It's a long story but in brief I have a KB2007 TMO which Network unlocked, Bootloader Unlocked ( Official method, with unlock_code.bin from TMO ). I used this device to do the testing of Custom ROM. One day, accidently I did a format all ( wipe all partitions ) on the device, then I had to use MSM Tool to recover it. Strange thing is, I can only use MSM for 9R Ported ROM for 8T to bring it back to life ( as the most recent ROM I tried before the accident is the 9R ported ROM ). Then, in order to bring it back to 8T OOS, I flashed the original param.bin then I can use normal 8T MSM to revert back to OOS.
But, since then, the device is not able to connect to Cellular network anymore, even it still recognize the SIM CARD inserted ( I also recover device's original IMEI, MEID...but NV Data, EFS from same variant 8T device of mine ). Tried all the possible methods that I know to make it connect to the cellular but so far no luck.
So if anyone have faced this situation or have information about it, please kindly share. Thanks
P/S: I upload 2 pics which briefly describe the situation of the network on my device now. If any other information may need to clear out the info, pls let me know
I corrupted the persist partition on my NordN10 awhile back, which f'd it up in a myriad of fun ways. I eventually cojoled someone into to dd'ing me a copy of persist from another tmo n10, which got the device into a sane condition to fix everything downstream of that.
I learned a couple things while trying to fix it before I had another persist partition; always backup persist/modem/efs partitions shortly after rooting a OnePlus, and to use bkerlers edl tool to make an advanced, engineer grade, backup. One that can unbrick the device without using msm/fastboot and avoids the hasle of finding a computer with windows on it.
I have a persist backup if you want to try that, and I'm going to make a carbon copy of the device with bkerlers edl soon. I did the impatient thing and converted to eu to get root while waiting for the unlock token from OnePlus. However a dump of the stock tmo rom with a locked bootloader is on my agenda.
I would recommend restoring tmo's modem/efs partitions (like twrp can handle) and/or nvram level things that edl tool can handle. Let me know and Ill dump whatever chunk of firmware my tmo 8t has. Just got it today, so it's far from settled into a daily user.
Here's the edl tool from GitHub (you may need to compile it)
GitHub - bkerler/edl: Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :) - GitHub - bkerler/edl: Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
github.com
Edl tool is worse case scenario, I'll backup modem/efs on request in recovery or with good ol dd
Also there's an app called Network Mode Universal in playstore that brings up an otherwise obfuscated Network Menu.... I use it to select 5G on 12+ gsi roms for my n10. You'll figure it out soon, good luck
mrbox23 said:
I corrupted the persist partition on my NordN10 awhile back, which f'd it up in a myriad of fun ways. I eventually cojoled someone into to dd'ing me a copy of persist from another tmo n10, which got the device into a sane condition to fix everything downstream of that.
I learned a couple things while trying to fix it before I had another persist partition; always backup persist/modem/efs partitions shortly after rooting a OnePlus, and to use bkerlers edl tool to make an advanced, engineer grade, backup. One that can unbrick the device without using msm/fastboot and avoids the hasle of finding a computer with windows on it.
I have a persist backup if you want to try that, and I'm going to make a carbon copy of the device with bkerlers edl soon. I did the impatient thing and converted to eu to get root while waiting for the unlock token from OnePlus. However a dump of the stock tmo rom with a locked bootloader is on my agenda.
I would recommend restoring tmo's modem/efs partitions (like twrp can handle) and/or nvram level things that edl tool can handle. Let me know and Ill dump whatever chunk of firmware my tmo 8t has. Just got it today, so it's far from settled into a daily user.
Here's the edl tool from GitHub (you may need to compile it)
GitHub - bkerler/edl: Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :) - GitHub - bkerler/edl: Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
github.com
Edl tool is worse case scenario, I'll backup modem/efs on request in recovery or with good ol dd
Also there's an app called Network Mode Universal in playstore that brings up an otherwise obfuscated Network Menu.... I use it to select 5G on 12+ gsi roms for my n10. You'll figure it out soon, good luck
Click to expand...
Click to collapse
Sorry for late reply bro. And yeah, one of the most stupid thing of me is that I do not have any critical partitions backup before playing with the 1+ devices ))) About EDL tool which you mentioned, I did tried it awhile back and it did helped to flash the GPT into the device so I can ( at least ) put the device into EDL mode to use MSM and bring it back to life.
And since I can't think of any worse situation for my 8T, so I would like to try any method we can think of which possibly to solve the situation. So, pls help to send me the backup of you, I'd love to give it a shot ( in fact, can't find a good persist backup anywhere even on some paid site which I was disparately purchased when trying to recover my 8T+ ))) )
i actually had this the other day when i had to have them change my sim card to a new one. there was no flashing i am on the global rom (11) after they did the swap in the system i had the same type of thing. they had to go in and reset everything and then re add the sim. yours may not be the same issue but it did fix this for me.
I think my situation is quite different since it caused by Format all ( wipe out all partitions ). Therefore the NVDATA is corrupted and persist is damaged. And since my device is fully Unlocked from TMO so I did tried many SIM CARDs, the issue remains (
Related
I got LS997 that was not completely unlocked (Sprint support confirms unlock status but phone did not receive unlock command, and i got no sim card and no previous owners name to re-initiate ota-unlocking process)
First thing i did - i used pathed LGUP and dirtysanta rooted my phone.
Suggested 995 kdz rom was vibrating like crazy (as described in dirtysanta guide) but i got root and started experimenting further.
Than i flashed rootable 996 kdz, rooted, had no vibration problem but got static boot issue, ok, installed mk2000 kernel, no static - all good but still not enough.
LOS16 = gsm/lte unlocked but battery was drained in 5 hours with screen turned off and no camera, got back to 996, rooted, super rom, all good but LTE not operating for some reason. Really enjoyed stock functionality (camera, seconds screen) and decided to get back to stock system.
HOWTO: Root LS997 up to ZV7, did it all, started flashing available 'stockish' roms one by one [this, and this], so there goes bad stuff.
At this moment i was still being able to boot into twrp, so i didn't really notice that phone was bricked, those stockish systems was just hanging in LG logo for hours without any progress. ok, found another one stock ls997 rom in dirtysanta root post, flashed it - and nothing, phone still stuck at lg logo.
LGUP flashing routine that was always helping me recover, now if fully completes partition_dl process but results are the same - lg logo for hours without anything happening, except vibrator motor starting to work on power up on Verizon firmware version and no vibro on 996 variant (as it sould):
996 kdz - stuck on logo
996 kdz- stuck on logo
flashing everything i got from lg-firmwares.com:
US99610g_00_1216 - stuck on logo
US99610f_00_1205 - stuck on logo
US99620f_00_1120 android 8.0 - stuck on logo
VS99512A_06_1114_ARB00 - stuck on logo
download couple more variants and still nothing, phone stucking in lg logo
so how badly i bricked it? is there any method of recovering that i am not aware of?
There is an older thread on returning the LS997 back to stock that may help.
C D said:
There is an older thread on returning the LS997 back to stock that may help.
Click to expand...
Click to collapse
Yeah, thanks, been there.
Unfortunately i'm not meeting 2 of 3 prerequisites:
- Your device needs to be able to boot into TWRP and fastboot mode
- You need access to a computer to run ADB commands to the phone
There are no more twrp presents on device because of kdz uploads from LGUP, i was thinking that it was recovery and aboot partitions that was messing up my system.
And there is no bootable system on device to turn on usb debbuging to run ADB commands as only thing i get is boot logo, fastboot are also locked to 995 or 996 (whatever version i've uploaded last from LGUP, and they are not unlockable because LG recognizes original LS997 hardware identification and refuses to give me unlock.img.
As i get it - the only thing that can tinker with my device is something that can get same hardware access as LGUP (laf is still operational or idk, maybe not, but it should be getting everything up and running but that is not the case anymore for some reason)
So you are saying that LGUP can still see the phone but ADB can't. Did you by any chance do a full system dump of the phone on LGUP before the whole DirtySanta procedure in the beginning? I wonder if those files can help getting things back on track. Not sure if they are device-specific, but I did make a dump of my own LS997, so if you think there's something useful there, let me know, and I can upload the files somewhere.
C D said:
So you are saying that LGUP can still see the phone but ADB can't. Did you by any chance do a full system dump of the phone on LGUP before the whole DirtySanta procedure in the beginning? I wonder if those files can help getting things back on track. Not sure if they are device-specific, but I did make a dump of my own LS997, so if you think there's something useful there, let me know, and I can upload the files somewhere.
Click to expand...
Click to collapse
Yes i did full LGUP backup at first system state, but nature of this backups makes them pretty useless in this system state - because they are just images of partitions.
Only software that can write directly to those partition may be able to utilize those backups, there are a lot of post on this forum describing TWRP routine for making update packages based on LGUP backups.
So unfortunately there is only LGUP, but it only can make backups but can not restore them as it uses some special file format (KDZ) that containing some dll's and data files (like glued partition images with special info of where to put what) and i didn't find a way to make my own KDZ files from backup images.
I'm now getting another idea - that this can be a blowed fuse in CPU ARB protection mechanism, if anyone has experienced ARB 1 please confirm that system should be in this state in case of ARB error
Hey there folks,
here I am now too on the forum, trying to find a solution for an old sticky problem.
So far a some people here on the forum a while ago have had the problem that when they flashed a custom OS on their Zenfone 3 while data roaming was turned off in the stock rom, they could never get it working unless reverting back to the stock OS and switching it on there before reinstalling the custom OS. Until then only normal calls and SMS work.
I'm having the same problem now and trying to avoid going back to stock, so I wonder if somebody has found another solution by now? Any help would be really appreciated, and I think a lot of other EU people who will run into this problem in the future will be grateful too if this could be solved easier somehow :fingers-crossed:
Update: I took a look at the firmware partition and there is a folder image/modem_pr which seems to include the configuration how the phone connects to mobile networks. I don't claim to have any special knowledge about it but i would expect this is where the stock rom most probably makes its change about data roaming.
So maybe, as long as what the firmware partition contains is generic firmware, could somebody who has data roaming working on their Zenfone3 send a copy of their /firmware/image folder so I can compare the two and hopefully find the missing puzzle piece to get data roaming working?
I would of course post the solution here for everyone in case I figure it out! Would be great if we can solve it
I have the same problem. Please help.
So, here's an update:
After going crazy searching for a possible fix I gave up yesterday and re-installed the stock rom in order to turn on data roaming (since my TWRP backup won't boot that is something I had been trying to avoid, because the only way I found to do this was to either install a recovery from somewhere on the internet that is claimed to be the original Asus recovery but has no way to be integrity-checked for possibly including malware, or to install software designed to bypass Google's SafetyNet and other system integrity checks. Nah.)
Today I took a look at comparing a TWRP backup of the modem partition (contents identical to the one that mounts as "firmware"), and the persist partition. I wrote a script that would calculate the md5 checksum for each file and then compare for any changes.
On the modem partition, only binary files named Widevine changed, for whatever reason :silly:
And here is a list of the files that were changed on the persist partition:
persist/coresight/qdss.functions.sh
persist/coresight/qdss.log
persist/coresight/qdss.log.old
persist/data/gxflag
persist/data/gxfp/0_0/105885283
persist/data/gxfp/0_0/105885284
persist/data/gxfp/0_0/gxfeature_table
persist/data/gxfp/0_0/gxfeature_table
persist/data/gxfp/0_0/gxflag
persist/data/gxfp/1_0/gxfeature_table
persist/data/gxfp/1_0/gxflag
persist/data/gxfp/calibration_data
persist/data/gxfp/calibration_data
persist/data/gxfp/gxflag
persist/data/gxfp/mptest/gxflag
persist/data/gxfp/raw/0_0/gxflag
persist/data/gxfp/raw/0_0/tpl_index_table
persist/data/gxfp/raw/1_0/gxflag
persist/data/gxfp/raw/1_0/tpl_index_table
persist/data/ifaa_fplist
persist/data/ifaa_fplist
persist/data/widevine/UZT8uT7lR1wsAoECBZWk4+aPFLDG92yRsy5vX3eX
persist/data/widevine/UZT8uT7++lR1wsAoECBZWk4+aPFLDG92yRsy5vX3eX.bak
persist/data/widevine/widevine
persist/dmclient/dm_client_info
persist/dmclient/dm_client_token
persist/dmclient/hash_sn
persist/rfs/msm/mpss/server_check.txt
persist/rfs/shared/server_info.txt
persist/sensors/error_log
persist/sensors/sensors_settings
persist/sensors/sns.reg
persist/time/ats_1
persist/time/ats_12
persist/time/ats_13
persist/time/ats_15
persist/time/ats_16
persist/time/ats_2
persist/.twrps
persist/sensors/sns.reg
persist/time/ats_1
persist/time/ats_12
persist/time/ats_13
persist/time/ats_15
persist/time/ats_16
persist/time/ats_2
Unfortunately, mostly binary files making it impossible for me to dig deeper into the changes. But maybe somebody spots something odd that could lead to the solution.
My next step will be to go abroad again in early March and see if the data roaming now works. If it does, I will restore a TWRP backup of all partitions I could back up before returning to stock. If it still works then, then the stock rom made its change somewhere on one of the partitions TWRP does not back up. If it stops working, then the answer lies hidden somewhere on the TWRP-backuped partitions.
Either way, I'm sure there must be a manual solution, what happens on the stock rom cannot be black magic
Will keep you updated.
Alright, it's the 1st of March and I'm back abroad! I finally have data roaming working and got a little further in my investigation: Restoring partitions one by one, i figured out that the change by the stock concerning the data roaming is made somewhere on the efs partition (which one of the two I can't say yet, as TWRP only lets me restore them both together). Now I haven't succeeded yet how to mount the efs.emmc TWRP backup or otherwise dump the contents of the efs partition, but if someone here knows I'll go dig deeper and track down the specific entry that is changed
Can you tell how to restore the original partition without flashing the asus rom? Thanks
If you ever had data roaming working and created a Nandroid (TWRP) backup at the time, you can simply restore the efs partitions from back then. Just be sure to use the latest TWRP version and make a fresh backup before you go, as there used to be a version some time ago that corrupted efs partition backups.
If you don't, well, as long as I can't read out my efs I can't tell you what to modify in there and how Maybe somebody
I think my only option is to flash the original Asus rom. It is waste time if only to turn on the data roaming.
Somehow my flashing gone bad, and after the rescue with Lenovo Moto Smart Assistant.
The tablet now has no IMEI/WIFI/BASEBAND...
Anyone has any idea...how to possibly fix this please?
I ran in to the same thing. I managed to get the baseband version back with a QCN file found in internet. Not yet able to repair the IMEI though. WiFi was working without this TB_8504X_USR_S001024_1909061423_Q12000_ROW_SVC.zip
subinpt said:
I ran in to the same thing. I managed to get the baseband version back with a QCN file found in internet. Not yet able to repair the IMEI though. WiFi was working without this TB_8504X_USR_S001024_1909061423_Q12000_ROW_SVC.zip
Click to expand...
Click to collapse
I did also flash the persist.img file using fastboot. Not sure if that helped fix the wifi
I wanted to update on the thread on how I managed to fix this. I tried the whole thing again, so that I can make sure.
Using the same QFIL tool, I flashed TB_8504X_USR_S001024_1909061423_Q12000_ROW_SVC firmware. This helped booting back to the system. This also enabled diag mode and adb by default on the tablet. That was a big relief. I noticed that wifi is not working and not turning on during the initial setup. I completed the setup and did
Code:
adb reboot bootloader
Once in fastboot mode, I did
Code:
fastboot flash persist persist.img
I used the persist.img from the same firmware folder. Once I turned on the device, WiFi and Bluetooth were working. Since diag port was already on, I used the backup and restore QCN option in QFIL to flash TB-8504X[MPSS.JO.2.0.c1-00151-8937_GENNS_PACK-1].qcn.
I tried may QCN rebuilder tools, but this QCN file seems to be not conforming to the format they expect and they kept gaving error. So I flashed the QCN as it is, rebooted the device and then used a tool named "WriteDualIMEI-W-G-eMMC" to program the IMEI number. This worked perfectly and I have network back.
When I was trying to do this again, for some reason, Sahara errors kept popping up and none of the tools were able to access the device. I found that was because of the driver I used. It wasn't the same ones I used first time. But I used the QDL tool from Linaro in linux and flashed the images with it. It worked perfectly.
I wasn't able to restore the tablet serial number though. Couldn't find a way to do that.
I'll keep it point form:
I have a Chinese 6T, and any time I try to use MSM with an OOS ops file, I get "Device not match image".
I got my drivers from Windows Update, they work
I even tried SMT mode
I think the files here would work, but they're gone now
Background:
I cannot access fastboot/adb --only the unlocked bootloader warning screen, then Qualcomm dump screen
I understand the process of turning off the phone, then plugging it in with vol+/- pressed --I am able to get into EDL but that's it
I got my OnePlus 6T a week ago, brand 'new' (never opened), and only used it for a day before fudging it up --this sucks!
I've tried all of the 6T OOS MSM Download Tool versions available on this forum, site-wide. The only thing I haven't been able to find and try is the HOS 6T unencrypted ops file with a corresponding MSM Tool.
Would really really appreciate those files, if anyone has them tucked away.
Sincerest thanks in advance to anyone who can help.
In all my research, and broken links, etc --I really think that OnePlus is forced to keep Hydrogen OS a (state) secret. We can all easily acquire the Oxygen OS decrypted, but no one has the decrypted Hydrogen OS MSM Download Tool anymore, all links lead to 404 pages.
If anyone has a copy of Hydrogen OS but don't want to publicly share it, drop me a DM and we can talk elsewhere. I'm buying another OnePlus 6T for now and putting this one in a drawer.
I'm not in a rush to find a solution, I know these things can take time. Even if you read this in 2022 or hell, even 2023, please assume I still need the HydrogenOS MSM Download Tool for OnePlus 6T. I'd really like to fix my phone one day, even if it isn't as quickly as I'd like.
Thanks in advance to whoever helps me out, one day!
Hello everyone. it's been a week that I work on this problem but I can't solve it myself despite having made numerous attempts. the situation is this: installing lineage os when the system restarted the 6t got stuck in the bootlader. I installed qualcom drivers from here
https://androidfilehost.com/?fid=11410963190603879743
and downloaded msm https://androidfilehost.com/?fid=17248734326145733776
I disabled windows secure boot and installed optional qualcomm drivers on windows... the 6t is correctly recognized as Qualcomm 9008 in the device manager in port 9 but I also tried in the 7 and it is always correct.
I tried other divers (after removing the previous ones) and other versions of msm but I always give the same error : param preload... device not match images.
I have read many discussions and tried many things but I can not solve. someone is willing to help me. Thanks guys.
I also tried uninstalling the drivers and reinstalling these:
QUD.WIN.1.1 Installer-10037.3 Setup.zip | by Dark Nightmare for OnePlus 6T
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
androidfilehost.com
using this version of msm:
6T_MsmDownloadTool_v4.0.58_OOS_v9.0.12.rar | Tool by iaTa for OnePlus 6T
[TOOL] 6T MsmDownloadTool v4.0.58 (OOS v9.0.12) https://forum.xda-developers.com/oneplus-6t/how-to/tool-6t-msmdownloadtool-v4-0-oos-9-0-5-t3867448
androidfilehost.com
the problem is not solved but changed to: (recording dawnload time in red) images do no match with teh phone!
i can't figure out if it's a msm or driver version problem or maybe something else ...
I don't know what the exact problem. If you have installed magisk or modify something to your phone, sometime msm will fail to recognized or flash..
rom
But if your phone can boot into fastboot mode, try to flash fastboot ROM it might help
Fastboot rom.
[ROM][STOCK][FASTBOOT][OP6T] Stock Fastboot ROMs for OnePlus 6T
Things are changing with the advent of project treble and seamless updates. OnePlus will no longer release ROMs flashable via recovery (either stock or twrp) because is no more needed. The updates will be done on the slot not used for example if...
forum.xda-developers.com
hello, thanks for the answer. yes I had installed magisk and yes I can enter the fastboot but from there only to turn it off. now I will read the discussion that linked me. Thank you
sun-k said:
hello, thanks for the answer. yes I had installed magisk and yes I can enter the fastboot but from there only to turn it off. now I will read the discussion that linked me. Thank you
Click to expand...
Click to collapse
if you get a warning in MSM tool: 'images do not match the phone', you are flashing the wrong image. That could happen to a branded phone. So, if you have a T-Mobile branded phone, either convert it to Global first (that tool has 'device check' disabled), or use T-Mobile MSM tool.
Your other option is to contact OnePlus support and they can help you remotely. I got into a similar bind with my 6t a year and ½ ago and nothing I was attempting worked. It was very frustrating. Ultimately I contacted OnePlus and they got me back up and running in no time. I was a little upset that I had to resort to relying on the manufacturer but also relieved to have a working device again and also thankful that it was an option, even if I would've preferred to have fixed it myself. Good luck.
PS - something to be aware of, I'm not 100% sure that it was a result of OnePlus' involvement/remotely flashing the device but somehow I ended up with a new/different IMEI. This created a world of difficulty with my cellular carrier (VZW) - I had finagled a OnePlus 8 out of them by citing manufacturers defect (I had coverage through VZW despite purchasing the phone directly from OnePlus) but they said the OnePlus 6t they received had a different IMEI than what they expected to receive, which makes absolutely no sense and this is the only possible explanation I could come up with. It ultimately saved me from having to pay for retail for the OnePlus 8 but not without a lot of headaches in between. Oh and lemme just say that having a VZW OnePlus with a locker bootloader sucks, I can't wait to get away from this thing and back to something I can root (I only pulled this maneuver in order to buy myself some time as I wasn't thrilled with the 1+9)