery mode. If you are BL locked and cannot access recovery that is the end of the road.

Sorry for the delayed response wanted a day off so I had enough time to properly deal with this. No it's not unlocked, edited OP to indicate that.
I only downloaded adb last week so that should be the most recent, are the fastboot binaries included in that install or is that something separate?
Using this video for help on how to run adb
I get the device connected sound on my PC when I select install from ADB on the recovery menu and I have ADB running at the C:\adb folder location. when I do the adb devices command I get this
'adb' is not recognized as an internal or external command,
operable program or batch file.
using the powershell I got the long list of text that's mentioned in the video after typing \adb but I still get a similar, but different, error when doing the devices command trying to confirm it's connected
Since this is probably just an error on my part not doing the right commands or something I'm hopping on the xda discord, I'll post here if I get it figured out

Download platform tools from here https://developer.android.com/studio/releases/platform-tools. Unzip it and then put the file that you want to side load in the same folder. I prefer PowerShell. Type adb sideload "file name.zip. That might not work if USB debugging isn't checked. If it doesn't try this.
Transfer the download OTA file to your device’s internal or external storage. Don’t put it inside any folder as the system won’t be able to find it.
Next up, boot your device to recovery.
From recovery, navigate to the Apply Update from SD Card option using Volume Keys. Press the Power key to confirm your selection.
Similarly, use the Volume keys to highlight the OTA.zip file and the Power key to install it. Once the process finishes, you could then use the Reboot system now option to boot your device back to OS

ok finally got something to run on my phone but got an error, here's the file paths and what I typed just in case
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
And here's what the phone says, sorry about the marginal focus my backup pixel 2XL is doing it's best with the reflective screen. The relevant messages start right after the purple of the IR focusing laser reflection
one of the first errors is E: footer is wrong
and Error 21: signature verification failed
I recall hearing on one of those videos or guides I read that something has to be digitally signed, but this is a direct download from the Android website, wouldn't be already be signed?

jet flyer said:
ok finally got something to run on my phone but got an error, here's the file paths and what I typed just in case
View attachment 5333167
And here's what the phone says, sorry about the marginal focus my backup pixel 2XL is doing it's best with the reflective screen. The relevant messages start right after the purple of the IR focusing laser reflection
View attachment 5333175
one of the first errors is E: footer is wrong
and Error 21: signature verification failed
I recall hearing on one of those videos or guides I read that something has to be digitally signed, but this is a direct download from the Android website, wouldn't be already be signed?
Click to expand...
Click to collapse
Sorry for the delayed response, but If you use "reply" to a post the user will get an email notification and so respond more quickly. I normally check this board once a week. Yes, there is one zip file from Google that contains all the binaries you need for adb/fastboot. Yes the image coming from Google is signed. They even include the file hash so you can verify the file is a mirror image and un-corrupted. I'm going to continue down the adb method because it is fool proof and you may not be able to "push" the file to your device and use the sdcard method.
I'm not sure you have added your adb folder to your PC's path statement and this could be causing an issue. If you add this folder to the path, you can call up adb from any folder. However if you have the ota image in the same adb folder, and you navigate to that same folder before typing commands it will still work. I'm not seeing any of your inputs on your photo, so I can't check that. You can easily copy/paste text from the command window so we can clearly see what you are typing and the response back. What response are you getting to "adb devices" and "adb version" ? Until you get back your phone's serial number as a response, you are not connected properly. You can PM me for more assistance or use the reply button on this note. Best of luck.

v12xke said:
Sorry for the delayed response, but If you use "reply" to a post the user will get an email notification and so respond more quickly. I normally check this board once a week. Yes, there is one zip file from Google that contains all the binaries you need for adb/fastboot. Yes the image coming from Google is signed. They even include the file hash so you can verify the file is a mirror image and un-corrupted. I'm going to continue down the adb method because it is fool proof and you may not be able to "push" the file to your device and use the sdcard method.
I'm not sure you have added your adb folder to your PC's path statement and this could be causing an issue. If you add this folder to the path, you can call up adb from any folder. However if you have the ota image in the same adb folder, and you navigate to that same folder before typing commands it will still work. I'm not seeing any of your inputs on your photo, so I can't check that. You can easily copy/paste text from the command window so we can clearly see what you are typing and the response back. What response are you getting to "adb devices" and "adb version" ? Until you get back your phone's serial number as a response, you are not connected properly. You can PM me for more assistance or use the reply button on this note. Best of luck.
Click to expand...
Click to collapse
Ah sorry, still getting used to the specifics of this forum. Thanks for checking though.
I do get the serial number back as a response to verify I'm properly connected, I just didn't do it in that specific instance to avoid posting that online. And yes I did add it to the path(as far as I understand, that's just a convenience thing though?) but I'm still running it from the ADB folder just to be sure.
I'll go ahead and type here what commands I did and what the phone log says, since it's not in focus in the picture.
on adb I typed .\adb sideload coral-[specific file version].zip
adb response: Total xfer: 0.00x
on my phone which was on the load from adb screen it said this:
Now send the package you wan to apply
to the device with "adb sideload <filename> . . .
Supported API: 3
Finding update package. . .
Verifying update package. . .
E:footer is wrong
Update package verification took 0.5 s (result 1).
E:Signiture verification failed
Error: 21
Install from ADB completed with status 2.
Installation aborted.
Then it tried one more time automatically with the exact same text except taking 0.6 seconds but still failing and the same error messages. Should I just download the latest package (now the June update) and try again, or did I do something wrong? The file explorer window is where I opened the powershell from and where the file was extracted to. What does error 21 mean?

jet flyer said:
Ah sorry, still getting used to the specifics of this forum. Thanks for checking though.
I do get the serial number back as a response to verify I'm properly connected, I just didn't do it in that specific instance to avoid posting that online. And yes I did add it to the path(as far as I understand, that's just a convenience thing though?) but I'm still running it from the ADB folder just to be sure.
I'll go ahead and type here what commands I did and what the phone log says, since it's not in focus in the picture.
on adb I typed .\adb sideload coral-[specific file version].zip
adb response: Total xfer: 0.00x
on my phone which was on the load from adb screen it said this:
Now send the package you wan to apply
to the device with "adb sideload <filename> . . .
Supported API: 3
Finding update package. . .
Verifying update package. . .
E:footer is wrong
Update package verification took 0.5 s (result 1).
E:Signiture verification failed
Error: 21
Install from ADB completed with status 2.
Installation aborted.
Then it tried one more time automatically with the exact same text except taking 0.6 seconds but still failing and the same error messages. Should I just download the latest package (now the June update) and try again, or did I do something wrong? The file explorer window is where I opened the powershell from and where the file was extracted to. What does error 21 mean?
Click to expand...
Click to collapse
Sorry, I don't know what error 21 means. Trying the latest image is not going to hurt at this point. Make sure you post the complete file name of the image you are trying to flash. I think there may be bootloader version mismatch that is causing the errors. Verify and post your bootloader version (fastboot menu) and OS version (recovery menu). Have you tried doing a factory reset from recovery and retrying? At this point I would keep searching "rescue ota" for tips and hints. Pasting your screen would be best, rather than retyping. Best of luck!

v12xke said:
@jet flyer
I didn't see the word "locked" or "recovery" anywhere in your post. If you are bootloader unlocked, you use fastboot to flash a full image. If you are BL locked, that should have been in your TL;DR. If you are BL locked, you can still flash a full OTA without having usb debug enabled. You just need to have the latest fastboot/adb binaries installed. Download the rescue OTA, put it in your adb folder and then from recovery mode, use the update via adb option. You do NOT need usb debug enabled to do this. You do however need a working Recovery mode. If you are BL locked and cannot access recovery that is the end of the road.
Click to expand...
Click to collapse
So I read up and Error 21 is because the bootloader is locked. I have the latest bianaries installed like you mentioned, is there something else I was missing in my process?

jet flyer said:
So I read up and Error 21 is because the bootloader is locked. I have the latest bianaries installed like you mentioned, is there something else I was missing in my process?
Click to expand...
Click to collapse
Because your bootloader is locked, you cannot flash a full image . You have to flash an OTA instead.
Secondly, the OTA you choose has to match your current bootloader version or it won't work.
Read the instructions again for flashing a rescue OTA via recovery.
1. Have you accessed the phone's recovery menu and used the update via adb option?
2. What is your current bootloader version? (recovery menu)
3. What is the full name of the file you are attempting to flash? (OTA)
https://developers.google.com/android/ota

v12xke said:
Because your bootloader is locked, you cannot flash a full image . You have to flash an OTA instead.
Secondly, the OTA you choose has to match your current bootloader version or it won't work.
Read the instructions again for flashing a rescue OTA via recovery.
1. Have you accessed the phone's recovery menu and used the update via adb option?
2. What is your current bootloader version? (recovery menu)
3. What is the full name of the file you are attempting to flash? (OTA)
https://developers.google.com/android/ota
Click to expand...
Click to collapse
ohh, I never noticed that tab at the top that says OTA, I get it now that those are needed for non-unlocked bootloaders. I see all the different versions, what does my bootloader version have to do with one of those? I only see the dates pertaining to the monthly updates, how do I know which one is for my bootloader version? I found the section specific to the Pixel 4XL

That worked!!! Thanks for the help, kinda annoyed it was as simple as that tab at the top left of the page saying OTA updated, but glad to have my phone back after 6 weeks. My Pixel 2XL did it's best but a lot of the apps I use for my action camera or drone stuff didn't even work with it haha

jet flyer said:
That worked!!! Thanks for the help, kinda annoyed it was as simple as that tab at the top left of the page saying OTA updated, but glad to have my phone back after 6 weeks. My Pixel 2XL did it's best but a lot of the apps I use for my action camera or drone stuff didn't even work with it haha
Click to expand...
Click to collapse
Happy to hear you are back up and running! Cheers.

EDL flashing (MTK) Hard Brick

Hello,
I've recently hardbricked my Redmi Note 9
I've tried shorting some of the pads to see if I can flash it through the communication ports using EDL. I've shorted some of the pads and the flash tool shows these logs..:
[17:54:15]:lsusb path:"C:\Users\Friendly Chemist\Downloads\mi-globe.com_Xiaomi_Mi-FlashTool_20200314\Source\ThirdParty\Qualcomm\fh_loader\lsusb.exe"
[17:54:15]:ls ubs :Communications Port (COM1)
USB Serial Device (COM5)
[17:54:15]:GetScriptDevices
[17:55:24]:lsusb path:"C:\Users\Friendly Chemist\Downloads\mi-globe.com_Xiaomi_Mi-FlashTool_20200314\Source\ThirdParty\Qualcomm\fh_loader\lsusb.exe"
[17:55:24]:ls ubs :Communications Port (COM1)
How do you get the flash tool to recognize the communication port as a device?
Redmi Note 9 uses MTK if I remember correctly.
I hardbricked it while trying to flash the most recent ROM.
One of 2 things could've gone wrong:
Either the fact that I was jumping from Android 10 to Android 11 ( I was using the fastboot ROM)
Or the fact that I accidentally clicked "Clean All and Lock", and then something went wrong there.
However one thing is for sure, the preloader is corrupted. I don't think FRP is gone though.
Any tips?
-Thanks

FriendlyChemist said:
Hello,
I've recently hardbricked my Redmi Note 9
I've tried shorting some of the pads to see if I can flash it through the communication ports using EDL. I've shorted some of the pads and the flash tool shows these logs..:
[17:54:15]:lsusb path:"C:\Users\Friendly Chemist\Downloads\mi-globe.com_Xiaomi_Mi-FlashTool_20200314\Source\ThirdParty\Qualcomm\fh_loader\lsusb.exe"
[17:54:15]:ls ubs :Communications Port (COM1)
USB Serial Device (COM5)
[17:54:15]:GetScriptDevices
[17:55:24]:lsusb path:"C:\Users\Friendly Chemist\Downloads\mi-globe.com_Xiaomi_Mi-FlashTool_20200314\Source\ThirdParty\Qualcomm\fh_loader\lsusb.exe"
[17:55:24]:ls ubs :Communications Port (COM1)
How do you get the flash tool to recognize the communication port as a device?
Redmi Note 9 uses MTK if I remember correctly.
I hardbricked it while trying to flash the most recent ROM.
One of 2 things could've gone wrong:
Either the fact that I was jumping from Android 10 to Android 11 ( I was using the fastboot ROM)
Or the fact that I accidentally clicked "Clean All and Lock", and then something went wrong there.
However one thing is for sure, the preloader is corrupted. I don't think FRP is gone though.
Any tips?
-Thanks
Click to expand...
Click to collapse
Not EDL exactly, devices with MediaTek SoC don't use EDL (this is for Qualcomm), MTK uses Preloader (download) and BROM modes, the preloader is usually inaccessible in newer models or at least useless, so you can use an exploit to bypass the BROM restriction, follow carefully this thread https://forum.xda-developers.com/t/...icked-redmi-note-9-merlin-hard-brick.4347025/

SubwayChamp said:
Not EDL exactly, devices with MediaTek SoC don't use EDL (this is for Qualcomm), MTK uses Preloader (download) and BROM modes, the preloader is usually inaccessible in newer models or at least useless, so you can use an exploit to bypass the BROM restriction, follow carefully this thread https://forum.xda-developers.com/t/...icked-redmi-note-9-merlin-hard-brick.4347025/
Click to expand...
Click to collapse
Interesting, thank you very much..
But here's the thing, whenever I plug it in it still loops, even with the battery being disconnected from MB.
Do I need to let it just... stay put for a very long time? I've done that for 2 weeks and it still loops.
(Windows disconnect / reconnect sound, even when the OS does not recognize any new device)
One more thing, is there a possibility for this method to corrupt the firmware even more? Or is this some real bare-metal stuff that as long as you do correctly you should be fine?

Try this place first
[FAQ][GUIDE][HELP] Assistance Solution Centre for MERLIN 🤓 (Redmi Note 9 / Redmi 10X 4G)
DISCLAIMERS: This help is specific for MERLIN devices only ! (Xiaomi Redmi Note 9 and Xiaomi Redmi 10X 4G) Keep atention. This is an UNOFFICIAL thread. This thread was based on the thread by Agent_fabulous. Thank you very much ! DON'T ask by PM...
forum.xda-developers.com
that doesn't give you the insight you need LMK

FriendlyChemist said:
Interesting, thank you very much..
Click to expand...
Click to collapse
I missed that thread, I used in the past within other threads/guides, the link provided by @L!V3_4_XC3SS has the steps better done, or at least is more comprehensive.
FriendlyChemist said:
But here's the thing, whenever I plug it in it still loops, even with the battery being disconnected from MB.
Click to expand...
Click to collapse
You need to power it off completely by pressing the three buttons, in the short period you see device is off, then release the PWR button and keep pressing the two volume buttons to enter to BROM mode while you connect to the PC, run first the bypass bat.
FriendlyChemist said:
Do I need to let it just... stay put for a very long time? I've done that for 2 weeks and it still loops.
Click to expand...
Click to collapse
If the trick doesn't work instantly then waiting is no sense, try again.
FriendlyChemist said:
(Windows disconnect / reconnect sound, even when the OS does not recognize any new device)
One more thing, is there a possibility for this method to corrupt the firmware even more? Or is this some real bare-metal stuff that as long as you do correctly you should be fine.
Click to expand...
Click to collapse
Always that you use the Download option you are safe, if preloader is un-ticked from the partitions and if the option Format Whole Flash except Bootloader is ticked too in the Format tab then you are totally safe.

How do I know my device is in BROM mode?
I've tried to first power it off, then pressing the 2 vol buttons. It just.. reboots and keep bootlooping.

FriendlyChemist said:
How do I know my device is in BROM mode?
I've tried to first power it off, then pressing the 2 vol buttons. It just.. reboots and keep bootlooping.
Click to expand...
Click to collapse
Read carefully the thread linked and follow one-by-one all the steps, if you run first the bypass.bat then you will see a message that the DA/SLAA protection was disabled. This way, you'll go to know that you are now on BROM mode.

SubwayChamp said:
Read carefully the thread linked and follow one-by-one all the steps, if you run first the bypass.bat then you will see a message that the DA/SLAA protection was disabled. This way, you'll go to know that you are now on BROM mode.
Click to expand...
Click to collapse
So the payload launches on COM5 correct?
Also I have no way to stop it from bootlooping. I've tried shutting it down, same thing,
Like I said before.
While it's online, it's detected as a USB serial device on COM5.

FriendlyChemist said:
So the payload launches on COM5 correct?
Also I have no way to stop it from bootlooping. I've tried shutting it down, same thing,
Like I said before.
While it's online, it's detected as a USB serial device on COM5.
Click to expand...
Click to collapse
You have to achieve here two main things; install the USB MediaTek preloader using the LibUSB device filter and the second, get your device detected to BROM mode.
For the first thing just connect your device without pressing a button, open the device filter window and see the variants, when a new item appears quickly press on it to install the drivers.
For the second thing, although your device is trying to rebooting this doesn't matter if you learn to make the right combination buttons variables at the right time, wait the exact time that device gets off and press the two volume buttons to attach it to the PC, but first launch the bypass.bat. Be sure that you are understanding what is written here, I had the same issue in two devices and got to sort it anyway.

SubwayChamp said:
You have to achieve here two main things; install the USB MediaTek preloader using the LibUSB device filter and the second, get your device detected to BROM mode.
For the first thing just connect your device without pressing a button, open the device filter window and see the variants, when a new item appears quickly press on it to install the drivers.
For the second thing, although your device is trying to rebooting this doesn't matter if you learn to make the right combination buttons variables at the right time, wait the exact time that device gets off and press the two volume buttons to attach it to the PC, but first launch the bypass.bat. Be sure that you are understanding what is written here, I had the same issue in two devices and got to sort it anyway.
Click to expand...
Click to collapse
I tried running the bypass,
I followed all the steps, installed the drivers, and the filter lib usb thingy.
I got an error while running the first bypass:
Traceback (most recent call last):
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\main.py", line 213, in <module>
main()
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\main.py", line 44, in main
config, serial_link_authorization, download_agent_authorization, hw_code = get_device_info(device, arguments)
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\main.py", line 136, in get_device_info
hw_code = device.get_hw_code()
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\src\device.py", line 178, in get_hw_code
self.echo(0xFD)
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\src\device.py", line 110, in echo
self.check(from_bytes(self.read(size), size), words)
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\src\device.py", line 88, in check
raise RuntimeError("Unexpected output, expected {} got {}".format(gold, test))
RuntimeError: Unexpected output, expected 0xfd got 0xfe

FriendlyChemist said:
I tried running the bypass,
I followed all the steps, installed the drivers, and the filter lib usb thingy.
I got an error while running the first bypass:
Traceback (most recent call last):
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\main.py", line 213, in <module>
main()
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\main.py", line 44, in main
config, serial_link_authorization, download_agent_authorization, hw_code = get_device_info(device, arguments)
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\main.py", line 136, in get_device_info
hw_code = device.get_hw_code()
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\src\device.py", line 178, in get_hw_code
self.echo(0xFD)
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\src\device.py", line 110, in echo
self.check(from_bytes(self.read(size), size), words)
File "C:\Users\Friendly Chemist\Desktop\F1\bypass\src\device.py", line 88, in check
raise RuntimeError("Unexpected output, expected {} got {}".format(gold, test))
RuntimeError: Unexpected output, expected 0xfd got 0xfe
Click to expand...
Click to collapse
Don't worry, this message usually appears, just keep it trying, you need to get device in BROM mode, and it'll work. Also, you can check for this thread, if you are lacking or missing some info https://forum.xda-developers.com/t/repair-dead-hard-bricked-realme-3-3i-tutorial.4224255/

Hello guys, I have a problem with the Redmi note 9 phone. You know that the Xiaomi interface has more negatives than the stars of the universe, but the Indonesian ROM has no problems, so I tried to change the phone from the world version to the Indonesian one, but in a way somewhat like a loophole, which led to the phone restarting itself Over and over again, I went to the phone maintenance specialists, and they told me that it needed a memory ic, but someone was able to download the Xiaomi system, which resembles a little Nokia, but through it I entered a new Xiaomi version, but the only remaining problem is the lack of service. I cannot call or receive calls or data, but all Something other than this works, so I understood from a phone specialist that the files in the memory ic have been corrupted, so the service does not work, so is there a solution
NB
The phone is rooted, but I can remove it​
The Wi-Fi is working and the Wi-Fi IP address is working​
the IP address of the network tells me that it is not there​
The serial number of the phone itself is not with me, but I think that if the Indonesian version has the serial number, I can find it​
I welcome any risky method​
Sorry for the weak language​

OMAR1.zx said:
Hello guys, I have a problem with the Redmi note 9 phone. You know that the Xiaomi interface has more negatives than the stars of the universe, but the Indonesian ROM has no problems, so I tried to change the phone from the world version to the Indonesian one, but in a way somewhat like a loophole, which led to the phone restarting itself Over and over again, I went to the phone maintenance specialists, and they told me that it needed a memory ic, but someone was able to download the Xiaomi system, which resembles a little Nokia, but through it I entered a new Xiaomi version, but the only remaining problem is the lack of service. I cannot call or receive calls or data, but all Something other than this works, so I understood from a phone specialist that the files in the memory ic have been corrupted, so the service does not work, so is there a solution
NB
The phone is rooted, but I can remove it​
The Wi-Fi is working and the Wi-Fi IP address is working​
the IP address of the network tells me that it is not there​
The serial number of the phone itself is not with me, but I think that if the Indonesian version has the serial number, I can find it​
I welcome any risky method​
Sorry for the weak language​
Click to expand...
Click to collapse
Don't take to "specialists" if you hope for a solution when it has nothing to do with hardware, they know no more than a little about software, it is very risky to let it people that can make more harm than good.
The serial number is always there, but the issue may come from an altered IMEI, or a lost baseband connection. Take your IMEI, dialing *#06# and put it here https://imei24.com/imei_check/Samsung/ to see if it matches with your device, then check if your baseband is there.
And ask the service center in-charge, which method they used to flash the software, an incorrect one could make the issue be triggered.

good forums. I'm new to the forum and I have a problem. My research to solve this has brought me here. I couldn't find the exact answer and wanted to ask you guys. I have a redmi 9c (m2006c3mg) device and I took this device in a mode from test points with a request to flash it. But I don't know exactly this mod I bought. The phone appears as Mtk Com Port in my device manager, but I could not boot my device normally with any key combination, battery removal and removal. All I want is to boot my device normally thanks for your help.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}