Thanks to:
chaosmaster / k4y0z: GitHub / XDA
xyzz / xyz`: GitHub / XDA
Dinolek: GitHub / XDA
How to install:
1. Download the attached file: VD171_MTK-bypass.zip.
2. Extract the file and open the folder.
3. Run and install python: python-3.9.1-amd64.exe.
Keep atention: You need to select "Add Python to PATH" before starting the installation.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4. Open cmd or powershell and execute this command:
pip install pyusb pyserial json5
5. Go to the Driver folder and right-click on the cdc-acm.inf file, then click Install and then, close window.
6. Run and install filter wizard: libusb-win32-devel-filter-1.2.6.0.exe.
7. Launch filter wizard.
8. Select Install a device filter and click Next.
9. Connect powered off phone with volume- button to boot in EDL mode.
10. Once you see new MediaTek USB Port in the list, select it and click Install.
Now, you are ready for bypassing EDL !
How to bypass:
1. Go to the Bypass folder. Run the script: bypass.bat.
2. Connect powered off phone with volume- button to boot in EDL mode.
3. Once you get "Protection disabled" at the end, without disconnecting phone and usb, run SP Flash Tool.
4. Once the SP Flash Tool opens, click Options > Options > Connection.
5. Select UART mode and select Baud rate to 921600.
Now, you are ready for flashing !
How to update:
1. Download latest release of the tool: https://github.com/MTK-bypass/bypass_utility/releases/latest
2. Download latest release of payloads: https://github.com/MTK-bypass/exploits_collection/releases/latest
3. Extract the content of both files to the Bypass folder.
Now, you are updated !
How does the bypass work?
Dissecting a MediaTek BootROM exploit
A bricked Xiaomi phone led me to discover a project in Github that uses a MediaTek BootROM exploit that was undocumented. The exploit was found by Xyz, and implemented by Chaosmaster. The initial exploit was already available for quite a while. Since I have managed to revive my phone, I am documenti
tinyhack.com
All Credits To:
chaosmaster / k4y0z: GitHub / XDA
xyzz / xyz`: GitHub / XDA
Dinolek: GitHub / XDA
Do you need help with your MERLIN device ?
Read this FAQ: https://forum.xda-developers.com/t/...for-merlin-redmi-10x-4g-redmi-note-9.4225177/
#NoAuth #NoAuthentication #No-Auth #No-Authentication #MediaTek #Xiaomi
#MiAuth #MiAuthentication #Mi-Auth #Mi-Authentication #XiaoMiAuth #free
#XiaoMiAuthentication #XiaoMi-Auth #XiaoMi-Authentication #unbricking
#unbricked #unbrick #unbrickingru #unbrickedru #unbrickru #remoterepair98
#MTK #MT6572 #MT6735 #MT6737 #MT6739 #MT6750 #MT6765 #MT6762
#MT6761 #MT6768 #MT6771 #MT6785 #MT8127 #MT8163 #MT8173 #MT8695
Redmi 10x 5 (ATOM) still not supported
[2021-02-07 06:26:57.702746] Waiting for bootrom
[2021-02-07 06:27:05.293534] Found port = COM3
Traceback (most recent call last):
File "C:\Users\Administrator\Downloads\VD171_MTK-bypass-v1.3\VD171_MTK-bypass-v1.3\Bypass\main.py", line 169, in <module>
main()
File "C:\Users\Administrator\Downloads\VD171_MTK-bypass-v1.3\VD171_MTK-bypass-v1.3\Bypass\main.py", line 44, in main
device.handshake()
File "C:\Users\Administrator\Downloads\VD171_MTK-bypass-v1.3\VD171_MTK-bypass-v1.3\Bypass\src\device.py", line 88, in handshake
self.check(self.read(1), to_bytes(0x5F))
File "C:\Users\Administrator\Downloads\VD171_MTK-bypass-v1.3\VD171_MTK-bypass-v1.3\Bypass\src\device.py", line 84, in check
raise RuntimeError("Unexpected output, expected {} got {}".format(gold, test))
RuntimeError: Unexpected output, expected 0x5f got 0xa0
Press any key to continue . . .
kurosaberex said:
Redmi 10x 5 still not supported
Click to expand...
Click to collapse
Unhappy, MT6875 is not supported yet.
Probably it will be supported too soon
VD171 said:
Unhappy, MT6875 is not supported yet.
Probably it will be supported too soon
Click to expand...
Click to collapse
will gladly wait for it hope it comes soon
kurosaberex said:
will gladly wait for it hope it comes soon
Click to expand...
Click to collapse
I hope to see all existing devices supported as well.
This EDL authenticated mode is really disappointing.
We love Xiaomi.
But, we are hostages to Xiaomi. Sad...
Should I Format All + Download??
-glyne- said:
Should I Format All + Download??
Click to expand...
Click to collapse
NO.
Never try to flash in "format all" mode.
Or you will lose all identifications of your device, like imei and mac.
If you are facing "PMT changed" message, your device has an older scatter file inside it.
This is because there is any modification to the scatter file you are using to the scatter file used before.
There are some minor changes to the MIUI 11 scatter file for MIUI 12, but nothing significant.
You can flash using "firmware upgrade" mode.
But, bootloader will be LOCKED again and userdata will be erased.
If you want to backup the state of unlocked bootloader and then restore it.
Just follow this guide before the "firmware upgrade": https://forum.xda-developers.com/t/...omi-redmi-10x-4g-xiaomi-redmi-note-9.4221065/
VD171 said:
NO.
Never try to flash in "format all" mode.
Or you will lose all identifications of your device, like imei and mac.
If you are facing "PMT changed" message, your device has an older scatter file inside it.
This is because there is any modification to the scatter file you are using to the scatter file used before.
There are some minor changes to the MIUI 11 scatter file for MIUI 12, but nothing significant.
You can flash using "firmware upgrade" mode.
But, bootloader will be LOCKED again and userdata will be erased.
If you want to backup the state of unlocked bootloader and then restore it.
Just follow this guide before the "firmware upgrade": https://forum.xda-developers.com/t/...omi-redmi-10x-4g-xiaomi-redmi-note-9.4221065/
Click to expand...
Click to collapse
Or if firmware upgrade doesn't work, he can backup IMEI, after format and flash is done, He can flash the persist, protect1 protect2 nvdata and nvcfg partitions which he backup-ed, this way he doesn't lose IMEI, successfully unbricks device.
Communos said:
Or if firmware upgrade doesn't work, he can backup IMEI, after format and flash is done, He can flash the persist, protect1 protect2 nvdata and nvcfg partitions which he backup-ed, this way he doesn't lose IMEI, successfully unbricks device.
Click to expand...
Click to collapse
Don't forget to backup seccfg partition.
It controls the state of locked/unlocked bootloader: https://forum.xda-developers.com/t/...omi-redmi-10x-4g-xiaomi-redmi-note-9.4221065/
Here, you can find the full list of the most important partitions to backup: https://forum.xda-developers.com/t/...lin-device-redmi-10x-4g-redmi-note-9.4229633/
VD171 said:
Don't forget to backup seccfg partition.
It controls the state of locked/unlocked bootloader: https://forum.xda-developers.com/t/...omi-redmi-10x-4g-xiaomi-redmi-note-9.4221065/
Here, you can find the full list of the most important partitions to backup: https://forum.xda-developers.com/t/...lin-device-redmi-10x-4g-redmi-note-9.4229633/
Click to expand...
Click to collapse
Thanks
@VD171 sir i'm on Miui china 12.0.8 when i run libusb and turn off my phone and hold volume - button then connect the cable it boot into fastboot mode instead of booting into edl mode pls help
MerliinTop1 said:
@VD171 sir i'm on Miui china 12.0.8 when i run libusb and turn off my phone and hold volume - button then connect the cable it boot into fastboot mode instead of booting into edl mode pls help
Click to expand...
Click to collapse
Try other combinations, like vol up or vol up + vol down.
I'm not sure, I'm on global 12.0.6.0 and the combination for EDL mode is just vol down.
VD171 said:
Try other combinations, like vol up or vol up + vol down.
I'm not sure, I'm on global 12.0.6.0 and the combination for EDL mode is just vol down.
Click to expand...
Click to collapse
Tried em all still not working sir
MerliinTop1 said:
Tried em all still not working sir
Click to expand...
Click to collapse
Are you sure your device is properly detected?
Are you sure usb driver is properly installed?
VD171 said:
Are you sure your device is properly detected?
Are you sure usb driver is properly installed?
Click to expand...
Click to collapse
Yeah its detected i can hear the detecet sound and i installed the driver u attached
MerliinTop1 said:
Yeah its detected i can hear the detecet sound and i installed the driver u attached
Click to expand...
Click to collapse
Then, I have no ideia what is the problem.
You need to keep trying.
VD171 said:
Then, I have no ideia what is the problem.
You need to keep trying.
Click to expand...
Click to collapse
Ok sir thx for ur attention
MerliinTop1 said:
Ok sir thx for ur attention
Click to expand...
Click to collapse
Try another cable.
Try another usb port.
Try usb 2.0. Try usb 3.0.
Try another computer.
If results are exactly same, probably you have a problem with your device.
VD171 said:
Try another cable.
Try another usb port.
Try usb 2.0. Try usb 3.0.
Try another computer.
If results are exactly same, probably you have a problem with your device.
Click to expand...
Click to collapse
I tried diff ports still same result and i'm using the original cable its still new
I didnt try another computer tbh
But i think the miui china 12.0.8 have something diff.....they may f**kd the edl mode cuz they know its bypass-able however ill wait the new update (A11) which should come soon(1 or 2 days) and try again since it has a new firmware than the previous 12.0.6 firmware and see whats gonna happen
Btw I'm trying to do this just to flash Eng rom and fix imei which i lost when i was trying to flash miui china with sp tool.....imei being lost doesn't effect on edl mode no?
MerliinTop1 said:
I tried diff ports still same result and i'm using the original cable its still new
I didnt try another computer tbh
But i think the miui china 12.0.8 have something diff.....they may f**kd the edl mode cuz they know its bypass-able however ill wait the new update (A11) which should come soon(1 or 2 days) and try again since it has a new firmware than the previous 12.0.6 firmware and see whats gonna happen
Btw I'm trying to do this just to flash Eng rom and fix imei which i lost when i was trying to flash miui china with sp tool.....imei being lost doesn't effect on edl mode no?
Click to expand...
Click to collapse
If you lost your imei, you can't recover it forever.
Only Xiaomi Centre can recover it.
I'm sorry.
Related
[GUIDE] How to fix "Find Device storage corrupted. Your device is unsafe now".
How to fix "Find Device storage corrupted. Your device is unsafe now" ?
(At your own risk... I'm not responsible for damage or brick)
Required :
- Be rooted and have TWRP installed !
- Miui Fastboot ROM : xiaomifirmwareupdater.
Tutorial :
- Download the Miui Fastboot ROM corresponding to your current Miui version.
- Extract files from the archive downloaded, open "images" folder and copy "persist.img" file in your smartphone Internal Storage (past the file directly in Internal Storage, not in folder !).
- Reboot in Recovery Mode.
- In your TWRP, open the Terminal (in "Advanced").
- Enter this two commands :
Code:
simg2img /sdcard/persist.img /sdcard/persist_EXT4.img
Code:
dd if=/sdcard/persist_EXT4.img of=/dev/block/bootdevice/by-name/persist
- Reboot your smartphone.
More information :
I got this problem when I restored my Miui backup after try a Custom Android 10 ROM. At each smartphone boot, I got the message "Find Device storage corrupted. Your device is unsafe now", fingerprint unlock was set on "Off", and registered fingerprint(s) was deleted. When I added a new fingerprint, it was registered (until the next boot), but didn't work.
If you do a little research, you can find a other method on some websites where you use fastboot to flash persist.img. I tried and sadly it not work ("FAILED (remote: Error: This image isn't allow download)"):
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Credit :
- Muz_paray.
My English isn't that good, but thankyou, works great for me, i´m using orange fox not twrp
SkullDead said:
[GUIDE] How to fix "Find Device storage corrupted. Your device is unsafe now".
How to fix "Find Device storage corrupted. Your device is unsafe now" ?
(At your own risk... I'm not responsible for damage or brick)
Required :
- Be rooted and have TWRP installed !
- Miui Fastboot ROM : xiaomifirmwareupdater.
Tutorial :
- Download the Miui Fastboot ROM corresponding to your current Miui version.
- Extract files from the archive downloaded, open "images" folder and copy "persist.img" file in your smartphone Internal Storage (past the file directly in Internal Storage, not in folder !).
- Reboot in Recovery Mode.
- In your TWRP, open the Terminal (in "Advanced").
- Enter this two commands :
Code:
simg2img /sdcard/persist.img /sdcard/persist_EXT4.img
Code:
dd if=/sdcard/persist_EXT4.img of=/dev/block/bootdevice/by-name/persist
- Reboot your smartphone.
More information :
I got this problem when I restored my Miui backup after try a Custom Android 10 ROM. At each smartphone boot, I got the message "Find Device storage corrupted. Your device is unsafe now", fingerprint unlock was set on "Off", and registered fingerprint(s) was deleted. When I added a new fingerprint, it was registered (until the next boot), but didn't work.
If you do a little research, you can find a other method on some websites where you use fastboot to flash persist.img. I tried and sadly it not work ("FAILED (remote: Error: This image isn't allow download)"):
View attachment 4877981
Credit :
- Muz_paray.
Click to expand...
Click to collapse
it doesn't work anymore its says " Invalid spars file format at header magic failed to read spars file" what should do now . tried in orange fox recovery
Svg.Sakib said:
it doesn't work anymore its says " Invalid spars file format at header magic failed to read spars file" what should do now . tried in orange fox recovery
Click to expand...
Click to collapse
I had the same error and found 2 ways to solve it:
1st:
I had flashed the MIUI 11 Rom from August 27 2019. I simply replaced it by the latest stable EU Rom and the error disappeared . Next I flashed the Rom from August 27th back.
2nd:
Find device storage corrupted your device is unsafe now
1. You need Unlocked Bootloader and TWRP. You can boot in TWRP instead of flashing it.
2. Download the fastboot ROM for the device. Extract it and copy persist.img file to the internal memory of the phone. Make sure put the file in internal storage rather than in any folder.
3. Put the phone in fastboot Mode, Power Button and Volume Down key.
4. Boot in TWRP by "fastboot boot twrp.img" command.
5. In the TWRP Main Menu. Go to Advanced ------ Terminal
6. Write the below 2 lines:
simg2img /sdcard/persist.img /sdcard/persist_EXT4.img
dd if=/sdcard/persist_EXT4.img of=/dev/block/bootdevice/by-name/persist
7. Reboot the Phone and check.
Svg.Sakib said:
it doesn't work anymore its says " Invalid spars file format at header magic failed to read spars file" what should do now . tried in orange fox recovery
Click to expand...
Click to collapse
Directly flash it it persist partiton
I have a Xiaomi Redmi 4x with the latest version Miui Global 11.0.2 (NAMMIXM) on Android 7.1.2 N2G47H.
The device is locked and has error: find device storage is corrupted so because of that I can`t add my Xiaomi account to Mi Unlock status and this mean I can't unlock the bootloader, I tried to flash the official ROM again with Mi Flash but is giving me errors so can`t flash the ROM again....
What I can do?
Shepherd_47 said:
I have a Xiaomi Redmi 4x with the latest version Miui Global 11.0.2 (NAMMIXM) on Android 7.1.2 N2G47H.
The device is locked and has error: find device storage is corrupted so because of that I can`t add my Xiaomi account to Mi Unlock status and this mean I can't unlock the bootloader, I tried to flash the official ROM again with Mi Flash but is giving me errors so can`t flash the ROM again....
What I can do?
Click to expand...
Click to collapse
Also booting to twrp is not possible....
Any suggestions?
Shepherd_47 said:
Also booting to twrp is not possible....
Any suggestions?
Click to expand...
Click to collapse
The current recovery is stock recovery
Shepherd_47 said:
The current recovery is stock recovery
Click to expand...
Click to collapse
Did you get any solution, I am sailing on the same boat?
prasanth1947 said:
Did you get any solution, I am sailing on the same boat?
Click to expand...
Click to collapse
Yes
So the solution is to log in to the device on Mi account with the mi account used to unlock the device. So basically you can unlock again the device but with the same Mi account used on the first attempt. If normal log in to Mi account is not possible, try to log in using google (press google icon on the bottom-you must have Google account in the phone, and it must be linked with mi account. After that i just launched miflash_unlock-en-5.5.224.24 and it worked instantly.
I didn't add mi account to mi unlock status even and still was working.
So the key is mi account used for device unlock for the first time- ( DIDN`T WORKED WITH OTHER MI ACCOUNTS)
Shepherd_47 said:
Yes
So the solution is to log in to the device on Mi account with the mi account used to unlock the device. So basically you can unlock again the device but with the same Mi account used on the first attempt. If normal log in to Mi account is not possible, try to log in using google (press google icon on the bottom-you must have Google account in the phone, and it must be linked with mi account. After that i just launched miflash_unlock-en-5.5.224.24 and it worked instantly.
I didn't add mi account to mi unlock status even and still was working.
So the key is mi account used for device unlock for the first time- ( DIDN`T WORKED WITH OTHER MI ACCOUNTS)
Click to expand...
Click to collapse
I will try to post more info about this later, contact me if you need help
Shepherd_47 said:
I will try to post more info about this later, contact me if you need help
Click to expand...
Click to collapse
buy the way this is the solution for UNLOCKING DEVICE, after that is easy, just install Minimal ADB and Fastboot and download recovery for your phone, put recovery in the Minimal ADB and Fastboot folder and open Minimal ADB and Fastboot and run command: fastboot flash recovery recovery.img
after that fastboot boot recovery.img
and you are in TWRP - from there is easy to ,,fix find device storage is corrupt" if you have that error...
working for Redmi Note 7/7S Lavender
Had the same issue with my F3. I know this thread is a bit old. But I am in no really luck. I tried this method but it doesn't work. It says an error " invalid sparse file format at header magic
Failed to read sparse".
ram1MB said:
Had the same issue with my F3. I know this thread is a bit old. But I am in no really luck. I tried this method but it doesn't work. It says an error " invalid sparse file format at header magic
Failed to read sparse".
Click to expand...
Click to collapse
Alternatively, you can flash it with twrp. Copy persist image to internal storage, boot to twrp, select "Flash Image" by pressing the big button located at lower right, select the image file and upon selection the twrp shows another window to choose what are you flashing. Choose "Persist" and slide to flash, it takes just one or two seconds and after that just reboot. I had this problem earlier and fixed by completing these steps.
This thread is very useful. Many thanks to @SkullDead and Muz_paray
ammaralidj said:
Alternatively, you can flash it with twrp. Copy persist image to internal storage, boot to twrp, select "Flash Image" by pressing the big button located at lower right, select the image file and upon selection the twrp shows another window to choose what are you flashing. Choose "Persist" and slide to flash, it takes just one or two seconds and after that just reboot. I had this problem earlier and fixed by completing these steps.
This thread is very useful. Many thanks to @SkullDead and Muz_paray
Click to expand...
Click to collapse
I had this issue as well, thanks a lot for this thread! Fix worked, and I had safely returned to stock.
Worked for me on redmi y1 UGG no sensor, wifi, BT and location was not working post doing this everything started working again, thanks a lot.
taratay said:
I had this issue as well, thanks a lot for this thread! Fix worked, and I had safely returned to stock.
Click to expand...
Click to collapse
i cannot find presist.img file for redmi note 10 mojito. it is not present in rom folder. where to find it
haris43242 said:
i cannot find presist.img file for redmi note 10 mojito. it is not present in rom folder. where to find it
Click to expand...
Click to collapse
Hi haris43242 try this topic https://forum.xda-developers.com/t/persist-file-redmi-note-10.4312093/
my device is MI 11x and I'm facing this issue. I tried all these methods but nothing happens, the error is still there.
also, MI 11x has A/B partition, and TWRP and OrangeFox both don't show the persist partition.
can anyone help me with this?
Well guys, its finally here!! You can finally unbrick your device without any jtag,medusa, octopus box!!
DISCLAIMER: IM NOT RESPONSIBLE IF THIS DOES SOMETHING BAD TO YOUR DEVICE WHICH IT SHOULDNT.
WARNING: THIS WILL DELETE EVERYTHING IN THE INTERNAL STORAGE OF THE DEVICE!!
FAQ"
1.,)My phone blinks red and i cant boot into 9008 mode at all. What can i do?
A. From what ive expreniced, you need to take out the back and touch two test points on the g7 while connected to the pc with a tweezer.
from another thread :
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
2,) I keep getting shara failed, the firehose is in the right folder and the xml files as well. Everything is in the same folder.
A. There are two reasons why it may fail.
1 Make sure you install the drivers correctly.!! Windows 10 has driver signature enforcment enabled on default so you need to disable that and install the 9008 drivers. To check if your drivers are installed correctly open up Device manager via searching it in the windows bar then go into ports and make sure theres no question mark or an yellow exclamation (!) sign next to it. If there is you have you disable signature enforcement and install the drivers manually. To do that you can google it cause theres a bunch of ways to do it.
2. if the drivers are installed correctly then you should try two things. One run it as admin and check if you can open up parition manager or load the files. and two is to reboot into edl mode by holding down Vol - and then power then once it turns off and on again at the lg logo, hold it down and reboot into edl mode again.
3.Red case:
You may have the red case cause you locked your bootloader by accident or you never unlocked it or something happened. Just use this guide to flash the abl file https://forum.xda-developers.com/lg-g7-thinq/how-to/how-to-partitions-flash-abl-t-mo-t4051249 then do fastboot oem unlock then flash back the abl for your android verison.
Requirments:
-A computer of course
-USB cable to connect your phone to the pc
-This oreo firmware https://lg-firmwares.com/downloads-file/17341/G710ULM11g_01_NAO_US_OP_1112.kdz
-The unbrick files from here: https://drive.google.com/open?id=1gozwGTc8BT1w_gb230GUT4RP_Mwe5fz4
-KDZ Tools: https://github.com/ANEP-ET/kdztools/archive/master.zip
-Python installed :https://www.python.org/downloads/
Steps:
AA. You can download this, extract them and skip steps 1, and 5-9
https://drive.google.com/file/d/19JBomkFdFglUqFhF3jFsJ-H2WJN4Dwp0/view?usp=sharing Thanks to @avilav
BB. You can do it your self too ill leave them in the steps
1. Download and install python
PYTHON INSTALL STEPS:
a. Download and install python 2.7
b.Download and install C++ Compiler for python2.7: https://www.microsoft.com/en-us/download/details.aspx?id=44266
c. Download and install thus redistruble
https://www.microsoft.com/en-us/download/details.aspx?id=48145
D. After everything is done installing open C:/Python2.7/Scripts folder and right click and open powershell
E. Type CMD then enter and then put
Code:
pip install zstandard
F. After thats done continue with the next steps. And you can close that window
2, Download all the files above and extract them into one folder. Make sure to extract everything INSIDE the kdztools folder.
3. Run the qpst file you extracted and install it
4. A.If your phone is already in 9008 mode and stuck there make sure to hold down and power for at least 10-20 seconds while connected to your pc and should reboot back to it.
B. If it doesnt boot into download mode or android at all but theres a picture or bootlooping or at fastboot mode etc... or at the white lg logo: https://www.youtube.com/watch?v=__MY0qB1G8c use this tutorial to boot into 9008 mode. Plug your device into the computer, then hold power then down the turn it off and then quicky let go of power and press and hold power then rapidly press the vol+ button and you should be at a black screen and should be in 9008 mode. To check: Open up device manager and check ports and should say qualcomm 9008 mode. If it says something like qhubulk usb an theres an exclamation on it make sure to right click update drivers and search automatically on the internet. Otherwise youre gonna have to find the drivers your self online which isnt hard.
5. Once you confirm that you are there right click in the folder where you extracted everything open up Powershell or if you have it to set to command prompt open that.
6. In powershell type cmd and press enter.
7. Type:
Code:
unkdz.py -f G710ULM11g_01_NAO_US_OP_1112.kdz -x
then press enter
8. Wait a while and ignore the warning about offsets and stuff like that and dont close it yet.
9. After its done open up the kdz extracted folder and move the .dz file it generated back into where you extracted everything and then run this command in that same command prompt:
Code:
undz.py -f G71011g_01.dz -c
10. Wait while this also finishes, again ignore the warnings.
11. Place the rawprogramfiles0-6.xml's into the dzextracted folder it created this time
12. Now its time to flash, so open up qfil, you can just search it in the search bar on windows 10.
13. In the qfil window, select click configuration on top then firehouse configuration then make sure you change device type to UFS then click ok
14. Select Flat Build then in the programmer path select the prog_ufs_firehose_Sdm845_lge.elf file.
15. In the search path put the location of the dzextracted where all the files are extracted should be where theres a bunch of different bins
16. In the Rawprogram and Patch place click load xml then navigate to where the rawprogramfiles are (should be where dzextracted ) if you dont see it. If you do see it then shift then click Rawprogramfile0 then Rawprogramfile6 and it should select all of them. Then it should say select patch file. just click cancel on the patch file.
17. Click download and it should start flashing the files and wait till it done.
18 Hold power and down for 10-20s it should reboot and it should be able to boot android. It may restart once so it erases user data.
19. You should be able to boot into android now
If it doesnt boot:
You should be able to enter download mode now to flash fw with lgup
Lets Thank:
@Xsavi For finding the firehose file for sdm devices
@quickwshell for the rawprogram generator.
THANK YOU!!!!!!!!!!!!!!
Thank you thank you it worked with my lg g7 g710n
Hi there,
is there a way to recover my lost s/n number with that?
And many thanks for your work!
bongster said:
Hi there,
is there a way to recover my lost s/n number with that?
And many thanks for your work!
Click to expand...
Click to collapse
I can restore you S / N
motogvasyag said:
I can restore you S / N
Click to expand...
Click to collapse
Hi,
and how do you do that?
heres another link for the kdz if the lge link is slow
https://androidfilehost.com/?fid=4349826312261728482
Where to enter "D. after the installation is complete, go back to another cmd window and type: pip install zstandard"? In adb, python?
Smouk said:
Where to enter "D. after the installation is complete, go back to another cmd window and type: pip install zstandard"? In adb, python?
Click to expand...
Click to collapse
The python windiw where you opened the script folder
Smouk said:
Where to enter "D. after the installation is complete, go back to another cmd window and type: pip install zstandard"? In adb, python?
Click to expand...
Click to collapse
It'z easier to use Cygwin. Download it and install. Open Cygwin
After the $ type pip install zstandard as zstd press enter it will find the .whl file it needs to run in python to extract any dz file your having problems with or other files you need for python.
Hi, @Awesomeslayerg, would your method wipe efs along with s/n or imei?
zacox123 said:
Hi, @Awesomeslayerg, would your method wipe efs along with s/n or imei?
Click to expand...
Click to collapse
Possibly, depends how you bricked it.
can anyone provide the extracted *11g kdz* files in a link. i managed to run evrything exept to extract the *G71011g_01.dz* in python. its says that the zstandard tool not found, and dosnt extract with LG_Firmware_Extract_v1.2.6.1 eather , idont know why.
or help me with the *prog_ufs_firehose_Sdm845_lge* and *rawprograms* for the *G710ULM21d_00_NAO_US_OP_0711.kdz* firmware to flash pie
thnks for your help frnds plz help me
ghani mal said:
can anyone provide the extracted *11g kdz* files in a link. i managed to run evrything exept to extract the *G71011g_01.dz* in python. its says that the zstandard tool not found, and dosnt extract with LG_Firmware_Extract_v1.2.6.1 eather , idont know why.
or help me with the *prog_ufs_firehose_Sdm845_lge* and *rawprograms* for the *G710ULM21d_00_NAO_US_OP_0711.kdz* firmware to flash pie
thnks for your help frnds plz help me
Click to expand...
Click to collapse
Cross flash to the G710ULM21d_00_NAO_US_OP_0711.kdz and use qfil to backup what you need. (Boot_a.img, Boot_b.img).
Here's a good guide to help you. It's from the of LG v40 forum but you can use it for your device.
https://forum.xda-developers.com/lg-v40/development/unlock-lg-v40-via-9008-root-t-mobile-t4042207
Remember all this is at your own risk!!! Good luck.
All the files you need are in the thread.
netookska05 said:
Cross flash to the G710ULM21d_00_NAO_US_OP_0711.kdz and use qfil to backup what you need. (Boot_a.img, Boot_b.img).
Here's a good guide to help you. It's from the of LG v40 forum but you can use it for your device.
https://forum.xda-developers.com/lg-v40/development/unlock-lg-v40-via-9008-root-t-mobile-t4042207
Remember all this is at your own risk!!! Good luck.
All the files you need are in the thread.
Click to expand...
Click to collapse
i want to flash 11g oreo rom and i need somone to provide 11g firmware extracted files; to flash it. i get erour when i flash the 21d firmare cause of *size does not match*, so if you can just provide a link to the 11g firmware extracted files in *androidfilehost* or *mega* i will be greatfull
thank you
ghani mal said:
i want to flash 11g oreo rom and i need somone to provide 11g firmware extracted files; to flash it. i get erour when i flash the 21d firmare cause of *size does not match*, so if you can just provide a link to the 11g firmware extracted files in *androidfilehost* or *mega* i will be greatfull
thank you
Click to expand...
Click to collapse
How are you flashing the 21d kdz?
netookska05 said:
How are you flashing the 21d kdz?
Click to expand...
Click to collapse
I extracted it with lg kdz extractor and try to flash it with the files that's found on top of this thread (rawfiles and everything else) exept the extracted files i changed theme to the 21d firmware.
ghani mal said:
I extracted it with lg kdz extractor and try to flash it with the files that's found on top of this thread (rawfiles and everything else) exept the extracted files i changed theme to the 21d firmware.
Click to expand...
Click to collapse
So your device is bricked? I can share the kdz and dz files. Let me get things together and I will provide a link.
ghani mal said:
I extracted it with lg kdz extractor and try to flash it with the files that's found on top of this thread (rawfiles and everything else) exept the extracted files i changed theme to the 21d firmware.
Click to expand...
Click to collapse
You cant use the 21d with the rawprogran files. These are only for that oreo kdz. You can flash them back to pie later.
Awesomeslayerg said:
You cant use the 21d with the rawprogran files. These are only for that oreo kdz. You can flash them back to pie later.
Click to expand...
Click to collapse
This is why i need oreo files, to flash them but i couldn't extract this firmware 11g , if you did extract it could you upload them for me, and thank you for your help.
netookska05 said:
So your device is bricked? I can share the kdz and dz files. Let me get things together and I will provide a link.
Click to expand...
Click to collapse
Thanks man for your help, i am waiting....
Hi
in this thread i will show you how to do each of this:
POCO X3 PRO{vayu}
1.TWRP+ROOT
2.RSA DISABLE
3.DIAG MODE
4.EFS RESET
5.IMEI REPAIR
without Any Box.
----------
***********You Will Do it By Your Responsibility and I'm not Responsible for any damage to your Device,Read Thread Carefully and then Do it and try not to mess your device*********
--------
Requirements:
-Iphone 6 Board for its Resistor
-Xiaomi Imei Tool Link
-Qpst Link
-Twrp + EFS Reset Tool Link
-Magisk 23 zip file Link
-Magisk Manager APP Link
-Stock Firmware Link
-Eng Firmware LINK >>>>File Password is : iaasteam.com<<<<<<
--------
I Did All of this Steps and Job Done this Means Its Tested dont Blame me For Any Damage to Your Device
Do it Just if you know What you Do
Not for Newbies
---------------
Some Poco X3 Pro Devices Bootloop After EFS Reset:
it can caused Becuase of Firmware Security or RSA Encryption of Device Imei:
We Have Two Method For this:
1.Flash ENG Rom Then Continue The Steps 1 to 4 and no need root(Because ENG rom have root access already)
2.Do entire Steps on stock Firmware then if it gives error try method 1
But if Not if this methods Work Problem is with the Step 1.RSA DISABLE and you should Check You Resistor
---------------
1.RSA DISABLE
You Should Disable RSA of the Phone To Write Imei on it.
For this
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Remove this resistor and Change it with Picture 2 from Iphone 6 Board 50k resistor
for better Performance of work you can Measure its kohm by ohm meter it should be 45 to 50k by ohm meter
replace the resistor in picture one with this
------------
First Time We do entire of Job on stock Firmware if firmware security Prevent us to do our work then we flash the phone with eng firmware,and eng firmware no need root just need flash twrp
-----------
2.TWRP + ROOT
Download Reqirment TWRP + EFS RESET TOOL
Reboot phone in fastboot and connect it to pc
run .bat file and press key 1
twrp will be flashed
Wipe/factory reset Phone by twrp if storage not shown for installing packages reboot agian to twrp
Download Magisk zip and Apk from reqirement
****Go to Backup Section of TWRP>Check EFS Partition>Back it up and Copy it to PC for Avoid Baseband null***** And then Continue the other Steps
Connect Phone to pc
Copy Magisk23.zip to phone storage and install it by twrp
Reboot phone to system
and install Magisk Manager
Now phone Should Be Rooted.
Each time you reboot your phone from Recovery to system,TWRP recovery will be deleted onm your phone
when you see your phone rooted
----------
3.DiagPort & QCN Backup & Modify
Download QPST in reqirement
Xiaomi Imei Tool in reqirement
Install Xiaomi Imei Tool
View attachment 5515295
Connect phone to pc in normal Mode
Enable USB Debugging and Select File Transfer mode on phone
Click Open Diag Port now your diag prot enabled
***** Do not use Xiaomi Imei tool QPST******
Install QPST from Reqirements Section
Run QPST Configuration(you can search in start menu for it Because it dont have shortcut in desktop)
QPST Configuration Detect Your phone in diag mode then
Click on Start Clinets>Software Download>Backup
Backup QCN And Xqcn Both(QCN is enough but I suggest you to backup both of them)
when you backed up Qcn
Open Xiaomi Imei Tool
And run QCN Editor
View attachment 5515301
1.select Qcn file you Backed Up
2.Select Registration Method on 2Sim Like in picture
3.Write Imei 1 and imei 2
4.Click Create Button and Save our Modified QCN.
--------------------
4.EFS Reset And Modified QCN Restore(Imei Repair)
Warning:You should Backed up your EFS By TWRP in STEP 2 and Copied it in PC And Then Come To This Step
Reboot your Phone to Fastboot
-Open TWRP+EFS reset .bat file you downloaded in step 2
-press 1 and wait untill phone reboots to twrp recovery
-in the .Bat File Menu press key 2 when phone already is in twrp menu
-Reboot Phone to system Again Now Efs Reseted and Phone Dont Have IMEI
*******If You Dont Replaced Correct Resistor in Step 1 then your phone should give you NV Data Corrupted Error in this Step or Phone Restarts Each Time********
-When Phone Comes Up Enable Diag port Again and run QPST
Run QPST Configuration(you can search in start menu for it Because it dont have shortcut in desktop)
QPST Configuration Detect Your phone in diag mode then
Click on Start Clinets>Software Download>Restore
Select Modified Qcn that you Created By Xiaomi Imei Tool in Step 3 and Push Start.
Wait Untill Progress Done And Phone Reboots.
Now You Should Have Poco X3 pro Dual Imei Repaired.
If you Get Any Error Just Read Troubleshooting Section
--------------------------------
*****************Troubleshooting****************
1-After EFS Reset Phone Restarts and dont Work Correct
A:it can caused by two problem: 1- firmware security 2-Resistor Change Problem
For Firmware Security:
-Download ENG Firmware From Requirement section and Flash it by fastboot
-then Reboot To Fastboot again Flash Twrp recovery and do not try to root ENG firmware(Because it have Root Access by default)
-In Twrp Reset EFS Again In Step 4
-Reboot to ENG firmware and Enable Diag Port and Write Modified Qcn
-Flash Global Stock Firmware i have linked to requirement no diffrence at all you can flash any version of global firmware
***If Again Problem Not fixed It's your 50k Resistor Changing Problem and you should check it***
2-When I Enable Diag Port QPST Can not find my phone
A:Just Check You Drivers And Device Manager
--------------------------------
*****In Some Websites Says You Need ENG QCN for imei repair,No need of ENG QCN Just Modify Phones Original QCN******
--------------------------------
Files Uploaded To mega.nz and Links Stays Alive forever.
--------------------------------
Push Thanks Button,Like if this Guide fixed your problem
If you have a question, feel free to ask and I will answer as soon as possible
***********You Will Do it By Your Responsibility and I'm not Responsible for any damage to your Device,Read Thread Carefully and then Do it and try not to mess your device*********
I have a question, if I have a Poco X3 Pro with a blank imei and an unknown baseband, I don't have the EFS backup or the box where the imei comes from, changing the resistance and following the step-by-step guide could I recover the imei?
felixpaz1992 said:
I have a question, if I have a Poco X3 Pro with a blank imei and an unknown baseband, I don't have the EFS backup or the box where the imei comes from, changing the resistance and following the step-by-step guide could I recover the imei?
Click to expand...
Click to collapse
if problem not with the hardware
yes of course you can fix it
when you remove resistance and disable rsa
and write its original imei on it.
Any change in the imei ID of the device is illegal in most countries, please respect the law.and Also respect XDA Law about it.
I've reverted the OP and thread title as they were, as well as unlocking it, and will PM all appropriate users.
Thank you.
roirraW edor ehT said:
I've reverted the OP and thread title as they were, as well as unlocking it, and will PM all appropriate users.
Thank you.
Click to expand...
Click to collapse
Thank you, I took the time to write this
Thank you for your positive management
After removing the resistor can it be re-installed?
Jssdje said:
After removing the resistor can it be re-installed?
Click to expand...
Click to collapse
no then rsa enabled again
Non of one of your attachment are available please update the pictures of resistor pic
Thanks
mosirezaei said:
Non of one of your attachment are available please update the pictures of resistor pic
Thanks
Click to expand...
Click to collapse
Hi thank you for report i have uploaded them but now the attachments deleted
wait untill tomorrow i will fix it
dashti.95 said:
Hi thank you for report i have uploaded them but now the attachments deleted
wait untill tomorrow i will fix it
Click to expand...
Click to collapse
Hello
I still waiting for the attachment photos of resistors
if you can send it to my email will be great
[email protected],com
thanks bro
backup efs eng firmware mode .backup was saved fsc,fsg,modemst1 and modemst2. after reset efs baseband unknown. flash backup partition in fastboot mode. still baseband unknown.
problem solved by write qcn.
alak said:
backup efs eng firmware mode .backup was saved fsc,fsg,modemst1 and modemst2. after reset efs baseband unknown. flash backup partition in fastboot mode. still baseband unknown.
problem solved by write qcn.
Click to expand...
Click to collapse
Can you give me the qcn please....
Mail : [email protected]
kallumama said:
Can you give me the qcn please....
Mail : [email protected]
Click to expand...
Click to collapse
tomorrow i will send you
I repair 2nd Imei of Poco X3 pro Vayu from UMT RSA method in eng Rom. I get backup of QCN. it shows imei1 0 imei2 (86*************12) but when I flash global rom. it shows NV data corrupt. I again flash ENG rom. write that backup QCN it shows Original IMEI's but when I flashed Global Rom It shows nv data error again. although Original imei of that Phone. I erase efs from Fastboot that also doesn't help me. what is the problem & how to solve it.
can I flash custom rom for mobile work normally without sim?
or custom rom doesn't help?
if any firmware that solve my problem & phone work normally (without sim) kindly tell me.
saqibsm said:
I repair 2nd Imei of Poco X3 pro Vayu from UMT RSA method in eng Rom. I get backup of QCN. it shows imei1 0 imei2 (86*************12) but when I flash global rom. it shows NV data corrupt. I again flash ENG rom. write that backup QCN it shows Original IMEI's but when I flashed Global Rom It shows nv data error again. although Original imei of that Phone. I erase efs from Fastboot that also doesn't help me. what is the problem & how to solve it.
can I flash custom rom for mobile work normally without sim?
or custom rom doesn't help?
if any firmware that solve my problem & phone work normally (without sim) kindly tell me.
Click to expand...
Click to collapse
1.What Flasher you using to flash data?
2.give me a list of files in your firmware directory please list it for me.
I need to know because:
In qualcomm series of xiaomi phones you have a file named *NON-HLOS*
You should use NON-HLOS file from eng Rom not the original file from global rom.(NON-HLOS file is eng modem file)
give me info i will help you
dashti.95 said:
1.What Flasher you using to flash data?
2.give me a list of files in your firmware directory please list it for me.
I need to know because:
In qualcomm series of xiaomi phones you have a file named *NON-HLOS*
You should use NON-HLOS file from eng Rom not the original file from global rom.(NON-HLOS file is eng modem file)
give me info i will help you
Click to expand...
Click to collapse
I have a doubt in which directory of the ENG Rom I find the NON-HLOS file and if I can back it up, I "install" it in the global Rom, would the QCN written when it was in the ENG Rom work?
dashti.95 said:
1.What Flasher you using to flash data?
2.give me a list of files in your firmware directory please list it for me.
I need to know because:
In qualcomm series of xiaomi phones you have a file named *NON-HLOS*
You should use NON-HLOS file from eng Rom not the original file from global rom.(NON-HLOS file is eng modem file)
give me info i will help you
Click to expand...
Click to collapse
I have followed the guide, I was able to recover the original imei that came in the box, I have changed the 50ohm resistor, when I go back to stock rom I have baseband, I have both imei, but I have no signal, if I want to call a message appears saying "deactivate the airplane mode to call"
felixpaz1992 said:
I have followed the guide, I was able to recover the original imei that came in the box, I have changed the 50ohm resistor, when I go back to stock rom I have baseband, I have both imei, but I have no signal, if I want to call a message appears saying "deactivate the airplane mode to call"
Click to expand...
Click to collapse
Its because of qcn you used its not compatible with your device.
dashti.95 said:
Its because of qcn you used its not compatible with your device.
Click to expand...
Click to collapse
I used the published QCN ENG and edited it with the imei that I found in the original box of the equipment, now both imei appear in the global Rom but I have the ghost plane mode, absolutely everything works except the mobile radio
felixpaz1992 said:
I have followed the guide, I was able to recover the original imei that came in the box, I have changed the 50ohm resistor, when I go back to stock rom I have baseband, I have both imei, but I have no signal, if I want to call a message appears saying "deactivate the airplane mode to call"
Click to expand...
Click to collapse
two questions:
1.Which NON-HLOS you used?Stock or Eng?
2.What type of Qcn you used?.xqcn or .qcn?
Crossflash guide for AT&T LG V60Firstly I wanna give a special thanks to DK and @kim12355 (Mama Tao), without them this guide wouldn't be possible. Also great thanks to all guys on the Telegram Group. This guide was based on tbl-locksmiths's and @crimsonrommer's work.
This guide's purpose is to have your device crossflashed, not rooting or unlocking the bootloader. Doing this guide will grant you the latest and greatest LG software while also having safetynet enabled and L1 widevine (which is required for streaming HD content from netflix, for instance).
note: this method was tested on my own personal V60. This may work on other variants, although not tested.
Code:
#include <std_disclaimer.h>
/*
* Your warranty is... still valid?
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about this guide before doing it!
* YOU are choosing to make these modifications, and if you point the finger
* at me for messing up your device, I will laugh at you.
*/
With that out of the way, let's begin. This guide will contain four sections. You can see them down below. They are useful on their own.
1 - Backing up your data1.1 Prerequisites1.1.1 QFIL Setup1.1.1.1 QFIL FireHose Setup1.1.1.2 QFIL Build Setup1.2 Backing up your data with QFIL1.2.1 Entering into 9008 mode1.2.2 Connecting Phone to QFIL1.2.3 Backing up partitions1.2.4 Loading backed up partitions2 - Loading custom bootloader2.1 Prerequisites2.2 Loading custom bootloader3 - Crossflashing3.1 Prerequisites3.2 Backing up and erasing partitions3.3 Flashing rom with LGUP4 - Fixing Serial Number and NT Code4.1 Prerequisites 4.2 Finding out your serial4.3 Patching your new ftm
--------------------- ||| ---------------------
1 - Backing up your data1.1 PrerequisitesFor this section you'll only need:
QPST
Qualcomm Drivers
Firehose
Firstly, install QPST and Qualcomm Drivers. In qualcomm drivers, select WWAN. From QPST, You'll need the QFIL utility.
1.1.1 QFIL Setup
Spoiler: 1.1.1.1 QFIL FireHose Setup
Open up QFIL. First go to Configuration -> FireHose Configuration and click it. Configure it like shown:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Spoiler: 1.1.1.2 QFIL Build Setup
note: You need to do this step every time QFIL opens.
On QFIL initial screen, select "Flat Build" as the build type.
Under the Select Programmer section, on the Programmer Path field, click Browse... and choose the Firehose file.
1.2 Backing up your data with QFIL
Spoiler: 1.2.1 Entering into 9008 mode
Firstly make sure to have your device connected to your PC.
Follow these steps:
Hold (Vol -) and (Power) until the phone shuts down
After the phone screen shuts down, keep pressing the two previous buttons, and tap quickly on (Vol +) to enter 9008 mode. You know you entered it when your PC makes a "device connected" sound.
Spoiler: 1.2.2 Connecting Phone to QFIL
After entering 9008 mode with your phone, open up QFIL, set it up (see 1.1.1), and click on Select Port.., you'll see your device named as Qualcomm HS-USB QDLoader 9008
click OK and you're done connecting.
Spoiler: 1.2.3 Backing up partitions
After setting up your device and connecting it to QFIL, it is now time to back up your phone.
Go to Tools -> Partition Manager
Confirm that you put the correct firehose file for the LG V60
Now it is time to back up your partitions.
Pick a partition, right click and click on Manage Partition Data
The Raw Data Manager window will open, you click Read Data... to save the partition to your PC.
By default, QFIL saves the partition data to %appdata%\Qualcomm\QFIL\COMPORT_X\ where X is your COM Port number.
Once you access the folder, rename it so you can organize it your self.
Tip: sort by modification date, it will make handling these files easier
If you are doing a full backup, I suggest you to backup all your partitions, except userdata (this one contains user info, and it is very big to back up and transfer it via USB).
Spoiler: 1.2.4 Loading backed up partitions
If something went wrong, you can always flash back your backed up partitions. Open up QFIL and follow these steps:
Go to Tools -> Partition Manager
Confirm that you put the correct firehose file for the LG V60
Now it is time to load your backed up partitions.
Pick a partition, right click and click on Manage Partition Data
Click on Load Image... and select your backed up partition.
2 - Loading custom bootloader
2.1 Prerequisites
QFIL Set up (see 1.1.1)
Custom ABL
Spoiler: 2.2 Loading custom bootloader
Firstly go to QFIL's partition manager (see 1.2.2 and 1.2.3)
We will be overwriting the device's bootloader (abl_a and abl_b), so make sure to back those partitions up (see 1.2.3).
After backing up your partitions, go to abl_a and abl_b, and load the ABL_ENG_V60.bin to them.
Now you'll have a custom bootloader capable of doing crossflashes.
3 - Crossflashing
3.1 Prerequisites
QFIL Set up (see 1.1.1)
LGUP (make sure to install LG Drivers)
KDZ (I download from here)
Spoiler: 3.2 Backing up and erasing partitions
For this section, you'll need to backup the following partitions (see 1.2):
ftm
op_a
op_b
modem_a
modem_b
sid_a
sid_b
all LUN 5 partitions
After backing them up, erase the following partitions:
ftm
op_a
op_b
modem_a
modem_b
sid_a
sid_b
You erase each partition by going to the raw data manager and clicking Erase
note: Do not let the phone to begin to boot! If it begins to boot, it may regenerate the SID and FTM partitions data and so you need to redo the whole erasing step. go straight to 3.3
Spoiler: 3.3 Flashing rom with LGUP
Now that you backed up and erased the proper partitions, it is time to flash your new KDZ to your phone.
Your phone may still be on 9008 mode so you'll need to put it on Download Mode so LGUP can flash it.
Follow these steps:
Force your phone to reboot by pressing (Vol -) and (Power) at the same time.
Once it disconnects from windows, release all previous buttons and press and hold (Vol +) until it enters download mode.
Once it enters download mode, open LGUP and select Partition DL.
Click on the three dots and choose your kdz file.
Click ok, then a partition list window will show.
Select every partition by hand (DO NOT CLICK Select ALL) EXCEPT
sid_a
sid_b
abl_a
abl_b
Then click ok . It will flash the KDZ to your device.
4 - Fixing Serial Number and NT Code
4.1 Prerequisites
QFIL Set up (see 1.1.1)
HxD
ftm partition backed up
Spoiler: 4.2 Finding out your serial
Firstly, get your backed up ftm partition (see 1.2.3 for backing up partitions) and open it up on HxD.
Hit CTRL + G on your keyboard and type in 12000 (in hex).
This is your serial. Write it up somewhere.,
Spoiler: 4.3 Patching your new ftm
You'll need your new ftm partition after the crossflash is done. (See 1.2.3 and 1.2.4 for reading and backing partitions up).
Firstly let's fix the serial code:
Open up your new ftm partition on HxD.
Go to ( CTRL + G ) 12000 (in hex).
Paste over ( CTRL + B ) your serial number.
The altered part will look red.
Now let's fix the NT code. You'll need to find the correct NT code (see post #2) for your KDZ.
Mine was named V600TM30d_00_USC_US_OP_0823, so the correct NT code for mine will be USC_US.
note: EA KDZs will use OPEN_EU NT code.
So the NT code for my KDZ is "1","FFF,FFF,FFFFFFFF,FFFFFFFF,81".
Let's fix the NT code by doing those steps:
Go to ( CTRL + G ) 14000 (in hex).
Paste over ( CTRL + B ) the NT code.
The altered part will look red.
After doing those steps, save the file and write it to the device (see 1.2.4).
after loading the image, you are good to go!
NT Code List
Code:
OPEN_KR "1","FFF,FFF,FFFFFFFF,FFFFFFFF,60"
SKT_KR "1","FFF,FFF,FFFFFFFF,FFFFFFFF,61"
KT_KR "1","FFF,FFF,FFFFFFFF,FFFFFFFF,62"
LGU_KR "1","FFF,FFF,FFFFFFFF,FFFFFFFF,63"
ATT_US "1","310,160,6D38FFFF,FFFFFFFF,FF"
TMO_US "1","310,260,FFFFFFFF,FFFFFFFF,FF"
USC_US "1","FFF,FFF,FFFFFFFF,FFFFFFFF,81"
OPEN_CA "1","FFF,FFF,FFFFFFFF,FFFFFFFF,82"
AMZ_US "1","FFF,FFF,FFFFFFFF,FFFFFFFF,83"
OPEN_EU "1","FFF,FFF,FFFFFFFF,FFFFFFFF,11"
OPEN_CIS "1","FFF,FFF,FFFFFFFF,FFFFFFFF,12"
OPEN_RU "1","FFF,FFF,FFFFFFFF,FFFFFFFF,13"
OPEN_SCA "1","FFF,FFF,FFFFFFFF,FFFFFFFF,31"
OPEN_ESA "1","FFF,FFF,FFFFFFFF,FFFFFFFF,51"
OPEN_HK "1","FFF,FFF,FFFFFFFF,FFFFFFFF,54"
OPEN_TW "1","FFF,FFF,FFFFFFFF,FFFFFFFF,55"
OPEN_SG "1","FFF,FFF,FFFFFFFF,FFFFFFFF,56"
OPEN_AU "1","FFF,FFF,FFFFFFFF,FFFFFFFF,57"
OPEN_AME "1","FFF,FFF,FFFFFFFF,FFFFFFFF,71"
OPEN_CN "1","FFF,FFF,FFFFFFFF,FFFFFFFF,91"
TMO_COM "1","262,01F,FFFFFFFF,FFFFFFFF,FF"
ORG_COM "1","208,01F,FFFFFFFF,FFFFFFFF,FF"
H3G_COM "1","222,99F,FFFFFFFF,FFFFFFFF,FF"
TMN_PT "1","268,06F,FFFFFFFF,FFFFFFFF,01"
PLS_PL "1","260,01F,FFFFFFFF,FFFFFFFF,FF"
P4P_PL "1","260,06F,FFFFFFFF,FFFFFFFF,FF"
O2_GB "1","234,10F,FFFFFFFF,FFFFFFFF,FF"
VIV_BR "1","724,06F,FFFFFFFF,FFFFFFFF,FF"
CLR_BR "1","724,05F,FFFFFFFF,FFFFFFFF,FF"
TIM_BR "1","724,02F,FFFFFFFF,FFFFFFFF,FF"
BOI_BR "1","724,16F,FFFFFFFF,FFFFFFFF,FF"
TCL_MX "1","334,020,FFFFFFFF,FFFFFFFF,FF"
VZM_US "1","311,480,FFFFFFFF,FFFFFFFF,FF"
CKT_US "1","310,150,FFFFFFFF,FFFFFFFF,10"
reserved #2
Here's the NT Codes for Verizon and Cricket as well!
VZM_US "1","311,480,FFFFFFFF,FFFFFFFF,FF"
CKT_US "1","310,150,FFFFFFFF,FFFFFFFF,10"
Surgemanxx said:
Here's the NT Codes for Verizon and Cricket as well!
VZM_US "1","311,480,FFFFFFFF,FFFFFFFF,FF"
CKT_US "1","310,150,FFFFFFFF,FFFFFFFF,10"
Click to expand...
Click to collapse
thanks! Will add to the list
this great tutorial but add the title nt- code error fix and volte menu open....this was fixed by my nt code error and volte start functioning.
k.syedhussain said:
this great tutorial but add the title nt- code error fix and volte menu open....this was fixed by my nt code error and volte start functioning.
Click to expand...
Click to collapse
so you telling me that you got volte back after fixing the nt code?
lucasdessy said:
so you telling me that you got volte back after fixing the nt code?
Click to expand...
Click to collapse
Yes if you fixed nt code error your network setting will unlock
My IMEI is null after crossflashing. Also, the S/N is gone and NT code error is showing.
My Device: DOCOMO Variant
Cross Flashed EU rom.
riasatku said:
My IMEI is null after crossflashing. Also, the S/N is gone and NT code error is showing.
My Device: DOCOMO Variant
Cross Flashed EU rom.
Click to expand...
Click to collapse
You can restore the IMEI and S/N if you made a backup copy of the LUNS 5 partitions.
Surgemanxx said:
You can restore the IMEI and S/N if you made a backup copy of the LUNS 5 partitions.
Surgemanxx said:
You can restore the IMEI and S/N if you made a backup copy of the LUNS 5 partitions.
Click to expand...
Click to collapse
Yes, I backed up LUN5 partitions. After cross flash I restored ftm (LUN0) partition and LUN5 partitions. But no luck.
Click to expand...
Click to collapse
DM me @mama Tao in Telegram group.
LM-V600AM gets stuck in a boot loop after following these directions. I keep getting the g.co/abh error message. I restored erased partitions from backup and everything is back to normal.
Em0ry42 said:
LM-V600AM gets stuck in a boot loop after following these directions. I keep getting the g.co/abh error message. I restored erased partitions from backup and everything is back to normal.
Click to expand...
Click to collapse
If it's stuck in bootloop,you factory reset after you flash.That will erase any userdata that may have been left behind afterwards.
All you need is LUN 5 with my backup,and it will install with no issues!
lucasdessy said:
so you telling me that you got volte back after fixing the nt code?
Click to expand...
Click to collapse
Yes,in some instances having the correct NT code for the carrier will fix VoLTE and some connectivity problems!
Surgemanxx said:
If it's stuck in bootloop,you factory reset after you flash.That will erase any userdata that may have been left behind afterwards.
Click to expand...
Click to collapse
Pardon my ignorance, but how do I get it into recovery when it's boot looping?
Em0ry42 said:
Pardon my ignorance, but how do I get it into recovery when it's boot looping?
Click to expand...
Click to collapse
This should help you out!
Surgemanxx said:
This should help you out!
Click to expand...
Click to collapse
That's what I thought. It's not working for me, I can't get into recovery. Boot loops before we get far enough even for that. It's very quick. LG logo, then the warning message, then a reboot, back to LG logo.
I just tried again using V600TM30d_00_USC_US_OP_0823.kdz, since you specifically called that out in the guide... I'm trying to eliminate variables, but it's still failing.
I suppose it's possible I'm doing something wrong... After LGUP is finished, should I be trying to interrupt the reboot it triggers? Is it possible something is getting mangled up then? I click "Start" in LGUP and it nearly immediately starts reboot looping. LGUP reports success after a reboot countdown, then I put it back in 9008 and update the FTM partition as mentioned in the guide. I've also tried replacing the LUN5 partitions from backup as mentioned in earlier comments. No success.
Edit: Finally got into recovery, did a data reset. Boot loop resumes immediately after.
Alright, I don't know what I did differently the 7th time but it's up and running!
Hi! I'm new here. Just read the post for newbies and tried to search for a forum for my Infinix phone but I cannot find one.
If anyone knows if threads or forums related to infinix phones please let me know, thank you.
MAIN QUESTION:
Okay so ive landed here because i wanted to root my new phone, ive done it already once only because my old phone was really old so i was able to find the necessary files.
I am wondering who can i send a request to either help me find/make the necessary file like the usb driver for the specific phone as well as the image /flash file(sorry forgot the correct term)
so i can proceed with rooting my phone
Also, the senior contributors that i was supposed to ask are labelled inactive.
Phone brand&model: Infinix Hot 20 X6826C
Android version: 12
for mediatek devices use mtkclient to read partitions off device.
alecxs said:
for mediatek devices use mtkclient to read partitions off device.
Click to expand...
Click to collapse
I did a quick search and altough i cannot quite comprehend the jargons, if my assumptions are correct, mtkclient is a tool to help root my phone, correct?
EDIT: so it looks like i need a flash image or file, where do i get it? cant seem to find one(or maybe i missed it because i dont exactly know what im trying to find yet)
im unsure but i think it's this link:
Download Infinix Stock ROM for all models (Latest Firmware)
Download the latest Infinix Stock ROM Firmware (Flash File) for all the available Infinix smartphones, feature phones, and tablets.
androidmtk.com
but still can anyone confirm if im finding the correct file
alecxs said:
for mediatek devices use mtkclient to read partitions off device.
Click to expand...
Click to collapse
mtkclient is a flash tool that works similar to SP Flash Tool, but without scatter file. you can use it to read boot partition off device.
https://github.com/bkerler/mtkclient#read-flash
r = read
Code:
python mtk r boot boot.img
alecxs said:
mtkclient is a flash tool that works similar to SP Flash Tool, but without scatter file. you can use it to read boot partition off device.
https://github.com/bkerler/mtkclient#read-flash
r = read
Code:
python mtk r boot boot.img
Click to expand...
Click to collapse
it looks liek it wants me to enter recovery mode to proceed with he command but when i did it just throws me this, ive no idea what is brom or prelaoder mode
Code:
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
"Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn."
(use an online translator or ask a nearby person help you to understand)
alecxs said:
"Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn."
Click to expand...
Click to collapse
still unsuccesful though
Code:
C:\Users\hanzo\AppData\Local\Programs\Python\Python39\mtkclient>python mtk r boot,vbmeta boot.img,vbmeta.img
MTK Flash/Exploit Client V1.6.2 (c) B.Kerler 2018-2023
DeviceClass
DeviceClass - [LIB]: ←[31mCouldn't get device configuration.←[0m
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
PreLoader VCOM drivers installed? can you see phone in device manager when plugged in power off state?
alecxs said:
PreLoader VCOM drivers installed? can you see phone in device manager when plugged in power off state?
Click to expand...
Click to collapse
yes, ive installed it as far as i know with the help of this Website, did both the manual and the automatic
but unfortunately i still cant find my device on device manager on power off state
(intentionally left those devices just to show that ive installed the drivers)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
okay so i've downloaded a stock rom for my specific phone model can i use that instead to extract boot.img(will only use this as last resort)
yes, if it is the same build/release you can use it from download. double check from settings - about phone.
regarding VCOM preloader drivers, I can see you haven't installed correctly (yellow triangles)
you can assign the *.inf manually in device manager. make sure phone is powered off. keep an eye for new device in device manager, connect the usb cable.
preloader is only visible for ~1 second, it disappears immediately when phone gets power of usb. during this second, pick the new device in device manager, click on > Properties > Update Driver > Browse my computer for driver software > Let me pick from the list of device drivers on my computer > Show all devices > Have Disk > cdc-acm.inf
Now each time you connect phone in power off state, preloader is ready to get connected to flash tool for ~ 1 second.
alecxs said:
yes, if it is the same build/release you can use it from download. double check from settings - about phone.
regarding VCOM preloader drivers, I can see you haven't installed correctly (yellow triangles)
you can assign the *.inf manually in device manager. make sure phone is powered off. keep an eye for new device in device manager, connect the usb cable.
preloader is only visible for ~1 second, it disappears immediately when phone gets power of usb. during this second, pick the new device in device manager, click on > Properties > Update Driver > Browse my computer for driver software > Let me pick from the list of device drivers on my computer > Show all devices > Have Disk > cdc-acm.inf
Now each time you connect phone in power off state, preloader is ready to get connected to flash tool for ~ 1 second.
Click to expand...
Click to collapse
i did instructions but it still disappears tho resulting in same stuff appering when i try the read command on mtkclient
i keep getting this instead
Code:
C:\Users\hanzo\AppData\Local\Programs\Python\Python39\mtkclient>python mtk r boot_b boot_b.img
MTK Flash/Exploit Client V1.6.2 (c) B.Kerler 2018-2023
DeviceClass
DeviceClass - [LIB]: ←[31mCouldn't get device configuration.←[0m
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
can you see preloader in device manager? is it visible without any yellow triangle exclamation mark?
alecxs said:
can you see preloader in device manager? is it visible without any yellow triangle exclamation mark?
Click to expand...
Click to collapse
yes, i am able to see it but it only lasts like 1 sec and then it refresges and poof! its gone then the same problem occurs again
do note that
at the moment the device appears when i plug it in, i quickly entered the code
then theres a big delay then after a few minutes i'l get the same errors again
you do the opposite - first start reading/flashing, then connect phone
alecxs said:
you do the opposite - first start reading/flashing, then connect phone
Click to expand...
Click to collapse
just keeps throwing this error
Code:
..DeviceClass
DeviceClass - [LIB]: ←[31mCouldn't get device configuration.←[0m
.........
so double check build/release number from settings - about phone. then find a download for this ROM.
alecxs said:
so double check build/release number from settings - about phone. then find a download for this ROM.
Click to expand...
Click to collapse
just wanna make sure, aside from build / release number, what other aspects should i consider when downloading stock rom
alecxs said:
so double check build/release number from settings - about phone. then find a download for this ROM.
Click to expand...
Click to collapse
i have downloaded a stock rom but i still aint using it because:
The rom file is named: ""Infinix_Hot_20_X6826C_MT6768_V826_230314.zip""
the build number is "X6826C-H6927ABC-S-OP-230314V826" it somehow manage to match with ""... v826_230314" and "X6826C" on the downloaded stock rom file name, BUT
on the downloaded stock rom file too, there is this thing called "MT6768" but my cpu is "MT6769V/CZ" should i worry about it?