[TOOL]Cloud_Commander Ver1.6 (Anathema) [BETA] - Android Software Development

[TOOL]Cloud_Commander Ver1.6 (Anathema) [BETA] - Android Software Development

Hi guys,
Cloud_Commander is a universal gsm software.
The software was targeted towards phone technicians and users for free.
Currently development is at ver 1.7 which will be completed in 1 weeks time.
This new version includes upgrades to the user interface, lumia unbrick , huawei code calculator.
It also has an added pinouts page, pinouts editor, f2search(search engine) editor.
Most of the data is stored on my server and aws s3 bucket for easy distributing.
All bugs should be reported to [email protected]
NB: THE SOURCES OF THIS SOFTWARE IS ALSO FOR SALE INCLUDING ALL RIGHTS (OWN THIS SOFTWARE AS YOUR OWN), CONTACT ME FOR MORE DETAILS !
NB: PLEASE DON'T SEND COMMANDS THAT ARE NOT TESTED PERSONALLY!
SCANNED WITH BIT-DEFENDER ANTI-VIRUS
DOWNLOAD_HERE VER1.2
EDIT:
Version 1.2 does not update tables since we shifted our servers to cloudflare and has some minor engine flaws thus it's obsolete.
Download the latest version to maintain commands compatibility.
DOWNLOAD_HERE VER1.6
VER 1.6 ADDED LUMIA UNBRICK
Inspired by this thread: Lumia Unbrick.
All you need are the hexfiles in their original naming e.g 00E9427DF118D9E27D098D13BECB6C6C89CE59F4.hex in the tools/mpreg folder.
And the ffu+vpl file.
The tool will do the whole procedure without the user issueing a single command.
You can also use uefi flashmode.
Just make sure you have the necessary drivers installed and don't forget to runas administrator.
CLOUD_COMMANDER VER 1.7 (PIRATES EDITION) THREAD
XDA:DevDB Information
Cloud_Commander Ver1.6 (Anathema) [BETA], Tool/Utility for all devices (see above for details)
Contributors
kenkitt
Version Information
Status: Testing
Current Beta Version: 1.3
Beta Release Date: 2016-05-24
Created 2016-5-24
Last Updated 2016-05-24

Currently I am looking for someone to compile us a modified adb.exe with a few additional parameters specifically to allow us to port almost all existing tools to our newly founded tool.
I can't compile adb myself since the current state of my server is delicate and would result into overuse of current resources on my server.
Commonly used scripts and commands will become available soon, it's only a matter of time.

[Cloud_Commander ver1.1 updates]
Added Monkey virus remover.
Added (Password Cracking) Hash identifier.
Added (Password Cracking) John the reaper.
The rest of the algorithims should be easy give the md5 as an example.
This is proof that Cloud_Commander's capabilities endless.
(Make sure you update tables first).

Download necessary files from Google drive [ h t t p : / / a d f . l y / 1 U G w e s ]
Remove spaces above.
Extract the files to the Cloud_Commander base dir and overwrite.
We will fix this once we find sharing bandwith srry.

Features_added
FEATURES_ADDED
Remote view (WIP)
NB:ALL DEVELOPEMENT HAD BEEN PAUSED

Psn_adn tools
The setups section now works.
By the way, antivirus software may see rooting tools as a virus beware.

Hi all,
Since we moved our servers to cloudflare, one important feature of cloud_commander is not working "Update tables.
This service relies on rapidxml to download the *.xml updates.
However we are working on a solution to move over to libcurl which is faster.
To use this feature you you will have to wait for Cloud_Commander release codenamed "Bluebuilds" probly by the end of this week.

Nokia Lumia 925 RM-892
erro
Code:
Preparing ffu file.
Starting Lumia Unbrick.
THOR2 1.8.2.18
Built for Windows @ 13:36:46 Jun 16 2015
Thor2 is running on Windows of version 6.2
tools\lumia\thor2.exe -mode ffureader -ffufile C:/Users/MSA/Desktop/CD-01/CD-celular/Lumia 925 fw/059V013/RM892_3051.50009.1424.0001_RETAIL_lta_brazil_910_01_441464_prd_signed.ffu -dump_gpt -filedir C:\lumia\files
Process started Tue May 24 21:55:35 2016
Logging to file C:\Users\MSA\AppData\Local\Temp\thor2_win_20160524215535_ThreadId-3584.log
Debugging enabled for ffureader
Initiating do FFUReader operations
Version of FfuReader is 2015061501
Parsing FFU... Please wait...
readFfu() Start.
readSecurityHdrAndCheckValidity() Start.
readSecurityHdrAndCheckValidity() End.
readGpt() Start.
readGpt() End.
readRkh() Start.
readRkh() End.
readRkh() Start.
.readRkh() End.
DumpGpt() Start.
DumpGpt() End.
checkDppPartition() Start.
checkDppPartition() End.
readFfu() End.
Successfully parsed FFU file. Header size: 0x000e0000, Payload size: 0x0000000062dc0000, Chunk size: 0x00020000, Header offset: 0x00000000, Payload offset: 0x00000000000e0000
HeaderStart 0x80000
GPT Header
-------------
Revision : 65536
CRC32 : 0x58e24762
FirstUsableLBA : 34
LastUsableLBA : 20971486
AlternateLBA : 20971519
MyLBA : 1
NumberOfPartitionEntries : 128
PartitionEntryLBA : 2
PartitionEntryArrayCRC32 : 0xfd6e37aa
GPT Partitions
-------------
DPP
startLBA : 0x0000000000001000
endLBA : 0x0000000000004fff
Size : 0x0000000000004000
Attributes: 0x8000000000000000
MODEM_FSG
startLBA : 0x0000000000005000
endLBA : 0x00000000000067ff
Size : 0x0000000000001800
Attributes: 0x8000000000000000
SSD
startLBA : 0x0000000000007000
endLBA : 0x000000000000701f
Size : 0x0000000000000020
Attributes: 0x8000000000000000
SBL1
startLBA : 0x0000000000008000
endLBA : 0x0000000000008bb7
Size : 0x0000000000000bb8
Attributes: 0x8000000000000000
SBL2
startLBA : 0x0000000000009000
endLBA : 0x0000000000009bb7
Size : 0x0000000000000bb8
Attributes: 0x8000000000000000
SBL3
startLBA : 0x000000000000a000
endLBA : 0x000000000000afff
Size : 0x0000000000001000
Attributes: 0x8000000000000000
UEFI
startLBA : 0x000000000000b000
endLBA : 0x000000000000c387
Size : 0x0000000000001388
Attributes: 0x8000000000000000
RPM
startLBA : 0x000000000000d000
endLBA : 0x000000000000d3e7
Size : 0x00000000000003e8
Attributes: 0x8000000000000000
TZ
startLBA : 0x000000000000e000
endLBA : 0x000000000000e3e7
Size : 0x00000000000003e8
Attributes: 0x8000000000000000
WINSECAPP
startLBA : 0x000000000000f000
endLBA : 0x000000000000f3ff
Size : 0x0000000000000400
Attributes: 0x8000000000000000
BACKUP_SBL1
startLBA : 0x0000000000010000
endLBA : 0x0000000000010bb7
Size : 0x0000000000000bb8
Attributes: 0x8000000000000000
BACKUP_SBL2
startLBA : 0x0000000000011000
endLBA : 0x0000000000011bb7
Size : 0x0000000000000bb8
Attributes: 0x8000000000000000
BACKUP_SBL3
startLBA : 0x0000000000012000
endLBA : 0x0000000000012fff
Size : 0x0000000000001000
Attributes: 0x8000000000000000
BACKUP_UEFI
startLBA : 0x0000000000013000
endLBA : 0x0000000000014387
Size : 0x0000000000001388
Attributes: 0x8000000000000000
BACKUP_RPM
startLBA : 0x0000000000015000
endLBA : 0x00000000000153e7
Size : 0x00000000000003e8
Attributes: 0x8000000000000000
BACKUP_TZ
startLBA : 0x0000000000016000
endLBA : 0x00000000000163e7
Size : 0x00000000000003e8
Attributes: 0x8000000000000000
BACKUP_WINSECAPP
startLBA : 0x0000000000017000
endLBA : 0x00000000000173ff
Size : 0x0000000000000400
Attributes: 0x8000000000000000
UEFI_BS_NV
startLBA : 0x0000000000018000
endLBA : 0x00000000000181ff
Size : 0x0000000000000200
Attributes: 0x8000000000000000
UEFI_NV
startLBA : 0x0000000000019000
endLBA : 0x00000000000191ff
Size : 0x0000000000000200
Attributes: 0x8000000000000000
PLAT
startLBA : 0x000000000001a000
endLBA : 0x000000000001dfff
Size : 0x0000000000004000
Attributes: 0x80000000
00000000
EFIESP
startLBA : 0x0000000000020000
endLBA : 0x000000000003ffff
Size : 0x0000000000020000
Attributes: 0x8000000000000000
MODEM_FS1
startLBA : 0x0000000000040000
endLBA : 0x00000000000417ff
Size : 0x0000000000001800
Attributes: 0x8000000000000000
MODEM_FS2
startLBA : 0x0000000000042000
endLBA : 0x00000000000437ff
Size : 0x0000000000001800
Attributes: 0x8000000000000000
UEFI_RT_NV
startLBA : 0x0000000000044000
endLBA : 0x00000000000441ff
Size : 0x0000000000000200
Attributes: 0x8000000000000000
UEFI_RT_NV_RPMB
startLBA : 0x0000000000045000
endLBA : 0x00000000000450ff
Size : 0x0000000000000100
Attributes: 0x8000000000000000
MMOS
startLBA : 0x0000000000046000
endLBA : 0x000000000006e67f
Size : 0x0000000000028680
Attributes: 0x8000000000000000
MainOS
startLBA : 0x0000000000070000
endLBA : 0x00000000004c8e7f
Size : 0x0000000000458e80
Attributes: 0x0000000000000000
Data
startLBA : 0x00000000004cc000
endLBA : 0x00000000013fefff
Size : 0x0000000000f33000
Attributes: 0x8000000000000000
Number of partitions found 28
RKH of SBL1: CD84376222AAF204C85119532BF34EA55C8844E4CEA35F3E508D25AA34D96637
RKH of UEFI: CD84376222AAF204C85119532BF34EA55C8844E4CEA35F3E508D25AA34D96637
Platform ID: Nokia.MSM8960.P6023
Hi. index sector 20967168
Computing integrity of FFU. Please wait...
..............................
FFU integrity OK.
Exited with success
Loading hexfiles.
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/00E9427DF118D9E27D098D13BECB6C6C89CE59F4.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/0CBD2EED6F62230571CBAB55B7DBC15F8A7DC7BB.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/106D7E7DDC685B6E693326851A5DDACB7326B029.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/25C0C84AECBD154F817825B24D4EB4BCF5E606E6.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/26323C81CFBFD503F6C530F0EA1C2E7A34039581.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/64356634FCA08BC9E0D02C14BDB230B0076D3109.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/67131691EEDD1F38568C7FFAE284FB2621680FEA.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/77081E5E2C97F9CF18CE2FA47446465D7B637964.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/7C81AABA97E4904DB782605A6C74A59480361E5A.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/87112B5F595D325FCE763FDF58E292D44B174496.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/8C042CBCE09E4064586DA2A5DFB81D3C52A3B99F.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/96704211798B2DBA62809761554D3CB57DB62FDE.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/98BECD6BD8BA16F28867306AE571DC79E50714EB.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/9DF6E11153C33AA85F7984C21EFA43AEDF9B82BE.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/A74593CEE9F88EDA6D4950CA46A3A634381F9458.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/CD84376222AAF204C85119532BF34EA55C8844E4.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/D3767535C2FBE04AA0398D933F3EA95D791098C9.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/D9370EF349090B2A08AF2EC7FBF8E4A9CD7CDA6E.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/DB73418E5840941CE7BD35949085B8F74628D511.hex
Found hexfile :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/F771E62AF89994064F77CD3BC16829503BDF9A3D.hex
HEXFILE:Using :C:/Users/MSA/Downloads/Compressed/release/tools/mpreg/CD84376222AAF204C85119532BF34EA55C8844E4.hex
Lumia Unbrick Step 2.
THOR2 1.8.2.18
Built for Windows @ 13:36:46 Jun 16 2015
Thor2 is running on Windows of version 6.2
tools\lumia\thor2.exe -mode emergency -hexfile C:\lumia\files\HEX.hex -mbnfile C:\lumia\files\msimage.mbn -orig_gpt
Process started Tue May 24 21:56:14 2016
Logging to file C:\Users\MSA\AppData\Local\Temp\thor2_win_20160524215614_ThreadId-6008.log
Debugging enabled for emergency
Initiating emergency download
Using default emergency protocol
ALPHA EMERGENCY FLASH START
Emergency Programmer V1 version 2014.10.31.001
Hex download selected
Check if device in Dload
Connection to DLOAD mode succeeded
Get Dload parameters
Sending HEX flasher to the device
Sending GO command if HEX flasher successfully uploaded.
Message send failed with error code -1
ALPHA EMERGENCY FLASH END
Emergency messaging closed successfully
Operation took about 7.00 seconds.
THOR2_EMERGENCYFLASHV1_ERROR_MSG_SEND_RECEIVE_FAILED
THOR2 1.8.2.18 exited with error code 85021 (0x14C1D)

Try running the tool as administrator.
Sent from my GT-I8260 using xda app-developers app

The device will switch mode after receiving hexfile, yours doesn‘t.
Also try a second option ‘retry‘
It uses uefi flashmode
Sent from my GT-I8260 using xda app-developers app

kenkitt said:
Try running the tool as administrator.
Sent from my GT-I8260 using xda app-developers app
Click to expand...
Click to collapse
friend run as administrator yes
my lumia 925 RM-892
the ever mistake it not only connects recognizes as QHSUSB_DLOAD

Try using windows recovery tool.
If it fails jtag.

where is the bloatware,monkey and virus removal tool?
sorry,now i find the command but plz add something for clean android system,sex pages,links,china malwaresexy hot wallpaper,hot video,love beauty,lutu,morecast,poly videos,mp3 free downloader etc etc,thanks

"The ffu file you chose may have failed to extract!, press cancel and start over". I'm getting this error, But the ffu extraction was exited with success.
Model: RM-875
LUMIA 1020

santhosh369 said:
"The ffu file you chose may have failed to extract!, press cancel and start over". I'm getting this error, But the ffu extraction was exited with success.
Model: RM-875
LUMIA 1020
Click to expand...
Click to collapse
If extraction was successfull you should find the files in C:\lumia\files
if there are no files make sure you create the directory first( C:\lumia\files).
The message appears if there is no.
GPT0.bin
if the file is found it will be renamed to:
msimage.mbn
The last file to be added after (step 2) is the hex file which is matched from the signature ofRKH of SBL1 :
HEX.hex

nykocam said:
where is the bloatware,monkey and virus removal tool?
sorry,now i find the command but plz add something for clean android system,sex pages,links,china malwaresexy hot wallpaper,hot video,love beauty,lutu,morecast,poly videos,mp3 free downloader etc etc,thanks
Click to expand...
Click to collapse
If there are new commands make sure you choose "setups from devs" in combo index 1, then install the neccessary components.
To remove monkey virus you must have a rooted device with usb debugging enabled.
Unfortunately I haven't encountered most virus, I only add those I come accross. Fortunately anyone can add commands to the tool.
TO ADD COMMANDS/SCRIPTS:
Go to menu-->dev console
After adding commands, make sure you share necessary files by adding them into the "setups from devs" section.
You can use wget so that anyone can download files.

The reason I made this tool open, is so that anyone can use it to add their own components.
Like FRP Removal tools combo 1 "Password and Cracking tools"
You can add your own virus removal scripts. But remember that , if files are needed by your command they shoud go in the setups section.

Can't open the tool (with administartor also can't)
I'm using Windows 10 Pro x64.
I can't open the tools, what missed?

T4ufik_Hidayat said:
I'm using Windows 10 Pro x64.
I can't open the tools, what missed?
Click to expand...
Click to collapse
I haven't tested it on 64bit yet, but there is nothing that would prevent it from running, make sure you run as admin, or post logs after the app crushes (If it crushes)

Cloud_commander ver (1.7 pirate edition)
CLOUD_COMMANDER VER (1.7 PIRATE EDITION)
Added adb latest adb support.
Improved layout and increased window size.
Added f2search user panel.
Added LG file download by imei and flashtool launchers.
Improved lumia unbrick tool(works in progress).
Added powerfull windows driver manager.
Fixed huawei calc layout bug.
Added advanced phone hardware pinouts for hardware help.
Added f2search username in settings(New files will be added on release).
We'll fix commands arrangement to follow order (also on release).
Watch out for new thread link

Related

[Heimdall] Repartitioning Problem. C++ Developers required. Offering UnBrickable Mod.

I'm here to recruit help from XDA-Developers for open-source development. I can offer UnBrickable Mod to any Developer who thinks they can help with this C++ issue. This will allow you to play with Loki (the device's side of Odin/Heimdall) and not worry about it.
The only thing keeping the Linux and Mac platforms from being better then Windows at developing ROMs and other firmware is Heimdall's ability to repartition. Once this barrier is broken down, we will have an entire open source chain for developing and Linux will be the premeire platform for developing on Samsung devices. There will be no reason to use Closed Source Windows, Odin, or Samsung Drivers... This is the last barrier.
I am offering debug logs which show the UART output during the flashing of Heimdall and Odin.
here are Heimdall logs/uart logs: http://pastebin.com/srhG7yJA
here are Odin Uart Logs: http://pastebin.com/AiKspmxR UART coming soon.
Here are both Heimdall and Odin USB logs via Wireshark.
http://www.mediafire.com/file/2wccdcuf87q2i3l/odinheimdallUSBLog.zip
Benjamin Dobell has set up code for Heimdall here: https://github.com/Benjamin-Dobell/Heimdall/
This is not a bounty thread. It is an open source development/improvement thread. I have spoken to Benjamin Dobell, the creator of Heimdall, and he is too busy with a new job and working loads of overtime hours. He has approved of this action. Fixing this issue with Heimdall will allow the entire Samsung community to utilize Heimdall as a total replacement for Odin on all platforms.
What's my role/interest in this? I want Linux to be as good or better then Windows.. I'm an Open Source guy. I'm also not good at C++ programming language. I understand the headers, but not the CPP files. I can provide debugging and beta testing though. I've created the cross-platform Heimdall One-Click . I brought UnBrickable Mod to the Captivate and the only thing left in the entire open-source chain of software from complete destruction of data on the device to completely stock is getting Heimdall to repartition.
Once this final hurdle in Heimdall is completed, we've got a full open-source stack of cross-platform, community-based software by XDA-Developers for XDA-Developers and users. Open-Source software will be able to provide more then closed source software, and once again XDA-Developers will prove that we can do things better then the Manufacturers.

There is an issue tracking system here: https://github.com/Benjamin-Dobell/Heimdall/issues
I believe the underlying cause of all 3 of the existing issues in the Heimdall Repostiory lies with Heimdall's ability to repartition.
issue 21: "Failed to confirm end of file transfer sequence!" signifies that the information sent overran the partition area and therefore it never responded that the end was confirmed.
Issue 19: "Could not find end of file or end of file transfer, something similar." Likely the same as issue 21.
Issue 14: "Expected file part index" again, dealing with partition tables. "ERROR: Expected file part index: 0 Received: 1"
I believe all three of these issues could be worked into a single "Heimdall Repartitioning" issue for the reasons stated above.

I got some experience in C++ and Java...
once I get home ill take a look at the heimdall source, and give it a shot.

Smasher816 said:
I got some experience in C++ and Java...
once I get home ill take a look at the heimdall source, and give it a shot.
Click to expand...
Click to collapse
Hey great.. I have a special test setup with UART output.
First I totally thrashed my partition table by uploading the Bada OS SBL.. This SBL rewites partition tables. Then I used the HIBL to unbrick my phone and load a proper SBL. This is the UART during booting up to "Download Mode".
Code:
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Calling IBL Stage2 ...OK
Testing DRAM1 ...OK
iRAM reinit ...OK
cleaning OTG context ...OK
Chain of Trust has been successfully compromised.
Begin unsecure download now...
0x00000000BL3 EP: 0x40244000
Download complete, hold download mode key combination.
Starting BL3 in...
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Modified by Rebell
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0xffffffff)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 7
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : *unknown id* (0x9)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : *unknown id* (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 7
===============================
ID : *unknown id* (0x1)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 8
NO_UNITS : 796
===============================
ID : *unknown id* (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 804
NO_UNITS : 716
===============================
ID : *unknown id* (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1520
NO_UNITS : 372
===============================
ID : *unknown id* (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1892
NO_UNITS : 56
===============================
ID : *unknown id* (0x18)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 1948
NO_UNITS : 56
===============================
FlashDevOpen 232: Error(nErr=0x80000002)
j4fs_open 136: Error(nErr=0x40000000)
loke_init: j4fs_open failed..
init_fuel_gauge: vcell = 4051mV, soc = 82
check_quick_start_condition_with_charger- Voltage: 4051.25000, Linearized[55/70/85], Capacity: 85
init_fuel_gauge: vcell = 4051mV, soc = 82, rcomp = d01f
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
nps status file does not exist..
nps status is incorrect!! set default status.(completed)
nps status=0x504d4f43
PMIC_IRQ1 = 0x3c
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x2c
get_debug_level current debug level is 0x0.
get_debug_level current debug level is 0x0.
get_debug_level current debug level is 0x0.
aries_process_platform: Debug Level Invalid
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
nps status file does not exist..
nps status is incorrect!! set default status.(completed)
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Error : Current Mode is Host
EP2: 0, 2, 0; len=7
EP2: 0, 2, 0; len=7
sug: IN EP asserted
I gave the command in Heimdall to repartition and flash the boot.bin to partition 1.
Code:
heimdall flash --repartition --pit ./part.pit --1 ./boot.bin
At this point it should have downloaded the partition, saved it, and then heimdall should request the partition back and use that as its guide.
The boot.bin is only 1 block long so this log is short.
Code:
- Odin is connected!
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(100), data id(0)
process_rqt_init: platform number(0x0), revision(0x0)
process_packet: request id(100), data id(1)
process_packet: request id(100), data id(2)
process_packet: request id(103), data id(0)
process_rqt_close: xmit completed!
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(103), data id(1)
process_rqt_close: target reset!
ARIES MAGIC_ADDR=0x0 / INFORM5=0x12345678
and this is the log from Heimdall
Code:
Initialising connection...
Detecting device...
Claiming interface...
Attempt failed. Detaching driver...
Claiming interface again...
Setting up interface...
Beginning session...
Handshaking with Loke...
Ending session...
Rebooting device...
Re-attaching kernel driver...
At this point the device "resets" and attempts to boot from the bootloader.
If you need any testing let me know. I can compile source, I can get UART logs. I can repartition the heck out of this device as it is UnBrickable and my test phone.

I believe the device uses the SBL> prompt when it is in download mode.. You can see from this UART log that the device attempted to "saveenv" but it could not. http://code.google.com/p/badadroid/...ompare_logs/SBL_mode_help.txt?spec=svn61&r=57
It also returned the same "FlashDevRead 63 error)
The final action the device needs to do is "savepart" if the partition tables were saved after the pit were uploaded then it would be good to go. There are several other commands as well.. "addpart" and "removepart".. If it comes to using this, let me know. I've worked with Benjamin Dobell's libpit before and I can help out greatly with repartitioning as I've worked extensively in the SBL prompt.
I'm not sure how the Download Mode works exactly, but if it uses the SBL prompt, then I can write pseudocode of how it should work.

This probably isn't going to help much, but it may be a start.
I figured the best way to solve this would be to find the differences between a successful Odin flash and an unsuccessful Heimdall flash. So I delved right in to the wireshark dumps. It seems likely that Heimdall is missing a step.
I do not understand the protocol (yet), but I can see the raw data in the stream. In the Heimdall process, there is some protocol traffic, then the entire PIT file is sent, then some more protocol traffic, then the kernel data is sent. But in the Odin process, there is some protocol traffic, then the entire PIT file is sent, then some more protocol traffic, then the PIT file is sent again in 512 byte chunks, then some protocol traffic (more than usual), and then the kernel data is sent.
At the moment, I can't be sure if this is functionally equivalent or not. I'll need to do quite a bit of deciphering on the protocol to get up to speed on what's really going on. Unfortunately, this is the sort of thing that's easiest if one can watch the action in real time, but as I only have my one phone that I need for work, that's not really an option for me at this time.
Hopefully, I'll return with more info after I've absorbed the communication layer details to see what the non-data chatter actually is.

Could that extra protocol data possibly be Odin commanding delete partitions and add partitions? I'm hypothesizing... nothing more. I see some similarities to the UART logs during SBL> prompt and Odin, so I'm thinking that maybe the SBL prompt is used, or at least some of the methods... In this thread you can see all of the SBL commands http://forum.xda-developers.com/showthread.php?t=1209288
Sure it's from an Infuse, but they're all based on i9000 which is like the mother of our entire generation of devices. The SBLs are interchangeable with different entry points for each "version".

AdamOutler said:
Could that extra protocol data possibly be Odin commanding delete partitions and add partitions? I'm hypothesizing... nothing more. I see some similarities to the UART logs during SBL> prompt and Odin, so I'm thinking that maybe the SBL prompt is used, or at least some of the methods... In this thread you can see all of the SBL commands http://forum.xda-developers.com/showthread.php?t=1209288
Sure it's from an Infuse, but they're all based on i9000 which is like the mother of our entire generation of devices. The SBLs are interchangeable with different entry points for each "version".
Click to expand...
Click to collapse
I have a feeling that it is using the SBL prompt somehow after the flash because everything else seems pretty much identical (besides the timing). If anyone needs to understand the protocol then I recommend just looking at Heimdall's source code, in particular the packet header files store all the constants that are sent and received over USB.

Found the problem - the End Transfer packet is missing. There is also some additional strangeness, though.
Heimdall:
Packet 1: 65 00 00 00 (Init pit transfer)
Packet 2: 65 00 00 00 02 00 00 00 D0 06 00 00 (Want to send 1744 bytes)
Packet 3: [full contents of pit]
Packet 4: 66 00 00 00 (Init file transfer - probably starting the kernel send)
Odin:
Packet 1: 65 00 00 00 (Init pit transfer)
Packet 2: 65 00 00 00 02 00 00 00 D0 06 00 00 (Want to send 1744 bytes)
Packet 3: [full contents of pit]
Packet 4: 65 00 00 00 03 00 00 00 D0 06 00 00 (Finished sending 1744 bytes)
The odd part is what odin does next, after the "finished sending":
Packet 5: 65 00 00 00 01 00 00 00 (Dump pit file)
Packet 6: 65 00 00 00 02 00 00 00 00 00 00 00 (Sending chunk 0)
Packet 7: [first 512 bytes of pit]
Packet 8: 65 00 00 00 02 00 00 00 01 00 00 00 (Sending chunk 1)
Packet 9: [next 512 bytes of pit]
Packet 10: 65 00 00 00 02 00 00 00 02 00 00 00 (Sending chunk 2)
Packet 11: [next 512 bytes of pit]
Packet 12: 65 00 00 00 02 00 00 00 03 00 00 00 (Sending chunk 3)
Packet 13: [next 512 bytes of pit]
- repeat for 8 chunks - data past the end of the actual pit file is sent as zeroes -
Packet 22: 65 00 00 00 03 00 00 00 (Done)
Packet 23: 66 00 00 00 (Init file transfer - probably kernel)
I couldn't begin to tell you why any of this exists at all, but my strong suspicion is that duplicating the Odin behavior will make Heimdall work properly.

So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.

psych0phobia said:
So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.
Click to expand...
Click to collapse
That did it! Problem solved!
1.I uploaded the Bada bootloaders to my device in order to totally destroy my partition tables.
2.I tried to flash with heimdall 1.3 and it did not work to restore
3.I compiled and installed the new 1.3modified version
4.I flashed with heimdall 1.3modified and it worked
to be sure I repeated the Bada bootloaders once again. The only thing wrong with my device now is that it has no /efs/ partition... which is understandable because bada turned the OneNAND into it's *****.
Great job psych0phobia If you need anything from me just let me know. I mean anything ...
Let me know when you can spare your device so I can modify it. Please push this change upstream.

Here's the UART log
Code:
[���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Uart negotiation Error
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Calling IBL Stage2 ...OK
Testing DRAM1 ...OK
iRAM reinit ...OK
cleaning OTG context ...OK
Chain of Trust has been successfully compromised.
Begin unsecure download now...
0x00000000BL3 EP: 0x40244000
Download complete, hold download mode key combination.
Starting BL3 in...
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Modified by Rebell
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 140
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1954
NO_UNITS : 50
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 4192mV, soc = 90
check_quick_start_condition_with_charger- Voltage: 4192.50000, Linearized[77/92/100], Capacity: 94
init_fuel_gauge: vcell = 4192mV, soc = 90, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x28
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x2c
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
reading nps status file is successfully!.
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Error : Current Mode is Host
EP2: 0, 2, 0; len=7
EP2: 0, 2, 0; len=7
sug: IN EP asserted
- Odin is connected!
set_nps_update_start: set nps start flag successfully.
process_packet: request id(100), data id(0)
process_rqt_init: platform number(0x0), revision(0x0)
process_packet: request id(100), data id(1)
process_packet: request id(100), data id(2)
process_packet: request id(101), data id(0)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(3)
[FNW: ] STL read to partition ID: 20
Done.
read 25 units.
partition_backup: efs. meta data=3(units), real size=6553600
.....Done.
read 5 units.
partition_backup: sbl. buf=0x46e00000, size=1310720(bytes)
.....Done.
read 5 units.
partition_backup: sbl2. buf=0x46f40000, size=1310720(bytes)
fsr_bml_format_device start
set_dynamic_partition: pit magic code=0x12349876
bbm format success
bbm_erase_all: step 1. Start unit=1, End unit=2.
.
bbm_erase_all: step 1. Start unit=52, End unit=2004.
..............................................................................................................................................................................................................................................
bbm eraseall success.
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
Erasing: 1 to 2
.
bbm erase part success
.Done.
Written 1 units.
current percent: 0 (1/1110)
board partition information update.. source: 0x403ee838
Erasing: 2 to 42
........................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 20)
[FNW:INF] nVol : 0, partition_id : 20, stSTLInfo.nTotalLogScts : 12800, buf :0x46400000
TotalLogSct : 12800, size : 6553600
Done.
Written 25 units.
current percent: 2 (26/1110)
Erasing: 42 to 47
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 2 (31/1110)
Erasing: 47 to 52
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 3 (36/1110)
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(5445016), id(6), final(1)
Save Image (KERNEL) to flash ......
Erasing: 72 to 102
..............................
bbm erase part success
.....................Done.
Written 21 units.
current percent: 5 (57/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(12582912), efs_clear(0), boot_update(0), final(1)
xmit_complete_phone: cp partition found!(11)
Save Image (MODEM) to flash ......
Erasing: 1954 to 2004
..................................................
bbm erase part success
................................................Done.
Written 48 units.
current percent: 9 (105/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(104857600), id(22), final(0)
Save Image (FACTORYFS) to flash ......
Erasing: 132 to 1278
..............................................................................................................................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 22)
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 204800, size : 104857600
Done.
Written 394 units.
current percent: 45 (505/1110)
current write_count=1
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(104857600), id(22), final(0)
Save Image (FACTORYFS) to flash ......
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 204800, size : 104857600
Done.
Written 394 units.
current percent: 81 (905/1110)
current write_count=2
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(58163200), id(22), final(1)
Save Image (FACTORYFS) to flash ......
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 113600, size : 58163200
Done.
Written 219 units.
current percent: 101 (1127/1110)
current write_count=3
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1376256), id(23), final(1)
Save Image (DBDATAFS) to flash ......
Erasing: 1278 to 1814
..............................................................................................................................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 23)
[FNW:INF] nVol : 0, partition_id : 23, stSTLInfo.nTotalLogScts : 263168, buf :0x46400000
TotalLogSct : 2688, size : 1376256
Done.
Written 6 units.
current percent: 102 (1133/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1245184), id(24), final(1)
Save Image (CACHE) to flash ......
Erasing: 1814 to 1954
............................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 24)
[FNW:INF] nVol : 0, partition_id : 24, stSTLInfo.nTotalLogScts : 64000, buf :0x46400000
TotalLogSct : 2432, size : 1245184
Done.
Written 5 units.
current percent: 102 (1138/1110)
current write_count=1
save param.blk, size: 5268
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xfffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(262144), id(0), final(1)
Save Image (IBL+PBL) to flash ......
binary version: EVT1.
boot.bin is the one-binary.
relocate & fusing continue..
completed.
Erasing: 0 to 1
.
bbm erase part success
.Done.
Written 1 units.
current percent: 102 (1139/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1310720), id(3), final(1)
Save Image (SBL) to flash ......
=== SBL signature information ===
File Size : 677052
=================================
read part info
id = 0x3
attr = 0x1002
first unin = 0x2a
number units = 0x5
pages per unit = 0x40
n1st page = 0xa80, page offset = 0x13f, len = 0x48
read part info
id = 0x4
attr = 0x1002
first unin = 0x2f
number units = 0x5
pages per unit = 0x40
n1st page = 0xbc0, page offset = 0x13f, len = 0x48
Found bootable SBL ID: 4
save SBL partition id: 3
Erasing: 42 to 47
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 103 (1144/1110)
current write_count=1
save sbl id: 3 / erase sbl id: 4
.
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(872448), id(21), final(1)
Save Image (PARAM) to flash ......
FlashDevClose 262: Error(nErr=0x80040001)
Erasing: 52 to 72
....................
bbm erase part success
[FNW: ] STL formatted (partition ID: 21)
[FNW:INF] nVol : 0, partition_id : 21, stSTLInfo.nTotalLogScts : 2560, buf :0x46400000
TotalLogSct : 1704, size : 872448
Done.
Written 4 units.
current percent: 103 (1148/1110)
current write_count=1
set_nps_update_start: set nps start flag successfully.
process_packet: request id(103), data id(0)
process_rqt_close: xmit completed!
set_nps_update_completed: set nps completed flag successfully.
process_packet: request id(103), data id(1)
process_rqt_close: target reset!
ARIES MAGIC_ADDR=0x0 / INFORM5=0x12345678
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
......... everything after this is standard data... just included this far to show it booted.
Everything worked..
Would you like WireShark to verify things?
As far as logging, the only thing I could see is this:
Code:
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xfffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
which means it tried to read some garbage from the OneNAND and failed.

AdamOutler said:
That did it! Problem solved!
1.I uploaded the Bada bootloaders to my device in order to totally destroy my partition tables.
2.I tried to flash with heimdall 1.3 and it did not work to restore
3.I compiled and installed the new 1.3modified version
4.I flashed with heimdall 1.3modified and it worked
to be sure I repeated the Bada bootloaders once again. The only thing wrong with my device now is that it has no /efs/ partition... which is understandable because bada turned the OneNAND into it's *****.
Great job psych0phobia If you need anything from me just let me know. I mean anything ...
Let me know when you can spare your device so I can modify it. Please push this change upstream.
Click to expand...
Click to collapse
Yay for a properly working Heimdall! Once this fix gets officially implemented I'll update my Heimdall =D
How much do you charge to make the Captivate Unbrickable? X3

I have a darn huge iq... Classified as genius level... Yet, try as I might, cannot make head or tail of Adams post...
Sent from my cell phone. DUH.

psycho2097 said:
I have a darn huge iq... Classified as genius level... Yet, try as I might, cannot make head or tail of Adams post...
Sent from my cell phone. DUH.
Click to expand...
Click to collapse
Don't give me credit... this is the real genius here...
psych0phobia said:
So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.
Click to expand...
Click to collapse
Basically, heimdall could not repartition the OneNAND. I identifed the problem, provided detailed debug level information and asked for help. psych0phobia looked at the Odin/Loki protocol, learned it, found the differences between Odin and Heimdall based on the output of both programs and then wrote the fix. Make sure you thank him. Thank Benjamin Dobell as well, he wrote Heimdall in the first place.
now... if you want to compile it under Linux... open a terminal and copy-pasta.
Code:
sudo apt-get install build-essential curl git
mkdir heimdall
cd heimdall
git clone https://github.com/Benjamin-Dobell/Heimdall.git
cd Heimdall/heimdall
curl http://android.merseine.us/BridgeManager.cpp> ./BridgeManger.cpp
curl http://android.merseine.us/EndPitFilePacket.h >./EndPitFilePacket.h
cd ..
cd ..
cd libpit
./configure
make
cd ..
cd heimdall
./configure
make
sudo make install
This will give Heimdall the ability to fully recover a bad partition table.
NOTE: This should only be used until a version greater then Heimdall 1.3.0 is released.

Yea, kinda got that part.... So my understanding would be now we can successfully flash nexus s. Firmware without screwing everything up... Right? In layman-geek's terms, not super-duper-mega-geek terms....
Sent from my cell phone. DUH.

psycho2097 said:
Yea, kinda got that part.... So my understanding would be now we can successfully flash nexus s. Firmware without screwing everything up... Right? In layman-geek's terms, not super-duper-mega-geek terms....
Sent from my cell phone. DUH.
Click to expand...
Click to collapse
I wont say anything about nexus s just yet... We have a 100% open-source, DIY, and free method of restoring a device to stock. Linux, UnBrickable Mod and heimdall.

In other words....
In yo face jtag

whiteguypl said:
In other words....
In yo face jtag
Click to expand...
Click to collapse
Hell yeah! 3 cheers 4 the unbrickable mod!
Sent from my cell phone. DUH.

Just thought I should let you guys know that I've pushed the source for the 1.3.1 updates to Github and it includes a fix, thanks psych0phobia! 1.3.1 also includes substantially improved no-reboot functionality that allows Heimdall to detect and use an existing session (i.e. previous operation with the --no-reboot parameter). Basically this means that you can do things like dump your PIT and then flash your phone without rebooting in between.
I should note that I kind of forgot to update the make files So it won't actually build on Linux/OS X until I do that when I get home (at work now). Windows users can give it whirl though.

Flash Counter not resetting itself!?

Hi, I had recently flashed the jellybean leak Ota for my tab(it's p3100), I had then flashed cwm. Now I tried resetting my flash counter but after rebooting it still stuck at 1 count. What should I do?
Sent from my GT-P3100 using XDA Premium HD app

Help anyone?
Sent from my GT-P3100 using XDA Premium HD app

Maybe flash back to ics. And reset the counter
Sent from my GT-I9100 using Tapatalk 2

Aditya16 said:
Hi, I had recently flashed the jellybean leak Ota for my tab(it's p3100), I had then flashed cwm. Now I tried resetting my flash counter but after rebooting it still stuck at 1 count. What should I do?
Sent from my GT-P3100 using XDA Premium HD app
Click to expand...
Click to collapse
have you tried "Triangule Away" ?
you can installed it from google play
but you need to root your device first

sapiterbang said:
have you tried "Triangle Away" ?
you can installed it from google play
but you need to root your device first
Click to expand...
Click to collapse
I resetted it with that only. Is it some bug in jb?
Sent from my GT-P3100 using XDA Premium HD app

Alvin Lai said:
Maybe flash back to ics. And reset the counter
Sent from my GT-I9100 using Tapatalk 2
Click to expand...
Click to collapse
Will try that.
Sent from my GT-P3100 using XDA Premium HD app

May be try installing supersu ( not superuser) from google play and give permissions to triangle away
Install latest version 1.95 of triangle away
Sent from Galaxy S2 or Galaxy Tab2

I confirm Triangle Away and SuperSU combination still work in JB.

So after rebooting and going to the download mode, even for me it is zero, but after exiting and booting back it goes back to 1 count.
Sent from my GT-P3100 using XDA Premium HD app

Aditya16 said:
So after rebooting and going to the download mode, even for me it is zero, but after exiting and booting back it goes back to 1 count.
Sent from my GT-P3100 using XDA Premium HD app
Click to expand...
Click to collapse
Post your issue in Triangle Away thread. Maybe someone can help you...
---------- Post added at 05:06 PM ---------- Previous post was at 05:06 PM ----------
Aditya16 said:
So after rebooting and going to the download mode, even for me it is zero, but after exiting and booting back it goes back to 1 count.
Sent from my GT-P3100 using XDA Premium HD app
Click to expand...
Click to collapse
Post your issue in Triangle Away thread. Maybe someone could help you

Waw... Back from recovery I got +1. This is not because JB but Sbl.bin updated (download mode in potrait position now). The second boot loader checkbit RECOVERY partition:
Code:
Secondary Bootloader v3.1 version.
Copyright (C) 2011 System S/W Group. Samsung Electronics Co., Ltd.
Board: GT-P3100 REV 04-REAL / Sep 17 2012 13:37:57
booting code=0x0
===== PARTITION INFORMATION =====
ID : X-loader (0x1)
DEVICE : MMC
FIRST UNIT : 0
NO. UNITS : 0
=================================
ID : EFS (0x4)
DEVICE : MMC
FIRST UNIT : 8192
NO. UNITS : 40960
=================================
ID : SBL1 (0x2)
DEVICE : MMC
FIRST UNIT : 49152
NO. UNITS : 4096
=================================
ID : SBL2 (0x3)
DEVICE : MMC
FIRST UNIT : 53248
NO. UNITS : 4096
=================================
ID : PARAM (0x5)
DEVICE : MMC
FIRST UNIT : 57344
NO. UNITS : 16384
=================================
ID : KERNEL (0x6)
DEVICE : MMC
FIRST UNIT : 73728
NO. UNITS : 16384
=================================
ID : RECOVERY (0x7)
DEVICE : MMC
FIRST UNIT : 90112
NO. UNITS : 16384
=================================
ID : CACHE (0x8)
DEVICE : MMC
FIRST UNIT : 106496
NO. UNITS : 1433600
=================================
ID : MODEM (0x9)
DEVICE : MMC
FIRST UNIT : 1540096
NO. UNITS : 40960
=================================
ID : FACTORYFS (0xa)
DEVICE : MMC
FIRST UNIT : 1581056
NO. UNITS : 2867200
=================================
ID : DATAFS (0xb)
DEVICE : MMC
FIRST UNIT : 4448256
NO. UNITS : 25280478
=================================
ID : HIDDEN (0xd)
DEVICE : MMC
FIRST UNIT : 29728734
NO. UNITS : 1048576
=================================
ID : GANG (0x0)
DEVICE : MMC
FIRST UNIT : 0
NO. UNITS : 0
=================================
loke_init: j4fs_open..success
<start_checksum:310>CHECKSUM_HEADER_SECTOR :42
<start_checksum:313>offset:42, size:1024
Not Need Movinand Checksum
load_lfs_parameters valid magic code and version.
switch_sel_str='1'
switch_sel_int='1'
load_debug_level: read debug level successfully(0x574f4c44)...LOW
init_ddi_data: usable ddi data.
Set charging current TA
omap_max17042_read_temp: FG Temp raw_data : 0x2723
read_temp_adc:adc_data : 772
read_temp_adc:adc_data : 763
read_temp_adc:adc_data : 765
read_temp_adc:adc_data : 759
read_temp_adc:adc_data : 758
check_battery_type: fg temp : 39136, adc_temp : 420
check_battery_type: Set BATTERY_TYPE_SDI
omap_max17042_set_model_data : Already fuel gauge initialized !!
max17042_compensate_soc: vcell(3840), rep_soc(43)
calculate_table_soc: charging status : 2, vcell(3840), table_soc(52)
[SBL] VFOCV MSB : 0xc0, LSB : 0x7
[SBL_CHARGER] SOC : 43, VCELL : 3840, VFSOC : 42, VFOCV : 3840
save param.blk, size: 5268
save param.blk successfully.
save switch_sel(1)...ok
reading nps status file is successfully!.
nps status=0x504d4f43
g_nRebootReason = 0x1
set_lcd_panel_id: panel_adc=142
*** ltn070nl01_power_on ***
lcd_pannel_id=2
Autoboot (1 seconds) in progress, press any key to stop .
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (f55f0aa0)
Kernel @ 81808000 (0x3f715c bytes)
Ramdisk @ 82800000 (0x880aa bytes)
Starting kernel at 0x81808000...
Now I need Sbl.bin backup from ICS!

ketut.kumajaya said:
Waw... Back from recovery I got +1. This is not because JB but Sbl.bin updated (download mode in potrait position now). The second boot loader checkbit RECOVERY partition:
Code:
Secondary Bootloader v3.1 version.
Copyright (C) 2011 System S/W Group. Samsung Electronics Co., Ltd.
Board: GT-P3100 REV 04-REAL / Sep 17 2012 13:37:57
booting code=0x0
===== PARTITION INFORMATION =====
ID : X-loader (0x1)
DEVICE : MMC
FIRST UNIT : 0
NO. UNITS : 0
=================================
ID : EFS (0x4)
DEVICE : MMC
FIRST UNIT : 8192
NO. UNITS : 40960
=================================
ID : SBL1 (0x2)
DEVICE : MMC
FIRST UNIT : 49152
NO. UNITS : 4096
=================================
ID : SBL2 (0x3)
DEVICE : MMC
FIRST UNIT : 53248
NO. UNITS : 4096
=================================
ID : PARAM (0x5)
DEVICE : MMC
FIRST UNIT : 57344
NO. UNITS : 16384
=================================
ID : KERNEL (0x6)
DEVICE : MMC
FIRST UNIT : 73728
NO. UNITS : 16384
=================================
ID : RECOVERY (0x7)
DEVICE : MMC
FIRST UNIT : 90112
NO. UNITS : 16384
=================================
ID : CACHE (0x8)
DEVICE : MMC
FIRST UNIT : 106496
NO. UNITS : 1433600
=================================
ID : MODEM (0x9)
DEVICE : MMC
FIRST UNIT : 1540096
NO. UNITS : 40960
=================================
ID : FACTORYFS (0xa)
DEVICE : MMC
FIRST UNIT : 1581056
NO. UNITS : 2867200
=================================
ID : DATAFS (0xb)
DEVICE : MMC
FIRST UNIT : 4448256
NO. UNITS : 25280478
=================================
ID : HIDDEN (0xd)
DEVICE : MMC
FIRST UNIT : 29728734
NO. UNITS : 1048576
=================================
ID : GANG (0x0)
DEVICE : MMC
FIRST UNIT : 0
NO. UNITS : 0
=================================
loke_init: j4fs_open..success
<start_checksum:310>CHECKSUM_HEADER_SECTOR :42
<start_checksum:313>offset:42, size:1024
Not Need Movinand Checksum
load_lfs_parameters valid magic code and version.
switch_sel_str='1'
switch_sel_int='1'
load_debug_level: read debug level successfully(0x574f4c44)...LOW
init_ddi_data: usable ddi data.
Set charging current TA
omap_max17042_read_temp: FG Temp raw_data : 0x2723
read_temp_adc:adc_data : 772
read_temp_adc:adc_data : 763
read_temp_adc:adc_data : 765
read_temp_adc:adc_data : 759
read_temp_adc:adc_data : 758
check_battery_type: fg temp : 39136, adc_temp : 420
check_battery_type: Set BATTERY_TYPE_SDI
omap_max17042_set_model_data : Already fuel gauge initialized !!
max17042_compensate_soc: vcell(3840), rep_soc(43)
calculate_table_soc: charging status : 2, vcell(3840), table_soc(52)
[SBL] VFOCV MSB : 0xc0, LSB : 0x7
[SBL_CHARGER] SOC : 43, VCELL : 3840, VFSOC : 42, VFOCV : 3840
save param.blk, size: 5268
save param.blk successfully.
save switch_sel(1)...ok
reading nps status file is successfully!.
nps status=0x504d4f43
g_nRebootReason = 0x1
set_lcd_panel_id: panel_adc=142
*** ltn070nl01_power_on ***
lcd_pannel_id=2
Autoboot (1 seconds) in progress, press any key to stop .
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (f55f0aa0)
Kernel @ 81808000 (0x3f715c bytes)
Ramdisk @ 82800000 (0x880aa bytes)
Starting kernel at 0x81808000...
Now I need Sbl.bin backup from ICS!
Click to expand...
Click to collapse
How will i get this sbl.bin file from?

Aditya16 said:
How will i get this sbl.bin file from?
Click to expand...
Click to collapse
From /dev/block/mmcblk0p2 and /dev/block/mmcblk0p3. Be careful, this is a critical part of boot process.

I really do not not know how to do it advice please?
Sent from my GT-P3100 using XDA Premium HD app

News update guy's. Chainfire pm'ed me saying that he will look into the matter. Now all we can do is cross our finger and wait.
Oh and also this download mode does not show +1 when I replaced CWM with stock recovery. I wonder why?
Sent from my GT-P3100 using XDA Premium HD app

UPDATE:
No warning when boot to stock JB XXCLI5 recovery:
Code:
g_nRebootReason = 0x2
set_lcd_panel_id: panel_adc=143
*** ltn070nl01_power_on ***
lcd_pannel_id=2
Autoboot (1 seconds) in progress, press any key to stop .
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (f55f0aa0)
Kernel @ 81808000 (0x3f715c bytes)
Ramdisk @ 82800000 (0x135b4d bytes)
save param.blk, size: 5268
save param.blk successfully.
save switch_sel(1)...ok
Starting kernel at 0x81808000...
More investigation needed, when boot to unofficial recovery:
Code:
g_nRebootReason = 0x2
set_lcd_panel_id: panel_adc=143
*** ltn070nl01_power_on ***
lcd_pannel_id=2
Autoboot (1 seconds) in progress, press any key to stop .
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (f55f0aa0)
Kernel @ 81808000 (0x39a7b0 bytes)
Ramdisk @ 82800000 (0x1e4fc6 bytes)
[WARNING] Current kernel is NOT official binary!!!
save param.blk, size: 5268
save param.blk successfully.
save switch_sel(1)...ok
Starting kernel at 0x81808000...
Normal boot to stock JB XXCLI5 kernel:
Code:
g_nRebootReason = 0x1
set_lcd_panel_id: panel_adc=142
*** ltn070nl01_power_on ***
lcd_pannel_id=2
Autoboot (1 seconds) in progress, press any key to stop .
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (f55f0aa0)
Kernel @ 81808000 (0x3f715c bytes)
Ramdisk @ 82800000 (0x880aa bytes)
Starting kernel at 0x81808000...
Parsed above value from /proc/last_kmsg. From last_kmsg value (second boot loader message?), I can confirm my boot logo hack is safe. Sbl successfuly mount param.lfs:
Code:
loke_init: j4fs_open..success
<start_checksum:310>CHECKSUM_HEADER_SECTOR :42
<start_checksum:313>offset:42, size:1024
Not Need Movinand Checksum
load_lfs_parameters valid magic code and version.

Odroid u2 Won't boot to recovery

My Odroid won't boot to CWM recovery with CM10.1 installed on the emmc.
I extracted the three files from here: http://cyanogenmod.org/rc/odroidu2-recovery.zip and placed them on the root of the emmc but every time I boot up I get this
Code:
U-Boot 2010.12-svn (Jan 28 2013 - 14:10:19) for Exynox4412
CPU: S5PC220 [Samsung SOC on SMP Platform Base on ARM CortexA9]
APLL = 1000MHz, MPLL = 880MHz
DRAM: 2047 MiB
PMIC VERSION : 0x00, CHIP REV : 2
TrustZone Enabled BSP
BL1 version: 20121128
Checking Boot Mode ... EMMC4.41
REVISION: 2.0
Manufacturer TOSHIBA [ 15028MB ]
NAME: S5P_MSHC4
MMC Device 0: 15028 MB
MMC Device 1: 0 MB
MMC Device 2 not found
*** Warning - using default environment
ModeKey Check... run normal_boot
Net: No ethernet found.
Hit any key to stop autoboot: 0
NAME: S5P_MSHC4
NAME: S5P_MSHC4
>>> Load Boot Script from mmc 0:1 <<<
NAME: S5P_MSHC4
Partition1: Start Address(0x520000), Size(0x181a000)
reading boot.scr
Warning : Reads a file that is smaller than the cluster size.
623 bytes read
## Executing script at 40008000
Wrong image format for "source" command
Exynos4412 #
how can i get past this?

deleted

[TOOL] Newflasher (xperia command line flasher)

Disclaimer:
newflasher tool was made for testing and educational purposes, ME is not responsible for what you do on/with your device using newflasher, you must agree that you using newflasher on your own risk, I am not responsible if you brick your device or anything else!
How to use:
OPTIONAL STEP 1:
- if you have missing flash driver just double click exe and confirm driver extraction, an exe will become available, run it and install driver.
OPTIONAL STEP 2:
- this step is optional, this step dump trim area, you can do this and keep those file somewhere on your pc in case you hard brick your device so give it to servicians to repair your phone.
STEP 1:
- Download right firmware for your device using XperiFirm tool, put newflasher.exe into firmware dir created by XperiFirm tool. Before you double click newflasher.exe do in mind something, newflasher tool is programed to flash everything found in the same dir!!! So tool flash all .ta files, all .sin files, boot delivery (whole boot folder), partition.zip, in short all files found in dir! If you no want to flash something just move file which you no want to flash OUT OF FOLDER! Partition.zip .sin files can be flashed only if you extract partition.zip into newly created folder called partition!
STEP 2:
- To start flashing phone put your phone into flash mode, double click newflasher.exe and wait wait wait until your device gets flashed, thats it. Look into log to see if something goes wrong! If all right you are done. If not post your log so I can look!
SOME MORE THINGS:
"You do not need to unlock bootloader or to root the phone if you want to flash a stock firmware from XperiFirm.
There are no files in the stock firmware that need to be deleted. Prompts will ask you to skip some files.
Feel free to press N to every prompt since:
- TA dumping it's not related with DRM keys.
- Flash persist_* files only if you know what you are doing, since you will lose your attest keys. Backup persist partition.
If you need the firmware on both A and B slot use fastboot commands to choose the inactive partion and re-flash."
Happy flashing!
Supported platforms:
- Newflasher is working on Windows, Linux, Android and Darwin, just chose right newflasher binary. With Android version you can flash phone by using another phone!
Changelog:
- version 1: Sorry a lot of work is done in pre pre alpha version and I can't count every changes, just folow development process about version 1, a lot of work is done before it started working. One esential change was done to tool improvement and it is described in one of the my posts related to moving function "erase:" to the section before function "flash:", it is realy improvement and more safer than in time when it was at the start of flashing routine.
- version v2 (15.Aug.2017)
Implemented free disk space safety check, it was missing and danger in case flashing process gets interupted because of the lack of the free disk space needed for sin extractions and temporary files. I have also include GordonGate flash driver prompt so in case somebody have missing flash drivers, simple need to double click exe and folow drivers archive extraction procedure, later need to install these drivers trought Windos device mannager. Also I have implemented an realy pre pre alpha version of the maybe non working trim (why maybe? Because I don't own xzp so can't test) area dump routine, in case it is working we can dump some esentials trim area units from device (probably not a full dump as like it was on every oldest xperia models - no permissions for dumping drm key unit)
- version v3 (23.09.2017)
Some more security checks, it's now a bit safer than v2
- version v4 (21.10.2017)
Updated trim area dumper, now it stores log to the trimarea.log but dump is now in .ta format and writen to the 01.ta and 02.ta
- version v5 (22.10.2017)
Updated trim area dumper, add progress meter, fix y-n prompt (thanks @pbarrette)
- version v6 (22.10.2017)
Updated trim area dumper
- version v7 (23.10.2017)
Updated trim area dumper, newflasher redesigned a bit, fix new partitioning for Oreo
- version v8 (24.10.2017)
Fix trim area dumper
- version v9 & v10 (25.10.2017)
Workaorunds on trim area dumper
- version v11 (07.04.2018)
Support for 2018 devices
- version v12 (29.04.2018)
Try fix doublefree bug/crash (most noticed on Linux 64 bit binary)
- version v13 (01.05.2018)
Fix doublefree bug/crash by removing dynamic allocation from function get_reply
- version v14 & v15 (12.06.2019)
Sony XPeria 1 support added.
- version v16 (16.06.2019)
LUN0 detection optimized.
- version v17 (24.06.2019)
LUN0 detection bug fixed.
- version v18 (10.08.2019)
Untested fix for https://forum.xda-developers.com/cr...wflasher-xperia-command-line-t3619426/page105
Using builtin mkdir instead of calling it trought system call
- version v19 (08.10.2019)
Implemented prompt for flashing persist partition; print skipped .sin files
- version v20 (13.12.2019)
implemented prompt for flashing bootloader,bluetooth,dsp,modem,rdimage to booth a,b slots
- version v21 (29.06.2020)
implemented battery level status check before flashing, flashing bootloader,bluetooth,dsp,modem,rdimage to booth a,b slots is mandatory now and is flashed by default right now, more info, try fix previously reported isue on sync and powerdown command reported 2-3 years ago so I have disabled it and now enabled for test, implemented Macos support (curently need to be tested! If you have plan to test please flash only cache.sin DO NOT flash the rest because of safety for your device!)
- version v22 (30.06.2020)
trying to fix battery capacity retrieval
- version v23 (04.07.2020)
removed battery capacity retrieval (not going to work that way), fix trim area dump file name, new gordongate drivers
- version v24 (04.07.2020)
new feature - now you can run newflasher from script or console with your own command, e.g. newflasher getvar:Emmc-info , I didn't tested all the list of commands, if you do it share them with us!
- version v25 (09.07.2020)
New trim area dump tool, with this change trim area dump is created in 3 secconds. Do in mind this not dump protected units like drm key...etc! Some changes in scripting feature from v24
- version v26 (10.07.2020)
Added 4 diferent reboot modes, reboot to android, reboot to fastboot, reboot to bootloader, power off
- version v27 (11.07.2020) (not yet released)
Workaround in mac libusb
- version v28 (12.07.2020)
Workaround to sync response bug; Fully implemented support for Mac. I'm tested myself on mac 10.14 but confirmed working on mac 10.15 too
- version v29 (12.07.2020)
Mac proper libusb deinitialisation
- version v30 (13.07.2020)
Preparation for Debian packaging; I'm noticed that hex modified arm64 fake pie binary is not working so its now compiled with ndk and its true pie binary now
- version v31 (14.07.2020)
Fix cosmetic bug https://forum.xda-developers.com/showpost.php?p=83056693&postcount=1212 which might confuse somebody
- version 32, not yet released
- version 33 (30.07.2020)
Allow bootloader unlocking with newflasher; Try fix sync response bug for win and darwin too
- version 34 (08.08.2020)
Added support for 32bit sized trim area units (as trim area api changed in xperia mark 2 line) (not yet released because of bug)
- version 35 (08.08.2020)
Updated support for 32bit sized trim area units (as trim area api changed in xperia mark 2 line); Move trim area dumps out of root folder so it not get acidentaly flashed, dumps is now inside folder tadump
- version 36 (27.08.2020)
Some improvements and and possible bug fixes
- version 37 (09.12.2020)
Added support for Xperia 5 II with emmc instead of ufs (not working)
- version 38 (10.12.2020)
Fixed impropper implementation from v37
- version 39 (13.12.2020)
Since mark 2 devices protocol is changed a bit and on some devices OKAY reply is not in separated usb poacket, instead it is merged with data packet, added support for it
- version 40 (03.01.2021)
Temporary solution for determining partition 0 sin file caused by two diferent emmc csd info we found recently on mark 2 devices
- version 41 (03.01.2021)
Removed temporary solution from version 41 so right lun0 sin file get flashed and seccond lun0 get skipped or booth skipped if lun0 sin file do not match device storage size
- version 42 (11.03.2021)
Fix bug in flashing booth slots when current slot is A, thanks to @chrisrg for discovering bug!
- version 43 (12.06.2021)
Support for Mark 3 devices
- version 44 (19.06.2021)
Fully Mark III device implementation
- version 45 (20.06.2021)
Implemented battery level check and prompt user to take a risk and continue flashing or stop flasing if battery level is less than 15 percent
- version 46 (08.07.2021)
Fix problem with filenames which contain "_other", it need to be always flashed to the diferent slot
- version 47 (15.07.2021)
Removed prompt for persist.sin flashing, now its by default skip. Implemented bootloader log retrieval at the end of flashing for better understanding when something goes wrong. Implemented firmware log history retrieval for those who want to know history of the flashed firmwares
- version 48 (19.07.2021)
Flash bootloader,bluetooth,dsp,modem,rdimage to booth slots only on a,b devices
- version 49 (31.07.2021)
Support for XQ-BT41
- version 50 (12.08.2021)
Workin progress on asynchronous usb to make it more like synchronous, added progress bar during send-receive usb packets and more logging. Increased usb timeout to 2 minute. Trying fix sync command at the end of flashing as reported here -> https://github.com/munjeni/newflasher/issues/42
- version 51 (12.08.2021)
Fix empry line printed while receiving usb packets, thanks @elukyan
- version 52 (01.10.2021)
Implemented userprompt for keeping userdata, thanks @OhayouBaka for figuring out! Removed bootloader log retrieval
- version 53, 54, 55 (20.0822022)
Fix trimarea dumper crash on big endian machines, update building makefiles
Credits:
- without @tanipat and his pc companion debug logs this tool will never be possible! Thank you a lot for your time providing me logs! (by the influence of others, He was disappointed me with last post, but I still appreciate his help and can't forget it)
- without @thrash001 who helped testing our tool I never be continue building our tool since I don't have device for testing, thanks mate!
- didn't forgot @beenoliu, thanks mate for testing!
- thanks to @porphyry for testing linux version!
- thanks to @Snow_Basinger for providing sniff log from 2018 device and for testing on his 2018 device
- thanks to @frantisheq for testing newflasher on his 2018 device and for notify about doublefree bug
- thanks to @serajr for providing me some logs which helped me to figure out some things related to 2018 devices
- thanks to @noelex for helping in Xperia 1 implementation
- thanks to @Meloferz for testing on his xperia 1 mark II
- thanks to github contributors, testers and reporters: vog, noelex, TheSaltedFish, solarxraft, pbarrette, MartinX3, kholk
- thanks to Chirayu Desai for tracking addition to Debian and thanks to vog for initiating all that
- thanks to @elukyan for testing and providing me usb sniff logs for mark 3 devices imlementation, thank you so much
Common errors and how to solve:
https://forum.xda-developers.com/t/tool-newflasher-xperia-command-line-flasher.3619426/post-72610228
Source code:
https://github.com/munjeni/newflasher

let me start for you and report

here my log..
Code:
--------------------------------------------------------
newflasher.exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#5&15c311e1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: USB-Controller
Device Instance Id: USB\VID_0FCE&PID_B00B\5&15C311E1&0&2
ERROR: TIMEOUT: failed with error code 997 as follows:
▄berlappender E/A-Vorgang wird verarbeitet.
- Error writing command!
Drücken Sie eine beliebige Taste . . .

Common errors and what you need to do:
ERROR: TIMEOUT: failed with error code 997 as follows:
Overlapped I/O operation is in progress.
FIX --------> https://forum.xda-developers.com/t/tool-newflasher-xperia-command-line-flasher.3619426/post-84603931
Error, didn't got signature OKAY reply! Got reply: FAILFailed to verify cms
FIX---------> Make sure to flash right rom model e.g. if your device is SO-01L you need to flash rom model SO-01L or e.g. your phone is H8314 you need to flash rom H8314 ... etc, otherwise you might hardbrick your phone!
Bootloop caused by rooback protection e.g. by flashing an OLD rom over NEWER one e.g. you have android 11 and want back to android 10 that will bootloop your phone if your phone have rollback protection
https://forum.xda-developers.com/t/...-xq-at51-with-flashtool.4119707/post-84509417
in short explanation your bootloader need to be unlocked. Than by relocking bootloader rollback index (rollback protection) is reset to zero. Than you can flash oldest rom because index in that case is zero so you won't get bootloop related to rollback protection.
It was confirmed working:
https://forum.xda-developers.com/t/...-xq-at51-with-flashtool.4119707/post-84637803
https://forum.xda-developers.com/t/...-xq-at51-with-flashtool.4119707/post-84673613
If neither help you to solve problem you should read boot log to get idea, use this command line option for newflasher:
newflasher Read-TA:2:2050

what I got
--------------------------------------------------------
newflasher.exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#6&3a757eec&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: Universal Serial Bus controllers
Device Instance Id: USB\VID_0FCE&PID_B00B\6&3A757EEC&0&1
ERROR: GetOverlapped_in_Result: failed with error code 31 as follows:
A device attached to the system is not functioning.
- Error reaply! Device didn't replied with OKAY or DATA
Press any key to continue . . .
wait for others to report

Hm, you successfully wrote command but error on reaply Lets see new version is out

Today I have free time for development, I don't know when I will get free time again, so guys if you hurry to have flasher I am here and waiting. I do not have 2017 device model so I can't test, so can't continue development without your tests

Driver is the right.
here the next:
Code:
--------------------------------------------------------
newflasher.exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#5&15c311e1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: USB-Controller
Device Instance Id: USB\VID_0FCE&PID_B00B\5&15C311E1&0&2
ERROR: TIMEOUT: failed with error code 997 as follows:
▄berlappender E/A-Vorgang wird verarbeitet.
- Successfully write 0x0 bytes to handle.
- Error writing command!
Drücken Sie eine beliebige Taste . . .

Strange! Maybe run as admin is need?

It would be great if tanipat debug newflasher with monitoring studio so I can compare whats going on? New version is out again.
Edit:
Curent version is safe so you no need to care for brick! Tool currently nothing write to internal mem! I will tell when it is ready for flashing! Now its just pre pre alpha version, only read from phone

in the windows devicemanager is it correct as "SOMC Flash Device"
the next one:
Code:
--------------------------------------------------------
newflasher.exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#5&15c311e1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: USB-Controller
Device Instance Id: USB\VID_0FCE&PID_B00B\5&15C311E1&0&2
ERROR: TIMEOUT: failed with error code 997 as follows:
▄berlappender E/A-Vorgang wird verarbeitet.
- Error write! Need nBytes: 0x18 but done: 0x0
- Error writing command!
Drücken Sie eine beliebige Taste . . .

Can you right click on .exe and run as admin?

the same
Code:
--------------------------------------------------------
newflasher.exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#5&15c311e1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: USB-Controller
Device Instance Id: USB\VID_0FCE&PID_B00B\5&15C311E1&0&2
ERROR: TIMEOUT: failed with error code 997 as follows:
▄berlappender E/A-Vorgang wird verarbeitet.
- Error write! Need nBytes: 0x18 but done: 0x0
- Error writing command!
Drücken Sie eine beliebige Taste . . .
---------- Post added at 08:42 PM ---------- Previous post was at 08:41 PM ----------
Code:
--------------------------------------------------------
newflasher.exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#5&15c311e1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: USB-Controller
Device Instance Id: USB\VID_0FCE&PID_B00B\5&15C311E1&0&2
- Successfully write 0x18 bytes to handle.
- Successfully read 0xd bytes from handle.
Raw input [0xD]:
00000000 4F 4B 41 59 31 30 34 38 35 37 36 30 30 OKAY104857600
get_reaply:[0xD]:
00000000 4F 4B 41 59 31 30 34 38 35 37 36 30 30 OKAY104857600
- Successfully write 0xe bytes to handle.
- Successfully read 0x9 bytes from handle.
Raw input [0x9]:
00000000 4F 4B 41 59 47 38 31 34 31 OKAYG8141
get_reaply:[0x9]:
00000000 4F 4B 41 59 47 38 31 34 31 OKAYG8141
- Successfully write 0xe bytes to handle.
ERROR: GetOverlapped_in_Result: failed with error code 31 as follows:
Ein an das System angeschlossenes Gerõt funktioniert nicht.
- Successfully read 0x0 bytes from handle.
Raw input [0x0]:
- Error reaply: less than 4!
Drücken Sie eine beliebige Taste . . .
Sorry, i must disconnect the device for the next start

Thanks a lot! Seems some good progress here! I had set timeout to 60 secconds, seems it was not enought and caused timeout, now I have set to 120 secconds and donesome small modification, hope we get luck now, new version is out

Code:
--------------------------------------------------------
newflasher.exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#5&15c311e1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: USB-Controller
Device Instance Id: USB\VID_0FCE&PID_B00B\5&15C311E1&0&2
- Successfully write 0x18 bytes to handle.
- Successfully read 0xd bytes from handle.
Raw input [0xD]:
00000000 4F 4B 41 59 31 30 34 38 35 37 36 30 30 OKAY104857600
- Successfully write 0xe bytes to handle.
- Successfully read 0x9 bytes from handle.
Raw input [0x9]:
00000000 4F 4B 41 59 47 38 31 34 31 OKAYG8141
- Successfully write 0xe bytes to handle.
ERROR: GetOverlapped_in_Result: failed with error code 31 as follows:
Ein an das System angeschlossenes Gerõt funktioniert nicht.
- Error reaply: less than 4!
Drücken Sie eine beliebige Taste . . .
and this, without disconect a view seconds later again start the exe
Code:
--------------------------------------------------------
newflasher.exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#5&15c311e1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: USB-Controller
Device Instance Id: USB\VID_0FCE&PID_B00B\5&15C311E1&0&2
- Successfully write 0x18 bytes to handle.
ERROR: TIMEOUT: failed with error code 997 as follows:
▄berlappender E/A-Vorgang wird verarbeitet.
- Error reaply: less than 4!
Drücken Sie eine beliebige Taste . . .

Hmm strange realy. See https://www.lifewire.com/how-to-fix-code-31-errors-2623184 its seems your driver is not working propertly, maybe you have old flashtool driver and not one for newer device (which can be installed by installing sony pc companion software), I have no idea by now, unable to figure out why that happens Did you flashed by sony pc companion your device allready and you are sure it is working, can you confirm? Probably if you allready installed flashtool driver you will need to uninstall and reinstall pc companion, have no idea by now what might be a problem

so, i have erase the driver. restart windows, install the flashtool driver. start the exe:
Code:
--------------------------------------------------------
newflasher.exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#5&15c311e1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: USB-Controller
Device Instance Id: USB\VID_0FCE&PID_B00B\5&15C311E1&0&2
- Successfully write 0x18 bytes to handle.
- Successfully read 0xd bytes from handle.
Raw input [0xD]:
00000000 4F 4B 41 59 31 30 34 38 35 37 36 30 30 OKAY104857600
- Successfully write 0xe bytes to handle.
- Successfully read 0x9 bytes from handle.
Raw input [0x9]:
00000000 4F 4B 41 59 47 38 31 34 31 OKAYG8141
- Successfully write 0xe bytes to handle.
ERROR: GetOverlapped_in_Result: failed with error code 31 as follows:
Ein an das System angeschlossenes Gerõt funktioniert nicht.
- Error reaply: less than 4!
Drücken Sie eine beliebige Taste . . .
now i erase the driver, restart windows and let windows install the driver over windows.
(i hope you can undersood my english)

Many thanks! Yes I understand you. I must go now, hope somebody figure out if driver is problem or bug in my tool, see you guys tommorow

New version is out, let me know please! I have researched a bit, seems get overlapped result caused some problems and returns imediatelly before thing complete, I have set to "wait complete" hope it is ok now

good morning, so i have reinstall sony companion and start the repair, the new driver is isntall but:
Code:
--------------------------------------------------------
newflasher.exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#5&15c311e1&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Class Description: USB-Controller
Device Instance Id: USB\VID_0FCE&PID_B00B\5&15C311E1&0&2
- Successfully write 0x18 bytes to handle.
- Successfully read 0xd bytes from handle.
Raw input [0xD]:
00000000 4F 4B 41 59 31 30 34 38 35 37 36 30 30 OKAY104857600
- Successfully write 0xe bytes to handle.
- Successfully read 0x9 bytes from handle.
Raw input [0x9]:
00000000 4F 4B 41 59 47 38 31 34 31 OKAYG8141
- Successfully write 0xe bytes to handle.
ERROR: GetOverlapped_in_Result: failed with error code 31 as follows:
Ein an das System angeschlossenes Gerõt funktioniert nicht.
- Error reaply: less than 4!
Raw input [0x0]:
Drücken Sie eine beliebige Taste . . .
---------- Post added at 10:27 AM ---------- Previous post was at 10:18 AM ----------
and this is from my windows7 32bit pc, only sony companion is install.
Code:
--------------------------------------------------------
newflasher (2).exe by Munjeni @ 2017
--------------------------------------------------------
Device path: \\?\usb#vid_0fce&pid_b00b#5&448f588&0&1#{a5dcbf10-6530-11d2-901f-00
c04fb951ed}
Class Description: USB-Controller
Device Instance Id: USB\VID_0FCE&PID_B00B\5&448F588&0&1
- Successfully write 0x18 bytes to handle.
- Successfully read 0xd bytes from handle.
Raw input [0xD]:
00000000 4F 4B 41 59 31 30 34 38 35 37 36 30 30 OKAY104857600
- Successfully write 0xe bytes to handle.
- Successfully read 0x9 bytes from handle.
Raw input [0x9]:
00000000 4F 4B 41 59 47 38 31 34 31 OKAYG8141
- Successfully write 0xe bytes to handle.
ERROR: GetOverlapped_in_Result: failed with error code 31 as follows:
Ein an das System angeschlossenes Gerõt funktioniert nicht.
- Error reaply: less than 4!
Raw input [0x0]:
Drücken Sie eine beliebige Taste . . .

Debricking my Rockchip Device

I would like to share my experience from the weekend to help others.
At first let me explain the situation:
I got my A5X Max+ 64GB eMMC preinstalled with Android 8.1 but I thought that the latest firmware available on the net can maybe make a positive difference to the shipped one.
Seraching the web I found 3 different firmware version I thoght it would be good to give it a try.
An A5X MAX+ Android 8.1 firmware
An A5X MAX+ Android 7 firmware
An A5X MAX Android 9 firmware (non "+" uses a dirfferent WiFi Chipset,....)
Next Step folowing the firmware upgrade guides:
1. Trying to directly flash a new firmware via a SD card and SD_Firmware_Tool_v146_eng_AndroidPC failed
2. Trying to flash with a computer using RK_Batch_tool_v1_8_AndroidPC in combination with Rockchip_DriverAssitant_v4.4 is working
Ok no difference to the preinstalled one so next step flashing a different firmware.
The most interesting was the Android 9.0 firmware even when I know that it is for the non "+" version using a slightly different peripheral hardware.
So I use the Batch tool again and start flashing. ==> Do not flash similar firmware on any device.
The flash process abort after flashing only parts of the whole image.
My Box is not starting anymore, and there is no video output when booting and it is not recognized by my computer anymore via USB
My process to debrick my Device:
My luck when starting into Recovery it is still recognized via USB
Also there a dedicated test pins marked with TX, GND and RX so I connect a Serial to USB converter and check if I can find the problem.
I could not find out what kind of baud rate the serial is using neither Start/Stop Bit configuration.
A oscilloscope (Red Pitaya) helped a lot to see that the serial interface is working at a abnormal high baud rate: ~1350000 baud per second / 8N1
find here the current bootloop log:
normal boot
Code:
Wed Oct 31 06:28:55 UTC 2018 aarch64)
INF [0x0] TEE-CORE:init_primary_helper:338: Release version: 1.4
INF [0x0] TEE-CORE:init_teecore:83: teecore inits done
INFO: BL31: Preparing for EL3 exit to normal world
INFO: Entry point address = 0x200000
INFO: SPSR = 0x3c9
U-Boot 2017.09-02211-gd8ce1d0-dirty (Nov 27 2018 - 09:57:42 +0800)
Model: Rockchip RK3328 EVB
DRAM: 4 GiB
Relocation Offset is: fcbda000
Using default environment
[email protected]: 1, [email protected]: 0
Card did not respond to voltage select!
mmc_init: -95, time 10
switch to partitions #0, OK
mmc0(part 0) is current device
boot mode: normal
bad resource image magic: oint (current EL)
DTB: rk-kernel.dtb
bad resource image magic: oint (current EL)
Can't find file:rk-kernel.dtb
init_kernel_dtb dtb in resource read fail
In: serial
Out: serial
Err: serial
Model: Rockchip RK3328 EVB
rockchip_set_serialno: could not find efuse device
CLK: apll 400000000 Hz
dpll 664000000 Hz
cpll 1200000000 Hz
gpll 491009999 Hz
npll 600000000 Hz
armclk 600000000 Hz
aclk_bus 150000000 Hz
hclk_bus 75000000 Hz
pclk_bus 75000000 Hz
aclk_peri 150000000 Hz
hclk_peri 75000000 Hz
pclk_peri 75000000 Hz
Net: Net Initialization Skipped
No ethernet found.
Hit any key to stop autoboot: 0
ca head not found
ANDROID: reboot reason: "(none)"
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
read_is_device_unlocked() ops returned that device is UNLOCKED
avb_slot_verify.c:637: ERROR: vbmeta: Error verifying vbmeta image: OK_NOT_SIGNE D
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
DDR version 1.13 20180428
ID:0x805 N
In
DDR3
333MHz
Bus Width=32 Col=11 Bank=8 Row=16 CS=1 Die Bus-Width=16 Size=4096MB
ddrconfig:3
OUT
Boot1 Release Time: Sep 7 2018 15:49:55, version: 2.49
ChipType = 0x11, 193
mmc2:cmd19,100
SdmmcInit=2 0
BootCapSize=2000
UserCapSize=59640MB
FwPartOffset=2000 , 2000
SdmmcInit=0 NOT PRESENT
StorageInit ok = 286281
Raw SecureMode = 0
SecureInit read PBA: 0x4
SecureInit read PBA: 0x404
SecureInit read PBA: 0x804
SecureInit read PBA: 0xc04
SecureInit read PBA: 0x1004
SecureInit ret = 0, SecureMode = 0
GPT part: 0, name: uboot, start:0x4000, size:0x2000
GPT part: 1, name: trust, start:0x6000, size:0x2000
GPT part: 2, name: misc, start:0x8000, size:0x2000
GPT part: 3, name: baseparameter, start:0xa000, size:0x800
GPT part: 4, name: resource, start:0xa800, size:0x8000
GPT part: 5, name: kernel, start:0x12800, size:0x10000
GPT part: 6, name: dtb, start:0x22800, size:0x2000
GPT part: 7, name: dtbo, start:0x24800, size:0x2000
GPT part: 8, name: logo, start:0x26800, size:0x8000
GPT part: 9, name: vbmeta, start:0x2e800, size:0x800
GPT part: 10, name: boot, start:0x2f000, size:0x10000
GPT part: 11, name: recovery, start:0x3f000, size:0x20000
GPT part: 12, name: backup, start:0x5f000, size:0x8000
GPT part: 13, name: cache, start:0x67000, size:0x80000
GPT part: 14, name: system, start:0xe7000, size:0x400000
GPT part: 15, name: metadata, start:0x4e7000, size:0x8000
GPT part: 16, name: vendor, start:0x4ef000, size:0x60000
GPT part: 17, name: oem, start:0x54f000, size:0x20000
GPT part: 18, name: frp, start:0x56f000, size:0x400
GPT part: 19, name: security, start:0x56f400, size:0x1000
GPT part: 20, name: userdata, start:0x570400, size:0x6f0bbdf
find partition:uboot OK. first_lba:0x4000.
find partition:trust OK. first_lba:0x6000.
LoadTrust Addr:0x6000
No find bl30.bin
HashBits:256, HashData:
6cf28742
2df532aa
1ea29e7b
85e4e128
9675b550
859f84c1
c47158c4
9373e8ea
CalcHash:
2a0cacfb
655bd8b6
09989b08
c0ff4464
9d525d13
47eb7212
89197119
20d1a938
bl31.bin_0:CheckImage Fail!
LoadTrust Addr:0x6400
LoadTrust Addr:0x6800
LoadTrust Addr:0x6c00
LoadTrust Addr:0x7000
No find bl30.bin
Load uboot, ReadLba = 4000
hdr 000000000337a380 + 0x0:0x50,0x41,0x52,0x4d,0x66,0x03,0x00,0x00,0x46,0x49,0x52,0x4d,0x57,0x41,0x52,0x45,
Load OK, addr=0x200000, size=0xeb934
RunBL31 0x10000
NOTICE: BL31: v1.3(debug):9d3f591
NOTICE: BL31: Built : 14:39:02, Jan 17 2018
NOTICE: BL31:Rockchip release version: v1.3
INFO: ARM GICv2 driver initialized
INFO: Using opteed sec cpu_context!
INFO: boot cpu mask: 1
INFO: plat_rockchip_pmu_init: pd status 0xe
INFO: BL31: Initializing runtime services
INFO: BL31: Initializing BL32
ERR [0x0] TEE-CORE:atags_get_tag:146: atags_get_tag: find unknown magic(d7f5f65b)
INF [0x0] TEE-CORE:init_primary_helper:337: Initializing (1.1.0-187-g3f0aafa6 #9 Wed Oct 31 06:28:55 UTC 2018 aarch64)
pressing and holding reset (without connecting to USB)
Code:
Wed Oct 31 06:28:55 UTC 2018 aarch64)
INF [0x0] TEE-CORE:init_primary_helper:338: Release version: 1.4
INF [0x0] TEE-CORE:init_teecore:83: teecore inits done
INFO: BL31: Preparing for EL3 exit to normal world
INFO: Entry point address = 0x200000
INFO: SPSR = 0x3c9
U-Boot 2017.09-02211-gd8ce1d0-dirty (Nov 27 2018 - 09:57:42 +0800)
Model: Rockchip RK3328 EVB
DRAM: 4 GiB
Relocation Offset is: fcbda000
Using default environment
[email protected]: 1, [email protected]: 0
Card did not respond to voltage select!
mmc_init: -95, time 10
switch to partitions #0, OK
mmc0(part 0) is current device
boot mode: normal
bad resource image magic: oint (current EL)
DTB: rk-kernel.dtb
bad resource image magic: oint (current EL)
Can't find file:rk-kernel.dtb
init_kernel_dtb dtb in resource read fail
In: serial
Out: serial
Err: serial
Model: Rockchip RK3328 EVB
rockchip_set_serialno: could not find efuse device
CLK: apll 400000000 Hz
dpll 664000000 Hz
cpll 1200000000 Hz
gpll 491009999 Hz
npll 600000000 Hz
armclk 600000000 Hz
aclk_bus 150000000 Hz
hclk_bus 75000000 Hz
pclk_bus 75000000 Hz
aclk_peri 150000000 Hz
hclk_peri 75000000 Hz
pclk_peri 75000000 Hz
Net: Net Initialization Skipped
No ethernet found.
Hit any key to stop autoboot: 0
ca head not found
ANDROID: reboot reason: "(none)"
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
read_is_device_unlocked() ops returned that device is UNLOCKED
avb_slot_verify.c:637: ERROR: vbmeta: Error verifying vbmeta image: OK_NOT_SIGNE D
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
DDR version 1.13 20180428
ID:0x805 N
In
DDR3
333MHz
Bus Width=32 Col=11 Bank=8 Row=16 CS=1 Die Bus-Width=16 Size=4096MB
ddrconfig:3
OUT
Boot1 Release Time: Sep 7 2018 15:49:55, version: 2.49
ChipType = 0x11, 193
mmc2:cmd19,100
SdmmcInit=2 0
BootCapSize=2000
UserCapSize=59640MB
FwPartOffset=2000 , 2000
SdmmcInit=0 NOT PRESENT
StorageInit ok = 286281
Raw SecureMode = 0
SecureInit read PBA: 0x4
SecureInit read PBA: 0x404
SecureInit read PBA: 0x804
SecureInit read PBA: 0xc04
SecureInit read PBA: 0x1004
SecureInit ret = 0, SecureMode = 0
GPT part: 0, name: uboot, start:0x4000, size:0x2000
GPT part: 1, name: trust, start:0x6000, size:0x2000
GPT part: 2, name: misc, start:0x8000, size:0x2000
GPT part: 3, name: baseparameter, start:0xa000, size:0x800
GPT part: 4, name: resource, start:0xa800, size:0x8000
GPT part: 5, name: kernel, start:0x12800, size:0x10000
GPT part: 6, name: dtb, start:0x22800, size:0x2000
GPT part: 7, name: dtbo, start:0x24800, size:0x2000
GPT part: 8, name: logo, start:0x26800, size:0x8000
GPT part: 9, name: vbmeta, start:0x2e800, size:0x800
GPT part: 10, name: boot, start:0x2f000, size:0x10000
GPT part: 11, name: recovery, start:0x3f000, size:0x20000
GPT part: 12, name: backup, start:0x5f000, size:0x8000
GPT part: 13, name: cache, start:0x67000, size:0x80000
GPT part: 14, name: system, start:0xe7000, size:0x400000
GPT part: 15, name: metadata, start:0x4e7000, size:0x8000
GPT part: 16, name: vendor, start:0x4ef000, size:0x60000
GPT part: 17, name: oem, start:0x54f000, size:0x20000
GPT part: 18, name: frp, start:0x56f000, size:0x400
GPT part: 19, name: security, start:0x56f400, size:0x1000
GPT part: 20, name: userdata, start:0x570400, size:0x6f0bbdf
find partition:uboot OK. first_lba:0x4000.
find partition:trust OK. first_lba:0x6000.
LoadTrust Addr:0x6000
No find bl30.bin
HashBits:256, HashData:
6cf28742
2df532aa
1ea29e7b
85e4e128
9675b550
859f84c1
c47158c4
9373e8ea
CalcHash:
2a0cacfb
655bd8b6
09989b08
c0ff4464
9d525d13
47eb7212
89197119
20d1a938
bl31.bin_0:CheckImage Fail!
LoadTrust Addr:0x6400
LoadTrust Addr:0x6800
LoadTrust Addr:0x6c00
LoadTrust Addr:0x7000
No find bl30.bin
Load uboot, ReadLba = 4000
hdr 000000000337a380 + 0x0:0x50,0x41,0x52,0x4d,0x66,0x03,0x00,0x00,0x46,0x49,0x52,0x4d,0x57,0x41,0x52,0x45,
Load OK, addr=0x200000, size=0xeb934
RunBL31 0x10000
NOTICE: BL31: v1.3(debug):9d3f591
NOTICE: BL31: Built : 14:39:02, Jan 17 2018
NOTICE: BL31:Rockchip release version: v1.3
INFO: ARM GICv2 driver initialized
INFO: Using opteed sec cpu_context!
INFO: boot cpu mask: 1
INFO: plat_rockchip_pmu_init: pd status 0xe
INFO: BL31: Initializing runtime services
INFO: BL31: Initializing BL32
ERR [0x0] TEE-CORE:atags_get_tag:146: atags_get_tag: find unknown magic(d7f5f65b)
INF [0x0] TEE-CORE:init_primary_helper:337: Initializing (1.1.0-187-g3f0aafa6 #9 Wed Oct 31 06:28:55 UTC 2018 aarch64)
INF [0x0] TEE-CORE:init_primary_helper:338: Release version: 1.4
INF [0x0] TEE-CORE:init_teecore:83: teecore inits done
INFO: BL31: Preparing for EL3 exit to normal world
INFO: Entry point address = 0x200000
INFO: SPSR = 0x3c9
U-Boot 2017.09-02211-gd8ce1d0-dirty (Nov 27 2018 - 09:57:42 +0800)
Model: Rockchip RK3328 EVB
DRAM: 4 GiB
Relocation Offset is: fcbda000
Using default environment
[email protected]: 1, [email protected]: 0
Card did not respond to voltage select!
mmc_init: -95, time 9
switch to partitions #0, OK
mmc0(part 0) is current device
boot mode: None
bad resource image magic: oint (current EL)
DTB: rk-kernel.dtb
bad resource image magic: oint (current EL)
Can't find file:rk-kernel.dtb
init_kernel_dtb dtb in resource read fail
In: serial
Out: serial
Err: serial
Model: Rockchip RK3328 EVB
rockchip_set_serialno: could not find efuse device
CLK: apll 400000000 Hz
dpll 664000000 Hz
cpll 1200000000 Hz
gpll 491009999 Hz
npll 600000000 Hz
armclk 600000000 Hz
aclk_bus 150000000 Hz
hclk_bus 75000000 Hz
pclk_bus 75000000 Hz
aclk_peri 150000000 Hz
hclk_peri 75000000 Hz
pclk_peri 75000000 Hz
Net: Net Initialization Skipped
No ethernet found.
Hit any key to stop autoboot: 0
ca head not found
ANDROID: reboot reason: "(none)"
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
read_is_device_unlocked() ops returned that device is UNLOCKED
avb_slot_verify.c:637: ERROR: vbmeta: Error verifying vbmeta image: OK_NOT_SIGNED
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
Booting kernel at 0x207f800 with fdt at f4dcfca0...
## Booting Android Image at 0x0207f800 ...
Kernel load addr 0x02080000 size 19005 KiB
## Flattened Device Tree blob at f4dcfca0
Booting using the fdt blob at 0xf4dcfca0
XIP Kernel Image ... OK
Loading Device Tree to 00000000081fb000, end 00000000081ff0f8 ... OK
Adding bank: 0x00200000 - 0x08400000 (size: 0x08200000)
Adding bank: 0x0a200000 - 0xff000000 (size: 0xf4e00000)
Starting kernel ...
"Synchronous Abort" handler, esr 0x02000000
* Relocate offset = 00000000fcbda000
* ELR(PC) = ffffffff064c6000
* LR = 0000000000201f00
* SP = 00000000f4dcf2a0
* ESR_EL2 = 0000000002000000
EC[31:26] == 000000, Exception with an unknown reason
IL[25] == 1, 32-bit instruction trapped
* DAIF = 00000000000003c0
D[9] == 1, DBG masked
A[8] == 1, ABORT masked
I[7] == 1, IRQ masked
F[6] == 1, FIQ masked
* SPSR_EL2 = 00000000600003c9
D[9] == 1, DBG masked
A[8] == 1, ABORT masked
I[7] == 1, IRQ masked
F[6] == 1, FIQ masked
M[4] == 0, Exception taken from AArch64
M[3:0] == 1001, EL2h
* SCTLR_EL2 = 0000000030c50830
I[12] == 0, Icache disabled
C[2] == 0, Dcache disabled
M[0] == 0, MMU disabled
* HCR_EL2 = 0000000000000002
* VBAR_EL2 = 00000000fcdda800
* TTBR0_EL2 = 00000000feff0000
x0 : 00000000081fb000 x1 : 0000000000000000
x2 : 0000000000000000 x3 : 0000000000000000
x4 : 0000000002080000 x5 : 0000000000000001
x6 : 0000000000000008 x7 : 0000000000000000
x8 : 00000000f4dcf320 x9 : 0000000001008000
x10: 000000000a200023 x11: 0000000000000002
x12: 0000000000000002 x13: 00000000f4dcf36c
x14: 00000000081fb000 x15: 00000000fcddb5a8
x16: 0000000000000002 x17: 00000000081ff0f9
x18: 00000000f4dd1da0 x19: 0000000000000400
x20: 00000000fcec52e0 x21: 0000000000000000
x22: 0000000000000003 x23: 00000000f4dcf630
x24: 0000000000000000 x25: 0000000002080000
x26: 00000000fcddbea4 x27: 0000000000000400
x28: 0000000002080000 x29: 00000000f4dcf480
SP:
f4dcf2a0: 00000000 00000000 00000000 00000000
f4dcf2b0: 00000000 00000000 fcea3759 00000000
f4dcf2c0: 00000000 00000000 00000000 00000000
f4dcf2d0: fcea37a0 00000000 fcea37c6 00000000
f4dcf2e0: fcea3813 00000000 fcea3860 00000000
f4dcf2f0: fcea38a0 00000000 fcea38e0 00000000
f4dcf300: fcea391d 00000000 00000000 00000000
f4dcf310: 00000000 00000000 fcea395a 00000000
f4dcf320: f4dcf480 00000000 fcddaa0c 00000000
f4dcf330: 00000400 00000000 fce9d415 00000000
f4dcf340: feff0000 00000000 00000002 00000000
f4dcf350: 30c50830 00000000 f4dcf2a0 00000000
f4dcf360: 600003c9 00000000 fcdda800 00000000
f4dcf370: 000003c0 00000000 02000000 00000000
f4dcf380: 030a0000 00000000 081fb000 00000000
f4dcf390: 00000000 00000000 00000000 00000000
Resetting CPU ...
WARN: PSCI sysreset is disabled
DDR version 1.13 20180428
ID:0x805 N
In
SRX
DDR3
333MHz
Bus Width=32 Col=11 Bank=8 Row=16 CS=1 Die Bus-Width=16 Size=4096MB
ddrconfig:3
OUT
Boot1 Release Time: Sep 7 2018 15:49:55, version: 2.49
ChipType = 0x11, 261
mmc2:cmd19,100
SdmmcInit=2 0
BootCapSize=2000
UserCapSize=59640MB
FwPartOffset=2000 , 2000
SdmmcInit=0 NOT PRESENT
StorageInit ok = 285008
Raw SecureMode = 0
SecureInit read PBA: 0x4
SecureInit read PBA: 0x404
SecureInit read PBA: 0x804
SecureInit read PBA: 0xc04
SecureInit read PBA: 0x1004
SecureInit ret = 0, SecureMode = 0
GPT part: 0, name: uboot, start:0x4000, size:0x2000
GPT part: 1, name: trust, start:0x6000, size:0x2000
GPT part: 2, name: misc, start:0x8000, size:0x2000
GPT part: 3, name: baseparameter, start:0xa000, size:0x800
GPT part: 4, name: resource, start:0xa800, size:0x8000
GPT part: 5, name: kernel, start:0x12800, size:0x10000
GPT part: 6, name: dtb, start:0x22800, size:0x2000
GPT part: 7, name: dtbo, start:0x24800, size:0x2000
GPT part: 8, name: logo, start:0x26800, size:0x8000
GPT part: 9, name: vbmeta, start:0x2e800, size:0x800
GPT part: 10, name: boot, start:0x2f000, size:0x10000
GPT part: 11, name: recovery, start:0x3f000, size:0x20000
GPT part: 12, name: backup, start:0x5f000, size:0x8000
GPT part: 13, name: cache, start:0x67000, size:0x80000
GPT part: 14, name: system, start:0xe7000, size:0x400000
GPT part: 15, name: metadata, start:0x4e7000, size:0x8000
GPT part: 16, name: vendor, start:0x4ef000, size:0x60000
GPT part: 17, name: oem, start:0x54f000, size:0x20000
GPT part: 18, name: frp, start:0x56f000, size:0x400
GPT part: 19, name: security, start:0x56f400, size:0x1000
GPT part: 20, name: userdata, start:0x570400, size:0x6f0bbdf
find partition:uboot OK. first_lba:0x4000.
find partition:trust OK. first_lba:0x6000.
LoadTrust Addr:0x6000
No find bl30.bin
HashBits:256, HashData:
6cf28742
2df532aa
1ea29e7b
85e4e128
9675b550
859f84c1
c47158c4
9373e8ea
CalcHash:
2a0cacfb
655bd8b6
09989b08
c0ff4464
9d525d13
47eb7212
89197119
20d1a938
bl31.bin_0:CheckImage Fail!
LoadTrust Addr:0x6400
LoadTrust Addr:0x6800
LoadTrust Addr:0x6c00
LoadTrust Addr:0x7000
No find bl30.bin
Load uboot, ReadLba = 4000
hdr 000000000337a380 + 0x0:0x50,0x41,0x52,0x4d,0x66,0x03,0x00,0x00,0x46,0x49,0x52,0x4d,0x57,0x41,0x52,0x45,
Load OK, addr=0x200000, size=0xeb934
RunBL31 0x10000
NOTICE: BL31: v1.3(debug):9d3f591
NOTICE: BL31: Built : 14:39:02, Jan 17 2018
NOTICE: BL31:Rockchip release version: v1.3
INFO: ARM GICv2 driver initialized
INFO: Using opteed sec cpu_context!
INFO: boot cpu mask: 1
INFO: plat_rockchip_pmu_init: pd status 0xe
INFO: BL31: Initializing runtime services
INFO: BL31: Initializing BL32
INF [0x0] TEE-CORE:init_primary_helper:337: Initializing (1.1.0-187-g3f0aafa6 #9 Wed Oct 31 06:28:55 UTC 2018 aarch64)
When connecting USB for flashing the Log shows the detection and do not loop anymore, it is waiting for the process to be initiated by the computer
I try to flash the Android 8.1 firmware without luck because the automatic checks stopped the process before starting
So I tried to flash with Factory Tool 1.6 but also without success, it is checking also before starting the flash process
Searching all over the web I found different versions of these tools and test newer ones but also without success.
After a while I found a Tool called Rockchip Android Tool 2.1 for Rockchip based single board computers.
This tool has much more options to check and flash a Rockchip board over USB.
Most of the checks failed and I figured out that a normal flashing process will always reboot the board into Maskrom mode
It seems that my device is not able to go into Maskrom Mode anymore because after starting the flash process it is reseting and booting normal (bootloop) instead of switching to Maskrom Mode.
A bit of evaluation tells me that the Maskrom Mode can also be achieved by shorting the Flash CLK to ground during boot. (I know a similar process for my Fire HD8 Tablet)
I checked if I can find the CLK line on the board but it seems that it is not accessably from the surface of the PCB.
After minutes of reaserch I figured out that there are also newer version of the Android Tool available and I tested all I can find.
Also Device drivers shall be updated due to a problem report of an Rockchip device singel board computer owner that has also some difficulties working with the tools.
My luck I found RKDevTool 2.52 (The new name of the Android Tool), in this tool a few of the tests for Rockchip devices are working and I was able to flash Android 8.1 and enter the Maskrom Mode sucessfully.
Now that my Device is back alive I will also post some logs and pictures of my device to help others when trying to debrick/reacticate from an unexpected state.

@sandman01
Try this

thanks for your post.
I think I was a bit to euphoric because my box is working again and I only want to share my experiance for others runnign in the same Situation.
It was hard to get all the Information out of the web, from multiple places.

sandman01 said:
thanks for your post.
I think I was a bit to euphoric because my box is working again and I only want to share my experiance for others runnign in the same Situation.
It was hard to get all the Information out of the web, from multiple places.
Click to expand...
Click to collapse
Ok no probs

Can't find those files on Drive anymore, can you please share them? Can't find a place to download RKDevtool
Thanks in advance

Database Users

welcome