Related
MANY THANKS TO REV FOR RE-WRITING THIS FOR ME!
(Post was updated on 3/23/2011)
=======================================
This post is to provide a template for using NVFlash to restore/recover your G-Tablet after suffering some kind of malfunction. Specifically, this document tries to provide ALL the information you need to use the NVFlash tool to recover the bekit 1105 software version, which has been found to be safe as a starting point for rebuilding your tablet after having a problem. This post does not include other methods of setting up NVFlash (such as installing the SDK, etc.) because this method is proven and can be easily supported.
I use Ubuntu Linux and know that the Linux instructions below are correct. Others have written Windows instructions and those too have been checked carefully and have been used before successfully.
A WARNING IN ADVANCE: NVFlash makes changes to the partition structure of your device. You should tread carefully and understand the risks. (MOD EDIT Note: It also has been noted a bunch of times that even NVFlashing your G-Tablet will not completely overwrite everything on it.)
The NVFlash setup process begins with a visit to:
http://db.tt/Wm25t7U
(Note: Sometime this DropBox is cranky. If you have trouble with it, check back later.)
Linux users: You want to get "nvflash_linux_2010110500.tar.gz" and "nvflash_gtablet_2010110500.zip "
Windows users: You want to get "nvflash_windows_20100500.zip" and ""nvflash_gtablet_2010110500.zip"
Note: The above "nvflash_gtablet_2010110500" is commonly referred to as bekit version 1105 in many posts relating to nvflashing (especially my posts).
-------------------------------------------
Installation
First, create a folder named "NVFlash" on your PC to put the needed files into and to work from. (Note: You can call it something else if you want to; we're just using "NVFlash" to keep all of us on the same page.)
Next, extract the files you downloaded from the DropBox above into the "NVFlash" directory. The files with linux and windows in the middle of then are the files for setting up NVFlash. (The are taken from the SDK and do not install the whole SDK -- just a simple, operable NVFlash for us to use here.) The files with gTablet in the middle contains the .img files with the software to go on your G-Tablet.
Third, for Windows users, you'll need to have an APX-specific USB driver for the next steps. (The Windows package bekit supplied has an .inf file in it, but the actual drivers are not there). For Linux users, you don't need an extra driver.
One source for the Windows drivers is at
http://www.myadventvega.co.uk/
Find the "Downloads" tab in the middle of the page and click on "USB System Driver" to get the files. Extract them and go down two levels to the "USB" folder -- and move that into your "NVFlash" directory. The USB folder has the .inf file for installation in it along with two other directories with drivers for the various operating systems. (Note: These drivers, which are the same as the drivers in the SDK, are proven to work with Win 7 64-bit and have the setup include to load into other versions of Windows.) Follow this narrative for actual installation of the drivers.
CHECKPOINT: At this point, you should have the nvflash files, .img files, and USB directory (and files) in you "NVFlash" directory and are ready to begin the recovery process.
Now, you will need to boot into G-Tablet APX mode: hold down the power and volume - button simultaneousl until your G-Tab comes up and the goes back to a black screen. The black screen means it is in APX mode and it is waiting to display the flashing process. In Linux, type "lsusb" in a terminal and you should see this "0955:7820 NVidia Corp.". 7820 means the device is in APX mode.
Connect your G-Tablet to your PC using your miniUSB to USB cable that came with your tablet.
Linux users: At this point, open up a command window to the folder you created, and run this script:
./nvflash_gtablet.sh
This will wipe the device back to bekit's original TnT stock image, except for user data which is retained. Should take about a minute to run and the device will reboot itself automatically. If the script does not work, make sure that the shell script and nvflash binary are set as executables.
Windows users: When you connect to the PC, the PC immediately tries to load a driver -- but since it doesn't know where the USB driver files are it will fail. Click through Start/Control Panel/Device Manager and find "APX" listed in the devices with a yellow "!" (exclamation point) on the icon. Select the APX item and find the "Update Driver" button and click it. When it asks where to search, choose the local computer manual selection choice and tell it to Browse.
Point the Browse (and the USB install) at the "USB" directory under the "NVFlash" folder. When pointed at the "USB" directory, the driver installed and I was ready to nvflash. If you go back to Device Manager after the Windows install has completed, it will show the nVidia USB drivers near the top of the USB device list.
Again, for Windows: Run this script which is in the "NVFlash" folder:
nvflash_gtablet.bat
This will wipe the device back to bekit's original TnT stock image except for user data, which is retained. Should take about a minute to run and the device will reboot itself automatically all the way to the main screen.
POST NVFlash:
When your G-Tablet has booted back to the main screen, you will have to check and make sure everything is set up. Particularly, get the wifi on and connected to the Internet. Almost immediately, you should get a notice about an OTA (over the air) update. This is the OTA Update to software version 3588. If it does, go ahead and have it do the update. From there, you can begin using your "stock 3588" G-Tablet.
If you don't get an automatic OTA notification, you can go the to manual "Update" icon on your tablet and have it check for updates -- and hopefully it will find OTA 3588.
Or, if neither of the above happen, you can download 3588 at the following link and install it manually:
http://tapntap.http.internapcdn.net/tapntap/viewsonic/update-smb_a1002-3588-user.zip
Note: Following is a STICKY from General Forum on the stock recovery process:
http://forum.xda-developers.com/showthread.php?t=892090
NOTICE: There are many threads out there with tell how to do this process. Others tell individuals' problem solving experiences. A few of them may not be right! The above process is not the only way to do this -- but it is fairly straightforward and it is proven. It is recommended for anyone who does not have experience with nvflashing.
***************************************************
Further references (since I'm not a Windows user): http://forum.xda-developers.com/show...0&postcount=28
and http://forum.tegratab.com/viewtopic....bbde76184e550a and http://wiki.tegratab.com/index.php/Nvflash_FAQ
An additional suggestion if you also want to tack on bekit's clockworkmod recovery versus standard recovery: http://forum.xda-developers.com/show...3&postcount=17
Hope this helps!
03/2011 update -- I've been told that this tool has been useful to erase ALL partitions, including user data. I believe you need to re-flash with the bekit 1105 above, AFTER you use this: http://forum.xda-developers.com/showthread.php?t=974422
04/22/2011 update -- I've built out both 1.1-3588-based and 1.2-4349-based versions that have effectively replaced bekit's 1105 image ("nvflash_gtablet_2010110500.zip"), at least on my own device - I'm also addding a clockworkmod recovery option. It is being hosted in the same location as my 1.2-based mods - I will be making updates there, from this point on (as I might update them from time to time).
(you'd still need bekit's Windows or Linux tools, keep in mind) I've been able to bring back my device back from a soft-brick several times, so I feel they are usable.
05/09/2011 update -- A reminder that these images are not being updated, here. I have a newer nvflash post over in the same site where I have my 1.2-based mods. The 1105 bekit image mentioned here is still relevant for 1.1-based ROM users, or you can use my 3588 ot 4349 solution at the other site.
05/10/2011 update -- I have PM'd the moderator to either unsticky this post and / or assign it to someone else, as I do not plan on updating it, here. I believe that there is a 3588 image in the TegraTab IRC that someone created, for example.
Looks good Roebeet. I wrote a little how to a while back on tegratab. I know you are aware but for the benefit of others I wanted to add the following.
One little thing is sometimes when you are done you will get a boot loop. I think it only may happen once as I never saw it again. The fix is to go into Clockwork and partition the internal sd card again. The old settings said 512 for memory, and 256 swap. Bekit updated Clockwork and now you can format all the way to 4gb if you like, and swap should be 0 as it is not used.
Edit: New wisdom says not to partition the internal sdcard to anything but 2048. Folks have had issues with memory errors in the market with anything bigger. 0 for a swap is also the recommendation as Android apparently does not make use of the swap.
roebeet said:
Wanted to expand on what was already here, since there seems to be a lot of questions that pop up. I use Ubuntu so I know that the Linux instructions are correct.
A warning in advance: nvflash makes changes to the partition structure of your device. You should tread carefully and understand the risks.
Pre-req: http://db.tt/Wm25t7U
Linux users: You want to get "nvflash_linux_2010110500.tar.gz" and "nvflash_gtablet_2010110500.zip "
Windows users: You want to get "nvflash_windows_20100500.zip" and ""nvflash_gtablet_2010110500.zip"
Other references (since I'm not a Windows user): http://forum.xda-developers.com/showpost.php?p=9564270&postcount=28
and http://forum.tegratab.com/viewtopic.php?f=6&t=8&sid=4e6bd75cda9e24e04fbbde76184e550a
http://wiki.tegratab.com/index.php/Nvflash_FAQ
-------------------------------------------
Installation
Create a folder on your PC which you use as your restore base, and then extract the platform-specific ZIP into that location.
Then, download the "nvflash_gtablet_2010110500.zip" package and unzip the /nvflash_gtablet/ folder inside into the same folder as where you dropped nvflash.
For Windows users, you'll need to have an APX-specific USB driver for the next steps (I believe that the Windows package bekit supplied has that .inf file, but again I don't know for sure). For Linux users, you don't need an extra driver.
Once ready, boot the device into APX mode (power up and volume down, at the same time - you'll see the boot screen pop up, and then go blank.). In Linux, type "lsusb" in a terminal and you should see this "0955:7820 NVidia Corp.". 7820 means the device is in APX mode.
Linux users: At this point, open up a command window to the folder you created, and run this script:
nvflash_gtablet.sh
This will wipe the device back to bekit's original TnT stock image, except for user data which is retained. Should take about a minute to run and the device will reboot itself automatically.
Windows users: (again, I did not test this myself). Run this script, in the folder you created:
nvflash_gtablet.bat
Hope this helps!
Click to expand...
Click to collapse
I need help. I finally got Windows 7 to recognize the device in APX mode but how do I flash from this point. It only shows up in my Device list with all the subfolders in it.
What is this for? Restoring to factory Rom?
Thanks,
Scott
cscotty said:
What is this for? Restoring to factory Rom?
Thanks,
Scott
Click to expand...
Click to collapse
Yes, you can use it for exactly that. I believe bekit added Launcher Pro and superuser, but other than that it's a way to completely wipe the device. Moreso than a standard recovery would do.
The pre-req link doesnt work. Can you update the link?
Thanks
roebeet said:
Wanted to expand on what was already here, since there seems to be a lot of questions that pop up. I use Ubuntu so I know that the Linux instructions are correct.
A warning in advance: nvflash makes changes to the partition structure of your device. You should tread carefully and understand the risks.
Pre-req: http://db.tt/Wm25t7U
Linux users: You want to get "nvflash_linux_2010110500.tar.gz" and "nvflash_gtablet_2010110500.zip "
Windows users: You want to get "nvflash_windows_20100500.zip" and ""nvflash_gtablet_2010110500.zip"
Other references (since I'm not a Windows user): http://forum.xda-developers.com/showpost.php?p=9564270&postcount=28
and http://forum.tegratab.com/viewtopic.php?f=6&t=8&sid=4e6bd75cda9e24e04fbbde76184e550a
http://wiki.tegratab.com/index.php/Nvflash_FAQ
-------------------------------------------
Installation
Create a folder on your PC which you use as your restore base, and then extract the platform-specific ZIP into that location.
Then, download the "nvflash_gtablet_2010110500.zip" package and unzip the /nvflash_gtablet/ folder inside into the same folder as where you dropped nvflash.
For Windows users, you'll need to have an APX-specific USB driver for the next steps (I believe that the Windows package bekit supplied has that .inf file, but again I don't know for sure). For Linux users, you don't need an extra driver.
Once ready, boot the device into APX mode (power up and volume down, at the same time - you'll see the boot screen pop up, and then go blank.). In Linux, type "lsusb" in a terminal and you should see this "0955:7820 NVidia Corp.". 7820 means the device is in APX mode.
Linux users: At this point, open up a command window to the folder you created, and run this script:
nvflash_gtablet.sh
This will wipe the device back to bekit's original TnT stock image, except for user data which is retained. Should take about a minute to run and the device will reboot itself automatically.
Windows users: (again, I did not test this myself). Run this script, in the folder you created:
nvflash_gtablet.bat
Hope this helps!
Click to expand...
Click to collapse
stanglx said:
The pre-req link doesnt work. Can you update the link?
Thanks
Click to expand...
Click to collapse
It seems to go up and down (it's bekit's dropbox). Try this:
https://www.dropbox.com/s/wrcd87u1iy31u4e
roebeet said:
Wanted to expand on what was already here, since there seems to be a lot of questions that pop up. I use Ubuntu so I know that the Linux instructions are correct.
A warning in advance: nvflash makes changes to the partition structure of your device. You should tread carefully and understand the risks.
Pre-req: http://db.tt/Wm25t7U
Linux users: You want to get "nvflash_linux_2010110500.tar.gz" and "nvflash_gtablet_2010110500.zip "
Windows users: You want to get "nvflash_windows_20100500.zip" and ""nvflash_gtablet_2010110500.zip"
Other references (since I'm not a Windows user): http://forum.xda-developers.com/showpost.php?p=9564270&postcount=28
and http://forum.tegratab.com/viewtopic.php?f=6&t=8&sid=4e6bd75cda9e24e04fbbde76184e550a
http://wiki.tegratab.com/index.php/Nvflash_FAQ
-------------------------------------------
Installation
Create a folder on your PC which you use as your restore base, and then extract the platform-specific ZIP into that location.
Then, download the "nvflash_gtablet_2010110500.zip" package and unzip the /nvflash_gtablet/ folder inside into the same folder as where you dropped nvflash.
For Windows users, you'll need to have an APX-specific USB driver for the next steps (I believe that the Windows package bekit supplied has that .inf file, but again I don't know for sure). For Linux users, you don't need an extra driver.
Once ready, boot the device into APX mode (power up and volume down, at the same time - you'll see the boot screen pop up, and then go blank.). In Linux, type "lsusb" in a terminal and you should see this "0955:7820 NVidia Corp.". 7820 means the device is in APX mode.
Linux users: At this point, open up a command window to the folder you created, and run this script:
nvflash_gtablet.sh
This will wipe the device back to bekit's original TnT stock image, except for user data which is retained. Should take about a minute to run and the device will reboot itself automatically.
Windows users: (again, I did not test this myself). Run this script, in the folder you created:
nvflash_gtablet.bat
Hope this helps!
Click to expand...
Click to collapse
Roebeet sorry but I just noticed for noobs that the linux command needs to be
. nvflash_gtablet.sh
Also if you unzip those files into a premade directory such as "gtablet" when you unzip them each have their own directories and if you ls you can see that the bash script isn't executable from there. So you need to copy either the gtablet files into the platform folders or copy all the files inside both into your "gtablet" folder. Then you can run the ". nvflash_gtablet.sh" command and voila. Sorry I am on Ubuntu and don't know if it is different, but that is the way I run them.
No worries - all replies are welcome! the more info we have, the better.
This should be stickied. Nvflash has saved my gtab many times and I think its the reason why my gtab doesn't really encounter too many Force closes. Its the perfect method to ensure your gtab is clean.
I tried this tonight to try to get my gTablet back to stock so that I could show people how to install CWM on a video but I could get neither of my Windows 7 64-bit computers to recognize the APX .inf that was included in the pack.
I have a linux machine around here somewhere I may have to use...
ehunyadi said:
I tried this tonight to try to get my gTablet back to stock so that I could show people how to install CWM on a video but I could get neither of my Windows 7 64-bit computers to recognize the APX .inf that was included in the pack.
I have a linux machine around here somewhere I may have to use...
Click to expand...
Click to collapse
My limited experience with 64-bit Win7 -- the drivers have to be signed, or else they won't work. There's a way to disable that on boot, but you can't permanently disable it. I'm wondering if the APX USB driver is signed?
Open a command prompt as an admin and type
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING ON
This is the only way.. dont worry if the test watermark shows up.. it wont affect anything.
Also... They have a x64 driver - read this
http://tegradeveloper.nvidia.com/tegra/forum/adb-usb-driver
Hi there,
I exchanged for a new Gtab yesterday from sears (as it had some power issues).
Today, I tried TnT 2.2 on my rooted tab (Z4 for rooting). Also have ClockworkMod .8.
I partitioned my internal SDCard. But after vanilla restore, I could find my tab space reduced to 4 gigs. What should I do to restore to full 16 gigs(14+ gigs actually).
============================================================================================================================
2. I followed your instrction and partitioned again in clockworkMod and did 4 gigs and 0 in the second one. Now it shows 11 gigs for data and 4 gigs for system.
Now I inserted an external micro SD card (16 gigs) but my storage is not seeing it. What should i do? Ignore my first part please.
Your gonna have problems later if you don't repartition to 2048 and 0
satishraman said:
Hi there,
I exchanged for a new Gtab yesterday from sears (as it had some power issues).
Today, I tried TnT 2.2 on my rooted tab (Z4 for rooting). Also have ClockworkMod .8.
I partitioned my internal SDCard. But after vanilla restore, I could find my tab space reduced to 4 gigs. What should I do to restore to full 16 gigs(14+ gigs actually).
============================================================================================================================
2. I followed your instrction and partitioned again in clockworkMod and did 4 gigs and 0 in the second one. Now it shows 11 gigs for data and 4 gigs for system.
Now I inserted an external micro SD card (16 gigs) but my storage is not seeing it. What should i do? Ignore my first part please.
Click to expand...
Click to collapse
You only have 16gb to start. Partitioning you internal to 4gb uses part of that. I would go back and only use 2gb, and 0 for swap. There are things, like the new market that break with anything but 2gb.
If you mean the settings menu is not showing your external sd card that's normal. Look in a file explorer program in the / directory. Look for SDcard2. That is your external. Same deal, look for usbdisk if you plug in a usb drive.
Roebeet
also this could be helpful to Ubuntu/linux users.
in the same directory where your flash script is there is a file that is called "gtablet.cfg" if you download the clockwork.img recovery and put it in this directory you can open up the "gtablet.cfg" with a text editor
scroll down to where you see "filename=part9.img" and replace "part9" with "clockwork" and it should now read "filename=clockwork.img" this will flash clockwork and save you a step. To change it back so you flash complete stock just edit the file again and reverse it.
romanrish said:
Roebeet
also this could be helpful to Ubuntu/linux users.
in the same directory where your flash script is there is a file that is called "gtablet.cfg" if you download the clockwork.img recovery and put it in this directory you can open up the "gtablet.cfg" with a text editor
scroll down to where you see "filename=part9.img" and replace "part9" with "clockwork" and it should now read "filename=clockwork.img" this will flash clockwork and save you a step. To change it back so you flash complete stock just edit the file again and reverse it.
Click to expand...
Click to collapse
You don't even have to do that - you can just rename part9.img to something else, and clockworkmod.img to "part9.img". That's actually what I do.
roebeet said:
You don't even have to do that - you can just rename part9.img to something else, and clockworkmod.img to "part9.img". That's actually what I do.
Click to expand...
Click to collapse
Yeah I thought about that, but figured some people might get confused and forget which one was which. Either way works as well just as long as you keep both files. You should edit your original post and add that in as an option to do at the end. It will keep some from having to look through and creating a new post cause they can't find it, and keep our forums clean.
This should definitely be stickied. Mods please?
P.S. I cannot believe how awesome this forum is(Viewsonic G Tablet). I have gone to other forums and the other devs and users are not as friendly and awesome as the ones we have here. Almost brings a tear to my eye. Great job Roebeet, this should help us noobs out a lot. LOL!
BLU R1-HD bootloader unlock script tool, and TWRP install tool.
Download is a zip file, unpack it to somewhere you will remember. Run the dirty-cow-tool.bat // mtk-su-tool.bat
The included files and folders are set to hidden, in effort to keep them safe from accidental delete.
Must have adb+fastboot + drivers installed and setup prior to using tool
Easiest method to install adb + fastboot on windows is with "15 second adb + fastboot install TOOL"
LINK==>ADB+FASTBOOT
It is for windows
In linux :
"sudo apt-get install android-tools-adb"
"sudo apt-get install android-tools-fastboot" Some fastboot commands were missing when i used this one ie "fastboot flashing get_unlock_ability"
"sudo apt-get install fastboot" worked better when I tried. ( i used that command as a check before doing the unlock, so it was needed only for that check)
Using Tool
On Windows?
Unzip the downloaded file to a new folder, open new
folder and click on "dirty-cow-tool.bat". // "mtk-su-tool.bat"
Do the steps in order (1-2-3-4) to be unlocked, then
Step (5) to get to second page where step (1) is root
The rest is optional
On Linux?
Unzip downloaded file to new folder folder .
Open folder. Then open R1-Linux-tool-v2 folder
Open terminal from that folder and type
" . R1-HD-TOOL.sh "
Same order of steps (1,2,3,4) step (5) for extra
Steps (1 on second menu) for superSU root.
Second menu steps (2,3,4,5,6,7,8) are optional.
**Linux Note**
The tool uses "fastboot flashing get_unlock_ability" as one of the methods to check before doing the unlock.
The version of fastboot that installed with "apt-get install android-tools-fastboot" did not recognize
this command. But "apt-get install fastboot" updated some version and then the command was recognized.
******OTHER NOTES****
--- this has been mentioned in the general thread and the modified v17 thread, but It has come up again so I wanted to make note of it.----
--- The newest blu versions (V7.4.2 and V17) Have made changes to "toolbox" and this effects things like "adaway" and "titanium backup"
--- The suggested fix is to install busy-box. I have had success with the version from play store, some prefer to use f-droid version. Either one will do. Install it and open the app. From in the app you need to do an install.
CHANGE LOG
V1:. Initial release : removed
V2:. : fixed typos preventing proper function
V3:.: switch file verification to md5 check instead of "ls-l" comparison.
V4: current version: add extras page, add SU flash, de-bloat script, Added Fm Radio, Added pre-loader roll back
V5: Fixed wrong loop "goto" line that made preloader rollback do "MTK_BLU Debloat v2" instead
V6: Added manual pause to script for mods that need recovery (Extra's 5) . Added redundent recovery flash command .
Few reports of recovery "not Sticking" and needed to run the flash commands manually one by one. Maybe the redundent
flash will make it survive. If still having problem with recovery "staying install" try manually flashing
here is link to the steps needed. FLASH RECOVERY
V7 Improved logs Added line to make batch run as sub-process so if error occurs , will not close
V7.1 : Updated the fm radio install zip and include the needed selinux mode changer app
V8: fixed dependency of needing to be unzipped to location w/o spaces in name. (when used from location with spaces, tool used to fail to push needed files).
.. added more time to allow dirtycow to "spawn" its root shell. Recent testing has shown sometimes it takes longer than the 60 seconds allowed in the script. Now it is looped 3 times.
V9 Added full path to abd push lines for recovery flash files. included fastboot.exe file to address some version issue where user s version would not output text file I coded into script for a verification ( included file is called by script, no need to do anything different with it)
V10: Moved zip file to included folder to help preserve locations when unpacked, added device check before running tool; So tool not used on wrong device, Rearranged order of operations on extra's page. (recovery installed options) Push files while in android before rebooting to recovery( should improve reliability for multiple reports of not automatically installing options for some)
******I have received some reports that some devices are reporting "ro.build.product =R1_HD and not "BLU_R1_HD" like mine, so the added device check is blocking tool from starting If this happens to you , you can make edit to the .bat file like below.
Change this line
Code:
:next_check
find "BLU_R1_HD" "%~dp0workingproduct.txt"
To this
Code:
:next_check
find "R1_HD" "%~dp0workingproduct.txt"
it is line #23
V11: Updated device model verification lines
MTK-SU: Replaced all dirty-cow part with New MTK-SU binary(elf) from @diplomatic
source
Click to expand...
Click to collapse
Credits to @Diplomatic for his work on the Mtk_su that I used used to make this tool work again after Dirty-Cow was patched.
DOWNLOAD LINK
Preferred to use the Downloads tab of this thread.
Archived downloads on android file host also == link
XDA:DevDB Information
R1-HD Dirty-cow Unlock Tool, Tool/Utility for the BLU R1 HD
Contributors
mrmazak, vampirefo for his recovery, lopestom for his recovery, emc2cube for his debloat zips, christianrodher for his dirtycow method,
Source Code: https://github.com/mrmazakblu/DirtyCow-R1_HD
Version Information
Status: Testing
Current Stable Version: V11
Stable Release Date: 2017-04-11
Current Beta Version: MTK-SU
Beta Release Date: 2019-04-14
Created 2017-02-22
Last Updated 2019-04-18
Reserved
Items planed to be addressed in next release:
--Add few more file integrity checks to the extra's page
--Add copy log to clipboard option so it is easier to post log entry if needed-------*********----already-_added to github copy of batch file
--Add a verification step that checks what recovery is installed( to prevent trying to do steps on extra's page with stock recovery)
--Possibly move to a "fastboot boot recovery" instead of "adb reboot recovery" for the same reason as above
--Add wget or similar to the extra's items so initial "TOOL" size is smaller (not that 40-50MB is big, but to some it may be )
--Add additional "selinux mode changer apk" for fm radio install rather than just the note that says it needs to be found.
Reserved
Works great on OEM 6.6, thanks for the tool!
So I got the one-click-root.sh done, maybe. Can some linux users go over it, make sure I didn't do anything stupid? I don't exactly have a device to check it with atm, and I am not pro with scripting, barely novice, so it is a pretty basic conversion of the batch file. Still, it might work . Just would like a few eyes on first.
https://github.com/theredbaron1834/Scripts/blob/master/one-click-root.sh
Also, I looked at dirty-cow-tool.bat. However, wow, more an advanced batch file, and I am not sure what the first half does, so not sure how to convert . However, it seems if anyone does get it, the eqiv of goto for linux is funtions. simple cheatsheet:
Code:
function stuff {
echo "this stuff is run via the function"
{
stuff #goes to stuff and runs function
theredbaron1834 said:
So I got the one-click-root.sh done, maybe. Can some linux users go over it, make sure I didn't do anything stupid? I don't exactly have a device to check it with atm, and I am not pro with scripting, barely novice, so it is a pretty basic conversion of the batch file. Still, it might work . Just would like a few eyes on first.
https://github.com/theredbaron1834/Scripts/blob/master/one-click-root.sh
Also, I looked at dirty-cow-tool.bat. However, wow, more an advanced batch file, and I am not sure what the first half does, so not sure how to convert . However, it seems if anyone does get it, the eqiv of goto for linux is funtions. simple cheatsheet:
Code:
function stuff {
echo "this stuff is run via the function"
{
stuff #goes to stuff and runs function
Click to expand...
Click to collapse
thank you for your input.
As far as the begining of the batch, It is adding a few folders to the "path" variable so help ensure the "adb push" commands find the files it is trying to push. Then it sets some folder "flags" to hidden so that the files the batch needs don't get accidentally moved or changed. Then the large section with mostly "echo" that is to set up the "simulated" G.U.I.
The lines of just "::::::::::" are simply used to help with reading the batch file. i use them to seperate functions. They are not needed.
The lines with only 2 "::" are standard windows comment / remark line entries
The lines with 1 ":" are the beginning line of the loop/ function == the line that "goto *" searches for
Does Works to unlock 7.4.2?
khyr said:
Does Works to unlock 7.4.2?
Click to expand...
Click to collapse
It is supposed to. It is the same base codes used from original script, and that one was confirmed to work. I Do not have first hand use of V7.4.2 so it is only confirmed through other users.
The dirty-cow being used has been patched by google in Dec but blu has not rolled out the patch. So there is no reason for it not to work.
edit:
I have the linux version ready.
-the first step, (ADB Push) is ready. including md5 file checks
-step 2 is ready= running dirty-cow with md5 check before final writing to mmcblk device
-step 3 is ready unlocking bootloader = including check if unlock is done, but need to fix the "unlock_adility" check
I can make to file to compare and grep the line needed, but cannot "sed" the extra information or do a > < comparison
-step 4 is ready .--flash twrp
Finished 90% of tool.
still need to tweek the log feature.
I ran tests on the lop back to menu and test ran
1. push files for dirty-cow and md5 check . then made push fail to verify the check method was valid ==pass
2. run dirty cow commands and md5 verification on resulting file. ==pass
3.unlock bootloader --- I ran it (needed to fake the already unlocked check) it works == pass
4 . flash twrp --installed both version i have, both install fine ===pass
5 extra menus -- ran . install su-----debloat---rebloat--- add fm radio--- preloader roll back =====all pass
(bootloader roll back needs manual intervention to re-enter fastboot during the boot loop that is unavoidable)
6. instruction ====not written yet
7. exit yes it closes == pass
8. logs --- needs completeing
I just loaded this on my OTA updated 7.4.2 device. I would note that the batch file does not actually create the /sdcard/Download folder so you might need to go into the terminal and actually create this on your sdcard... also worth noting that this batch file **requires** an sd card in the device to do any of the loads in the "5" menu.
torchredfrc said:
I just loaded this on my OTA updated 7.4.2 device. I would note that the batch file does not actually create the /sdcard/Download folder so you might need to go into the terminal and actually create this on your sdcard... also worth noting that this batch file **requires** an sd card in the device to do any of the loads in the "5" menu.
Click to expand...
Click to collapse
no it does not.
the /sdcard is the internal memory and the Download folder is already there.
you might be having issues but the folder is already part of normal system
mrmazak said:
no it does not.
the /sdcard is the internal memory and the Download folder is already there.
you might be having issues but the folder is already part of normal system
Click to expand...
Click to collapse
Fair enough, my restore didn't have /sdcard/Download and I made an assumption that /sdcard was my mounted card. Thanks for the insight.
OOPS
found typo on V4 of tool. batch files sets variables for "return", from loop functions. And two returns were set to same label9, so if you had tried to do extra's menu option #8. "ROLL Back Preloader" , instead it was running option # 5. " MTK_BLU Debloat v2"
fixed and still reading and re-reading to search for errors.
This looks bad.
The reason I put together this tool was I felt it was important to make a way to minimize the problems usually associated with android modifications. By making "typo's" a thing of the past, and I found them in my own script.
re-posted V5 combined with linux V2--
torchredfrc said:
I just loaded this on my OTA updated 7.4.2 device. I would note that the batch file does not actually create the /sdcard/Download folder so you might need to go into the terminal and actually create this on your sdcard... also worth noting that this batch file **requires** an sd card in the device to do any of the loads in the "5" menu.
Click to expand...
Click to collapse
I'm a total noob, and I'd like to know how to proceed with the supersu and all the other parts of step 5. Thank you
gabriel986 said:
I'm a total noob, and I'd like to know how to proceed with the supersu and all the other parts of step 5. Thank you
Click to expand...
Click to collapse
Ok. After you have completed upto twrp install. You can do the options on #5. It is all programed and automatic. What is does is put zip files onto the phone and reboots phone into recovery, then recovery installs them.
mrmazak said:
Ok. After you have completed upto twrp install. You can do the options on #5. It is all programed and automatic. What is does is put zip files onto the phone and reboots phone into recovery, then recovery installs them.
Click to expand...
Click to collapse
I get up to the recovery installation, but then I can not access such recovery on the phone, If I turn it on with power+vol up, it takes me to the default factory recovery by blu.
And If I try to the super su step with the phone on, it resets it, and get it to the screen with the dead android, while the script just shows the ADB DETECTED message.
In case it's needed, my R1 HD is running on
BLU_R0010UU_V7.4.2_GENERIC 09-11-2016 13:38
gabriel986 said:
I get up to the recovery installation, but then I can not access such recovery on the phone, If I turn it on with power+vol up, it takes me to the default factory recovery by blu.
And If I try to the super su step with the phone on, it resets it, and get it to the screen with the dead android, while the script just shows the ADB DETECTED message.
Click to expand...
Click to collapse
You missed a step in the process.
As tool finishes the recovery install it comes to a "pause" in the script, you need to hold the volume up button on phone "before" pressing button on pc keyboard to continue.
If phone does a normal reboot at this point then the system will replace the newly installed recovery with the stock one.
Giving you the situation you have now.
This step I cannot control, you must press volume button on phone to get the boot menu, and directly boot into recovery to ensure that the install sticks.
mrmazak said:
You missed a step in the process.
As tool finishes the recovery install it comes to a "pause" in the script, you need to hold the volume up button on phone "before" pressing button on pc keyboard to continue.
If phone does a normal reboot at this point then the system will replace the newly installed recovery with the stock one.
Giving you the situation you have now.
This step I cannot control, you must press volume button on phone to get the boot menu, and directly boot into recovery to ensure that the install sticks.
Click to expand...
Click to collapse
trying again....
for how long should I press the volume up key?
gabriel986 said:
trying again....
for how long should I press the volume up key?
Click to expand...
Click to collapse
When tool says Hold button , keep it held. Then continue the script. Phone should reboot to the boot menu. Then let go of volume
Some phones do not accept the fastboot reboot command, on those phones need to hold power to shut off. Then volume and power together to come on, release power when screen come on
mrmazak said:
When tool says Hold button , keep it held. Then continue the script. Phone should reboot to the boot menu. Then let go of volume
Some phones do not accept the fastboot reboot command, on those phones need to hold power to shut off. Then volume and power together to come on, release power when screen come on
Click to expand...
Click to collapse
ok.. trying again
---------- Post added at 02:00 PM ---------- Previous post was at 01:46 PM ----------
gabriel986 said:
trying again....
for how long should I press the volume up key?
Click to expand...
Click to collapse
it beat me!
I get stuck in that part of the process, If anyone uploads a video to check what i'm doing wrong, I'll be grateful.
Greetings Everyone;
Like many of you: my Lumia was not working properly; therefore I tried to recover / downgrade my Lumia 535 with "Windows Phone Recovery Tool" back to Windows 8.
After Clicking "Start"... The Phone simply said: "Goodbye" and never came On again... (While going like: "WT*!?" and mad at this; I have to say it was funny).
From that point on: It simply would just show a Black Screen to me.
Requirements
- Have Windows Device Recovery Tool ("WDRT") (Get it here)
- Make sure you have a USB Cable in proper condition to ensure that the Procedure Won't Fail due to Disconnection.
Method #1 : Before Anything Else
1 ) With your USB Cable & Device Connected to PC; Go to the "Device Manager" and unninstal the QHSUSB__BULD Driver (Don't Close the Device Manager Yet).
2) Disconnect your USB Cable and Plug it again. Update the "Device Manager" in order to get your QHSUSB__BULK Driver Installed again.
3) Go to "Windows Phone Recovery Tool" and try Again. "Windows Phone Recovery Tool" should be able to complete the procedure.
Method #2 : Under "Emergency Mode"
1 ) Connect your device via USB cable.
2) Open the following folder (Considering your System drive is " C: ")
C:\Program Data\Microsoft\Packages\Products\RM-<Number>
* Where <Number> will be your device release model number.
Note: You can check Code & Release Model Number on the back of your phone by removing your battery.
Inside that folder you can see that you have some required files to recover your device from Bricked states.
i.e: the *.ffu file.
If you don't find the *.ffu file there you can try: http://www.lumiafirmware.com/
3) Now open CMD (Command Prompt) as administrator
4) And go to WDRT folder by typing:
cd C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool\
for 32 bit pc, type:
cd C:\Program Files\Microsoft Care Suite\Windows Device Recovery Tool\
5) Connect your USB Cable & Device to PC
6) (Attempt to Perform a Factory Reset): In CMD (Command Prompt) Type :
thor2 -mode uefiflash -ffufile "C:\the location of the ffu\file name.ffu" -do_full_nvi_update -do_factory_reset"
7) Wait now until your phone gives a green screen
8) Back on CMD; Type:
thor2 -mode rnd -bootnormalmode
Note: Shall Step 6 fail; but you managed to flash the *.ffu file into the device (or even if that failed); try Method #1 again.
That worked perfectly for me.
Initial Steps for Manual Recovery (Incomplete; but gets you Started)
1) "dump": "gpt0.bin" & "gpt1.bin" files
2) Create a Folder on the root of your System Drive.
i.e: C:\LumiaService\
3) Create another Folder Called "Dump" inside "LumiaService" folder
4) Copy the *.ffu File found at: C:\Program Data\Microsoft\Packages\Products\RM-<Number>
to the Newly created folder [C:\LumiaService\ ]
Tip: You may want to rename the file to a shorter file name. In this tutorial I'm going to name it "rm1089.ffu" (Wich stands for my Lumia Model)
5) Open Command Prompt in Administrator Mode and Open the "Windows Phone Recovery Tool" folder.
i.e: C:\ThisComputer\User\Programs (x86)\Microsoft Care Suite\Windows Device Recovery Tool\
Note: There you should find: Thor2.exe
6) Once in that folder type the following Command to "Dump" (Extract from & Create) the following files: gpt0.bin & gpt1.bin
Note: Don't Close your Command Prompt Window After Dumping the Files (See point 6).
thor2 -mode ffureader -ffufile "C:\LumiaService\rn1089.ffu" -dump_gpt -filedir C:\LumiaService\Dump\
7) Copy the RKH Hex Number and Save it into a text document (Pref. also inside "LumiaService" folder)
i.e:
RKH: 0E9427DF118D9E27D098D13BECB6C6C89CE59F4
RKH: 0E9427DF118D9E27D098D13BECB6C6C89CE59F4
Note: You will require to create a *.hex File using the RKH; in order to Perform the manual Unbrick.
Hope this helped everyone guys without warranty.
If you still have problems; and want to dig further into Manually Unbrick I'm leaving some of my own notes on the post bellow (For Reference Only).
I think that would be a good starting point; and that it will save you some time.
Please feel free to send me information regarding how to do it "Manually" (Step-by-Step); I'll be glad to write about it.
Best Regards;
Reference For Manually Unbrick
Thor2 Boot Modes
Boot to System
thor2 -mode rnd -bootnormalmode
Boot Into Boot Manager
thor2 -mode rnd -bootlumiabootmgr
Emergency Mode
thor2 -mode rnd -boot_edmode
USB MSC Mode
thor2 -mode rnd -bootmsc
Needless to say that you can check thor2 help file with:
thor2 /?
Problems with the *.hex File:
People who have a problem with the hex file, is because the hex file is invalid. The converter tool does not do a good job with converting bin files which are bigger than 64 KB.
To demonstrate: look at the file size of the original bin-files. Some are 60 KB and some are 74 KB. The conversion of the files with size 74 KB fails.
Look at the output hex-file in Notepad++.
Scroll to line 4098. From there on you see that all lines have an extra character. There is an odd number of digits, which is not possible with hex-values.
How to correct it?
Insert this line at linenumber 4098:
:020000042A01CF
All the next lines, except the last 3 lines start with:
:101
Replace that with:
:10
The last 3 lines should not be changed.
Save the hex-file and it will be ready to use.
Note: That line must be put at line 4098. And everything below will go down one line. Look at the lengths of the lines. In the original hex-file all lines from 4098 and below have an extra character. That is wrong. To go beyond the 64 KB limit, this extra line is needed and then the bad characters from the lines below must be removed as described.
Addittionaly:
1. The bin files in your opening post are fine, but they are probably incomplete. There are Lumia models, which have the same RKH, but they need different MPRG's. Not much we can do about now.
2. The bin files are converted to hex files. Those hex files are in your opening post. But not all of them are correct. I corrected a few of them and those are in post #76. You probably want to update the files in your opening post with these files.
Info
Tutorial it is not a complete step-by-step.
You need to sign everything as does .vpl programming (All recovery/flashing tool uses .vpl flashing).
1. Direct write .FFU will work as MSFT.
2. Writing with .Vpl file will work as OEM.
It is all same thing, but try to understand between two diff things.
Some security will get tight or can be vulnerable. (Actual I mean, OS will run with more differential)
How to get *.hex file
1) Get "bin2hex" Console Application
2) In Command Prompt go to your Bin2Hex.exe location and Copy your *.bin file there.
3) Type: bin2hex myBinFile.bin MyNewHexGile.hex
i.e: 00E9427DF118D9E27D098D13BECB6C6C89CE59F4.bin HEX.hex
The application will create the *.hex file for you.
Note: There's a chance that the new *.hex file could not be perfectly converted.
Check: Addittional Reference > Problems with *.hex files on this post (above).
Tip #1:
Use this extra FLAG in order to prevent the device to fail receiving the files through "Thor2":
-maxtransfersizekb 256
*Note: Some people reported that this value can be too high and cause flashing issues
XDA Links
Title: "Finally... unbrick your Lumia device QHSUSB_DLOAD without JTAG"
Title: "Qualcomm/Intel HEX files"
Title: "How to recover a Lumia with a malfunctioning USB port"
Hello!!! I have a problem. I can't find my device as QHSUSB_BULD. What I can do? I am desesperate
recover data
boris_urgiles said:
Hello!!! I have a problem. I can't find my device as QHSUSB_BULD. What I can do? I am desesperate
Click to expand...
Click to collapse
Is it possible to recover data from a damaged lumia?
I made a program that make this a lot easier
rgxHost said:
Greetings Everyone;
Like many of you: my Lumia was not working properly; therefore I tried to recover / downgrade my Lumia 535 with "Windows Phone Recovery Tool" back to Windows 8.
After Clicking "Start"... The Phone simply said: "Goodbye" and never came On again... (While going like: "WT*!?" and mad at this; I have to say it was funny).
From that point on: It simply would just show a Black Screen to me.
Requirements
- Have Windows Device Recovery Tool ("WDRT") (Get it here)
- Make sure you have a USB Cable in proper condition to ensure that the Procedure Won't Fail due to Disconnection.
Method #1 : Before Anything Else
1 ) With your USB Cable & Device Connected to PC; Go to the "Device Manager" and unninstal the QHSUSB__BULD Driver (Don't Close the Device Manager Yet).
2) Disconnect your USB Cable and Plug it again. Update the "Device Manager" in order to get your QHSUSB__BULK Driver Installed again.
3) Go to "Windows Phone Recovery Tool" and try Again. "Windows Phone Recovery Tool" should be able to complete the procedure.
Method #2 : Under "Emergency Mode"
1 ) Connect your device via USB cable.
2) Open the following folder (Considering your System drive is " C: ")
C:\Program Data\Microsoft\Packages\Products\RM-<Number>
* Where <Number> will be your device release model number.
Note: You can check Code & Release Model Number on the back of your phone by removing your battery.
Inside that folder you can see that you have some required files to recover your device from Bricked states.
i.e: the *.ffu file.
If you don't find the *.ffu file there you can try: http://www.lumiafirmware.com/
3) Now open CMD (Command Prompt) as administrator
4) And go to WDRT folder by typing:
cd C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool\
for 32 bit pc, type:
cd C:\Program Files\Microsoft Care Suite\Windows Device Recovery Tool\
5) Connect your USB Cable & Device to PC
6) (Attempt to Perform a Factory Reset): In CMD (Command Prompt) Type :
thor2 -mode uefiflash -ffufile "C:\the location of the ffu\file name.ffu" -do_full_nvi_update -do_factory_reset"
7) Wait now until your phone gives a green screen
8) Back on CMD; Type:
thor2 -mode rnd -bootnormalmode
Note: Shall Step 6 fail; but you managed to flash the *.ffu file into the device (or even if that failed); try Method #1 again.
That worked perfectly for me.
Initial Steps for Manual Recovery (Incomplete; but gets you Started)
1) "dump": "gpt0.bin" & "gpt1.bin" files
2) Create a Folder on the root of your System Drive.
i.e: C:\LumiaService\
3) Create another Folder Called "Dump" inside "LumiaService" folder
4) Copy the *.ffu File found at: C:\Program Data\Microsoft\Packages\Products\RM-<Number>
to the Newly created folder [C:\LumiaService\ ]
Tip: You may want to rename the file to a shorter file name. In this tutorial I'm going to name it "rm1089.ffu" (Wich stands for my Lumia Model)
5) Open Command Prompt in Administrator Mode and Open the "Windows Phone Recovery Tool" folder.
i.e: C:\ThisComputer\User\Programs (x86)\Microsoft Care Suite\Windows Device Recovery Tool\
Note: There you should find: Thor2.exe
6) Once in that folder type the following Command to "Dump" (Extract from & Create) the following files: gpt0.bin & gpt1.bin
Note: Don't Close your Command Prompt Window After Dumping the Files (See point 6).
thor2 -mode ffureader -ffufile "C:\LumiaService\rn1089.ffu" -dump_gpt -filedir C:\LumiaService\Dump\
7) Copy the RKH Hex Number and Save it into a text document (Pref. also inside "LumiaService" folder)
i.e:
RKH: 0E9427DF118D9E27D098D13BECB6C6C89CE59F4
RKH: 0E9427DF118D9E27D098D13BECB6C6C89CE59F4
Note: You will require to create a *.hex File using the RKH; in order to Perform the manual Unbrick.
Hope this helped everyone guys without warranty.
If you still have problems; and want to dig further into Manually Unbrick I'm leaving some of my own notes on the post bellow (For Reference Only).
I think that would be a good starting point; and that it will save you some time.
Please feel free to send me information regarding how to do it "Manually" (Step-by-Step); I'll be glad to write about it.
Best Regards;
Click to expand...
Click to collapse
I made a program that unbricks your device, recovers from QHSUSB_DLOAD, QHUSB_DLOAD.
It's called...
Windows Phone Unbrick Tool (WPUT)
It comes with an installer.
NOTE:
1. You should enter the license key that is provided in the License Agreement section (for checking that you are not a bot, so don't use autoinstaller!
2. You must download your emergency HEX and MBN files from lumiafirmware.com
3. You must specify the correct path to the HEX/MBN files otherwise the program will fail!
4. If the unbricking succeeds remove your battery from your device for 1 minute and put it back on
5. Charge the device for at least 30 minutes before turning it on!
6. Reflash your device with Windows Device Recovery Tool.
Download it here
b i t . l y / 2 O Y Q Z V R
(REMOVE THE SPACES)
https://forum.xda-developers.com/windows-phone-8/development/unbrick-dead-boot-lumia-jtag-t3872885
H
gmirz2005 said:
I made a program that unbricks your device, recovers from QHSUSB_DLOAD, QHUSB_DLOAD.
It's called...
Windows Phone Unbrick Tool (WPUT)
It comes with an installer.
NOTE:
1. You should enter the license key that is provided in the License Agreement section (for checking that you are not a bot, so don't use autoinstaller!
2. You must download your emergency HEX and MBN files from lumiafirmware.com
3. You must specify the correct path to the HEX/MBN files otherwise the program will fail!
4. If the unbricking succeeds remove your battery from your device for 1 minute and put it back on
5. Charge the device for at least 30 minutes before turning it on!
6. Reflash your device with Windows Device Recovery Tool.
Download it here
b i t . l y / 2 O Y Q Z V R
(REMOVE THE SPACES)
Click to expand...
Click to collapse
It support QHSUSB_BULK?
fadilfadz said:
H
It support QHSUSB_BULK?
Click to expand...
Click to collapse
Firstly you need to switch to QHSUSB_DLOAD mode.
There are some guides on the internet, search for it.
gmirz2005 said:
Firstly you need to switch to QHSUSB_DLOAD mode.
There are some guides on the internet, search for it.
Click to expand...
Click to collapse
Where? I can't find it on google.
Give me just url.
fadilfadz said:
Where? I can't find it on google.
Give me just url.
Click to expand...
Click to collapse
Alright.
So firstly fully uninstall all drivers.
(Nokia Emergency Connectivity, QHUSB_DLOAD, QHUSB_BULK)
Now disconnect the battery, if the battery is "non-removable" then dissasemble the back cover and disconnect the battery.
Now wait for 1 minute while holding the power button of your lumia (to fully drain power).
Reinsert the battery and connect it to the computer.
You should see a driver installing
"Qualcomm ++++"
Now goto WDRT
Select "My phone is not detected"
Click LUMIA
If WDRT recognized the device, you should see it.
If not then repeat all the steps as much as WDRT will finally detect.
Click the device
Start recovery process.
Done!
Ffu not signed for this device while i'm load corrected ffu for my lumia 1020
my lumia 1020 can detected by wdrt but while processing to flashing, wdrt show error code ffu not signed for this device, any solution to fix this? my lumia detected as NOKIA BOOTMGR or QUALCOMM MSM DEVICE
faisalmm_ said:
my lumia 1020 can detected by wdrt but while processing to flashing, wdrt show error code ffu not signed for this device, any solution to fix this? my lumia detected as NOKIA BOOTMGR or QUALCOMM MSM DEVICE
Click to expand...
Click to collapse
Use the THOR2 method.
gmirz2005 said:
Use the THOR2 method.
Click to expand...
Click to collapse
I've use thor2 method and qhsusb_dload, but thor2 error code 85021 send_rcv_msg_failed, I use correctedhex, hex on gpt0.bin with bin2hex, hex on lumiafirmware, but no any hex work for my device
LOG thor2
[21:51:55.775] D_MSG : THOR2 1.8.2.18
[21:51:55.775] D_MSG : Built for Windows @ 13:36:46 Jun 16 2015
[21:51:55.775] D_MSG : Thor2 is running on Windows of version 6.2
[21:51:55.775] D_MSG : thor2.exe -mode emergency -hexfile HEX.hex -mbnfile msimage.mbn -ffufile RM875_3051.50009.1424.0003_RETAIL_apac_indonesia_1002_03_447615_prd_signed.ffu -skipffuflash
[21:51:55.775] D_MSG : Process started Mon Dec 31 21:51:55 2018
[21:51:55.792] D_MSG : Debugging enabled for emergency
[21:51:55.792] D_MSG : Initiating emergency download
[21:52:14.320] D_MSG : Using default emergency protocol
[21:52:14.320] D_MSG : ALPHA EMERGENCY FLASH START
[21:52:14.320] D_MSG : Emergency Programmer V1 version 2014.10.31.001
[21:52:14.320] D_MSG : Hex download selected
[21:52:14.320] D_MSG : Check if device in Dload
[21:52:14.323] D_MSG : Connection to DLOAD mode succeeded
[21:52:14.323] D_MSG : Get Dload parameters
[21:52:14.811] D_MSG : Sending HEX flasher to the device
[21:52:14.823] D_ERR : Sending HEX flasher to the device failed. Try to re-send.
[21:52:16.826] D_MSG : Re-sending HEX flasher to the device
[21:52:17.829] D_ERR : Message send failed with error code -1
[21:52:17.830] D_ERR : Cannot upload HEX flasher into the device
[21:52:17.830] D_MSG : Sending GO command if HEX flasher successfully uploaded.
[21:52:18.327] D_MSG : ALPHA EMERGENCY FLASH END
[21:52:25.851] D_MSG : Emergency messaging closed successfully
[21:52:25.935] D_MSG : Operation took about 30.00 seconds.
[21:52:25.969] D_ERR : THOR2 1.8.2.18 exited with error code 85021 (0x14C1D)
Click to expand...
Click to collapse
faisalmm_ said:
I've use thor2 method and qhsusb_dload, but thor2 error code 85021 send_rcv_msg_failed, I use correctedhex, hex on gpt0.bin with bin2hex, hex on lumiafirmware, but no any hex work for my device
Click to expand...
Click to collapse
If you have the original FFU for your device, try re-downloading it and re-extracting the .hex and .mbn files
this may work...
Hi,
I have a Lumia 1020 that was running Windows 10 Mobile thinking it was a Lumia 950 XL. With this week's update, it broke and is now showing an error message "Unable to find a bootable option".
I've tried unlocking the Bootloader with WPInternals and it doesn't work (I've tried with original FFU and with L950XL FFU).
Windows Device Recovery Tool also doesn't work (it identifies a device although it doesn't name it and proceeds into the reset but stops with an error message of "Software not connected or disconnected from device").
I can't find any drivers on device manager like the ones you mention and the command line way always returns an error: 0xFA001106.
I really don't want to give up this yellow phone. I love it.
Can somebody please help?
Thank you.
Edit: the device shows up as Nokia BootMGR and it's always stuck in a "unable to find bootable option. Press key to shutdown" loop.
I just thought of something else: when I installed W10M on my Lumia, I changed it to make it appear as a Lumia 950XL. I used InterOP tools and RegEdit. Could this be related to the FFu signature problemas I'm getting today? How would I change these values?
WPInternals info: https://1drv.ms/u/s!Ag-KZVVb9pL6q5pd7wcC32KiUZzfjQ
My phone is booting to QHSUSB_BULK and i have error with thor2 commands
C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool>thor2 -mode rnd -bootmsc
THOR2 1.8.2.18
Built for Windows @ 13:36:46 Jun 16 2015
Thor2 is running on Windows of version 6.2
thor2 -mode rnd -bootmsc
Process started Fri Sep 23 13:10:45 2022
Logging to file C:\Users\grego\AppData\Local\Temp\thor2_win_20220923131045_ThreadId-23132.log
Initiating do RnD operations
WinUSB in use.
Debugging enabled for rnd
Detecting UEFI responder
Device is not in Lumia UEFI mode
Reading device mode failed
THOR2_ERROR_UEFI_RESPONDER_DETECTION
THOR2 1.8.2.18 exited with error code 84017 (0x14831)
Unroot Razer Phone 2
This is the method that I used, I bought a phone that was rooted (little did I know) custom recovery was not installed on my device, but bootloader was unlocked and the phone was rooted. Disclaimer:I am no expert, i just used this method last night (2/2/2019) the Razer guides weren't the best at step by step so I am compiling what I learned from doing this. I am not responsible if you brick or bootloop your phone. You should also do independent research on XDA etc before you attempt this process so you understand the risks. I invite others that know more than me to correct what I may have missed and I will updated the OP.
Step 1
You need a USB C to A cord similar to the one that came with the phone, but Razer says that they don't recommend you use that one because it is designed for quick charge not data transfer so I used one that I bought on Amazon years Ago.
Step 2 you need to download 3 things:
The stock image that can be found here:https://developer.razer.com/razer-phone-dev-tools/factory-images/
You need to download Android SDK
https://developer.android.com/studio/releases/platform-tools.html
You need to download the drivers:
https://dl-ssl.google.com/android/repository/latest_usb_driver_windows.zip
Also open this https://developer.razer.com/razer-p...02.1384856067.1549140743-333350818.1549140743
Unzip all of these files to a new folder on your desktop call it Razer Phone 2 or whatever.
I also went into the phone tapped build number repeatedly to enable developer options and turned on USB debugging.
On the device, go to Settings > About <device>.
Tap the Build number seven times to make Settings > Developer options available.
Then enable the USB Debugging option.
Step 3 you need to Open this PDF courtesy of Razer:
https://s3.amazonaws.com/cheryl-fac...stall_Android_Fastboot_Drivers_on_Windows.pdf
This document loosely tells you how to install the drivers follow through all of the steps they give you
It should be noted you see a reference to “Download Mode” there is no such thing also the easiest way to get to this screen is to turn the phone off plug the USB into the computer with the phone not plugged in then hold volume down and plug the phone into the computer and press the power button holding volume down you should be taken to a screen that looks like this (aka download mode): see the image I attached.
I had an issue when I got to the Have Disk portion once I got to the step I had to drill all the way down to the android_winusb.inf file located inside the usb_driver folder. Once i got that it finally showed me the Android ADB Interface and the following dialogue screens. (if you are scrolling through a screen of Manufacturer -Models looking for something then you are doing it wrong) Once it is installed the device Should not have the Android with a ? on the device manager screen it should now say Android ADB Interface. (this part took me almost 2 hours I got frustrated and had to walk away for a bit so dont give up)
You can test that the drivers have been installed correctly like they say in the document but they left a step out for the not as tech savvy people. The way to do it is to open up a command prompt. You will see the directory that is is pointing to is likely C:\Users\[Insert user Name]. We need to change the directory it is looking at by typing.
Cd C:\Users\[insertusername]\Desktop\razer phone 2\platform-tools
(the command cd changes the directory)
You should see the directory change to be looking specifically at that folder now. Now simply type fastboot devices. The command should run and you should see the serial number of your device in the command prompt. If it does not return this then the drivers are not installed correctly.
(some other guides said you should also run the command adb devices, but I never got that to return anything all it ever told me when i ran it was “List of devices attached” with nothing else.
Step 4
Setting the Environment
Once i got to this step I was a little scared because I have never dealt with this before this allows you to call the ADB commands from the command prompt without having to specify the specific folder these ADB commands are located.
Follow the document referenced above until you get to the step that says click New
Instead we are going to look in the section titled “User Variables for [InsertUsername]
Under this section you will see a variable called PATH click on PATH and click edit. A box should pop up and on the right side it should say New, Edit, Browse, Delete, Move Up, Move Down.
Click on New and specify the folder called platform-tools mine looked like this
C:\Users\[username]\Desktop\razer phone 2\platform-tools
Click on ok the box will close and then click on ok again all the boxes pertaining to the environment variables will close.
Step 5
Test that the environment is set up correctly.
You might remember in step 4 we had to open a command prompt and tell it to look specifically at the platform-tools folder to run the ADB commands. With the environment now set we no longer have to specify the folder to run these commands, we can call them from any directory. To test this open a new command prompt it will likely be pointing to
C:\Users\[Insert user Name]
With the phone still plugged in and in “download mode” and without changing the directory, type
fastboot devices it should return the serial number of the phone if the environment has been properly setup if it has not been properly setup then it will return this error.
fastboot' is not recognized as an internal or external command,
operable program or batch file.
Step 6 (im not sure if this is necessary)
Because I bought my phone used I used rootchecker app to ensure the phone was indeed rooted and “download mode” told me the bootloader was unlocked. I wasnt sure if I needed to unlock the critical partitions, but you will notice in the razer instructions right above flash system image they call for them to be unlocked. I simply opened a command prompt and typed:
fastboot flashing unlock_critical
It said they were already unlocked so I moved forward with flashing the system image.
Step 7
Install the system image
From here I followed the razer instructions when i got to the step:
“Navigate to the unzipped system image directory” you open a command prompt and type
Cd C:\Users\[insertusername]\Desktop\razer phone 2\aura-o-global-2009
What this allows you to do is run the flash_all script.
The flash all script uses the command fastboot which if you remember is in the platform-tools folder this is why we had to add the environment in the previous steps so that once we got to this step the flash_all script could find and run that command. I ran this and had no issues the phone will continue to restart and in the command prompt you will see it pushing all the files to the phone. After about 3-4 minutes the phone was at the Wizard. I continued following the guide to lock the bootloader
Reserved
Duplicate post
my phone is not detected in bootloader mode now. i just want to relock my bootloader and i am stuck now
thank you so much! I was almost giving up trying to fix my phone till i saw your post
LordCandyAndy said:
thank you so much! I was almost giving up trying to fix my phone till i saw your post
Click to expand...
Click to collapse
Same here this post was a god send.
The only issues I keep having is that it keeps saying waiting on device, I have uninstalled and removed everything and then reinstalled everything step by step and I keep getting waiting for device in cmd and ps.
any help would be great.
Thanks for the guide.
flash_all kept failing for me because it wouldn't allow fastboot from the ROM's folder. Copying the contents of my platform-tools (adb) folder into the ROM's folder fixed this issue for me. I'm assuming this is because I didn't set up the environment variables correctly.
Darkann said:
The only issues I keep having is that it keeps saying waiting on device, I have uninstalled and removed everything and then reinstalled everything step by step and I keep getting waiting for device in cmd and ps.
any help would be great.
Click to expand...
Click to collapse
I am having the same issue any help
First, to clarify, the last time I rooted anything was a Galaxy S3 back in the day. I'm by no means an expert, I just figured I'd help out folks like me that haven't touched all these new tools, well, ever.
Just did this myself earlier today attempted to get Magisk root, but alas, I got stuck in a boot loop. Luckily I had muddled through getting the image first, otherwise I'd still be stuck in said boot loop. I figured I'd post this for anyone else trying to root these things just to make sure you have a backup you can trust (I generally don't trust rando images that folks post online). All of the instructions below are assuming you're on Windows 10 and using PowerShell just because that's the default these days. Without further adieu.
Download ADB/fastboot (on your Windows machine)
I downloaded adb/fastboot from google directly: https://developer.android.com/studio/releases/platform-tools
Just extract and browse to the platform-tools directory in Windows Explorer until you can see adb.exe and a bunch of other tools
Download the latest SP Flash Tool
I just grabbed it from here: https://spflashtools.com/
Please let me know if there's an "official" place to find SP Flash Tool, cause everything surrounding all the download sites seems a bit sus...
Enable USB Debugging (on the tablet)
Go to settings -> About tablet
Tap the Build number 10 times (until debugging mode unlocks)
Hit back and go to System
Click Advanced and then Developer Options
Enable USB Debugger
I also enabled OEM unlocking because the whole point of this is for me to run either AOSP or Lineage someday. I honestly don't know if unlocking the bootloader is needed for dumping your own images, but I highly suspect it's not.
Plug the tablet into your computer
You'll likely see a prompt on your tablet about allowing your computer to debug your tablet. I just checked the box and hit accept so I wouldn't see it again.
Get your scatter file (on your Windows machine)
I tried several things to get the scatter file (I guess this is like a partition table based on the contents I saw) but in the end, by far the easiest way was to just download the scatter file from the file system.
In the Windows Explorer window from before (platform-tools), hold down shift while left clicking and click on Open PowerShell window here
Now type the following to get a shell on your:
.\adb.exe shell
This will get you into the shell environment. Now type the following to verify your scatter file is there:
ls -al /system/data/misc/
In here you should see something like:
-rw-r--r-- 1 root root 13893 2008-12-31 19:00 MT8168_Android_scatter.txt
Now that we have the name, just type exit to get out of the shell
Download the scatter file
.\adb.exe pull /system/data/misc/MT8168_Android_scatter.txt
Open up the scatter file in your favorite text editor (for me, Notepad++)
Now you can see the partition layout, offsets, etc, etc
Dump your image(s) (on your Windows machine)
Now open SP Flash Tool (flash_tool.exe)
On the Download tab, make sure the Download-Agent is MTK_AllInOne_DA.bin
Now click Choose for the Scatter-loading file and browse to the scatter file you just downloaded
This should be in your platform-tools folder unless you moved it
Once the scatter file is loaded, the partition table should fill up with a bunch of partitions
Click on the Readback tab
Click Add
Double-click on the new entry
Navigate to where you want to save your image, and give it a name (in this case I'm starting with boot.img)
Remember how you opened the scatter file in a text editor? Search in the scatter file for boot.img
Make sure the region matches (should be EMMC_USER) between the scatter file and SP Flash Tool
Copy/paste the value for start_addr in the scatter file to Start Address in SP Flash Tool
Copy/paste the value for partition_size in the scatter file to Length in SP Flash Tool
Now do the same thing for recovery.img and any other images you'd like
If you want a full ROM backup, name the file something like ROM_0, then use Start Address of 0x0 and length as the start_addr for the second-to-last entry in the scatter file (in my case, it was 0xc1a80000, just make sure it doesn't start with f's)
Note: I don't know for sure if this is accurate or not, I'm still playing with it, but so far it appears to be. Probably?
Poking around in WwR MTK 2.51, it looks like for this particular device (100011885) I wanted a total dump of 0x73A000000. It looks like this number is derived from the first 8Mb of the EMMC_USER dump, so I'm not sure of an easier way than throwing WwR MTK at it for the moment.
Once you've got all the entries for what you'd like to dump, make sure to disconnect the tablet from your computer and power it off
Now click on Download in SP Flash tool
Once things grey out, then plug the tablet in. After a few seconds, you'll see the images start dumping.
Congrats, you have a boot.img (and whatever other images you wanted). Like I said, from here I tried using Magisk to patch the boot file, but when I flashed it in fastboot, after enabling OEM unlocking in Developer Options, it just kept popping up the initial Onn graphic along with the Orange State warning without getting to the "fancy" Onn graphic and the rest of the boot process. I was able to flash the original boot.img back and it once again booted properly again.
Also, for anyone interested, I've posted my dumped files for the 100011885 in my google drive: https://drive.google.com/drive/folders/17LtLtjKg4JJU9EJdIXPsyNjen0H-ilMX?usp=sharing
Maybe someone will have pity on me and figure out why Magisk isn't working?
Whenever I get a moment, I'll dump my 100003562 as well.
First, thanks a ton for this. I have been trying to pull a full system dump since I bought the tablet and had resorted to single pulls by name(very long and involved) I don't know if this will work for you, but on both of my 7 inch Gen 2 tablets, I just sideloaded Magisk Manager and then opened it (this was after unlocking the tablet) When I first opened MM it just said it needed to download some additional files for my environment. I clicked okay, it downloaded and installed the additional files. Once it rebooted, I open MM again and clicked install Magisk. On the next screen, I clicked direct install and let it do it's thing. After rebooting, root checker showed I had root, but I still can't get it to pass safetyNet. Root access does work as I have installed a few modules and busy box.