Originally Posted by vov120
It fails during boot.bin flashing.
I tried also with Heimdall, but with near the same result.
Heimdall is able to read PIT but at the end reports:
ERROR: Failed to receive session end confirmation!
Looks as if at the end of session SBL tries to write something into NAND and fails.
I've read somewhere that as result of "superbrick" bug, just some blocks of flash get corrupted/unavailable.
I count on that JTAG dump will contain most of 16GB data valid.
It's the main reason why I asked if it's possible to use JTAG to read flash dump of "superbrick"-ed phone.
Does it sound reasonable?
it can require some extra work. as i already said, the emmc could stop responding while reading some areas, JTAG or not. if that happens, it would require the operator to power cycle the phone, skip a guessed number of sectors, and continue dumping. you could also read backwards from the end, or just some partitions.
the point is that it may misbehave, and the operator has to want to do something about it and not just call it quits.
i9100 emmcs are known to fail from time to time. this has nothing to do with brickbug. brickbug is a bug in the implementations of the secure erase and secure trim emmc commands, and your OS never issued those. this is just a random failure.
i have talked to people with similar malfunctions out of the blue.
i have (remotely) tried two things:
1) i made custom PIT files that relocated the boot (kernel+recovery) partition to the area in the HIDDEN (ie: preload) partition (new end of storage) and also another near the beginning. the idea was to flash the PIT, then flash a kernel, then boot into recovery and dump the data. or repartition to skip the damaged area. or attempt a full emmc reset.
it didnt work. the emmc was locked in read only mode (the emmc firmware seemingly detected an unrecoverable problem and boot into that mode to let you at least read out the contents... say via JTAG). but i encourage you to google that xda thread and try the approach, it might work for you.
2) in another case, the emmc was read only too, but he was able to enter recovery. we attempted a full emmc reset (resize of the special bootloader partitions). this would have cured the emmc of damage caused by brickbug but is very dangerous because the bootloader is also wiped. if something goes wrong before you rewrite the BL, you need JTAG to recover.
it didnt work. the reset was totally ignored by the read-only emmc. curiously enough, the PIT flashing itself worked. and im willing to bet that flashes to the BL areas could have worked too. these areas of the emmc are treated in a more robust fashion and dont get handled by the same 'general' FTL in the emmc (which is what gets corrupted in these failed emmcs, i presume). you can google this thread if your are curious but you can't attempt this.
so there are your options. JTAG might fully work. if the emmc hangs, it would be better if you did the JTAGging yourself to avoid the problematic areas.