Database Develop

[STICKY][Guide] Creating and Flashing Custom Boot Logo's (Replace Viewsonic Logo)

ADVANCED USERS ONLY - NVFLASH REQUIRED
I would like to reiterate the importance of when I say this is not for the faint of heart. You should be familiar with nvflash, know how to pull the partition table, know how to do a full restore, etc. You are directly and blindly flashing a partition. A small percentage of devices have a different partition table, which this guide would not work for.
1)Follow this guide to setup Nvflash, and enter APX mode: http://wiki.tegratab.com/index.php/Nvflash_FAQ
2)Download boot logo if you don't have one.
3)Open a command line and change directory to the image location on your hard drive.
4)Enter APX mode
5)Run command:
Code:
nvflash --bl bootloader.bin --download 6 (imagename).bmp
-a)Note: 6 is the number of the partition that this image is stored on, nothing else resides on this partition, and nothing else will be damaged
6)Reboot and you should see something other than the Viewsonic Birds
Sample:
Do not save this image preview as template(it is a png instead of bmp).
Download here: http://www.multiupload.com/OWS9JEPVXE
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Creating Logo:
Tools:
Gimp (or equivalent)
-free photo editing software
1)Open my sample image in Gimp
2)Find logo that you want
-a)For example you could find a android image
3)Select and delete tegra logo
4)Paste your logo onto the white tegra background (this has correct dimensions)
5)Merge layers
6)Save as .bmp
7)Flash like above method
Bootloader
Correct bootloader.bin is located in the stock Gtablet TnT Nvflash restore(one without 46 in name): http://db.tt/Wm25t7U

Cool Tip thanks for sharing
Hey thanks, that's awesome! By any chance, would you know how to change the GTablet Oval Graphic and the animated X that's after it?
BTW, what do you guys think of a possible animated logo for Roebeets and Rothnics builds. I think they deserve their own animated logos ala Cyanogen Mod. What do you guys think? Hoping someone with some graphics talent sees this. ;P

The animated X is easily changable, I know its just a zip file you replace. (From what I read about my Droid 2.) I would assume it would be the same in this case. I've not done it though.
I also would like to know how to remove the gTablet oval logo that shows up after the Viewsonic birds logo.

Its gone in CM6.1 but TNT is way more stable/functional

KnightCrusader said:
The animated X is easily changable, I know its just a zip file you replace. (From what I read about my Droid 2.) I would assume it would be the same in this case. I've not done it though.
I also would like to know how to remove the gTablet oval logo that shows up after the Viewsonic birds logo.
Click to expand...
Click to collapse
gTablet logo is in the boot.img, and could be replaced with a little effort.
The main animation is the zip file, like you point out, and it is easily replaceable. I have used the Nexus One animation in the ZPad 2.2 ROM. I believe it is under /system/media.

Hmm.....any thoughts?
EDIT: Ignore me. Read that you can't use stock NVIDIA bootloader.bin ::face palm::. Working now
Code:
c:\Program Files (x86)\NVIDIA Corporation\tegra_froyo_20101105>nvflash --bl boot
loader.bin --download 6 tegra.bmp
Nvflash started
rcm version 0X20001
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x1714118842c051d7
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: nand
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
downloading bootloader -- load address: 0x108000 entry point: 0x108000
sending file: bootloader.bin
| 933404/933404 bytes sent
bootloader.bin sent successfully
waiting for bootloader to initialize
bootloader downloaded successfully
sending file: tegra.bmp
\ 1441792/1843256 bytes sentdata send failed NvError 0x30012
command failure: partition download failed

h8rift said:
Hmm.....any thoughts?
EDIT: Ignore me. Read that you can't use stock NVIDIA bootloader.bin ::face palm::. Working now
Code:
c:\Program Files (x86)\NVIDIA Corporation\tegra_froyo_20101105>nvflash --bl boot
loader.bin --download 6 tegra.bmp
Nvflash started
rcm version 0X20001
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x1714118842c051d7
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: nand
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
downloading bootloader -- load address: 0x108000 entry point: 0x108000
sending file: bootloader.bin
| 933404/933404 bytes sent
bootloader.bin sent successfully
waiting for bootloader to initialize
bootloader downloaded successfully
sending file: tegra.bmp
\ 1441792/1843256 bytes sentdata send failed NvError 0x30012
command failure: partition download failed
Click to expand...
Click to collapse
ummm yea, I got the same thing. I have the version of NVFLASH from week one with the original files that we used to bring it back to stock.
What am I missing?
EDIT: I'M WITH YOU, SORRY FALSE ALARM, guess I grabbed the wrong one (idiot)
Nice find Rothnic
Also, if you find another boot up logo you want (where the malata, nexus, ect. animated screen is), its just a .zip that can be replaced in /system/media Nice little change!

deleted...

So its not working for me. It connects, downaloads and starts the bootloader, then downloads the bmp successfully. I shut the tab off and restart and I see those damn birds....
Any ideas?
I already redownloaded the nvflash files. Still doesn't work.
I formated partition 6 with nvflash and put my picture there and still have the damn birds. Every time it says it's successful! Damn It! LOL!

Noob question: Where do I get bootloader.bin?
-=Sent from my ViewSonic G Tablet (Zpad 2.2) using Tapatalk=-

Bump...
Seriously... I managed to modify the boot.img and change the g-tablet logo, but I can't get this one done! It's very frustrating. Something so simple, yet it won't work!
I used nvflash in Win 7
I used nvflash in Ubuntu
I formated partition 6
I dumped 16MB from partition 6 and tried to view it
NUTIN!
Does anyone have any ideas?

Make sure you are not using the nvidia nvflash but the one in the other folder.

Lil Help
So I was trying to get this to work, realized I could format partition 6 (to try to get the file to copy) and did that, must have removed some stuff that needs to be there cause now I keep getting an error, process acore stopped. The on screen keyboard no longer pops up.
So there must be more than just the .bmp file in partition 6?
Can someone please look at partition 6 and maybe zip or list the files and folders in it. I would rather rebuild partition 6 than rebuild my whole setup.
Aditionally rothnic can you add step 1a to the instructions.
1a) replace the bootloader.bin file with one from the original or a custom rom specifically for the gtab.
I did get the new image installed though

it2steve said:
ummm yea, I got the same thing. I have the version of NVFLASH from week one with the original files that we used to bring it back to stock.
What am I missing?
EDIT: I'M WITH YOU, SORRY FALSE ALARM, guess I grabbed the wrong one (idiot)
Nice find Rothnic
Also, if you find another boot up logo you want (where the malata, nexus, ect. animated screen is), its just a .zip that can be replaced in /system/media Nice little change!
Click to expand...
Click to collapse
i dont get it, how did you guys get this to work? did you have to download the bootloader.bin from else where and not use the one included in the folder?
please help!
thanks!

popezaphod said:
Noob question: Where do I get bootloader.bin?
-=Sent from my ViewSonic G Tablet (Zpad 2.2) using Tapatalk=-
Click to expand...
Click to collapse
I'm with you and lost. I am running TnT Lite 2.2. I've got nvflash up and running, but I guess am misssing the bootloader.bin file as I get an erro at the end.

realsol said:
Make sure you are not using the nvidia nvflash but the one in the other folder.
Click to expand...
Click to collapse
what other folder? could you please explain?
thanks!

liquidcaffeine said:
I'm with you and lost. I am running TnT Lite 2.2. I've got nvflash up and running, but I guess am misssing the bootloader.bin file as I get an erro at the end.
Click to expand...
Click to collapse
yea i get you get the same error im getting. look below:
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x17141188445fd217
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: nand
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
downloading bootloader -- load address: 0x108000 entry point: 0x108000
sending file: bootloader.bin
| 933404/933404 bytes sent
bootloader.bin sent successfully
waiting for bootloader to initialize
bootloader downloaded successfully
sending file: tegra.bmp
/ 1835008/1843256 bytes sentdata send failed NvError 0x30012
command failure: partition download failed

liquidcaffeine said:
I'm with you and lost. I am running TnT Lite 2.2. I've got nvflash up and running, but I guess am misssing the bootloader.bin file as I get an erro at the end.
Click to expand...
Click to collapse
The really weird thing now is after a reboot, half if the new graphic is showing up!

i got past the error when pushing out the tegra.bmp file but now the screen turns black and says "entering nvlash recovery mode / nv3p server"
i followed this...
http://forum.xda-developers.com/showthread.php?t=859834

felizf said:
i got past the error when pushing out the tegra.bmp file but now the screen turns black and says "entering nvlash recovery mode / nv3p server"
i followed this...
http://forum.xda-developers.com/showthread.php?t=859834
Click to expand...
Click to collapse
That means you are done, now restart.

[TUTORIAL]How to unbrick your N4

How to unbrick your N4 ​I'm not responsible for anything that happens with your device!
I accidently flashed a S4 ROM.
After I noticed that, I tried to flash a factory image, but it booted for a very long time and WiFi, signal and other radio stuff didn't work.
Then I searched for help here, but anything they suggested didn't work, so you might be thinking that the only solution would be to send the device for repair.
But I searched for a solution anyway and found it
So this is what you need to download:
Nexus 4 Unbrick.zip
For Nexus 4 16GB you also need to download this files:
Nexus 4 Unbrick 16 GB Files.zip
OK let's start:
First thing we need to do is extracting everything and installing the LGNPST (this is for Windows 8, but I don't see why it shouldn't work on other versions).
Open your extracted Nexus 4 files folder
Open the LGNPST folder
Install "LGUnitedMobileDriver_S4981MAN38AP22_ML_WHQL_Ver_3.8.1.exe", it's located under "LG_USB_Driver"
Install "LGNPSTv1.3_Lab_Verison_RightClickReg.exe", located in root of the folder
Install "LGNPST_GenericModels_Ver_5_0_12_0", located under "NPST Generic Components and Models"
Install "LGNPST_Components_Ver_5_0_20_0", also located under "NPST Generic Components and Models"
Copy the Models folder to C:\LG Electronics\LGNPST\
Start a command prompt as admin
Type: regsvr32 "C:\LG Electronics\LGNPST\Models\LGNPST_LS970.dll" (yes, I know this is a .dll for the Optimus G)
That's it
If you got no ADB or fastboot drivers installed, install the Universal ADB Driver.
Now start the LGNPST and get your N4 into download mode:
Turn the phone off.
Make sure the phone is off.
Plug a USB cable into your PC, AND ONLY INTO YOUR PC. THE PHONE PART COMES NEXT.
Hold down the volume up and down buttons for 2 (two) seconds on your Nexus, and continue to hold the volume up and down buttons while pluging in the USB cable which is connected to your PC. Continue to hold the buttons until the download mode screen appears. Now step five.
Once the download mode screen comes up, let go of the volume buttons.
Thanks to @Connor Baker for sharing this method
Now you should get a screen like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Now your LGNPST should look like this:
In the bottom center you see DLL and BIN File.
Click on the folder symbol and select LGNPST_LS970.dll (and again, yes, I know it's for Optimus G, trust me I know what I'm doing)
Then select the .bin file you extracted before.
Now click start and it'll flash it.
Your N4 will reboot automatically, but the LGNPST reached only 85%, thats's normal (but please wait until the 67% changed to 85% before you close it)
The LGNPST will say you, that you should reboot again to download mode to finish the process, but the only thing it does is giving you an error message.
So now you have a developer firmware on your device and it's encrypted so you can do nothing.
Reboot into bootloader with Vol - and power button.
Now start flash_all.bat in the flashfactory folder and the program will do the things by itself.
Now you are completely on stock and should have a fully working device
Next steps for Nexus 4 16GB:
First thing I need to say: No, this doesn't work!
First step is rooting your phone (search through XDA if you don't know how; thanks to Rockstar600 for remembering me)
Copy the files you downloaded for the 16GB Version on your Nexus 4 (without the CWM Image).
If "dd" got renamed to "dd.bin" rename it back to "dd".
Install Root Browser or an similar app and copy the files to your /system directory.
Then flash the CWM Recory Image.
To do that open the folder that contains the Factory Image flashable with fastboot and do CTRL+Right Click in that folder and select "Open Command Prompt here" or something like that (don't know the exact name).
Get your device into fastboot mode with Vol- and Power.
Now type:
Code:
fastboot flash recovery recovery-clockwork-touch-6.0.4.7-mako.img
Then reboot into recovery.
I think you leaved CMD open.
So now type:
Code:
adb shell
mount /system
cp /system/dd /
chmod 755 /dd
/dd if=/dev/block/mmcblk0 of=/system/pgpt8G.img bs=512 count=34
/dd if=/dev/block/mmcblk0 of=/system/sgpt8G.img bs=512 skip=30777311
umount /data
umount /cache
umount /system
df -h
Now the output should look like this:
Code:
# df -h
Filesystem Size Used Available Use% Mounted on
tmpfs 911.7M 48.0K 911.6M 0% /dev
There shouldn't be a extra line.
If there is no extra line then continue with:
Code:
mount /system
/dd if=/dev/block/mmcblk0 of=/system/DDR bs=512 skip=15267840 count=2015
/dd if=/system/DDR of=/dev/block/mmcblk0 bs=512 seek=30775296 conv=notrunc
/dd if=/system/sgpt16G.img of=/dev/block/mmcblk0 bs=512 seek=30777311 conv=notrunc
/dd if=/system/pgpt16G.img of=/dev/block/mmcblk0 bs=512 seek=0 conv=notrunc
parted /dev/block/mmcblk0
Then type p and press enter and the output should look like this:
Code:
# parted /dev/block/mmcblk0
GNU Parted 1.8.8.1.179-aef3
Using /dev/block/mmcblk0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
p
Model: MMC 016G92 (sd/mmc)
Disk /dev/block/mmcblk0: 15.8GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 524kB 67.6MB 67.1MB fat16 modem
2 67.6MB 68.2MB 524kB sbl1
3 68.2MB 68.7MB 524kB sbl2
4 68.7MB 70.8MB 2097kB sbl3
5 70.8MB 71.3MB 524kB tz
6 71.3MB 94.4MB 23.1MB boot
7 94.4MB 117MB 23.1MB recovery
8 117MB 118MB 799kB m9kefs1
9 118MB 119MB 799kB m9kefs2
10 119MB 120MB 799kB m9kefs3
11 120MB 121MB 524kB rpm
12 121MB 121MB 524kB aboot
13 121MB 122MB 524kB sbl2b
14 122MB 124MB 2097kB sbl3b
15 124MB 124MB 524kB abootb
16 124MB 125MB 524kB rpmb
17 125MB 125MB 524kB tzb
18 125MB 126MB 524kB metadata
19 126MB 143MB 16.8MB misc
20 143MB 159MB 16.8MB ext4 persist
21 159MB 1040MB 881MB ext4 system
22 1040MB 1627MB 587MB ext4 cache
23 1627MB 15.8GB 14.1GB ext4 userdata
24 15.8GB 15.8GB 524kB DDR
25 15.8GB 15.8GB 507kB grow
Notice that userdata partition is 14.1GB in size
In case parted reports an error I suggest to return back to the old 8G partition tables, see below.
You can close parted with simply typing quit.
Now reboot the phone into bootloader: type reboot and hold 'Up' button to enter bootloader menu.
Then type:
Code:
fastboot erase userdata
fastboot -w
Now again start the flash-all.bat in your folder.
Now you have your 16GB back
Return back to the old 8G partition tables:
In case parted reported an error, put the old 8G partition tables back. This should not happen but never say never:
Code:
/dd if=/system/sgpt8G.img of=/dev/block/mmcblk0 bs=512 seek=30777311 conv=notrunc
/dd if=/system/pgpt8G.img of=/dev/block/mmcblk0 bs=512 seek=0 conv=notrunc
Fix for Bluetooth and MAC adress:
For bluetooth:
- In /persist directory create bluetooth directory. Under the new directory create a file named .bdaddr (don't miss the dot!)
Edit the file and put 6 random characters in it. Even better, if you can do this in a hex editor and put 6 random bytes, not just printable characters.
- Set execute and read permissions for everybody on /persist/bluetooth directory and change owner of .bdaddr to bluetooth:bluetooth and permission to 660 (read/write for owner and group and nothing else). In command line:
Code:
chown root:root /persist/bluetooth
chmod 755 /persist/bluetooth
chown bluetooth:bluetooth /persist/bluetooth/.bdaddr
chmod 660 /persist/bluetooth/.bdaddr
For mac address:
- In /persist directory create wifi directory. In the new directory create a file named .macaddr (don't miss the dot!)
Edit the file and put 12 random hex numbers in it (0-9, A-F), save.
- Set execute and read permissions for everybody on /persist/wifi directory and change owner of .macaddr to wifi:wifi and permission to 660 (read/write for owner and group and nothing else). In command line:
Code:
chown root:root /persist/wifi
chmod 755 /persist/wifi
chown wifi:wifi /persist/wifi/.macaddr
chmod 660 /persist/wifi/.macaddr
- run /system/bin/conn_init program. Can be run in root explorer(choose Linux Script Handler when you open it), or in adb shell:
Code:
su
/system/bin/conn_init
Then reboot and check if the changes got applied in settings
Donate
Every $ helps me : Donate
Credits
Koush for his ADB Driver
Jhoopes517 for his tutorial to install LGNPST
FLYN's thread about unbricking a Nexus 4, because I got the parts for LGNPST from there
foil for his .tot files
Jbele for his picture from download mode xD
Google for the factory images
dvhexer for his guide to convert 8GB to 16GB

OK there's a problem: After using this method you get only 8GB and it seems like there's no fix for that
Does somebody know a solution?
PS: Yes, already tried that: http://forum.xda-developers.com/showthread.php?p=36673191#post36673191

Have you tried formatting data, not wipe, in recovery?

Try this: http://forum.xda-developers.com/showthread.php?t=2033692

meangreenie said:
Have you tried formatting data, not wipe, in recovery?
Click to expand...
Click to collapse
Yes.
RussianBear said:
Try this: http://forum.xda-developers.com/showthread.php?t=2033692
Click to expand...
Click to collapse
Mentioned it above, but forgot to remove postcount behind showthread, sry

nice!!
I know someone who can use this:
http://forum.xda-developers.com/showthread.php?t=2175663

I think I found a fix for the 8GB problem
But it needs a external sd so I need to make some changes
EDIT: Got it, I'll add this to the guide now

thanks !!!!!!!!!!!!!!!!!
I am from china.
i flash the 4.3 for s4.
and i know 2 person have the same problem like me in our forum.
SO happy i encounter the god-like person--you!
thanks a lot.
And i will quote your ways to save them, are you mind this?

tigerCHINA said:
I am from china.
i flash the 4.3 for s4.
and i know 2 person have the same problem like me in our forum.
SO happy i encounter the god-like person--you!
thanks a lot.
And i will quote your ways to save them, are you mind this?
Click to expand...
Click to collapse
Why on earth would you flash anything for the S4? I'm curious

Updated OP with Instructions to get your 16 GB back
tigerCHINA said:
I am from china.
i flash the 4.3 for s4.
and i know 2 person have the same problem like me in our forum.
SO happy i encounter the god-like person--you!
thanks a lot.
And i will quote your ways to save them, are you mind this?
Click to expand...
Click to collapse
No problem, it's there to help everyone
KiNG OMaR said:
Why on earth would you flash anything for the S4? I'm curious
Click to expand...
Click to collapse
Everyone does start as a beginner, one and a half year ago I thought there are universal ICS flashable zips (look here xD) , now look where I got

I wanna try 4.3 but i dont know i will fail
KiNG OMaR said:
Why on earth would you flash anything for the S4? I'm curious
Click to expand...
Click to collapse
I wanna try 4.3 but i dont know i will fail

Hi, thanks for your help. I have a Nexus 4 bricked, when a friend tried to flash Nexus 7 kernel. The phone is dead and have only a red blinking led. When i connect the nexus to my Windows 8, i see a DXUSB_ERROR (or something similar, i don't have now the phone). Do you think it will work your method?
Thanks
Regards
EDIT: I have no fastboot or download mode

cicciociccio333 said:
Hi, thanks for your help. I have a Nexus 4 bricked, when a friend tried to flash Nexus 7 kernel. The phone is dead and have only a red blinking led. When i connect the nexus to my Windows 8, i see a DXUSB_ERROR (or something similar, i don't have now the phone). Do you think it will work your method?
Thanks
Regards
EDIT: I have no fastboot or download mode
Click to expand...
Click to collapse
Hmmm....don't know, can you get into a download mode?
Give it a try, seems like you can't brick even more
Oh, didn't saw that edit.
No, without download mode you can't use this

Gigadroid said:
Oh, didn't saw that edit.
No, without download mode you can't use this
Click to expand...
Click to collapse
So i tought. That's a pity :'(

thanks for the guide! as i said you're my hero!! but i cant do the 16gb part. i think im doing something wrong first, i write the lines one by one right? second, when i type: cp /system/dd /
it says that cannot find the file, something like that. i have move the 3 files to /system of course. and no the dd file didnt renamed to dd.bin, i check it. can you help??

@OP,
Thanks a ton bro!!

johnxarma said:
thanks for the guide! as i said you're my hero!! but i cant do the 16gb part. i think im doing something wrong first, i write the lines one by one right? second, when i type: cp /system/dd /
it says that cannot find the file, something like that. i have move the 3 files to /system of course. and no the dd file didnt renamed to dd.bin, i check it. can you help??
Click to expand...
Click to collapse
Ignore, I was incorrect.

meangreenie said:
Lose the last space, it's a typo I believe. dd/ or just dd
Click to expand...
Click to collapse
thanks for the reply. but i dont understand you.. what part i must change to correct the code?
 @Gigadroid can you fix the typos in OP??

johnxarma said:
thanks for the guide! as i said you're my hero!! but i cant do the 16gb part. i think im doing something wrong first, i write the lines one by one right? second, when i type: cp /system/dd /
it says that cannot find the file, something like that. i have move the 3 files to /system of course. and no the dd file didnt renamed to dd.bin, i check it. can you help??
Click to expand...
Click to collapse
Yes, one by one.
Try to mount system partition, simply type:
Code:
mount /system
I'll add this to op
meangreenie said:
Lose the last space, it's a typo I believe. dd/ or just dd
Click to expand...
Click to collapse
It isn't a typo.
cp stands for copy, the first path says which file will be copied, the second path where it will be copied.
In this case we want the files in our root directory which is /

its very useful THX:good::good:

Bricked Samsung S8 (TMO version) showing Qualcomm HS-USB QDloader 9008

Guys need help....I recently bought a Samsung S8 (t-mobile version) without knowing much of its history thinking it had a deeply discharged battery, but after a good 10 hrs on the charger it still won't turn on, no LEDs, no vibration, nothing, a complete black screen so it will NOT boot into recovery or download mode. However, it does seem to take a charge as the back side does get a bit warm when charged. When plugged into the PC (Win 10) it does not get recognized under My PC but I hear the USB plug-in chime and under the Device Manager, I get "Qualcomm HS-USB QDloader 9008" on COM port 3. From what I've found online, seems like I will need the original S8's complete eMMC image and load it onto the sdcard and recover it that way, even if it's possible.
Can anyone help/guide me in the proper direction? Really hoping to recover this device. This might even help others who may have or will brick their S8's. Thanks a lot in advance

taj786 said:
Guys need help....I recently bought a Samsung S8 (t-mobile version) without knowing much of its history thinking it had a deeply discharged battery, but after a good 10 hrs on the charger it still won't turn on, no LEDs, no vibration, nothing, a complete black screen so it will NOT boot into recovery or download mode. However, it does seem to take a charge as the back side does get a bit warm when charged. When plugged into the PC (Win 10) it does not get recognized under My PC but I hear the USB plug-in chime and under the Device Manager, I get "Qualcomm HS-USB QDloader 9008" on COM port 3. From what I've found online, seems like I will need the original S8's complete eMMC image and load it onto the sdcard and recover it that way, even if it's possible.
Can anyone help/guide me in the proper direction? Really hoping to recover this device. This might even help others who may have or will brick their S8's. Thanks a lot in advance
Click to expand...
Click to collapse
This thread may be old, but for now, the only option you have is getting a replacement. I had that qualcomm HS-USB composite identity on my hard bricked lg g stylo and i couldn't do anything about it but get it replaced.

taj786 said:
Guys need help....I recently bought a Samsung S8 (t-mobile version) without knowing much of its history thinking it had a deeply discharged battery, but after a good 10 hrs on the charger it still won't turn on, no LEDs, no vibration, nothing, a complete black screen so it will NOT boot into recovery or download mode. However, it does seem to take a charge as the back side does get a bit warm when charged. When plugged into the PC (Win 10) it does not get recognized under My PC but I hear the USB plug-in chime and under the Device Manager, I get "Qualcomm HS-USB QDloader 9008" on COM port 3. From what I've found online, seems like I will need the original S8's complete eMMC image and load it onto the sdcard and recover it that way, even if it's possible.
Can anyone help/guide me in the proper direction? Really hoping to recover this device. This might even help others who may have or will brick their S8's. Thanks a lot in advance
Click to expand...
Click to collapse
If this is still an issue you face PM me and i will help you unbrick the device!

TimelessPWN said:
If this is still an issue you face PM me and i will help you unbrick the device!
Click to expand...
Click to collapse
I'm ready to help for unbrick my S8

I have the same exact hard brick on my S8, did you guys ever figure out a solution?

TimelessPWN said:
If this is still an issue you face PM me and i will help you unbrick the device!
Click to expand...
Click to collapse
I have the same error, could you solve it?

did you get it fixed? I think TimelessPWN would have used EDL mode.

mweinbach said:
did you get it fixed? I think TimelessPWN would have used EDL mode.
Click to expand...
Click to collapse
I have not fixed it ye, i need help.

FUBUKY said:
I have not fixed it ye, i need help.
Click to expand...
Click to collapse
ok. from what i am reading, you have a hard brick. that QDloader 9008 is EDL mode. the EDL files that we got from QUALCOMM must be sent to you, and you have to run a QUALCOMM software and apply those files through EDL. I currently have the files but I am not 100% sure how to use them. I recommend contacting https://www.facebook.com/GSMCHEN.up for help. he 100% can.

mweinbach said:
did you get it fixed? I think TimelessPWN would have used EDL mode.
Click to expand...
Click to collapse
FUBUKY said:
I have not fixed it ye, i need help.
Click to expand...
Click to collapse
mweinbach said:
ok. from what i am reading, you have a hard brick. that QDloader 9008 is EDL mode. the EDL files that we got from QUALCOMM must be sent to you, and you have to run a QUALCOMM software and apply those files through EDL. I currently have the files but I am not 100% sure how to use them. I recommend contacting for help. he 100% can.
Click to expand...
Click to collapse
thx man, i am retry repair.

mweinbach said:
ok. from what i am reading, you have a hard brick. that QDloader 9008 is EDL mode. the EDL files that we got from QUALCOMM must be sent to you, and you have to run a QUALCOMM software and apply those files through EDL. I currently have the files but I am not 100% sure how to use them. I recommend contacting https://www.facebook.com/GSMCHEN.up for help. he 100% can.
Click to expand...
Click to collapse
Do you mind sharing the files sir? I have this issue and need the files please
Regards,
.:112:.
Sent from my SM-G928T using Tapatalk

stuntman112 said:
Do you mind sharing the files sir? I have this issue and need the files please
Regards,
.:112:.
Sent from my SM-G928T using Tapatalk
Click to expand...
Click to collapse
I have been told not to. Sorry.

I hope soon a solution comes out, while I continue with my brick.
GSMCHEN apparently can repair them, but you have not answered my messages.

I found the files needed. Will upload a link tonight
Sent from my SM-G928T using Tapatalk

stuntman112 said:
I found the files needed. Will upload a link tonight
Sent from my SM-G928T using Tapatalk
Click to expand...
Click to collapse
thank you very much, I hope the link to try to unbrick my s8 +

Some of the files are in plain sight at AFH. The developer has all the required QCOM tools at the link.
Prog_UFS_Firehose_8998_ddr.elf file:
https://androidfilehost.com/?fid=961840155545585810
Notice it is UFS storage, not EMMC so make sure you have the latest QPST software. Thanks to the developer (hazmat) for the prog file but i believe we will need others also such as .XML's
Messed around with it for a little but didnt figure it out. Hopefully this is a start to dead boot repair for the SM-G955..The Dream2 awakes..
Sent from my SM-G928T using Tapatalk

stuntman112 said:
Some of the files are in plain sight at AFH. The developer has all the required QCOM tools at the link.
Prog_UFS_Firehose_8998_ddr.elf file:
https://androidfilehost.com/?fid=961840155545585810
Notice it is UFS storage, not EMMC so make sure you have the latest QPST software. Thanks to the developer (hazmat) for the prog file but i believe we will need others also such as .XML's
Messed around with it for a little but didnt figure it out. Hopefully this is a start to dead boot repair for the SM-G955..The Dream2 awakes..
Sent from my SM-G928T using Tapatalk
Click to expand...
Click to collapse
without the xml files it does not help us.
I had already tried it, the xml files that it has shared (hazmat) are from xiaomi.

mweinbach said:
I have been told not to. Sorry.
Click to expand...
Click to collapse
That's the right thing to do,
Anyway, we have to protect these documents, right

Could not get the device un bricked. Thanks GSM CHEN for help. Possible CPU hardware problem. Seems stuck in EDL
LOG
Programmer Path:C:\Users\User1\Desktop\nhlos\common\tools\emergency_download\prog_ufs_firehose_8998_ddr.elf
Image Search Path: C:\Users\User1\Desktop\nhlos\common\tools\emergency_download
RAWPROGRAM file path: C:\Users\User1\Desktop\nhlos\common\tools\emergency_download\rawprogram0.xml
PATCH file path:C:\Users\User1\Desktop\nhlos\common\tools\emergency_download\patch0.xml
Start Download
Program Path:C:\Users\User1\Desktop\nhlos\common\tools\emergency_download\prog_ufs_firehose_8998_ddr.elf
***** Working Folder:C:\Users\User1\AppData\Roaming\Qualcomm\QFIL\COMPORT_11
Binary build date: Oct 31 2016 @ 22:51:05
QSAHARASERVER CALLED LIKE THIS: 'C:\Program Files (x86)\Qualcomm\QPST\bin\QSaharaServer.ex'Current working dir: C:\Users\User1\AppData\Roaming\Qualcomm\QFIL\COMPORT_11
Sahara mappings:
2: amss.mbn
6: apps.mbn
8: dsp1.mbn
10: dbl.mbn
11: osbl.mbn
12: dsp2.mbn
16: efs1.mbn
17: efs2.mbn
20: efs3.mbn
21: sbl1.mbn
22: sbl2.mbn
23: rpm.mbn
25: tz.mbn
28: dsp3.mbn
29: acdb.mbn
30: wdt.mbn
31: mba.mbn
13: C:\Users\User1\Desktop\nhlos\common\tools\emergency_download\prog_ufs_firehose_8998_ddr.elf
11:44:18: Requested ID 13, file: "C:\Users\User1\Desktop\nhlos\common\tools\emergency_download\prog_ufs_firehose_8998_ddr.elf"
11:44:18: 599432 bytes transferred in 0.172000 seconds (3.3236MBps)
11:44:18: File transferred successfully
11:44:18: Sahara protocol completed
Sending Programmer Finished
Switch To FireHose
Wait for 3 seconds...
Max Payload Size to Target:49152 Bytes
Device Type:UFS
Platform:8x26
Disable Ack Raw Data Every N Packets
Skip Write:False
Always Validate:False
Use Verbose:False
***** Working Folder:C:\Users\User1\AppData\Roaming\Qualcomm\QFIL\COMPORT_11
Base Version: 16.10.28.15.28
Binary build date: Oct 31 2016 @ 22:51:02
Incremental Build version: 16.10.31.22.51.02
11:44:22: INFO: FH_LOADER WAS CALLED EXACTLY LIKE THIS
************************************************
C:\Program Files (x86)\Qualcomm\QPST\bin\fh_loader.exe --port=\\.\COM11 --sendxml=rawprogram0.xml --search_path=C:\Users\User1\Desktop\nhlos\common\tools\emergency_download --noprompt --showpercentagecomplete --zlpawarehost=1 --memoryname=ufs
************************************************
11:44:22: INFO: Current working dir (cwd): C:\Users\User1\AppData\Roaming\Qualcomm\QFIL\COMPORT_11\
11:44:22: INFO: Showing network mappings to allow debugging
11:44:22: INFO:
11:44:22: INFO: Trying to store 'rawprogram0.xml' in string table
11:44:22: INFO: Looking for file 'rawprogram0.xml'
11:44:22: INFO: User wants to talk to port '\\.\COM11'
11:44:22: INFO: Took 0.00000000 seconds to open port
11:44:22: INFO: Sorting TAGS to ensure order is <configure>,<erase>, others, <patch>,<power>
11:44:22: INFO: If you don't want this, use --dontsorttags
11:44:22: INFO: Looking for file 'gpt_main0.bin'
11:44:22: INFO: Looking for file 'gpt_backup0.bin'
11:44:22: INFO:
Total to be tansferd with <program> or <read> is 44.00 KB
11:44:22: INFO: Sending <configure>
11:44:22: INFO: TARGET SAID: 'Binary build date: Jun 1 2017 @ 14:29:30'
11:44:22: INFO: TARGET SAID: 'Chip serial num: 4294967295 (0xffffffff)'
11:44:22: INFO: TARGET SAID: 'Supported Functions: program configure nop firmwarewrite patch setbootablestoragedrive ufs emmc power benchmark read getstorageinfo getsha256digest erase peek poke '
11:44:22: INFO: TARGET SAID: 'Calling usb_al_bulk_set_zlp_mode(TRUE) since ZlpAwareHost='1''
11:44:22: INFO: fh.attrs.MaxPayloadSizeToTargetInBytes = 1048576
11:44:22: INFO: fh.attrs.MaxPayloadSizeToTargetInBytesSupported = 1048576
11:44:22: INFO: In handleProgram('gpt_main0.bin')
11:44:22: INFO: Looking for file 'gpt_main0.bin'
11:44:22: INFO: =======================================================
11:44:22: INFO: {<program> FILE: 'C:\Users\User1\Desktop\nhlos\common\tools\emergency_download\gpt_main0.bin'}
11:44:22: INFO: {<program> (24.00 KB) 6 sectors needed at location 0 on LUN 0}
11:44:22: INFO: =======================================================
11:44:22: INFO: TARGET SAID: 'ERROR: Failed to initialize (open whole lun) UFS Device slot 0 partition 0'
11:44:22: INFO: TARGET SAID: 'ERROR: ufs_open_error_code 0 :: 0x27c'
11:44:22: INFO: TARGET SAID: 'ERROR: last ufs_open_error_code 16 :: 0x27c'
11:44:22: INFO: TARGET SAID: 'ERROR: Failed to open the device 3 slot 0 partition 0'
11:44:22: INFO: TARGET SAID: 'INFO: Device type 3, slot 0, partition 0, error 0'
11:44:22: INFO: TARGET SAID: 'WARN: Get Info failed to open 3 slot 0, partition 0, error 0'
11:44:22: INFO: TARGET SAID: 'storage_device_get_num_partition_sectors FAILED!'
11:44:22: INFO: TARGET SAID: 'parseSectorValue could not handle start_sector value'
_____
| ___|
| |__ _ __ _ __ ___ _ __
| __| '__| '__/ _ \| '__|
| |__| | | | | (_) | |
\____/_| |_| \___/|_|
11:44:22: {ERROR: program FAILED - Please see log}
Writing log to 'C:\Users\User1\AppData\Roaming\Qualcomm\QFIL\COMPORT_11\port_trace.txt', might take a minute
Log is 'C:\Users\User1\AppData\Roaming\Qualcomm\QFIL\COMPORT_11\port_trace.txt'
Download Fail:FireHose Fail:FHLoader Failrocess fail
Finish Download
Sent from my SM-G928T using Tapatalk

a me has not helped me yet.

[WIP]Dissecting the bootloader aka: get rid of annoying "Your device is corrupt"

[WIP]Dissecting the bootloader aka: get rid of annoying "Your device is corrupt"
This is WIP (work in progress) ... posting this as a separate thread to get other people involved so we can try to get rid of the annoying "Your device is corrupt" thing.
On the back of my thread on the splash screen (see https://forum.xda-developers.com/oneplus-6t/development/tool-splash-screen-modification-t3874158), @AnoopKumar and I started checking the bootloader.
The bootloader is in the partition called: abl_a (and/or abl_b) depending on whether you boot from A or B slot.
(https://forum.xda-developers.com/showpost.php?p=78409574&postcount=28)
All below is on Linux ... I am not a Windows guru ...
Take a raw dump of the abl_a partition. Reboot into TWRP, once there do: "adb shell".
Code:
> adb shell
# dd if=/dev/block/bootdevice/by-name/abl_b of=/sdcard/img.abl_a
# <ctrl-D>
> adb pull /sdcard/img.abl_a
You will now have the dump of the bootloader partition in the file
Then, use "binwalk" to see what is inside the abl_a image:
Code:
> binwalk -e img.abl_a
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ELF, 32-bit LSB executable, ARM, version 1 (SYSV)
4488 0x1188 Certificate in DER format (x509 v3), header length: 4, sequence length: 1279
5771 0x168B Certificate in DER format (x509 v3), header length: 4, sequence length: 1133
6908 0x1AFC Certificate in DER format (x509 v3), header length: 4, sequence length: 1149
12408 0x3078 LZMA compressed data, properties: 0x5D, dictionary size: 16777216 bytes, uncompressed size: 487624 bytes
I am thinking that bytes 0...4487 is the real bootloader code, so:
Code:
> head --bytes=4488 img.abl_b > abc
> file abc
abc: ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, corrupted section header size
Not sure why it says "corrupt section header size".
Then check the detail of the ELF file:
Code:
> readelf abc
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: ARM
Version: 0x1
Entry point address: 0x9fa00000
Start of program headers: 52 (bytes into file)
Start of section headers: 0 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 3
Size of section headers: 0 (bytes)
Number of section headers: 0
Section header string table index: 0
There are no sections in this file.
There are no sections to group in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
NULL 0x000000 0x00000000 0x00000000 0x00094 0x00000 0
NULL 0x001000 0x9fa30000 0x9fa30000 0x01988 0x02000 0x1000
LOAD 0x003000 0x9fa00000 0x9fa00000 0x30000 0x30000 RWE 0x1000
There is no dynamic section in this file.
There are no relocations in this file.
Dynamic symbol information is not available for displaying symbols.
No version information found in this file.
Elf file type is EXEC (Executable file)
Entry point 0x9fa00000
There are 3 program headers, starting at offset 52
The bootloader binary code is in the LOAD segment
More to follow later ... have to catch some sleep now ...

foobar66 said:
This is WIP (work in progress) ... posting this as a separate thread to get other people involved so we can try to get rid of the annoying "Your device is corrupt" thing.
On the back of my thread on the splash screen (see https://forum.xda-developers.com/oneplus-6t/development/tool-splash-screen-modification-t3874158), @AnoopKumar and I started checking the bootloader.
The bootloader is in the partition called: abl_a (and/or abl_b) depending on whether you boot from A or B slot.
(https://forum.xda-developers.com/showpost.php?p=78409574&postcount=28)
All below is on Linux ... I am not a Windows guru ...
Take a raw dump of the abl_a partition. Reboot into TWRP, once there do: "adb shell".
You will now have the dump of the bootloader partition in the file
Then, use "binwalk" to see what is inside the abl_a image:
I am thinking that bytes 0...4487 is the real bootloader code, so:
Not sure why it says "corrupt section header size".
Then check the detail of the ELF file:
The bootloader binary code is in the LOAD segment
More to follow later ... have to catch some sleep now ...
Click to expand...
Click to collapse
Wow! Excited to see this! Thanks

It doesn't matter if you find it.
I don't think you can flash a modified BL partition and have the device boot.
This is part of secure boot. The notice will always be there with an unlocked BL.
It's on all devices that have ARM trust zone and secure boot, if they run Android.
This is part of Google's requirements.

foobar66 said:
This is WIP (work in progress) ... posting this as a separate thread to get other people involved so we can try to get rid of the annoying "Your device is corrupt" thing.
On the back of my thread on the splash screen (see https://forum.xda-developers.com/oneplus-6t/development/tool-splash-screen-modification-t3874158), @AnoopKumar and I started checking the bootloader.
The bootloader is in the partition called: abl_a (and/or abl_b) depending on whether you boot from A or B slot.
(https://forum.xda-developers.com/showpost.php?p=78409574&postcount=28)
All below is on Linux ... I am not a Windows guru ...
Take a raw dump of the abl_a partition. Reboot into TWRP, once there do: "adb shell".
Code:
> adb shell
# dd if=/dev/block/bootdevice/by-name/abl_b of=/sdcard/img.abl_a
# <ctrl-D>
> adb pull /sdcard/img.abl_a
You will now have the dump of the bootloader partition in the file
Then, use "binwalk" to see what is inside the abl_a image:
Code:
> binwalk -e img.abl_a
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ELF, 32-bit LSB executable, ARM, version 1 (SYSV)
4488 0x1188 Certificate in DER format (x509 v3), header length: 4, sequence length: 1279
5771 0x168B Certificate in DER format (x509 v3), header length: 4, sequence length: 1133
6908 0x1AFC Certificate in DER format (x509 v3), header length: 4, sequence length: 1149
12408 0x3078 LZMA compressed data, properties: 0x5D, dictionary size: 16777216 bytes, uncompressed size: 487624 bytes
I am thinking that bytes 0...4487 is the real bootloader code, so:
Code:
> head --bytes=4488 img.abl_b > abc
> file abc
abc: ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, corrupted section header size
Not sure why it says "corrupt section header size".
Then check the detail of the ELF file:
Code:
> readelf abc
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: ARM
Version: 0x1
Entry point address: 0x9fa00000
Start of program headers: 52 (bytes into file)
Start of section headers: 0 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 3
Size of section headers: 0 (bytes)
Number of section headers: 0
Section header string table index: 0
There are no sections in this file.
There are no sections to group in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
NULL 0x000000 0x00000000 0x00000000 0x00094 0x00000 0
NULL 0x001000 0x9fa30000 0x9fa30000 0x01988 0x02000 0x1000
LOAD 0x003000 0x9fa00000 0x9fa00000 0x30000 0x30000 RWE 0x1000
There is no dynamic section in this file.
There are no relocations in this file.
Dynamic symbol information is not available for displaying symbols.
No version information found in this file.
Elf file type is EXEC (Executable file)
Entry point 0x9fa00000
There are 3 program headers, starting at offset 52
The bootloader binary code is in the LOAD segment
More to follow later ... have to catch some sleep now ...
Click to expand...
Click to collapse
Good job, if needed i can help with the checking

tech_head said:
It doesn't matter if you find it.
I don't think you can flash a modified BL partition and have the device boot.
This is part of secure boot. The notice will always be there with an unlocked BL.
It's on all devices that have ARM trust zone and secure boot, if they run Android.
This is part of Google's requirements.
Click to expand...
Click to collapse
abl.img is not the bootloader i guess.

tech_head said:
It doesn't matter if you find it.
I don't think you can flash a modified BL partition and have the device boot.
This is part of secure boot. The notice will always be there with an unlocked BL.
It's on all devices that have ARM trust zone and secure boot, if they run Android.
This is part of Google's requirements.
Click to expand...
Click to collapse
On other devices they've been able to swap this image with another one to "hide" the message, to "get rid of it".

Would we sweet if we could get rid of the unlocked bootloader message too.

dennisbednarz said:
Would we sweet if we could get rid of the unlocked bootloader message too.
Click to expand...
Click to collapse
+1

U guys should talk [email protected] We had this issue of broken verity with the essential phone and he came up with a redboot.img that u flash and it bootloops the phone and fixes verity. It keeps bootlooping till.it fixes it, then u flash a proper kernel and you are good. Cuz as It stands one can only resolve this properly with the tool

jacksummers said:
U guys should talk [email protected] We had this issue of broken verity with the essential phone and he came up with a redboot.img that u flash and it bootloops the phone and fixes verity. It keeps bootlooping till.it fixes it, then u flash a proper kernel and you are good. Cuz as It stands one can only resolve this properly with the tool
Click to expand...
Click to collapse
Different issue.
They are not trying to get rid of the red warning but the yellow warning for an unlocked BL.
On this phone, if you have a "red" warning you use the MSMDownload tool and go back factory including locking the BL.
This is a different case.

Well ... bad luck ... I tried to change abl_b and reflash it ... phone is sort of *dead* now.
Does no longer boot at all.
However, when I plug it into the PC, I can see:
Code:
> lsusb
Bus 001 Device 034: ID 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL mode)
And then:
Code:
> dmesg
[ 9395.999112] usb 1-1: new high-speed USB device number 34 using xhci_hcd
[ 9396.149376] usb 1-1: New USB device found, idVendor=05c6, idProduct=9008
[ 9396.149380] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 9396.149383] usb 1-1: Product: QUSB_BULK_CID:0402_SN:33B9DDAC
[ 9396.149386] usb 1-1: Manufacturer: Qualcomm CDMA Technologies MSM
[ 9396.150184] qcserial 1-1:1.0: Qualcomm USB modem converter detected
[ 9396.150372] usb 1-1: Qualcomm USB modem converter now attached to ttyUSB0
So it is not completely *dead* but in some sort of Qualcomm low level mode. I found some info here: https://together.jolla.com/question...ss-modem-any-chance-to-bring-it-back-to-life/ but did not make any progress yet.
EDIT: looking at MsmDownloadTool to debrick the phone ...

foobar66 said:
Well ... bad luck ... I tried to change abl_b and reflash it ... phone is sort of *dead* now.
Does no longer boot at all.
However, when I plug it into the PC, I can see:
Code:
> lsusb
Bus 001 Device 034: ID 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL mode)
And then:
Code:
> dmesg
[ 9395.999112] usb 1-1: new high-speed USB device number 34 using xhci_hcd
[ 9396.149376] usb 1-1: New USB device found, idVendor=05c6, idProduct=9008
[ 9396.149380] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 9396.149383] usb 1-1: Product: QUSB_BULK_CID:0402_SN:33B9DDAC
[ 9396.149386] usb 1-1: Manufacturer: Qualcomm CDMA Technologies MSM
[ 9396.150184] qcserial 1-1:1.0: Qualcomm USB modem converter detected
[ 9396.150372] usb 1-1: Qualcomm USB modem converter now attached to ttyUSB0
So it is not completely *dead* but in some sort of Qualcomm low level mode. I found some info here: https://together.jolla.com/question...ss-modem-any-chance-to-bring-it-back-to-life/ but did not make any progress yet.
EDIT: looking at MsmDownloadTool to debrick the phone ...
Click to expand...
Click to collapse
Use this https://forum.xda-developers.com/oneplus-6t/how-to/tool-6t-msmdownloadtool-v4-0-oos-9-0-5-t3867448
Should try for several times with instruction here

Question - when does device show red warning? When u disable dm verity?
I unlocked and rooted but only had yellow warning, but when i installed aosp gsi i had a red warning. Once of the step to install the rom was flashing vbmeta and disabling dm verity.

patelparth120595 said:
Question - when does device show red warning? When u disable dm verity?
I unlocked and rooted but only had yellow warning, but when i installed aosp gsi i had a red warning. Once of the step to install the rom was flashing vbmeta and disabling dm verity.
Click to expand...
Click to collapse
Disabled dm-verity caused red warning, i guess.
---------- Post added at 10:01 AM ---------- Previous post was at 09:58 AM ----------
foobar66 said:
Well ... bad luck ... I tried to change abl_b and reflash it ... phone is sort of *dead* now.
Does no longer boot at all.
However, when I plug it into the PC, I can see:
And then:
So it is not completely *dead* but in some sort of Qualcomm low level mode. I found some info here: https://together.jolla.com/question...ss-modem-any-chance-to-bring-it-back-to-life/ but did not make any progress yet.
EDIT: looking at MsmDownloadTool to debrick the phone ...
Click to expand...
Click to collapse
Edited abl.img ? and flashed via recovery/fastboot ?

AnoopKumar said:
Edited abl.img ? and flashed via recovery/fastboot ?
Click to expand...
Click to collapse
No, just flashed using dd command in TWRP shell.

foobar66 said:
No, just flashed using dd command in TWRP shell.
Click to expand...
Click to collapse
Phone still dead ?

OK ... I managed to recover my phone !
A windows PC with the MSM program did the trick.
I am now back to stock 9.0.5

foobar66 said:
OK ... I managed to recover my phone !
A windows PC with the MSM program did the trick.
I am now back to stock 9.0.5
Click to expand...
Click to collapse
I assume that, there is nothing to do with the abl.img. Only thing we can do with it is change the default strings to a song lyric or something. abl.img is the uefi firmware i guess. Bootloader is using the images stored in the logo partition.

Gsi's flash without breaking verity if u flash to both slots. And totally format. Fastboot -w. The phone sees any changes to partitions as corruption and breaks verity, hence red warning.. if someone would be inclined to talk to invisiblek from the essential threads, he could tell u of a fix. The solution is not in abl. It's in the stock boot.img. if I had more time, I would help
---------- Post added at 02:52 PM ---------- Previous post was at 02:51 PM ----------
tech_head said:
Different issue.
They are not trying to get rid of the red warning but the yellow warning for an unlocked BL.
On this phone, if you have a "red" warning you use the MSMDownload tool and go back factory including locking the BL.
This is a different case.
Click to expand...
Click to collapse
No, they are talking about breaking verity also. Seems to be both messages, but more recently the broken verity message. Which there is two types, one u can boot from, one u cannot.

jacksummers said:
U guys should talk [email protected] We had this issue of broken verity with the essential phone and he came up with a redboot.img that u flash and it bootloops the phone and fixes verity. It keeps bootlooping till.it fixes it, then u flash a proper kernel and you are good. Cuz as It stands one can only resolve this properly with the tool
Click to expand...
Click to collapse
I would love that idea. That would be really nice to have on our device

Question ERROR: Unknown chunk type cac2 when using QFIL to flash

Recently im used DSU loader and my phone got bootloop no recovery no fastboot only edl.
im trying now QFIL to flash but im have this weird problem ERROR: Unknown chunk type cac2 im have log if needed. that can be probably fixed but im too stupid.

Try a different cable, different USB port or if all fails, a different pc.

I have the same issue, did you manage to solve it?

I had the same problem and after weeks looking for a solution I didn't find anything. The solution I found was to call the technical service and they will fix it for you if the warranty is valid (they change your motherboard, which is good because they gave me the 256gb rom and 12 ram. i had the lower model). I hope it helps you and sorry for my google translator english.

Krity said:
ERROR: Unknown chunk type cac2
Click to expand...
Click to collapse
0xcac2 is TYPE_FILL for sparse files. It is not supported in badly written software.
There are various "simg2img" utilities that can "un-sparse-ify" a file on your desktop.
Then you can just flash the expanded file.
I have my own Windows versions that I could post.

Hey man, do you have your qnc file backup. Can you share with me? I need it to restore my imei. thank you in advance
Krity said:
Recently im used DSU loader and my phone got bootloop no recovery no fastboot only edl.
im trying now QFIL to flash but im have this weird problem ERROR: Unknown chunk type cac2 im have log if needed. that can be probably fixed but im too stupid.
Click to expand...
Click to collapse

Renate said:
I have my own Windows versions that I could post.
Click to expand...
Click to collapse
Please do it

westruk said:
Please do it
Click to expand...
Click to collapse
Ok, here it is (in the sig).
The stuff in parenthesis is the CRC32 (which nobody seems to do).
Code:
C:\>simg2img sparse.img expanded.img /v
Copy 20480
Zero 8192
Copy 20480
Zero 134168576
Total 134217728 (00000000, 9d68a1d0)

ok im have now one super.img after using simg2img but new error appear:
Bad magic: 0 probably not processing a sparse image
before using simg2img: super.0.1fd62e0e.img super.1.da986fb1.img super.2.9d938696.img super.2.207cb178.img super.2.929a3e22.img etc... after simg2img : one super.img file
new log here:

Krity said:
ok im have now one super.img after using simg2img but new error appear:
Bad magic: 0 probably not processing a sparse image
before using simg2img: super.0.1fd62e0e.img super.1.da986fb1.img super.2.9d938696.img super.2.207cb178.img super.2.929a3e22.img etc... after simg2img : one super.img file
new log here:
Click to expand...
Click to collapse
In rawprogram0.xml change sparse="true" on sparse="false"

nope also not working after changing. qfil return to this error again: ERROR: Unknown chunk type cac2
new log...:

so now I think something is wrong with the userdata.img file

Krity said:
nope also not working after changing. qfil return to this error again: ERROR: Unknown chunk type cac2
new log...:
Click to expand...
Click to collapse
Reading through sparse file 'userdata.img' and pulling out relevant header information...
Click to expand...
Click to collapse
You need to change sparse="true" on sparse="false" for all partition with this error.

ok after doing that now something like this appears:
13:10:23: INFO: Trying to store 'rawprogram0.xml' in string table
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'rawprogram0.xml'
2023-03-16 13:10:23.483 13:10:23: INFO: User wants to talk to port '\\.\COM3'
2023-03-16 13:10:23.483 13:10:23: INFO: Took 0.00000000 seconds to open port
2023-03-16 13:10:23.483 13:10:23: INFO: Sorting TAGS to ensure order is <configure>,<erase>, others, <patch>,<power>
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'persist.img'
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'vbmeta_system.img'
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'vbmeta_system.img'
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'vbmeta_vendor.img'
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'vbmeta_vendor.img'
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'metadata.img'
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'super.img'
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'userdata.img'
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'gpt_main0.bin'
2023-03-16 13:10:23.483 13:10:23: INFO: Looking for file 'gpt_backup0.bin'
2023-03-16 13:10:23.483 13:10:23: INFO:
2023-03-16 13:10:23.483
2023-03-16 13:10:23.483 Total to be tansferd with <program> or <read> is 6.78 GB
2023-03-16 13:10:23.498
2023-03-16 13:10:23.498
2023-03-16 13:10:23.498 13:10:23: INFO: Sending <configure>
2023-03-16 13:10:23.498
2023-03-16 13:10:23.498 13:10:23: INFO: TARGET SAID: 'INFO: Binary build date: Nov 28 2020 @ 16:50:52'
2023-03-16 13:10:23.498
2023-03-16 13:10:23.498 13:10:23: INFO: TARGET SAID: 'INFO: Binary build date: Nov 28 2020 @ 16:50:52
2023-03-16 13:10:23.498 '
2023-03-16 13:10:23.498
2023-03-16 13:10:23.498 13:10:23: INFO: TARGET SAID: 'INFO: Chip serial num: 2892543964 (0xac68b7dc)'
2023-03-16 13:10:23.498
2023-03-16 13:10:23.498 13:10:23: INFO: TARGET SAID: 'INFO: VIP is enabled, receiving the signed table of size 8192'
2023-03-16 13:10:23.498
2023-03-16 13:10:23.498 13:10:23: INFO: TARGET SAID: 'ERROR: Verifying signature failed with 3'
2023-03-16 13:10:23.498
2023-03-16 13:10:23.498 13:10:23: INFO: TARGET SAID: 'ERROR: Authentication of signed hash failed 0'
2023-03-16 13:10:23.514 13:10:23: INFO: fh.attrs.MaxPayloadSizeToTargetInBytes = 1048576
2023-03-16 13:10:23.514 13:10:23: INFO: fh.attrs.MaxPayloadSizeToTargetInBytesSupported = 1048576
2023-03-16 13:10:23.514 13:10:23: INFO: Something failed. The target rejected your <configure>. Please inspect log for more information
2023-03-16 13:10:23.514
2023-03-16 13:10:23.514 Writing log to 'C:\Users\KY\AppData\Roaming\Qualcomm\QFIL\COMPORT_3\port_trace.txt', might take a minute
2023-03-16 13:10:23.514
2023-03-16 13:10:23.514
2023-03-16 13:10:23.514 Log is 'C:\Users\KY\AppData\Roaming\Qualcomm\QFIL\COMPORT_3\port_trace.txt'

Krity said:
INFO: TARGET SAID: 'INFO: VIP is enabled, receiving the signed table of size 8192'
Click to expand...
Click to collapse
"Bad" firehose

ok, if this file is actually broken, then if someone has the right one, send it. probably this is the last obstacle because looking at the logs, the program was about to start programming

Very important news: This smartphone can be repaired with QFIL, only the right firehose is needed, the very fact that it is possible to upload software to Realme GT Master Edition with the same tool without any problems. I have been agonizing with this smartphone since the beginning of the year, because I do not have probably one file.