Previously I tried to write TA backup file of my F8132 (HK Variant) into its partition, then I found that the warning message showed before SONY boot logo disappeared.
But I need to flash a stock firmware to prevent boot failure since signature will be verified before booting. Actually the phone is relocked with DRM features come back, just like a locked new phone. The camera focus is OK. and X-Reality works fine, etc. You can get OTA firmware updates again.
After that, I tried to unlock bootloader again by flashtool. Since we know that the data will be completely erased during the boot after unlocking. I tried to erase boot and FOTAKernel partition by fastboot. Of course the phone can't boot without a kernel, and the data will not be erased automatically. I used fastboot to boot a TWRP recovery image directly.
Finally the phone booted into recovery mode, but the data partition was encrypted and I should input a password, or erase it. So I had to format the partition. Then I checked the cache partition and found out that the OTA firmware will be download to /storage/emulated/0/recovery/update-package. Maybe it's simply a zip file, but I'm too late to check it. (Maybe I can get it the next time after an OTA download finished Now I found that it is not a zip file). But the most interesting thing I found was that I received the Nougat OTA update of 39.2.A.0.327, after I formatting the data partition! At this moment I'm in unlocked Marshmallow 35.1.A.0.297 and AndroPlus Kernel v12 with DRM fix. However, there is something different from normal unlocked phone with DRM fix. The SECURITY test which shows the DRM keys said:
Code:
WIDEVINE [Key OK] [Active]
CKB [Key OK] [Active]
HUK: ****************
PRODID_AID : 0004
OTP_LOCK_CONFIG : 1555
OTP_LOCK_STATUS : LOCKED
AUTH_ENABLE : 07
DEVICE_ID : ********
[B]FIDO_KEYS : Not provisioned[/B]
Factory Reset Reason: virgin,notimestamp
I have checked with my friends, and found out that:
If it has not been unlocked yet, the FIDO_KEYS will show Provisioned;
If it has been unlocked, and without DRM fix, the HUK will be generic error!, and FIDO_KEYS will be Not provisioned, SUNTORY error;
if it has been unlocked, but with DRM fix, the FIDO_KEYS will show Not provisioned, provision failed.
The camera and X-Reality works fine, and I finally get the Nougat OTA package for 297, but I can't unpack it now.
It's interesting because if you unlock the phone, then reboot to let it erase the data partition by itself, finally flash a DRM fixed kernel, you will not receive an OTA firmware update (but you can update the system apps). So I guess I skipped some changes to TA partition during the manual erase of those partitions. I plan to study it when I'm free in holidays.:fingers-crossed:
This is probably just becoz of the drm fix in androplus work so well that it fake the system that the phone is in LB status. U can try do that OTA in UB but it will fail
KWOKSFUNG said:
This is probably just becoz of the drm fix in androplus work so well that it fake the system that the phone is in LB status. U can try do that OTA in UB but it will fail
Click to expand...
Click to collapse
I use the fix all the time, but I have never received OTA before. And I think I can just flash stock kernel and recovery to let it update successfully if I don't modify the system partition, maybe.
How about this?
You can build your own kernel with drmfix and DK.ftf (if you've backed up TA partition prior to unlock the bootloader).
Related
Droid Turbo XT1254 Marshmallow->Lollipop downgrade (unlocking bootloader)COMING SOON?
*this is new thread because I started last as Q&A by mistake so first 2 pages may look off with posts and answers.
DOWNGRADING EXPERIMENT TOPIC
So as you may know , after upgrading to Marshmallow OTA, on locked bootloader there won't be any option to unlock bootloader (ever as some people say) , sunshine officially doens't support Marshmallow. The only option is to downgrade which again isn't possible on locked BL..
Or is it ?
Introduction - skip to DOWNGRADE
First of all I'm not an programmer , but have some experience with locked down motorola's bl's , firmware's ,downgrades and so on..
I'm sure when somebody says impossible, it doesn't really mean impossible, but rather not worthy to some. So in my case I bought the phone few days ago, wasn't fully up to date with infos on unlocking BL so didn't check FW version when buying , just after I checked and phone was updated on MM 1-2 days before buying it. On not unlockable BL phone will become useless to me very soon, while unlocked I would plan to have it for long period of time. It goes in Verzion's favour for me to ditch the phone and buy a new one except I'm not in USA , there are no Verzion services in my country and if there were I would never ever buy (again) anything from Verzion. Well I lived in Japan , and there is network Softbank which is well.. Imagine Verizon but on steroids when it comes to tying people down, locked bootloaders and software, insane fee's and so on.. Well that Softbank bough Verizon some time ago .. I was avoiding them at all cost, but on to the topic now.
DOWNGRADE - fastboot
I would like to invite everybody who is interested in this and who can help to participate in this. Every programmer that has time and can contribute would be greatly appreciated! In return I'm willing to sacrifice my phone and my time , even paying some reasonable donations.
While experimenting in the end I was able to flash all bootloader files from various different versions including all partitions related to it which gets upgraded. Even managed to flash XT1250 MM bootloader. Bootloader version DOES change in bootloader / fastboot ,But it doesn't mean ANYTHING. While downgrading , something else, possibly other parts of bootloader obviously search for match and there is more to it than simple bootloader , more experienced , chime on in here! SElinux enforcing? Verity?
(see attachments)
SU4TL-49 bootloader.img to motoboot flash - Successfully
SU4TL-49 manually flashing 1 by 1:
tz.mbn -[/B] Successfully
SBL1.mbn (bootloader) - [/B] Successfully
sdi.mbn - [/B] Successfully
fsg.mbn to mdm1m9kefs3 - [/B] Successfully
rpm.mbn - [/B] Successfully
emmc_appsboot.mbn to aboot - [/B] Successfully
gpt.bin to "partition" , it's the partitions info partition, people say it can't be downgraded or flashed cross versions. After some experimenting mfastboot failed but fastboot succeded, on some versions mfastboot worked - [/B] Successfully
What I can't get to downgrade / cross flash no mather which bootloader and combinations of firmware im on :
boot.img
recovery.img
system,img (sparse_chunk files)
I will go deeper, but hope that new full firmware SBF will be released soon in case of brick. Verzion is slow. I'm making my own full 6.0.1 xml.zip based on full flashable zip's , repacked system.img sparsechunks, rewrited the script but can't get to flash system files due to invalid signed image. Any help with that? It would also help already bricked guys because who knows when'll Verzion release it..
Downgrade OTA way , stock Android Recovery
While stock android recovery is pretty much useless, it can do software upgrades OTA on a fully stock system , which we on locked bootloaders and MM have.
In my opinion , the way is to trick stock recovery into thinking it's flashing ota, and that whole envieroment is like recovery is expecting it while it's actually flashing downgraded version full / close to full firmware in combination with you flashing some partitions manually through fastboot. OTA's contain only "patch" and just replaces files which get changed on new SW. Or even maybe reverse OTA downgrade?
I've made my own update.zip and signed it , but so far get footer size is wrong error so can't flash it .. Need more help here too..
That looks promising!
Marshmallow feels slower than lollipop for me and I wish I could downgrade but I just can't!
I am looking forward to see what you can do about this issue
Good luck bro!
sorry for my mistake, I do not intend to comment here
@EjđiSixo
How to remove the "signed" of system image or bypass it? Fastboot or RSD are stuck at flashing system image. Does this "sign" relate to boot, recovery, partition? Or it's simply the "sign" to prevent downgrade???
I've never succeeded with partition downgrade...
---------- Post added at 10:29 PM ---------- Previous post was at 10:19 PM ----------
when I was flashing the only system.img (3GB), it said that "wrong at header magi". But after a bit time, fastboot separated the file and began to flash. But still failed because of signed image.
I've tried to remove the code from updater-script but it could not write files to system
Not out yet!
Thanks! I think if we all try , we can do it ! For now main focus is downgrading anyhow, even to half working Lollipop just in the purpose of unlocking bootloader with sunshine.
@mr_5kool
Feel free to comment and ask / suggest, thats what this topic is for!
Unforutenately thats the part I haven't yet figured out myself. It is a " permissions" to prevent the downgrade , bootloader and possibly something else checks current version / keys / properly signed image and then flashes. With other bootloader I'm still not able to flash it because it's obviously locked. Motorola probably signs their images differently.
You can't flash 3GB image because when flashing, phone recieve's partition first to ram so max download size is set to 255mb per file. You have to repack system.img to sparse chunks. But you don't have to bother with it , I already repacked system.img which I found at fully stock flashable MCG24.251-5 . It again failed due to invalid signed image . If we could figure out what is exactly signed and how , that would open a lot more possibilities. Possibly even flashing prerooted roms on locked bootloader. There are more possibilities , who knows..
Currently the only thing notices downgrade when flashing is recovery. In bootloader log says I tried to downgrade. Even with downgraded bootloader (kind of, there is sbl2 and sbl3 but they don't get upgraded )
Anyway, I tried something just for the "gags" . Flashed all partitions of XT1250 bootloader. Got to Motorola's site, posted "unlock bootloader data". It returned it's not unlockable of course.. The first sequence of numbers in data is your imei , it starts with 99 and it's verzion's specific imei.
My theory is that motorola ties unlock bootloader data to every phone and imei and stores it in database ( please confirm) . So even with moto maxx bootloader I can't unlock because :
1 it reads my verzion imei
2 it doesn't find alltogether data in the database..
I don't know what are other numbers in the data you get from fastboot, possibly some serial numbers and so on, haven't really checked it .. That's why i think this method is not possible at all for now. Manipulating that data in your phone and running it through motorola's site knowing that exact same code works for some device might be possible, but I think there is really way too much impossible messing involved. If somebody can share more about this?
lol
http://forum.xda-developers.com/dro...ficial-marshmallow-build-mcg24-t3512813/page2
I've renamed it like suggested in the post #11
Download link is at 1st page. It's just a OTA.
Yes I just renamed it.
IT DOESN'T WORK WITH ADB AND YOU CAN'T FLASH IT AGAIN THROUGH RECOVERY. ITS OTA.
EDIT: The post that I was responding to has been removed.
The method to downgrade from Lollipop to Kitkat is the same with what I've done. It may be possible. Some said that "impossible to downgrade with locked bootloader on vrz". So the system image may be signed with bootloader (or imei, serial or something else, god know).
The unlock method of Sunshine takes place in Trustzone (sbl2). They cannot get unlock code.
You succesfully downgraded LL to KK on droid? There is partition for trust zone alone "tz.mbn" , downgradable without any problem. I only see sbl1 get's upgraded on droid turbo , never saw in any firmware sbl2 or 3 yet.. So I'm little confused.. I remember I saw some PDF regarding that..
Yes, successfully downgraded 5.1 to 4.4.4 on Droid Turbo but with unlocked bootloader. I helped this guy.
http://forum.xda-developers.com/droid-turbo/help/solved-problem-downgrade-install-ota-t3497791
http://forum.xda-developers.com/droid-turbo/help/how-to-downgrade-lollipop-5-1-to-kitkat-t3494459
Finally managed to *Brick my devices while trying to make latest sbf firmware (what an irony ) because used some of files from that stupid OTA . Tried flashing all possible firmware I have but it doesn't fix it so system got corrupted probably and for now didn't succed flashing any of the available systems. Flashing MM recovery doesn't help. It's a " recovery loop".
Basically phone starts , vibrates , goes into recovery, it says "erasing" , it does the factory reset then restarts and over and over again erasing restarting loop.
I'll continue exploring downgrade options but top priority now is making working marshmallow sbf or waiting for stupid Verzion to release it already. Just checked with SUA and it still doesn't show repair so firmware isn't available still.
Biggest problem is signed system images which are probably signed by RSA and I need help with that..
I have same problem erasing
Can't flash SU4TL gpt.bin anymore , so success was definitely connected to experiment and steps I did so I'll investigate more.
@EjđiSixo
I have never tried before. My Moto X2013 failed to downgrade from LL to KK, too. So, it's the common problem of Verizon Motorola Devices.
If you have problem with "erasing", just enter recovery by "hold power button for a while then fast press volume up button". Phone will enter recovery and do the factory reset. But when rebooting the system, "erasing" appear again.
If partition is dead, flash the higher version, commonly gpt and tz.
PS: still waiting for the official xml firmware
ChazzMatt said:
Yes, successfully downgraded 5.1 to 4.4.4 on Droid Turbo but with unlocked bootloader. I helped this guy.
http://forum.xda-developers.com/droid-turbo/help/solved-problem-downgrade-install-ota-t3497791
http://forum.xda-developers.com/droid-turbo/help/how-to-downgrade-lollipop-5-1-to-kitkat-t3494459
side note, I hate this Q&A format. Not sure why XDA even has it. You can't even format URL links correctly.
Click to expand...
Click to collapse
mr_5kool said:
@EjđiSixo
I have never tried before. My Moto X2013 failed to downgrade from LL to KK, too. So, it's the common problem of Verizon Motorola Devices.
If you have problem with "erasing", just enter recovery by "hold power button for a while then fast press volume up button". Phone will enter recovery and do the factory reset. But when rebooting the system, "erasing" appear again.
If partition is dead, flash the higher version, commonly gpt and tz.
PS: still waiting for the official xml firmware
Click to expand...
Click to collapse
I wonder if there is any way to force Verizon to release firmware. This is really low of the lowest, it says 1 week after OTA , now it's almost 1 month. Until somebody forces them , it can be months as far as they are considered. No help from developers / programmers either on any of 2 subjects so don't see my method of full MM SBF working.
god know
:v
ChazzMatt said:
Yes, successfully downgraded 5.1 to 4.4.4 on Droid Turbo but with unlocked bootloader. I helped this guy.
http://forum.xda-developers.com/droid-turbo/help/solved-problem-downgrade-install-ota-t3497791
http://forum.xda-developers.com/droid-turbo/help/how-to-downgrade-lollipop-5-1-to-kitkat-t3494459
Click to expand...
Click to collapse
Exactly brother .
I solved my problem .
I can downgrade from Marshmallow to lollipop is very easy for my ..
But first step is unlocked bootloader from lollipop..
Sent from my XT1254 using XDA Free mobile app
Yeah people , we all know everything can be done with unlocked bootloader. It's a GOD mode. Nothing strange about downgrading with unlocked BL. This topic is for people stuck on locked BL like myself to try to odowngrade on lollipop only in purpose of UNLOCKING BL. So let's for now focus on locked BL's.
Hi,
is it possible to relock the bootloader to original factory mode.
fastboot oem lock (will erase userdata)
Also you should restore the fbop partition: /dev/block/bootdevice/by-name/fbop
For more reference see:
https://forum.xda-developers.com/axon-7/help/lock-unlocked-bootloader-t3444044
https://forum.xda-developers.com/showpost.php?p=68738854&postcount=100
Also please don't open a thread to a question that has already been answered several times.
After i unlocked bootloader my phone now is recognized as A2017U. When i relock it will it then recognized as original A2017G ?
I am interested in a tutorial about going back to stock for G model
The procedure for the g model is no different than the U model except you have to revert the bootloader (fbop partition) because the european model is quite restricted.
For making a tutorial I would need to know exactly what you modified.
There are already good step by step guides in this forum. All I could offer you are my backup files for the recovery and bootloader for the 2017G with update B08.
Bomberus said:
The procedure for the g model is no different than the U model except you have to revert the bootloader (fbop partition) because the european model is quite restricted.
For making a tutorial I would need to know exactly what you modified.
There are already good step by step guides in this forum. All I could offer you are my backup files for the recovery and bootloader for the 2017G with update B08.
Click to expand...
Click to collapse
At the moment i am on B09 rooted but I installed it via TWRP using DrakenFx's tutorial from here : https://forum.xda-developers.com/showpost.php?p=68873485&postcount=3
Futhermore when I unlocked the bootloader I was on B03 and I saved the aboot.img and fbop_lock.img .
Now I would like to go back to fully stock to prepare for the android N update.
I would highly appreciate it if you could offer me some directions for this matter.
Never tried this method (so I take no responsibility) but in order to receive ota you need an unmodified system with locked bootloader.
To lock your bootloader:
First backup all your apps, data and internal sdcard !
Connect your phone to a PC and start adb:
Type: "adb reboot bootloader"
Phone will restart: (if you are on linux, run fastboot with root permission)
Type: "fastboot oem device-info" (just to check things)
"fastboot oem lock" (will lock your bootloader)
According to DrakenFX you should have the stock recovery already installed. So you can flash a sd card upgrade from ZTE "http://www.ztedevice.com/support/detail?id=98CEB24F9FFD433EA99EC424163149A6" (to bring you back to stock)
If you still have TWRP use DrakenFX files to flash your system back to stock, but this time do not flash supersu.
You should be good to go and just have to wait for ZTE to release the update and apply it via the updater UI.
BTW this is my fastboot oem device-info output:
(bootloader) Device tampered: false
(bootloader) Device unlocked: true
(bootloader) Device critical unlocked: false
(bootloader) Charger screen enabled: true
(bootloader) Display panel:
OKAY [ 0.059s]
finished. total time: 0.059s
Click to expand...
Click to collapse
dodo34 said:
Hi,
is it possible to relock the bootloader to original factory mode.
Click to expand...
Click to collapse
You mind my asking the reason WHY you want to Relock?
If is cuz the N update , I'll rather keep it unlock base on @lokissmile thread and I'm 100% sure I'll be releasing N TWRP Flashable Zips for all variants when N is available.
i have G model and flashed the aboot of the U modell.
How to flash back now the aboot of the G modell back ?
Any help for the G modell ?
dodo34 said:
Any help for the G modell ?
Click to expand...
Click to collapse
as far my understanding the G model have factory images right? just download the one you were using and flash it using custom recovery.
LifeSupportZ said:
as far my understanding the G model have factory images right? just download the one you were using and flash it using custom recovery.
Click to expand...
Click to collapse
@dodo34
This is correct, the full image should be the one that contains both the emmc_appsboot.mbn (this is your aboot or bootloader partition) and the fastboot.img (the fbop or fastboot command partition) as well as recovery.img. This will set everything back to stock in one swoop. Otherwise you have to reflash the signed (tenfars) TWRP to flash back the fastboot image and then falsh back stock, since regular TWRP will either not be there anymore or will not run since BL is locked now
P.S, you can leave the fastboot alone for the purposes of OTA, no update so far hes checked on it and i am not sure if there is a G package with it since it has not changed from release, so as long as the image you flash has the bootloader and recover you should be good for N
P.S.2 Actually I see a little catch 22 here. If you lock the BL first, then you will not be able to run TWRP or boot into system if it was modified. You would need to flash the "signed" version of TWRP or flash stock recovery before locking the BL. Stock would be preferable since it can flash the factory package withouht modifications. If using TWRP i think you have to change updater-script to remove a .... and i just found another catch 22. The updater-script will look for product name P996A04 and if yours shows as 2017U the it will report back P996A01 so you will have to have a signed TWRP on there no matter what. Either to flash the backed up aboot fbop and recovery and then flash the full factory package through stock recovery or mod the updater-script and remove the assert line and flash the whole thing with TWRP. What do you get in TWRP shel when you run this "getprop ro.product.model"
peramikic said:
@dodo34
This is correct, the full image should be the one that contains both the emmc_appsboot.mbn (this is your aboot or bootloader partition) and the fastboot.img (the fbop or fastboot command partition) as well as recovery.img. This will set everything back to stock in one swoop. Otherwise you have to reflash the signed (tenfars) TWRP to flash back the fastboot image and then falsh back stock, since regular TWRP will either not be there anymore or will not run since BL is locked now
P.S, you can leave the fastboot alone for the purposes of OTA, no update so far hes checked on it and i am not sure if there is a G package with it since it has not changed from release, so as long as the image you flash has the bootloader and recover you should be good for N
P.S.2 Actually I see a little catch 22 here. If you lock the BL first, then you will not be able to run TWRP or boot into system if it was modified. You would need to flash the "signed" version of TWRP or flash stock recovery before locking the BL. Stock would be preferable since it can flash the factory package withouht modifications. If using TWRP i think you have to change updater-script to remove a .... and i just found another catch 22. The updater-script will look for product name P996A04 and if yours shows as 2017U the it will report back P996A01 so you will have to have a signed TWRP on there no matter what. Either to flash the backed up aboot fbop and recovery and then flash the full factory package through stock recovery or mod the updater-script and remove the assert line and flash the whole thing with TWRP. What do you get in TWRP shel when you run this "getprop ro.product.model"
Click to expand...
Click to collapse
if he mod the updater_script from official zte update to make it flash friendly, this is what i'll do,
* Mod updater script and remove aboot and recovery for now
* flash new zip without file mention above
* boot to bootloader while having custom recovery
* lock back the bootloader
* boot to custom recovery and perform " format data "
* create a flashable zip with stock aboot and recovery
* flash new zip with aboot and recovery
* reboot to recovery and check if boot to stock recovery and while in there perform a factory reset
i know is a lot of steps but, seems like is the way to go to get everything back in place without zte noticing anything.
Now i am on B06.
I put update.zip B08 and select update. But it boots to TWRP recovery and update fails.
@dodo34 If you are trying to restore from the OS system update you need to reflash your stock recovery for it to work properly. Wait for someone to confirm what I just said, but that's how it worked for me.
how can i flash my original recovery. what is the command for cmd ?
Please help restoring back original recovery.
dodo34 said:
Please help restoring back original recovery.
Click to expand...
Click to collapse
rczrider said:
Putting Your Axon 7 Back to Stock
If you want to revert back to stock and re-lock your bootloader (eg. sending the phone in for warranty work or are selling it), you should be able to do that using the steps below. It worked for me, anyway, exactly as written below.
Copy everything off your internal storage that you don't want to lose. If you're not rooted (so already stock, but with unlocked bootloader), skip to step 6 below. Otherwise, continue.
Grab the "StockSystem" zip for your variant from this thread and place on your microSD card: http://forum.xda-developers.com/axon-7/development/rom-guide-updates-to-stock-files-via-t3469484
Reboot into TWRP and wipe system, data, dalvik, and cache
Flash the StockSystem zip and power off (doing so will restore stock boot but does not appear to restore recovery)
Boot into EDL mode and flash stock recovery only: http://forum.xda-developers.com/axon-7/development/wip-axon-7-root-bootloader-unlokced-t3441204
Power off the phone, plug from computer, and then boot into stock recovery (hold Vol+ and press Pwr, continue holding Vol+ until recovery comes up)
Select "Wipe data / factory reset" and then "Yes"
After that finishes, select "Reboot to bootloader"
Plug in your phone into your computer and do: fastboot oem lock (see second post if this doesn't work and says <waiting for device>)
Your phone will reboot and should have been totally wiped (including internal storage) by doing the above
This should leave you with a stock, locked, and unrooted phone that can take OTAs. Note: it's possible (in fact, likely) that an OTA could break the ability to unlock your bootloader and gain root again, so be careful about going back to stock if you think you'll want to unlock/root later on!
If you need any stock files for B20 or B27 (stock recovery for re-locking, for example), you can get them here: http://forum.xda-developers.com/axon-7/development/untouched-b20-boot-recovery-files-t3443818
Click to expand...
Click to collapse
Try this guide from newbie unlock thread.
I get this error.
C:\Users\Intel\Downloads\Axon7\ADB>axon7tool -r
Usage:
axon7tool -r <boot|recovery|gpt> ...
axon7tool -w <boot|recovery>
C:\Users\Intel\Downloads\Axon7\ADB>axon7tool -r recovery
Connecting to device...
S: failed to read command
S: Failed to receive hello
terminate called after throwing an instance of 'std::runtime_error'
what(): error: Unknown error
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
what i did.
Flashed Draken TWRP System Image B06
Flashed Draken TWRP Stcok Recovery B06
Flashed full update.zip B08
Now my phone is recognized as A2017G on the PC
But when i reboot the phone i get a message that the phone is unlocked and not trusted ?
why ?
Hello to this amazing community,
I have recently tried for the first time to root my device.
Being unaware of the XDA community, I used this guy's guide - https://theunlockr.com/2016/11/29/root-motorola-moto-g4-moto-g4-plus/ .
As I went through the steps of unlocking, booting TWRP and installing superSU, I found out that the device won't start anymore, though the bootloader was still working at that point.
Unfortunately, that guide didn't emphasized the importance of first backing-up the system with TWRP.
Panicking, I even ended up wiping the entire device.
So I started my sisyphic journey of reviving the phone.
Being clueless of OEM stock versions etc. at this point, I thought that I should look for a fresh TWRP backup someone did after purchasing my exact Moto G4 Plus model - XT1644 so I ended up recovering the version that this dear guy has uploaded:
https://forum.xda-developers.com/moto-g4-plus/how-to/moto-g4-plus-xt1644-stock-unmodified-6-t3536448
Happy as I was that the machine would finally start, I found out I was running an old Marshmallow version - exactly as the title says.
Still, I assumed that new OTA versions will be available and my device will be upgraded to the most up-to-date version.
Surprisingly for a rookie as me, checking for software updates showed " Your device's software is up to date".
So I search for a more up-do-date OEM stock version, and I have found the following version - NPJS25.93-14-13 here:
https://forum.xda-developers.com/moto-g4-plus/how-to/stock-rom-npjs25-93-14-4-march-1-t3608138
I ran the bash file to flash the OEM while keeping the device unlocked.
The device has loaded finally with the familiar up-to-date version, and an available OTA update appeared.
I immediately ran the update.
That's when I first became familiar with the term "Brick". The device became completely dead.
Now, thanks to siddhesh9146 inceredible thread I managed to revive the device:
https://forum.xda-developers.com/moto-g4-plus/how-to/moto-g4-plus-hardbrick-solved-guide-t3657761
I went through his steps, installed BlankFlash, flashed the latest gpt and bootloader and flashed version NPJS25.93-14-10.
The device will finally work! I would realize then, that the latest version is actually ATHENE_NPJS25.93-14-13 ,
And again, the device won't show any updates available.
So, finally, here are my questions:
1. What could I have done wrong in first place? Was it a wrong superSU version that caused the problem? (In case my rooting aspirations will return)
2. What caused the device to turn brick? I realize it has to do with downgrading version, but after I wiped the device, I only upgraded versions.
3. In general, when OTA are available? Only the newest stock version would receive OTA? Will I have to manually upgrade versions from now on?
4. Could I upgrade now to NPJS25.93-14-13 using the version that siddhesh9146 presented without wiping my entire phone? What exactly should I flash to do so?
5. What are the precautions I have to take while doing so? Is there a risk my phone will tun brick again?
Thanks!
Good to hear your device is working again, seems like it's been through a journey.
1)When you originally rooted, were you on stock Nougat (7.0)? If so, those rooting guides will not work and are likely for Marshmallow 6.0 systems only. What they fail to mention is that attempting to root whilst still on the stock Motorola Nougat kernel likely causes your device to not boot. The Nougat 7.0 stock kernel for our devices seems to be much stricter than the Marshmallow kernel when it comes to anti-rooting protections. Thus, we generally need to flash a custom kernel onto our devices before rooting - either with SuperSU or magisk. An example of a working guide for rooting on stock Nougat Moto G4/Plus is here: https://forum.xda-developers.com/mo...de-root-moto-g4-plus-supersu-android-t3587918
2)Do you remember what the OTA you received was? I don't think there's an OTA for a build later than NPJS25.93-14-13 out yet. That suggests that the NPJS25.93-14-13 flash didn't work - did you check if the bash script reported [OKAY] after each command? By brick, do you mean the device had a blinking LED light, and there was no screen, and you were unable to boot to the bootloader and/or recovery? If the flash didn't work, then you may have taken a Marshmallow to Nougat OTA (NPJ25.93-14) which may have corrupted your device bootloader in the process.
3)OTAs are generally available for a particular build and for a particular software channel when they are released. For NPJS25.93-14-13, that's currently the latest build for EU/UK, Brazil and India devices, and there's word that there's a February 2018 OTA coming soon (no sign of it yet).
However, for your device (XT1644), if you are on the retUS - retail US - software channel, your device is on a different update path - NPJ25.93-14.7 would be the corresponding September 2017 patch for retUS software channel devices. NPJS25.93-14-10 is not one of the builds deployed to the retUS, and as such the Motorola servers may not issue you an OTA patch, regardless of whether the firmware would work. There have been reports of NPJS25.93-14-10 and NPJS25.93-14-13 working on US devices without issue, but you may not receive OTA updates.
You could manually update to NPJS25.93-14-13 using the OTA here, provided that you fully flashed the NPJS25.93-14-10 stock ROM (including GPT and bootloader, system, modem, boot, recovery, OEM, DSP, FSG). If you did not fully flash, you may be risking another hardbrick. https://forum.xda-developers.com/showpost.php?p=74973505&postcount=7
4)If you want to flash the NPJS25.93-14-13 stock ROM to be safe, or attempt to cross flash to the Sept 2017 NPJ25.93-14.7 firmware without wiping your data, you can use the following flashing commands. Be warned that you may have to factory reset if your device becomes unstable, so backup anyway. I would recommend manually flashing these commands:
a)copy and paste the first command to the ADB terminal
b)press enter, wait for [OKAY] to appear.
c) copy the next command, individually and in order, to the terminal, repeat b) and c) until you get to the end of the list.
Code:
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash dsp adspso.bin
fastboot flash oem oem.img
fastboot flash system system.img_sparsechunk.0
fastboot flash system system.img_sparsechunk.1
fastboot flash system system.img_sparsechunk.2
fastboot flash system system.img_sparsechunk.3
fastboot flash system system.img_sparsechunk.4
fastboot flash system system.img_sparsechunk.5
fastboot flash system system.img_sparsechunk.6
fastboot flash system system.img_sparsechunk.7
fastboot flash modem NON-HLOS.bin
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fsg.mbn
fastboot erase cache
fastboot reboot
These commands omit the fastboot erase userdata, preserving your data, and omit the OEM locking commands, which would lock your bootloader and erase your data in the process as well. Bear in mind that cross flashing can be risky, however, you may have to flash the NPJ25.93-14.7 update if you wish to receive OTA updates for the retUS software channel, if you are on that software channel. Link for the NPJ25.93-14.7 stock firmware if you wish to try: https://androidfilehost.com/?fid=817906626617945295
5)Generally, the main source of hard bricks I've noted has been users have been on stock Nougat (particularly the March 2017-latest) builds. They downgrade their device to stock Marshmallow firmware, which goes okay. However, in most - if not all - cases, their bootloaders are not downgraded, so you have a system and bootloader mismatch, with a newer Nougat bootloader but an older system than their bootloader patch level. For example, a B1:06 June 2017 patch level bootloader but a July 2016 Marshmallow system patch level.
The OTA checks that are performed are mainly on the system side i.e is your device on the July 2016 system patch? Are your system, OEM, recovery, boot etc. partitions unmodified and match the expected checksums for this OTA patch? If so, then install. However, in the updater script, there is no such check for the bootloader - the OTA updates appear to assume your bootloader is of the same patch level as your system. Normally, for a locked bootloader or for a user that has only updated their device, that assumption holds.
The issue we have here is that the system was downgraded to Marshmallow, so that assumption no longer holds. As the OTA updates are signed by Motorola, they have authorisation to write to your bootloader. That means this OTA can overwrite your bootloader, and if it's applying older code, can corrupt your newer Nougat bootloader and thus hard brick your device, which necessitates a blankflash to repair.
In other words, if you downgrade your device firmware, do not use or install OTA updates. If you do downgrade, only update with stock firmware that is as new or newer than your bootloader patch level. If your device is on the same patch level , then you should be able to use OTA updates. However as mentioned above, you need to be on the correct build for your device software channel as well to receive OTA updates from Motorola.
I unintentionally skip the "format data" link and the all step, so the code unlock the bootloader but I cant flash the recovery it says "[BOOTLOADER] image not signed or damaged", the phone works but I cant flash anything, any ideas?
What device do you have, what (stock) firmware do you have on the device and what firmware are you trying to flash?
Hello is a stock Moto G5 Plus with 7.0 android and I am trying to flash the Vanche's Modified TWRP or the 3.1.2 version but I keep getting the same message "[BOOTLOADER] image not signed or damaged", is like if the BL relock itself.
I think that's a standard warning from the bootloader - TWRP is not signed software, which fastboot expects. However, as your bootloader is unlocked, it'll allow the flashing of TWRP, just with the warning message alerting you to the fact you're not flashing Motorola firmware via fastboot.
1)Do you see [OKAY] appear when you flash the TWRP?
2)After flashing TWRP, do you boot to recovery to fix TWRP? Easiest way is after flashing, on your device (if still in the device bootloader), use the volume keys to select 'Recovery' and press Power to confirm.
The instructions here suggest you need to boot to recovery after flashing to fix TWRP as the recovery, else the stock recovery may overwrite TWRP. https://forum.xda-developers.com/g5-plus/how-to/how-to-root-moto-g5-plus-t3579659 or https://forum.xda-developers.com/g5-plus/how-to/how-to-how-to-supersu-moto-g5-plus-t3587684
ok thanks, I will try that, so skipping the "format data" thing has nothing to do with it?
I'm not sure - though you'd have to unlock your bootloader so your data would be wiped anyway as part of the unlock, and that you'll have to decrypt your data. Perhaps someone with more experience in flashing on G5 plus devices can comment.
I tried a bunch of things in an attempt to root AT&T's LG K20 (the LGM255), to no avail.
After unlocking bootloader (so says in the options, I don't think it actually did), I tried fiddling with Lekensteyn's LGLAF tool and various forks of it by steadfasterX and others. Tried pushing a TWRP image I made after being able to extract boot/recovery images using the aforementioned tool. LAF did not pushing that image but was fine with deleting partitions from the phone.
I took the risk of deleting the LAF partition in order to get access to fastboot. While it did, just my luck, the lk variant of fastboot on the phone is stripped of essentially all functionally except for get-var and devices. Meaning I cannot flash anything, or modify any variables.
Have no means to restore the LAF partition (well, there is one way I know of possibly, but want to save it as a last resort cause the probability it would work is low and risks bricking completely).
Now there is an lafbak partition, but cant do anything with it.
Theres some background, but here is my real question:
If I were to accept an FOTA update from AT&T, although it would update the firmware to a new version, would it restore or possibly flash a new LAF partition so that I could go into its LAF/Factory Reset mode again?