Database Users

I need Recovery Partition

How to Access HPA
How to access HPA Partiton and extract all driver

Hello all.
I need Recovery Partition on English.
I talk with Pof he say that me must English Recovery partiton.
Please Send to my.
Thanks in advance!!!

I have sent the copy of my HPA partition to danielherrero which was hagving the same problem as you, and he could recover his vista with it, the problem is that my recovery partition installs a Spanish language Vista, which will not be good for you (as you might not understand spanish), so if someone could dump an HPA in english, this would be useful to people who lost it.
Instructions to dump and restore the recovery partition are on my blog:
http://pof.eslack.org/blog/2008/04/...re-the-vista-recovery-partition-on-htc-shift/

I can if acess to FTP/HTTP server for upload a Image and all software for HTC Shift and access for all people needet

pof said:
I have sent the copy of my HPA partition to danielherrero which was hagving the same problem as you, and he could recover his vista with it, the problem is that my recovery partition installs a Spanish language Vista, which will not be good for you (as you might not understand spanish), so if someone could dump an HPA in english, this would be useful to people who lost it.
Instructions to dump and restore the recovery partition are on my blog:
http://pof.eslack.org/blog/2008/04/...re-the-vista-recovery-partition-on-htc-shift/
Click to expand...
Click to collapse
hello
i dont mind doing that on my english shift..ive had quick look at the page discribing how to do it but being a bit of a thicko it would great if you could send step by step destructions for me..i have the capability of loading it onto external drive where i could give you access to upload..please advise me if you wish

pof said:
I have sent the copy of my HPA partition to danielherrero which was hagving the same problem as you, and he could recover his vista with it, the problem is that my recovery partition installs a Spanish language Vista, which will not be good for you (as you might not understand spanish), so if someone could dump an HPA in english, this would be useful to people who lost it.
Instructions to dump and restore the recovery partition are on my blog:
http://pof.eslack.org/blog/2008/04/...re-the-vista-recovery-partition-on-htc-shift/
Click to expand...
Click to collapse
Yes, It saved my shift from SAT and several weeks out of home. Thanks again Pau
pd: Remove SD when dumping/restoring....
It takes 4 hours to dump or restore.
Pau....Maybe when I copied your fist MB did the trick?

plasticplanet said:
hello
i dont mind doing that on my english shift..ive had quick look at the page discribing how to do it but being a bit of a thicko it would great if you could send step by step destructions for me..i have the capability of loading it onto external drive where i could give you access to upload..please advise me if you wish
Click to expand...
Click to collapse
Basically you need:
~1Gb USB stick
~3,5 Gb of free space on your Vista partition
1) Install Slax on the USB pendrive, follow instructions here:
http://www.pendrivelinux.com/2006/09/20/all-in-one-usb-slaxzip/
2) Reboot your Shift
3) Press Fn+F10 to choose the boot device, select USB pen drive
4) Slax boot menu will appear, choose the first option (KDE)
5) Open a Konsole (Terminal program), right next to the "K" menu in the menu bar.
6) Type the following command:
Code:
# dd if=/dev/hda of=/dev/hda1/shift-vista-recovery.bin bs=1 skip=36773560320
7) This will last about 4 hours, keep your Shift on charger and wait until it finishes. When it finishes you'll see something similar to this:
Code:
3226976256+0 records in
3226976256+0 records out
3226976256 bytes (3.2 GB) copied, 11938 s, 270 kB/s
8) Now reboot into Vista again, the backup of the HPA holding the vista recovery will be in c:\shift-vista-recovery.bin
9) Zip or Rar the 'shift-vista-recovery.bin' file and upload it somewhere, keep in mind this is a big file so you might want to split it in several volumes before uploading it.
10) There is no 10
That's all, feel free to ask if some point is not clear enough.

On Privet messegi send to Pof and plasticplanet FTP access for upload a HPA Partition on English or ES.

pof said:
6) Type the following command:
Code:
# dd if=/dev/hda of=/dev/hda1/shift-vista-recovery.bin bs=1 skip=36773560320
7) This will last about 4 hours
Click to expand...
Click to collapse
not really 4 hours, for me that only did 98MB in 4 hours, and I had to use /mnt/hda1 anyway.
so tell me why is bs set to 1?
is bs=16384 fine? because that's how i did it in the end.
any way to verify the contents?
P.S: oh yes and my shift is hardspl'ed man!!

Probably I am in wrong but that command is dumping the last 3GiB of hda disk to the first partition of the same partition. Wouldnt be safer to dump to the sd or a usb pen?

no, the source is /dev so the hw device, like the whole hdd on windows
and the dest is /mnt/hda1 so the partition like C: on windows
the HPA "partition" is not part of the visible partition. no risk....
and the proper and FAST command is (if you are using the slack usb distro that pof linked to in his description) :
dd if=/dev/hda of=/mnt/hda1/shift-vista-recovery.bin bs=16384 skip=2244480
I assume similar method works for copying it back (the point is bs=16384).
if you want to be sure your shift has a partition of the exact same size, then read dmesg until you find the HPA (host protected area) information, should say what it said for pof and for me:
sda: Host Protected Area detected.
current capacity is 71826615 sectors (36775 MB)
native capacity is 78126048 sectors (40000 MB)
sda: Host Protected Area disabled.
sda: 78126048 sectors (40000 MB), CHS=16383/255/63
(ignore the "sda" part of course)
someone downloaded the backup I uploaded and confirmed it works.

cmonex said:
so tell me why is bs set to 1?
is bs=16384 fine? because that's how i did it in the end.
Click to expand...
Click to collapse
"bs" was set to 1 because I was too lazy to do the maths
Yes, you can increase it as long as you change the "skip" part too.

I have a problem.
I have two shift devices, one got screwed trying to install ubuntu MID and the other one is fine
I've tried your method with dd to the to copy the recovery partition from the working shift however it always fails during the fn f3(same failure that I got even before restored the image). IT starts the restore but fails somewhere along the line at 2%.
I noticed my hpa is at a slightly different location to yours using dmesg. Probably because it has office in it. How do I calculate the seek/skip
Also I tried doing a dd from higher on the drive just to see if I can atleast pick it up as excess got the same error.
Any help guys
btw good work on everything else you all have done

ok i got it..you guys were slightly off in your calculations so i wasn't sure that the address you got was by 512. Anyhow I have the .bin dump for anyone who needs it for the vista with office demo or those who partition size is different to that of the above postings. I also took it a little higher just to ensure i don't miss any of the partition
BTW posting from the previously bricked shift

Could you please stick this thread.
pof
Could you please stick this thread too. It has a lot of useful information.
Thanks
Ram

Hi there
if someone have a german Recovery partition Image for me, please let me know
My new HTC Shift has a Recovery Partiton but don´t boot with this. Don´t know why.
Maybe a recover of this partition may be work
But only for testing, i have made (before starting the Shift first time) a complete Acronis Image

I have a somewhat related question. I've basically busted my Vista recovery partition, long story short, I decided to try out ubuntu mid and didn't realize it was going to wipe my whole hdd (installed on my other laptops the regular images of ubuntu hardy and it asked me to specify partitions etc., but the mid didn't and I was half awake or vice versa).
I have now installed XP, and even though ubuntu mid appears to have wiped the HPA, it is still hidden from windows. I don't plan on going back to Vista (if I have to, I will just throw the thing out, xp just gave it a new lease on life). Is there a safe and easy way to unhide the hidden partition and use it, without having to install linux and without affecting my XP install (took too long to get it running and I'd rather give up the 3GB than have a go at it again, at least not until I really have to)?

I suppose I managed to unhide it, whiped it out and put it together with the rest of my HDD. Though now I used about 3GB with Acronis and created my own hidden/protected partition with XP completely set-up and some essential software. Worked like a charm.

Restore recovery partition
What is the correct command for restoring the rescovery partition bin file?
I used "dd if=/dev/hda of=/mnt/hda1/shift-vista-recovery.bin bs=16384 skip=2244480" to create the dump file.

I need you.
Hello.
I had installed ubuntu 8.04 and it run good, but the resolution was horrible.
With vista, the virtual resolution permits work without external panel, for not very long time, of course.
I don't now what i do wrong, and now i can't recovery the Vista by the recovery partition. I have installd a Vista Bussiness from a copy and with the activation key from my htc shift and it works good.
I wouid like recovery the recovery partition of my htc.
know you where i could get the "shift-vista-recovery.bin" image from?
thanks. and "help" me please

[Q] Boot loop, unable to reach recovery, bootloader strange, Oxygen

Hello, I've spent several hours searching a solution for this problem, both on this forum as well as others. But still unable to find one I try my luck here.
This is the case:
U8800 bought in Sweden a couple of weeks ago. Installed SuperBoot r1 and CWM 4.0.0.5 Perfect Recovery from XDA forums. Installed Oxygen 2.2.2 r4, worked fine until yesterday. When it got stock at the screen lock. Pulled battery and then it was stuck in a boot loop showing only the IDEOS-logo. Tried to get into recovery with Vol+ and power. But still only gets to IDEOS-logo and then reboot after about 10 seconds.
I'm able to get into bootloader (pink-screen) by Vol+, Vol- and Power. Have tried to replace boot.img and recovery.img with others (original backup, CWM 5.0.2.3) in both Ubuntu 11.10 and Win 7). But still unable to reach recovery. And next time I start bootloader and check it's still the same boot.img and recovery.img as it was before I replaced them.
Seems like I'm unable to write to image folder somehow. It looks good when I disconnect it from the computer. Have tried "safe removal" in both Ubuntu and Windows, no difference. Also tried to rename the files to boot_backup.img and recovery_backup.img and then put the new files in there. But next time I start bootloader they are once again restored to how they were before (same file size as before) and the renamed files doesn't exists any more.
Have also tried to install B136 stock ROM via bootloader, looked good at first but when it was finished it said "Installation failed" (or something similar)...
Read somewhere modding the build.prop could cause boot loops, but I haven't touched that and therefore doesn't have any backup of it either.
Any ideas?

Yep, it looks like your bootloader may be corrupt...Do the following:
Boot the phone in Bootloader (pink screen) by pressing Vol+, Vol- and Power and connect the USB cable. Copy all the files you can find on that partition (this will be your backup) and format the partition with FAT32 file system, create a folder named "image" and copy the following files on there.
EMMCBOOT - http://www.mediafire.com/?lb6ifvgk72iru4a
AMSS.MBN - http://www.mediafire.com/?d6r45q6p5gew59v
Recovery.img - http://www.mediafire.com/?57njygc8oianjac
Boot.img - http://www.mediafire.com/?6d5i0714a7o9z97
Once you've done this, take the battery out and boot into Recovery and flash a new Rom (VOL+ and Power.)
Let me know how this goes...

Thank you very much for your help!
However when I try to format the partition windows says it couldn't complete the format. Tried both to right click > format and disk management > format. FAT32/std fast format as well as regular/slow. Neither work. If I do a regular format it goes at normal rate up to 100% and then says the disk isn't formatted...
I don't know if I dare to remove the partition and make a new in disk management, feels like I would screw something else up then?
Any tips?

Have tried to format in Ubuntu 11.10 as well, with the standard tool it didn't complain, but it didn't format it either. Installed GParted and tried that, it did seem to work and said it had successfully formatted it. But yet the image-folder still remains on the boot partition...
Run a systemcheck with the disk management in Ubuntu and it said the file system was OK.
I'm almost out of ideas now...

I don't think you're actually formatting the drive as the "image" folder should be gone once the format is done.
Try using a windows PC, I know that Gparted and Ubuntu can be a bit tricky sometimes...
Also, you've definitely installed the drivers for the cable?
On Windows 7 the drivers are being automatically installed, so maybe you should try that...

I've tried Windows 7 several times (the only Windows I use). It's very weird the files just wont go away. I have taken Shift+Del on the image folder several times and they are removed just as any other files on the computer. Then the next time I connect it the very same files (58 MB) are back! When I do a format the computer shows the disk empty, but when the error window comes up the files are back... In ubuntu GParted shows the partition empty, but after a re-scan the 58 MB are back...
Can try to see if I can make a screen recording to see if I'm doing it wrong somehow.
Thanks for your support!

I have a short screencast on screenr illustrating the problem, but unable to post a link I'll try to describe it.
screenr(dot)com(slash)WMls

Pastasallad said:
I have a short screencast on screenr illustrating the problem, but unable to post a link I'll try to describe it.
screenr(dot)com(slash)WMls
Click to expand...
Click to collapse
Seen your screencast...it's a bit unclear. Sent you a PM, hopefully we'll be able to sort this out.

Same problem here h ttp//forum.xda-developers.com/showthread.php?t=1318647

The bootloader seemed to be beyond rescue. Nothing seemed to help, tried several drivers and computers. But the partition seemed locket somehow, couldn't replace the files. Tried to flash in stock ROM 136 and 138. Both failed unless you removed the cust update file. Then it succeeded, but still bootloop when it restarted.
So the phone is now returned for service.
Thanks katu2006 for all the help!

[Q] dd command is only writing 64k bits to partition

I have a sprint phone that can only get into bulk mode. I followed this guide: http://forum.xda-developers.com/showthread.php?t=2582142 and everything works fine except for the dd command. When I write to a partition (well at least aboot and recovery since those are the only 2 I've tried) and then cmp the image to the partition I just wrote to only the first 64k bits match out of the 1MB partition. I've tried ubuntu fatdog and gparted and all have the same problem. What's weirder is that before I borked my phone I used the Zv8_aboot.img that is around and when I just try to rewrite that image it is still only the first 64k bits that match so it's like I'm not writing to the write part of the partition because the img and the partition should match.
I didn't make a backup of the aboot partition before doing all of this so if anyone else has a sprint phone with a ZV8_aboot.img in the aboot partition, and has access to bulk mode can you use dd to make an image of the partition so that I can try to at least get my aboot back? After that I'll try this: http://forum.xda-developers.com/showthread.php?t=2708466&page=2 to get into fastboot.
Also, for anyone else that has no download mode and no recovery you can get into bulk mode by going into factory reset mode. I can't remember the exact button presses for that but after you are in and you hit power 3 times your phone shouldn't reset (you might have to have a custom recovery installed for that to be the case though) but it will end up going into bulk mode; it did for me anyway.

sorry for responding to my own thread, the edit of the 1st post just wasn't saving
Alternatively does anyone know an alternative to DD?
Update:
Tried on different computer, tried with my tongue sticking out at a 33 degree angle, tried with ddrescue, always the same thing..... fts

Update
I finally looked at the entire hex file for aboot and I found that it seems to write everything fine except for the bits between 65537 and 122880, 64k-120k or sectors 129 to 240 given 512bit sector sizes. This seems really odd. I think my only hope would be getting a good aboot from someone's sprint and writing only to the other sectors and not 129 to 240. Even then I might have to figure out if 129 through 240 aren't changed or are somehow purposefully scrambled when written to through hardware.... this is so lame.
So if you have a sprint phone with a zv7 or zv8 aboot and can get into bulk mode I'd very much like a copy of your aboot.img when you do a raw copy of it using dd.

going to reply to myself cause
I need to help someone in the development forum, so I need 6 more posts to post there

more self posting
self posting is natural there's no need to be ashamed

man this is annoying why 10 posts
If anyone can help me to create a loop back device that maps to the sectors in question, I'd appreciate the help.

ya, i setup a loop back device
losetup -o 65536 --sizelimit 57344 /dev/loop3 /dev/sdi5

Omg it has worked so far!!!!
setting up a loopback device over the sectors that weren't writing correctly has so far worked for aroot... I think I want to do the same for the recovery and see my phone actually boot first though

Works but.....
This is going to take forever, I guess I better figure out how to right scripts since I'm manaully putting in 4 commands to go 64k at a time out of 16MB.... fml

SOLVED
I did it my way..... oh franky

[GUIDE][9008][EDL|QDL][QUALCOMM ONLY] Unbrick via external sdcard (no QFIL!)

How to unbrick by sdcard from 9008 without QFIL
This method works ONLY for qualcomm devices (ANY non-UFS!!) which are already in QDL/EDL/9008 mode!
This method does *not* work for:
Samsung devices in general.
Details:
Samsung is doing things completely different while ofc a qcom based Samsung works with the same principal as "normal" devices. Just the process of building an hnbrick sdcard is different as you can get the pit (partition list) by heimdall but not a flashable gpt. Instead search for "sboot sdcard unbrick" or "sboot sdcard <your model>" . The important part here is "sboot" as that one will be loaded by the iROM when flashed properly (+other stuff).
UFS devices (so not for the G5 or later).
Details:
9008 bricks are not fixable on UFS NAND devices by booting from an SD card. The boot path is stored in QFPROM (on the CPU) and it is something like /dev/block/sdb or /dev/block/sde. On eMMC devices, the boot path is /dev/block/mmcblk0. If you have a 9008 brick, the SD card is seen as /dev/block/mmcblk0 so the phone will boot from it on an eMMC device since that IS the boot path. There is no way to make the SD card appear as /dev/block/sdX. And there is no way to change the boot path once you have a 9008 brick without a firehose. If you have a signed firehose, then you can fix your phone without needing an SD card As for cross flashing. I checked the RSA signature for the H930, H932, H933, and US998 and they are all different. If you flash any of the signed firmware (xbl, abl, hyp, modem, etc) from one of those devices, then you have a 9008 brick and no way to fix it yourself.I didn't bother checking the Verizon or Sprint models since they are even more locked down than the H932 is, but it appears from reading this thread that they have the same key as the US998 (I am not going to waste my time checking).-- Brian
Click to expand...
Click to collapse
If your device is connected and not detected like that the external sdcard method will NOT work for you.
On the LG G4 you can force the sdcard mode by following post #2 . I guess every device has a way to force that mode so google is your friend.
Hint --> If you have no sdcard and own a H815 device (only then) you can make use of these validated QFIL process here
Requirements
1) Ok first of all what you need is Linux. I highly recommend FWUL ( https://bit.do/FWULatXDA ) but any Linux is sufficient if you can handle it.
2) LG models only: you need the latest SALT version ( https://bit.do/SALTatXDA ) which is already included since FWUL v2.5 (one of the reasons why I recommend FWUL).
If you decide to use FWUL and start SALT it should prompt you when an updated SALT version is available. To be sure: just click the Update button in SALT once started.
3) you need an external sdcard which is (to be sure) bigger then your internal storage (the sdcard must have the same size of your internal storage! so in theory a 32GB card should work fine but some cards are sold as 32GB but the real size is less , i.e. 29 GB). Thats the most critical part here as the GPT will be invalid if it does not fit with the sdcard. you can't edit the GPT though as then internal checksum may fail and so it will not work to boot from the sdcard. so ensure you have a bigger sized sdcard to workaround any issues related to this.
4) Another important requirement for that external sdcard is: speed! If you want to ensure that you do not struggle ensure it is at least a class 10 card with UHS. It MIGHT work without UHS and it MIGHT work even on slower cards down to class 4 but when the storage is too slow the device rejects to boot from it as it ran into timeouts and so marking the sdcard as "not good enough" to boot from it.
Of course you can first try a lower speed sdcard but if you encounter issues here then it is likely related to the speed of the sdcard.
5) you need a 100% matching firmware (e.g a KDZ on LG's) for your device model - and very important: with a matching ARB of your current installed firmware!
If your current installed firmware has a higher ARB then the one you flash on the sdcard it will NOT work!
Find out what ARB means here https://bit.do/antirollg4
Steps
1. Boot FWUL (or ur personal Linux)
2. LG models only: Start SALT - ensure that it is v3.5 or higher
3. Extract the firmware file (e.g KDZ) but usually not all partitions are needed - just the bootloader stack
(depends on your device - the following is for any LG G4 model):
Primary GPT
sbl1
aboot
pmic
rpm
tz
laf
sdi
hyp
If you have not all or any of these (first check the note about UFS above) then you must identify your bootloader stack first.
A good start for this is here: https://lineageos.org/engineering/Qualcomm-Firmware but you may have to just try and error here.
For a quick & dirty try: flash every partition which is smaller then 150 MB (i.e. leave out system, cache, userdata and such).
4. Clean dmesg by opening a terminal and type:
Code:
sudo dmesg -c >> /dev/null
5. Connect your external sdcard to FWUL
6. Type this in the terminal:
Code:
dmesg
and find the connect messages there pointing to the device name. usually you see something like "mmcblk0" but sometimes it's different named like sdc or sdd or similar.
We do not need the pXX here. So if you see mmcblk0p1 we need only mmcblk0. If you see a sdc1 or sdd1 we just need sdc or sdd without the number.
7. The device name is needed now! Ensure it has the correct size by typing this in the terminal:
Code:
sudo fdisk -l /dev/mmcblk0
(replace mmcblk0 if you your device is named different in step 6).
This is important because the next step will erase your sdcard completely!
All your data get lost!
So if you choose the wrong one you may overwrite your PC storage in worst case! So double check this before proceeding.
You can do so by disconnecting the sdcard and if the command in this step gives a message about the device cannot be found - connect device again and re-do the above command. if it shows then again your device all is fine
8. Now flash the GPT (partition table) to your device in a terminal:
Change into the folder where you extracted the backup. If you leaved the default on SALT it's /tmp/extracteddz:
Code:
cd /tmp/extracteddz
sudo -s
dd if=PrimaryGPT.gpt of=/dev/mmcblk0 (replace mmcblk0 if you your device is named different in step 6)
sync
hint: do not close the terminal
9. Disconnect the sdcard and connect it again
10. Now flash the rest in a terminal:
First check if the GPT has been flashed fine:
Code:
ls -la /dev/disk/by-partlabel/
if you get nothing as a result or an error message something went wrong. Go back to step 4!
Move to the folder where you extracted the backup. If you leaved the default on SALT it's /tmp/extracteddz:
Code:
cd /tmp/extracteddz
LG G4 - ONLY - Flashing instructions for locked or official unlocked phone (If you UsU'd your device skip this!)
Code:
dd if=sbl1.bin of=/dev/disk/by-partlabel/sbl1
dd if=aboot.bin of=/dev/disk/by-partlabel/aboot
dd if=hyp.bin of=/dev/disk/by-partlabel/hyp
dd if=pmic.bin of=/dev/disk/by-partlabel/pmic
dd if=rpm.bin of=/dev/disk/by-partlabel/rpm
dd if=tz.bin of=/dev/disk/by-partlabel/tz
dd if=laf.bin of=/dev/disk/by-partlabel/laf
dd if=sdi.bin of=/dev/disk/by-partlabel/sdi
[B][COLOR="Red"][SIZE="4"]sync[/SIZE][/COLOR][/B]
Do [B][U]not forget[/U][/B] that last ("sync") command!! Otherwise it will very likely not work!
LG G4 - ONLY - Flashing instructions for an UsU'd device
Besides the KDZ extract you also need to grab the UsU unlock zip of your device model first then do this:
Code:
dd if=sbl1.bin of=/dev/disk/by-partlabel/sbl1
dd if=hyp.bin of=/dev/disk/by-partlabel/hyp
dd if=pmic.bin of=/dev/disk/by-partlabel/pmic
dd if=rpm.bin of=/dev/disk/by-partlabel/rpm
dd if=tz.bin of=/dev/disk/by-partlabel/tz
dd if=sdi.bin of=/dev/disk/by-partlabel/sdi
dd if=laf_UsU.img of=/dev/disk/by-partlabel/laf
dd if=aboot_UsU.img of=/dev/disk/by-partlabel/aboot
dd if=rawres_UsU.img of=/dev/disk/by-partlabel/raw_resources
[B][COLOR="Red"][SIZE="4"]sync[/SIZE][/COLOR][/B]
Do [B][U]not forget[/U][/B] that last ("sync") command!! Otherwise it will very likely not work!
11. Now everything is prepared. Take out your sdcard. Take out the battery and disconnect cable. Plugin the external sdcard. Put battery back.
Start the device in fastboot mode and use fastboot flash partition imagename.img
If there is no fastboot possible open the download mode.
For example on the LG G4:
Press volume up (only this) and keep it pressed.
Then connect USB cable while still keep the pressure on volume up for 20 seconds.
The download mode should come up.
Congrats you can now use e.g. LGup (or for Samsung, ODIN etc) for unbricking by flashing a regular firmware on it (beware of the ARB again).
Have fun! :highfive:
Support / TG group
Of course in this thread but also by Telegram. I have created a generic group for all stuff around Android : here.
Note:
be polite, don't ask to ask, be patient(!), respect the timezones, help others.
,-

Force SDCARD boot
How-To force booting from sdcard (LG G4 only) (e.g. when the device is NOT in 9008 / QDL mode)
You may know the 2-pin-bridge method which can enforce the 9008/QDL mode (on the back of the main board which is shown when disassembling the back cover).
Now you may think: you can enforce that mode by bridging these pins and then you could boot from sdcard as this guide here says 9008 mode is a requirement.
The answer is: NO. This will NOT work!
But there seems to be a way (which I personally never have tested!) to force that sdcard boot by doing the following.
Be aware: You do this on your own risk! Do not cry if something is failing/destroyed/whatever. Its totally up to you to proceed or not but its on your own risk like always when following guides.
prepare the sdcard as described in the above guide
insert the sdcard in the device
remove battery of the device
unplug usb cable
disassemble the back cover by loosen all screws
disassembling the mainboard like described here: fixit guide
on the FRONT of the mainboard find 5 (DAT0) and 6 (GND) as shown in the picture:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
bridge these both and while bridging plugin the usb cable - WITHOUT TOUCHING anything with your fingers/body/soul on the mainboard!!!!
Keep thumbs pressed.. it may work if you flashed the correct files, with a matching ARB, in a correct way and [fill-on-on-whoever-u-believe-in] is with you

marzsalim said:
5. Connect sdcard with mobile ? Or sdcard just connect to pc? Please reply to me
Click to expand...
Click to collapse
Like I wrote to FWUL so yes to your PC where FWUL is running
Sent from my LG-H815 using XDA Labs

it seems either ubuntu 17.10 messes something up or salt 3.6-6 stable can't find partitions and i've downloaded two different h812 kdz.

commandervadeo said:
it seems either ubuntu 17.10 messes something up or salt 3.6-6 stable can't find partitions and i've downloaded two different h812 kdz.
Click to expand...
Click to collapse
This is happening to me too?

commandervadeo said:
it seems either ubuntu 17.10 messes something up or salt 3.6-6 stable can't find partitions and i've downloaded two different h812 kdz.
Click to expand...
Click to collapse
Shepxda said:
This is happening to me too?
Click to expand...
Click to collapse
upload the log after extracting a KDZ:
advanced menu -> Logfile -> upload button -> share the link

steadfasterX said:
upload the log after extracting a KDZ:
advanced menu -> Logfile -> upload button -> share the link
Click to expand...
Click to collapse
No, you see, when you select the KDZ and the location to extract to, no partitions are available to choose from. It's just a blank page

Shepxda said:
No, you see, when you select the KDZ and the location to extract to, no partitions are available to choose from. It's just a blank page
Click to expand...
Click to collapse
Yes. After this do what I said above. Give me the log.
Sent from my LG-H815 using XDA Labs

Hi, I have an H811 bricked this way, as it is bricked, I cannot check antirollback on phone's android.
On the rear label (the one with serial number near to battery) I can see model (H811) and it says H/W 1.0, S/W V10d
I search and saw that there is not V10d kdz for H811, is that data useful? Which kdz will be the best choice to use?

birry said:
Hi, I have an H811 bricked this way, as it is bricked, I cannot check antirollback on phone's android.
On the rear label (the one with serial number near to battery) I can see model (H811) and it says H/W 1.0, S/W V10d
I search and saw that there is not V10d kdz for H811, is that data useful? Which kdz will be the best choice to use?
Click to expand...
Click to collapse
do you remember at least if you had installed Android marshmallow or lollipop? Any chance that you have made a TWRP backup in the past? Or did you never unlocked your device?
Sent from my LG-H815 using XDA Labs

steadfasterX said:
do you remember at least if you had installed Android marshmallow or lollipop? Any chance that you have made a TWRP backup in the past? Or did you never unlocked your device?
Sent from my LG-H815 using XDA Labs
Click to expand...
Click to collapse
Never upgraded Android, I guess it was lollipop. No backups or unlock also, it just bootlooped and I bricked it trying to install a H812 image with lgup (I know which image I tried if it is useful, I remember editing a value because lgup was refusing to install h812 image on the h811, I didn't find h811 image for lgup bootloop flashing fix).
This was my reference when I destroyed the phone [emoji14]
https://www.reddit.com/r/lgg4/comments/45gfg2/dae_g4_series_msm_big_core_disable_tool_guide/

birry said:
Never upgraded Android, I guess it was lollipop. No backups or unlock also, it just bootlooped and I bricked it trying to install a H812 image with lgup (I know which image I tried if it is useful, I remember editing a value because lgup was refusing to install h812 image on the h811, I didn't find h811 image for lgup bootloop flashing fix).
This was my reference when I destroyed the phone [emoji14]
https://www.reddit.com/r/lgg4/comments/45gfg2/dae_g4_series_msm_big_core_disable_tool_guide/
Click to expand...
Click to collapse
well..omg..
ok so the h812 has no ARB. The h811 has. Here is the reason for your hard brick. Do not cross flash random files without knowing what you do really.
Start with 10h which is ARB 1 for the h811: http://downloads.codefi.re/autoprime/LG/LG_G4/H811/H81110H
download the single files or the KDZ and use SALT to extract. then follow the rest of the guide above.
if that fails to boot go on with ARB 2 : http://downloads.codefi.re/autoprime/LG/LG_G4/H811/H81110N
I would not recommend to go further then that as u otherwise will increase your ARB for sure.
The next step if that all above still fails would be to use QFIL with proper files for the h811 but beware: there are QFIL files marked as h811/h815/... which in fact are converting your device to a ls991. Best is to search XDA for other users reports which files gave them a good result.
Last but not least if your device is ARB 3 or higher all the above will fail (including the QFIL method) and your only chance to bring back life is the sdcard method described here but using ARB 3 or higher files.
.

I hate to say it but Im here....
LGG4 - 815eur - new frankenphone (new to me, chinese refurb) - received jan
never had a sim in it. only kept it on to see how long the battery would last in idle mode (airplane mode on, no wifi active)(14 days!) - LGUP to MM
still stock - no google play services installed yet, I was waiting for the UsU (woohoo steadfasterX!!, where do I send my bounty contribution?)
I was downloading all the required files for FWUL / Virtual Box last night, I was going to spend the afternoon getting to know the process/Arch linux, before attempting to mess with my phone... I was adjusting the pull down notification settings and it froze.
I waited till this AM, hoping maybe it would sort itself out. NOPE. Battery at 0.
Im at the logo bootloop with pulsing blue LED.
I have read the entire thread, I wanted to make sure that this workaround is the proper "fix" for this type of bootloop.
I was at v20k IIRC and I know for a fact my ARB was 0.
Im not sure where to dl the required files from several sources Ive tried, dont leave me feeling confident its a trusted source.
Any thoughts on what may have happened?
cheers
ac

steadfasterX said:
well..omg..
ok so the h812 has no ARB. The h811 has. Here is the reason for your hard brick. Do not cross flash random files without knowing what you do really.
Start with 10h which is ARB 1 for the h811: http://downloads.codefi.re/autoprime/LG/LG_G4/H811/H81110H
download the single files or the KDZ and use SALT to extract. then follow the rest of the guide above.
if that fails to boot go on with ARB 2 : http://downloads.codefi.re/autoprime/LG/LG_G4/H811/H81110N
I would not recommend to go further then that as u otherwise will increase your ARB for sure.
The next step if that all above still fails would be to use QFIL with proper files for the h811 but beware: there are QFIL files marked as h811/h815/... which in fact are converting your device to a ls991. Best is to search XDA for other users reports which files gave them a good result.
Last but not least if your device is ARB 3 or higher all the above will fail (including the QFIL method) and your only chance to bring back life is the sdcard method described here but using ARB 3 or higher files.
.
Click to expand...
Click to collapse
Cool!! It worked like a charm with H81110H file :laugh::laugh::laugh:
Now I can run it into download mode and I could see that info on SALT:
Device model: LG-H811
Firmware (laf): H81120v
Firmware (system): LGH811AT-01-V20v-310-260-APR-25-2017-ARB03+0
Carrier: TMO
Country: US
UsU: no
GPT compatibility: H811
LAF protocol: 1000001
AntiRollBack: 3
I don't want to make a mistake so now that it boots in download mode I will wait for options, which is the best choice now? Updating it with a .tot with LGUP (for the bootloop) or installing other rom (perhaps one with bootloop workaround)
Thanks for your great work!

Vishnuisgod said:
I hate to say it but Im here....
LGG4 - 815eur - new frankenphone (new to me, chinese refurb) - received jan
never had a sim in it. only kept it on to see how long the battery would last in idle mode (airplane mode on, no wifi active)(14 days!) - LGUP to MM
still stock - no google play services installed yet, I was waiting for the UsU (woohoo steadfasterX!!, where do I send my bounty contribution?)
I was downloading all the required files for FWUL / Virtual Box last night, I was going to spend the afternoon getting to know the process/Arch linux, before attempting to mess with my phone... I was adjusting the pull down notification settings and it froze.
I waited till this AM, hoping maybe it would sort itself out. NOPE. Battery at 0.
Im at the logo bootloop with pulsing blue LED.
I have read the entire thread, I wanted to make sure that this workaround is the proper "fix" for this type of bootloop.
I was at v20k IIRC and I know for a fact my ARB was 0.
Im not sure where to dl the required files from several sources Ive tried, dont leave me feeling confident its a trusted source.
Any thoughts on what may have happened?
cheers
ac
Click to expand...
Click to collapse
This unbrick will work only when you bricked your phone. It's not an ilapo fix and your description sounds like one. Your best chance is using a modded boot image with just 4 cores enabled. That requires an unlocked phone though.. There is a guide from me to create such boot images here on XDA.
birry said:
Cool!! It worked like a charm with H81110H file :laugh::laugh::laugh:
Now I can run it into download mode and I could see that info on SALT:
Device model: LG-H811
Firmware (laf): H81120v
Firmware (system): LGH811AT-01-V20v-310-260-APR-25-2017-ARB03+0
Carrier: TMO
Country: US
UsU: no
GPT compatibility: H811
LAF protocol: 1000001
AntiRollBack: 3
I don't want to make a mistake so now that it boots in download mode I will wait for options, which is the best choice now? Updating it with a .tot with LGUP (for the bootloop) or installing other rom (perhaps one with bootloop workaround)
Thanks for your great work!
Click to expand...
Click to collapse
You're referring to what TOT? The one containing just the aboot?
Sent from my LG-H815 using XDA Labs

steadfasterX said:
This unbrick will work only when you bricked your phone. It's not an ilapo fix and your description sounds like one. Your best chance is using a modded boot image with just 4 cores enabled. That requires an unlocked phone though.. There is a guide from me to create such boot images here on XDA.
You're referring to what TOT? The one containing just the aboot?
Sent from my LG-H815 using XDA Labs
Click to expand...
Click to collapse
Yes, anything that patches the bootloop. I am a bit confused with partition structure, the cpu workaround is done editing something in the aboot partition?
I just would like to patch the bootloop (I prefer to have the four tiny cores enabled instead of just one as it normally does and installing stock Rom).

birry said:
Yes, anything that patches the bootloop. I am a bit confused with partition structure, the cpu workaround is done editing something in the aboot partition?
I just would like to patch the bootloop (I prefer to have the four tiny cores enable instead of just one as it normally does and installing stock Rom
Click to expand...
Click to collapse
There are 2 patches available. The one with tot and the boot image one.
The TOT one which is something between 4 and 10 MB contains just the aboot one and disables the cores in the aboot itself.
The boot image one is made in the kernel cmdline
Both have the same effect.
The difference : the TOT aboot fixes it permanently (as long as you don't reflash a kdz/tot again). So you can flash custom ROMs without needing to care about it.
The boot image adjustment instead does not touch your aboot but needs to be done on ever new boot image you want to use.
Sent from my LG-H815 using XDA Labs

So then I have the patch that just contains the aboot partition (files are of exactly 4mb)
Downloaded from here: https://www.reddit.com/r/lgg4/...m_big_core_disable_tool_guide/
The problem is that there are several models in the file that I downloaded from there but H811 is missing, I cannot find a tot with just aboot for H811, is this really available? I would prefer to write a tot with just aboot that leaves all cores enabled and the faulty ones disabled, not just one core enabled as those tots does.

birry said:
So then I have the patch that just contains the aboot partition (files are of exactly 4mb)
Downloaded from here: https://www.reddit.com/r/lgg4/...m_big_core_disable_tool_guide/
The problem is that there are several models in the file that I downloaded from there but H811 is missing, I cannot find a tot with just aboot for H811, is this really available? I would prefer to write a tot with just aboot that leaves all cores enabled and the faulty ones disabled, not just one core enabled as those tots does.
Click to expand...
Click to collapse
Afaik there is none for the h811 and I highly recommend to not use any of the others to avoid bricking your phone again. So it seems you're stuck with modifying boot images
Sent from my LG-H815 using XDA Labs

Ok then, I will try this firmwares: https://forum.xda-developers.com/g4/general/guide-lg-g4-stock-firmware-to-stock-kdz-t3107848
Consider that ARB is 3, which firmware would be the correct one to use?
Edit: now after a pair of boots it started to get download mode in a random way, sometimes it does and sometimes it does not, could it be because I used a ARB 1 extrated kdz?

MK903V Firmware Imaging using AndroidTool v2.3

Hi,
I do have some MK903V TV Sticks that came with Android 4.4.2 and some with Android 7.1.
I thought I could potentially just clone the complete flash from one device to another using AndroidTool v2.3, but that failed.
I used "ExportImage" from "Advanced Function" to export the flash from 0 to 0x00E90000. I then selected the exported file and flashed it to Address 0x00000000 and name "system" using the "Download Image" tab.
The AndroidTool said it uploaded the file and verified okay. But after that I re-exported few blocks from 0x0 and found that the flash was not overwritten. The device did not boot (no HDMI signal).
I re-exported the system partition and found that it wrote the full backup into the system partition instead.
So basically the Tool used the "name" column and completely ignored the "address" column?
Is there a way to just write the complete flash using AndroidTool v2.3 ignoring partitions? I basically just want to mirror a device to another.

Okay, so I guess I understood that "LOADER" is actually aware of all partitions on the device and also their use/format. The "Address" column seems to be ignored completely. I guess this is only relevant for "MASK ROM" mode devices?
I found out by trying to write to "parameter" partition, hoping it would write to 0x00. But instead it wrote into the first partition at 0x08 and properly wrote the header in front of it with the size of the written data.
So, I now know how to properly extract the "parameter" image from another device and I assume all other partitions can be simply dumped and written without any magic happening to them? But I need to write them partition by partition?

For my understanding... The LOADER mode / the green "Loader" row in AndroidTool is something that is not on the flash, right? But it obviously reads the flash and its partitions.
If I'm right, I cannot brick the device as long as I don't flash a different "Loader" (which I don't have anyways as I cannot extract it from another device).
But: When I mess up the "parameter", will LOADER mode still boot fine and allow me to rewrite "parameter"?
Is "Loader" always booting "uboot" next, which then decides on booting into "kernel" or "recovery" if "R" is pressed?

Okay, I have so many questions and I can't really find any documentation :/
So at least I'll continue my self conversation here.
The bootloader of the RK3288 - and I'm still not sure what exactly it is - has two modes, LOADER and MASKROM.
I think in LOADER mode it is aware of partitions and makes sure users can only flash data to specific partitions. However, you can also update the partitions (and other stuff?) by writing to "parameter", which is part of the first few blocks of the flash.
In MASKROM mode it is not aware of any contents of the flash and you can basically write over the complete flash. In this mode the AndroidTool will actually use the Address column to flash data (I think).
I'm not exactly sure what triggers MASKROM mode but I guess the bootloader boots MASKROM mode if it cannot find "valid" data on the flash.
For example
erases the Flash and IDB, which forces the device from LOADER into MASKROM mode.
I also found lots of instructions that tell you to short two pins on the NAND Flash chip of the device to trigger MASKROM mode. None of these instructions tell you why you do it and how it works, but I guess it just disables the Flash so the bootloader reads back all zeroes or anything like that?
I also cannot find any information what IDB is, what it stands for and where it is stored, but it seems to play an important role here :/
There are multiple Versions of the "bootloader". e.g. https://github.com/neo-technologies/rockchip-bootloader / https://forum.xda-developers.com/t/rk-bl-rockchip-bootloader-collection.3739510/ lists RK3288Loader_uboot_Apr182014_155036.bin, RK3288Loader_uboot_Apr212014_134842.bin, RK3288Loader_uboot_V2.17.02.bin, RK3288Loader(L)_V2.17.bin, RK32xxLoader(L)_uboot_V2.15_replace_ddr.bin
They obviously do some things differently, but I'm not sure if this is relevant for "normal" operation of the device or just if you need to do special things. e.g.
Running Android or Linux from an SD card on a RK3288 device - An easy way to dual boo
If you are interested in dual booting Android and Linux on your RK3288 device or you simply want to try a different Android ROM or Linux distro without flashing the device, then use this method of booting from an SD card. You will need a PC...
forum.xda-developers.com
says that RK3288Loader_uboot_V2.17.02.bin is required to boot from SD card. So earlier versions can't do that?
Can I flash these Loaders to any RK3288 device (I guess?) or are they device specific? Can I downgrade? Can I flash them in LOADER and MASKROM mode? Many things I don't understand properly...
The filenames usually contain "uboot". I guess that's not because they include uboot, but because the bootloader starts U-Boot from the "uboot" partition on a regular boot?