SHV-E160L Debricking Tool / Qualcomm Tool Pack V2-1

Search This thread
By:
Advanced…
darkspr1te

darkspr1te

Senior Member
Sep 24, 2012
952
595
Note to NON SHV-E160L users
This software & this thread is aimed at developers Mainly, Please don't post 3 line request like "my device is bricked , please help" as you will be ignored, if you cant do the research required to provide the right details plus finding the correct files required then this thread is not for you and you should post in the device thread for your device, This program and it's associated files & thread is NOT being actively developed but the thread remains open for user to post more information, additional files, updates from the public etc.
It's not here for lazy people to scream fix my device, can those type of users please speak to your retailer, cell phone service shop.

I will reiterate again, THIS IS A DEVELOPMENT THREAD AND NOT A REQUEST PAGE FOR "fix my device"


PLEASE NOTE: This tool only comes pre-packed with files for the Korean SHV-E160L galaxy note. Usage on other devices requires that you understand the requirements, this includes but not limited to :-

  1. 1. Alteration of the scripts to use the files specific to your device
  2. 2. Correct HEX and SD-CARD loader also known as sdcard mbn
  3. 3. Correct partition information (knowing if it's MBR/GPT or hybrid)
  4. 4. Correct bootloaders for your device (SBL1/2/3/ABOOT)

I am not currently doing further development on this tool, it is here for anyone to expand on use how they seem fit so long as the authors involved are given the credit.
Users are welcome to build and post altered versions specific to their device but PLEASE post plenty of information as to what device/model it is for or the post may be deleted to protect other less educated users.

darkspr1te


Hi All,
I've updated my Debrick tool to Version 2.
Many Changes to the base code, inclusion of new tools, Almost a one click Linux solution for Qualcomm Development and debricking of Qualcomm devices.
As documented on this thread SHV-E160L home debrick thread I debricked a qualcomm based msm8660 device without using any special devices.
my first tools were internal development and had more bugs than a sewer, so after many hours of work i can now bring this new version to you.

Please do not pm with bugs, POST HERE Only.
This tool currently only supports the SHV-E160L , if users willing to provide the files from their devices I can expand the support of this tool.
in most cases linux is required for this, a ubuntu live cd/flash will work perfectly.


New Feature, Windows Based BACKUP of partitions and bootloaders, ROOT/Python27-windows is required and cannot function without this.
*nix backup coming soon,

Rules for posting backups

Post ONLY the link here, use www.sendspace.com to upload your backup zip (remember to change the .zip filename to reflect your device, example SHV-E160L-16GB.zip )
zip up only the backup folder, not the whole program, right click on backup folder, sent to compressed folder, rename.
this program does not backup personal or device specific data like IMEI number, it only backups the bootloaders, partition table and .pit file for samsung SHV based devices
When Posting links, please include your device details well, a example would be

SHV-E160L 16 GB, 9000lang rom,

The rom part is only so if we a tracing possible backup issues that may be rom specific.
Future backup features will include automatic detection of .mbn partitions based on qualcomm header.

Support for non SHV devices will be slow, but future versions will include other devices.


Well Enjoy,

EDIT: some users are reporting cookie not present error could be fixed by using a winxp/another qpst driver windows driver. this is unconfirmed bu i thought i should mention it. 04-12/2013

Changelog:- V2-2(dev version only - not a public release)
  • added command line device/folder parameter, you can now specify a unzip copy of posted bootloaders and it will restore them
  • added additional file to specify output sectors based on getpart data, testing option for building partition0.bin by hand based on known simalr devices
  • added dev switches for wiriting specified parts only
  • added skip aboot option (for now it is specified to skip writing of aboot.mbn, public release will be opposite, you will have to force writing aboot , sbl1/2/4/tz/rpm seems to come as one package, interchangeable as a package, aboot is totally device specific)
    bugs:-
  • there is a known bug in the getpartbin.py python program, it cannot handle greater than 29 partitions.

Changelog:- V2-1
  • added windows backup.bat program to backup all bootloaders and partition0.bin
  • minor changes to code for changing device (current version support only changing of variable $DEVICE, feature will eventually be cmd line based)
  • tesing of backup files
    bugs:-
  • there is a known bug in the getpartbin.py python program, it cannot handle greater than 29 partitions, and one will to help in python please let me know. I am not the author of the program



Changelog : V2
  • Improved error checking*
  • automated qdload detection*
  • automated qdload hex & .mbn upload
  • automated detection of device in sd-card mode*
  • user input*
  • colours
  • major code changes to start support for automatic parition information & collection allowing backup to be one command and upload to a website for distribution & recovery for all
  • development documentation
  • Code changes to allow expansion to other Qualcomm devices

Sendspace Links

BrixFix V2-1-Inc Python27-Inc cwm recoveries
http://www.androidfilehost.com/?fid=9390355257214632490 mirror tanks too Marduk191

Brixfix V2-1 No Python for windows, No cwm-recovery-Slim Version
Brixfix V2-1-Super-SlimNo drivers, bootloaders, python-win.

Media Fire Links

BrixFix V2-1-Inc Python27-Inc cwm recoveries



SHV-E160K 32GB Recovery files
SHV-E160L 32GB Recovery Files
SHV-E120L Recovery Files (posted on another page)

-------------------------
Here is the README

brixfix V2
=================================
By dakrspr1te ========Doc=V=1====
=================================
Thanks To :-
E:V:A, SLS, JCSullins(Rootz Wiki), Adam Outler, many more, sorry if i've missed you out.

Warning, Although i've tested this tool many times on my own devices, it always has the potential to damage both computer & cell phone device, YOU HAVE BEEN WARNED!!!!


This tool is designed to repair SHV-E160L Korean Galaxy Note 1 based on the MSM8660 & MDM9600 Qualcomm Chips
It Only works with devices that are stuck in QDLOAD mode or 05c6:9008 as the PID/VID
It uses Tool/info Written By Others as well as myself.


Namely :-

qdload - http://github.com/jcsullins/qdloader
getpartbin.py - http://blog.csdn.net/su_ky/article/details/7773273
hex2bin - hex2bin.sourceforge.net


Instructions
############


connect Qualcomm based device to usb port on linux PC, not tested under windows via USB redirection,
on command line run
sudo ./brickfix

Follow on screen instructions, tool will detect device in QDLOAD mode (05c6:9008) and switch to DMSS protocol, upload a hex (converted to bin for this purpose)
the hex is then executed and the device switches to Streaming Protocol, at this point we write a .mbn file to the internal emmc chip, at the end of the emmc write process the device then reboots
after the reboot re-running brixfix with detect the device in the second stage for repair , the device's emmc is accssable as a sd-card, we then write back the damaged parts of the bootchain,
at a minimum you must write a new partition table or the device will always boot in sd-card mode, WARNING, failure to write the rest of the boot chain could leave your device in a situation
which give only black-screen, no usb enumeration, dead. The only way around that is jtag, or finding the Boot resistor which switches the device back to QDLOAD mode, or emergency boot.
goto http://xdaforums.com/showthread.php?t=1914359 for further details.


Come give me thanks on XDA if this tool helped you

Additional Tools (DEV Level)
===========================
getpartbin.py - A tool for backing up the primary partition & extended parition tables and combines them into a writable parition0.bin file (python)
qdload.pl - A tool for talking in the HDLC framed DMSS & Streaming Protocol's used by Qualcomm (Perl)
switchmode.sh - A executes qdload.pl for msm8660 device upload
get-part.sh - **DEV** unfinished tool by darkspr1te for creating partition tables in sfdisk format and .csv format (to be used in the future to create parition0.bin plus more automated collection)
tools/ - Folder containing armv5 (arm7 compatible) tools for parition manipulation and data collection
SHV-E160L-16GB/ - Folder contain SHV-E160L bootloaders & pit file
ADB/ - Folder containing adb programs
extras/ - Folder containing odin and clock work mode recovery installers for 160l devices
QUALCOMM/ - Windows drivers (For QPST, Not required in linux, included for backwards compatability with older guides)
hex2bin - convert your xxxxMPRG.hex file to bin for use with qdload

Tips
====

Additional
==========
I will accept brick qualcomm devices for developing further debricks. pm me via XDA Forums

Darkspr1te
Click to expand...
Click to collapse
 
Last edited:
  • Like
Reactions: abhish3k9, bugggmenot, x1123 and 31 others
gregsarg

gregsarg

Senior Member
Apr 8, 2011
5,149
4,078
B.F.E.
Nicely done ..OP
I'll get this thread added into the note super thread .
An amazing resource to be sure ...
Many thanks ....g
 
SouL Shadow

SouL Shadow

Senior Member
Jun 17, 2010
466
326
Stratford, CT
www.soulshadow.net
Re: SHV-E160L Debricking Tool / Qualcomm Tool Pack

I'll take a deeper look at it later.

You should note that qualcomm chipsets do not have support for USB 3.0. While the linux USB 3.0 driver is backwards compatible with the older standards, it is still buggy so it's best to only use USB 2 and lower ports.

Also, you should be using a 32bit Linux distro with a kernel from 2012 or later.

-SLS-
 
Last edited:
  • Like
Reactions: sinasiadat
BarakOsama

BarakOsama

Senior Member
Feb 7, 2013
243
234
Ceylon
Will this work on SHV-E160S??

Two days ago I tried to flash the 'N7000XXLSA_N7000OXALSA_DBT' into a SHV-E160S..:eek: Odin failed two times:eek:
When tried to reboot the phone nothing appears(just black screen). When i connect it to my PC, windows device manger shows ' QHSUSB DLOAD'..:(

Can this tool fix my problem? Please help me..:(
 
SouL Shadow

SouL Shadow

Senior Member
Jun 17, 2010
466
326
Stratford, CT
www.soulshadow.net
Re: SHV-E160L Debricking Tool / Qualcomm Tool Pack

BarakOsama said:
Two days ago I tried to flash the 'N7000XXLSA_N7000OXALSA_DBT' into a SHV-E160S..:eek: Odin failed two times:eek:
When tried to reboot the phone nothing appears(just black screen). When i connect it to my PC, windows device manger shows ' QHSUSB DLOAD'..:(

Can this tool fix my problem? Please help me..:(
Click to expand...
Click to collapse

Probably. You'll need Linux. If you don't have linux, go grab the above mention ubuntu live cd (I suggest version 12.04 32bit)

As I'm not familiar with that device I don't know exactly what will need to be fixed.

-SLS-
 
darkspr1te

darkspr1te

Senior Member
Sep 24, 2012
952
595
Re: SHV-E160L Debricking Tool / Qualcomm Tool Pack

BarakOsama said:
Two days ago I tried to flash the 'N7000XXLSA_N7000OXALSA_DBT' into a SHV-E160S..:eek: Odin failed two times:eek:
When tried to reboot the phone nothing appears(just black screen). When i connect it to my PC, windows device manger shows ' QHSUSB DLOAD'..:(

Can this tool fix my problem? Please help me..:(
Click to expand...
Click to collapse

Please state specs of your model, you flashed the wrong firmware which has crashed your pit/partition and your running a boot chain for another device, which is failing due to signing issues
By specs I mean device size, original few etc, we can recover it, I am sure of that, I just need some info , don't jump the gun, if we have your device files already it would be a simple case of running ./brixfix.sh I was able to recover all my files from my device, same would be you all sure, but you WILL need a copy of Ubuntu as SLS said


Sent from my A210 using Tapatalk 2
 
chappatti

chappatti

Senior Member
Sep 3, 2007
1,512
296
darkspr1te said:
Please state specs of your model, you flashed the wrong firmware which has crashed your pit/partition and your running a boot chain for another device, which is failing due to signing issues
By specs I mean device size, original few etc, we can recover it, I am sure of that, I just need some info , don't jump the gun, if we have your device files already it would be a simple case of running ./brixfix.sh I was able to recover all my files from my device, same would be you all sure, but you WILL need a copy of Ubuntu as SLS said


Sent from my A210 using Tapatalk 2
Click to expand...
Click to collapse

What files do you need from the ATT Note? I know what you have done, but don't understand it, but sure as hell would like to help !!!!!!!!!! :p:p

I have Ubuntu...(Yay !) ..... let me know the steps to dump files.

PS: Is there any chance of getting Tegrak kernel or ROMs for ATT Note. Maybe I should ask what is the status of the Tegrak kernel etc.? I see it on the app store, but I know its not for ATT Note. I remember Tegrak from when I used to use Voodoo Sound that Tegrak kernel supported. But I have never found anything comparable to voodoo sound for our more 'advanced' phones like the note.

PS: Does this make any sense to you ? Or am I rambling ?:D
 
Last edited:
  • Like
Reactions: o759
BarakOsama

BarakOsama

Senior Member
Feb 7, 2013
243
234
Ceylon
Shv-e160s 32gb..

darkspr1te said:
Please state specs of your model, you flashed the wrong firmware which has crashed your pit/partition and your running a boot chain for another device, which is failing due to signing issues
By specs I mean device size, original few etc, we can recover it, I am sure of that, I just need some info , don't jump the gun, if we have your device files already it would be a simple case of running ./brixfix.sh I was able to recover all my files from my device, same would be you all sure, but you WILL need a copy of Ubuntu as SLS said
Click to expand...
Click to collapse

SHV-E160S 32GB, Thats all I know about this..:(
I'm downloading ubuntu right now. Then I'll try this tool on my device :)
 
darkspr1te

darkspr1te

Senior Member
Sep 24, 2012
952
595
Re: SHV-E160L Debricking Tool / Qualcomm Tool Pack

This tool works only on the 16gb right now, as soon as I can get a 32gb partition and S about file I will extend it

Sent from my A210 using Tapatalk 2
 
darkspr1te

darkspr1te

Senior Member
Sep 24, 2012
952
595
SouL Shadow said:
Probably. You'll need Linux. If you don't have linux, go grab the above mention ubuntu live cd (I suggest version 12.04 32bit)

As I'm not familiar with that device I don't know exactly what will need to be fixed.

-SLS-
Click to expand...
Click to collapse

BarakOsama said:
Two days ago I tried to flash the 'N7000XXLSA_N7000OXALSA_DBT' into a SHV-E160S..:eek: Odin failed two times:eek:
When tried to reboot the phone nothing appears(just black screen). When i connect it to my PC, windows device manger shows ' QHSUSB DLOAD'..:(

Can this tool fix my problem? Please help me..:(
Click to expand...
Click to collapse

As soon as a user uploads a backup for the 160S (16 or 32GB depending on your device) I will include it in a repair file.
 
darkspr1te

darkspr1te

Senior Member
Sep 24, 2012
952
595
chappatti said:
What files do you need from the ATT Note? I know what you have done, but don't understand it, but sure as hell would like to help !!!!!!!!!! :p:p

I have Ubuntu...(Yay !) ..... let me know the steps to dump files.

PS: Is there any chance of getting Tegrak kernel or ROMs for ATT Note. Maybe I should ask what is the status of the Tegrak kernel etc.? I see it on the app store, but I know its not for ATT Note. I remember Tegrak from when I used to use Voodoo Sound that Tegrak kernel supported. But I have never found anything comparable to voodoo sound for our more 'advanced' phones like the note.

PS: Does this make any sense to you ? Or am I rambling ?:D
Click to expand...
Click to collapse

you can find all tegrak roms/kernels via my clean korean rom link in my signature,not sure on ATT but i've ported a few ATT kernels to the 160L so it's possible to convert back. *nix backup coming soon but for those that want to jump the gun, just run the same adb commands as in backup.bat and also the python command. please note they will download the files to the current directory so make a directory first, cd into it and refer back to the scripts. to run python partition0.bin script just use python ../getpartbin.py to create a partition0.bin file in current directory.
root is required for backup, python27 is required for windows backup (13mb file, included)
 
O

orsonbear

Senior Member
Jun 24, 2011
849
500
I found some useful links (I hope) to the understanding of some mechanisms useful in debricking of devices using Qualcomm chipsets. I hope this may help generally, even to unbrick the i8150 (Ancora)!

http://blog.csdn.net/su_ky/article/details/7773273
http://www.anyclub.org/search/label/emmc boot
http://www.anyclub.org/2012/04/how-to-build-emmc-flash-programmer.html

Some stuff is in chinese, other in english but reading a bunch of articles I became convinced that the explanations available can be very useful!
Regards!
 
Jmelendez1

Jmelendez1

Senior Member
Nov 13, 2010
440
104
Paterson, NJ
Just curious, why not post under original development? Love to see you there, you deserve it. :thumbup:

Sent from my SAMSUNG-SGH-I717 using xda premium
 
You must log in or register to reply here.

Similar threads

darkspr1te
  • Locked
[SOLVED]-[BRICKED]SHV-E160L Korean model
Replies
307
Views
242K
Clark Joseph Kent
Clark Joseph Kent
P
  • Locked
Sub Forum For Korean Note SHV-E160
Replies
742
Views
252K
Stryke_the_Orc
Stryke_the_Orc
J
[SHV-E160][Root][Kernel]How to Root Korean Note via Tegrak Kernel Setup
Replies
264
Views
255K
J
joseffb
darkspr1te
**WARNING** [ROM][4.1.2]SHV-E160L-MB2-Cherry Rom **WARNING** SHV-E160L Models Only
Replies
159
Views
120K
F
finessin
J
[SHV-E160][Root][Stock]How to Root Korean Note via Flashing with Rooted Stock FW
Replies
229
Views
233K
Atlas7392
Atlas7392

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 34
    darkspr1te
    darkspr1te
    Note to NON SHV-E160L users
    This software & this thread is aimed at developers Mainly, Please don't post 3 line request like "my device is bricked , please help" as you will be ignored, if you cant do the research required to provide the right details plus finding the correct files required then this thread is not for you and you should post in the device thread for your device, This program and it's associated files & thread is NOT being actively developed but the thread remains open for user to post more information, additional files, updates from the public etc.
    It's not here for lazy people to scream fix my device, can those type of users please speak to your retailer, cell phone service shop.

    I will reiterate again, THIS IS A DEVELOPMENT THREAD AND NOT A REQUEST PAGE FOR "fix my device"


    PLEASE NOTE: This tool only comes pre-packed with files for the Korean SHV-E160L galaxy note. Usage on other devices requires that you understand the requirements, this includes but not limited to :-

    1. 1. Alteration of the scripts to use the files specific to your device
    2. 2. Correct HEX and SD-CARD loader also known as sdcard mbn
    3. 3. Correct partition information (knowing if it's MBR/GPT or hybrid)
    4. 4. Correct bootloaders for your device (SBL1/2/3/ABOOT)

    I am not currently doing further development on this tool, it is here for anyone to expand on use how they seem fit so long as the authors involved are given the credit.
    Users are welcome to build and post altered versions specific to their device but PLEASE post plenty of information as to what device/model it is for or the post may be deleted to protect other less educated users.

    darkspr1te


    Hi All,
    I've updated my Debrick tool to Version 2.
    Many Changes to the base code, inclusion of new tools, Almost a one click Linux solution for Qualcomm Development and debricking of Qualcomm devices.
    As documented on this thread SHV-E160L home debrick thread I debricked a qualcomm based msm8660 device without using any special devices.
    my first tools were internal development and had more bugs than a sewer, so after many hours of work i can now bring this new version to you.

    Please do not pm with bugs, POST HERE Only.
    This tool currently only supports the SHV-E160L , if users willing to provide the files from their devices I can expand the support of this tool.
    in most cases linux is required for this, a ubuntu live cd/flash will work perfectly.


    New Feature, Windows Based BACKUP of partitions and bootloaders, ROOT/Python27-windows is required and cannot function without this.
    *nix backup coming soon,

    Rules for posting backups

    Post ONLY the link here, use www.sendspace.com to upload your backup zip (remember to change the .zip filename to reflect your device, example SHV-E160L-16GB.zip )
    zip up only the backup folder, not the whole program, right click on backup folder, sent to compressed folder, rename.
    this program does not backup personal or device specific data like IMEI number, it only backups the bootloaders, partition table and .pit file for samsung SHV based devices
    When Posting links, please include your device details well, a example would be

    SHV-E160L 16 GB, 9000lang rom,

    The rom part is only so if we a tracing possible backup issues that may be rom specific.
    Future backup features will include automatic detection of .mbn partitions based on qualcomm header.

    Support for non SHV devices will be slow, but future versions will include other devices.


    Well Enjoy,

    EDIT: some users are reporting cookie not present error could be fixed by using a winxp/another qpst driver windows driver. this is unconfirmed bu i thought i should mention it. 04-12/2013

    Changelog:- V2-2(dev version only - not a public release)
    • added command line device/folder parameter, you can now specify a unzip copy of posted bootloaders and it will restore them
    • added additional file to specify output sectors based on getpart data, testing option for building partition0.bin by hand based on known simalr devices
    • added dev switches for wiriting specified parts only
    • added skip aboot option (for now it is specified to skip writing of aboot.mbn, public release will be opposite, you will have to force writing aboot , sbl1/2/4/tz/rpm seems to come as one package, interchangeable as a package, aboot is totally device specific)
      bugs:-
    • there is a known bug in the getpartbin.py python program, it cannot handle greater than 29 partitions.

    Changelog:- V2-1
    • added windows backup.bat program to backup all bootloaders and partition0.bin
    • minor changes to code for changing device (current version support only changing of variable $DEVICE, feature will eventually be cmd line based)
    • tesing of backup files
      bugs:-
    • there is a known bug in the getpartbin.py python program, it cannot handle greater than 29 partitions, and one will to help in python please let me know. I am not the author of the program



    Changelog : V2
    • Improved error checking*
    • automated qdload detection*
    • automated qdload hex & .mbn upload
    • automated detection of device in sd-card mode*
    • user input*
    • colours
    • major code changes to start support for automatic parition information & collection allowing backup to be one command and upload to a website for distribution & recovery for all
    • development documentation
    • Code changes to allow expansion to other Qualcomm devices

    Sendspace Links

    BrixFix V2-1-Inc Python27-Inc cwm recoveries
    http://www.androidfilehost.com/?fid=9390355257214632490 mirror tanks too Marduk191

    Brixfix V2-1 No Python for windows, No cwm-recovery-Slim Version
    Brixfix V2-1-Super-SlimNo drivers, bootloaders, python-win.

    Media Fire Links

    BrixFix V2-1-Inc Python27-Inc cwm recoveries



    SHV-E160K 32GB Recovery files
    SHV-E160L 32GB Recovery Files
    SHV-E120L Recovery Files (posted on another page)

    -------------------------
    Here is the README

    brixfix V2
    =================================
    By dakrspr1te ========Doc=V=1====
    =================================
    Thanks To :-
    E:V:A, SLS, JCSullins(Rootz Wiki), Adam Outler, many more, sorry if i've missed you out.

    Warning, Although i've tested this tool many times on my own devices, it always has the potential to damage both computer & cell phone device, YOU HAVE BEEN WARNED!!!!


    This tool is designed to repair SHV-E160L Korean Galaxy Note 1 based on the MSM8660 & MDM9600 Qualcomm Chips
    It Only works with devices that are stuck in QDLOAD mode or 05c6:9008 as the PID/VID
    It uses Tool/info Written By Others as well as myself.


    Namely :-

    qdload - http://github.com/jcsullins/qdloader
    getpartbin.py - http://blog.csdn.net/su_ky/article/details/7773273
    hex2bin - hex2bin.sourceforge.net


    Instructions
    ############


    connect Qualcomm based device to usb port on linux PC, not tested under windows via USB redirection,
    on command line run
    sudo ./brickfix

    Follow on screen instructions, tool will detect device in QDLOAD mode (05c6:9008) and switch to DMSS protocol, upload a hex (converted to bin for this purpose)
    the hex is then executed and the device switches to Streaming Protocol, at this point we write a .mbn file to the internal emmc chip, at the end of the emmc write process the device then reboots
    after the reboot re-running brixfix with detect the device in the second stage for repair , the device's emmc is accssable as a sd-card, we then write back the damaged parts of the bootchain,
    at a minimum you must write a new partition table or the device will always boot in sd-card mode, WARNING, failure to write the rest of the boot chain could leave your device in a situation
    which give only black-screen, no usb enumeration, dead. The only way around that is jtag, or finding the Boot resistor which switches the device back to QDLOAD mode, or emergency boot.
    goto http://xdaforums.com/showthread.php?t=1914359 for further details.


    Come give me thanks on XDA if this tool helped you

    Additional Tools (DEV Level)
    ===========================
    getpartbin.py - A tool for backing up the primary partition & extended parition tables and combines them into a writable parition0.bin file (python)
    qdload.pl - A tool for talking in the HDLC framed DMSS & Streaming Protocol's used by Qualcomm (Perl)
    switchmode.sh - A executes qdload.pl for msm8660 device upload
    get-part.sh - **DEV** unfinished tool by darkspr1te for creating partition tables in sfdisk format and .csv format (to be used in the future to create parition0.bin plus more automated collection)
    tools/ - Folder containing armv5 (arm7 compatible) tools for parition manipulation and data collection
    SHV-E160L-16GB/ - Folder contain SHV-E160L bootloaders & pit file
    ADB/ - Folder containing adb programs
    extras/ - Folder containing odin and clock work mode recovery installers for 160l devices
    QUALCOMM/ - Windows drivers (For QPST, Not required in linux, included for backwards compatability with older guides)
    hex2bin - convert your xxxxMPRG.hex file to bin for use with qdload

    Tips
    ====

    Additional
    ==========
    I will accept brick qualcomm devices for developing further debricks. pm me via XDA Forums

    Darkspr1te
    Click to expand...
    Click to collapse
    View
    4
    darkspr1te
    darkspr1te
    Brixfix 2-2

    Hi All,
    As i promised, the last and final brixfix package. It all open source for you to learn/use as you wish so long as you dont charge for it.


    brixfix-v2-2.zip


    Qpst 2-7-44.zip

    Revskills editor

    File List for files included in brixfix

    If anyone wishes to coninute this effort please let me know.

    darkspr1te
    View
    4
    SouL Shadow
    SouL Shadow
    Ok, for the next generation of curious people, here's a (simplistic) closer look at how modern Qualcomm devices boot up.


    This info is presented as a simple overview so more people understand how the system works and what is happening. It is far from complete and it's not exactly how it works. But for 99% of us, it's all we need to know.

    Also, before anyone asks, my main source was google and some files found on XDA. DO NOT ASK ME FOR "???" I have nothing that you can't find on your own. In fact, most of the following can be found in E:V:A's MSM8960 thread. Also http://www.codeaurora.org contains a lot of info and source code (Gobi and Gobi 3000 source code will help to understand how download mode functions).


    Beginning with Secure Boot 3, the entire PBL is contained on the modem chip (earlier chips depended on the actual PBL being stored in a known location on the flash memory, like an MBR, with an extremely bare bones amount of executable code on processor). This newer design allows for security checking to be done, if enabled, on ANY off-chip program to be executed at boot time. THIS IS THE ONLY REASON, other than hardware failure, that a device becomes "HARD BRICKED". All boot files can be signed with a crypto key. This key is stored in a section of memory in/on the CPU called a QFuse. After writing to a QFuse, as it's name suggests, the fuse can be "blown". That is, a higher electric current is maintained long enough to break the physical connection. Once this connection is broken the QFuse can not be changed. If the security related fuse is blown than ONLY a signed boot file can be executed. The PBL is written to the chip at the factory by Qualcomm. The QFuses can then be written by the OEM. According to the spec, multiple keys can be stored in the QFuses (meaning there COULD be a master key from qualcomm in addition to vender supplied keys). Although it is unknown whether or not this is actually done.

    Now, I don't know much about the actual security or cryptography, but here's the basic boot process from what I've pieced together:

    PBL written by Qualcomm, can not be altered.
    OEM chooses it's own key, writes it to QFuse, blows fuse.
    OEM builds it's own SBL1, SBL2, SBL3, TZ and RPM along with it's own APPSBL (aboot, hboot, etc...)
    OEM performs a hash of the file, like md5, sha1, sha256...
    OEM uses it's key to encrypt the hash and attaches it to executable and writes to flash.
    CPU powers on, runs hard coded PBL, and reads QFuses.
    CPU checks any error messages in memory from a previous boot.
    CPU then tries to load SBL1 in to ram from flash as pointed to by partition table.
    CPU performs same hash and compares with decrypted data.
    If check passes, code is executed.
    If check fails OR flash is unreadable, PBL enters download mode.
    In download mode, if there is an error message from a previous boot, it is automatically sent to the client. (Some people using qdloader.pl may have noticed this message)
    In download mode a special executable (the .hex file) can be loaded in to ram
    *** depending on OEM config, this hex can be loaded from usb AND/OR external sdcard
    Now the hex is security checked exactly as SBL1 would.
    If it passes, it's executed.
    This hex file is a special program called the emergency downloader (or sometimes just the downloader).
    It's only purpose is to download and write the partition table (partition0.bin) and secure boot loader partition data (contained in the .mbn) to the flash.
    IF security check failed, an error message is set and device "warm" reboots.
    The hex can only be sent ONCE per "cold" boot cycle.
    Removing the battery (or using the similar OEM key combo) will "cold" boot the device, clearing the RAM.
    Also, if download mode isn't successfully entered (using qpst or qdloader.pl) within a certain time limit, an error is set and the device "warm" reboots.
    This error message memory is why the device sometimes shows up differently.

    Of course this is only a simple outline of the Secure Boot 3 boot process. There is much more going on, but these are the basic steps that apply for bricked phones. I know less about Secure Boot 2 and earlier, but they follow a similar process and DON'T require a signed hex file. The Snapdragon S4 (msm8960 and others) was the start of the Secure Boot 3. The msm8660 was still using Secure Boot 2. So, if you want to know if your device is recoverable like this, then find out which chipset you have (msm????, apq????, ...) then find out what secure boot it uses. Google should answer this question easily. If it's Secure Boot 3 then most likely it requires signed files, which is still a dead end :(

    misc. extra info:

    There is of course no way to read a QFuse from QDL/qdload/qhsusb_dload until AFTER loading the HEX... (I've heard of some vender specific programs included with their android system (LG Optimus?) that can read qfuses, but that is NOT a standard)


    The "cookie not received" error is simply QPST's way of reporting that it didn't get the "magic" text string from the phone/device. This is because the HEX either could not be uploaded or it could not be executed (either wrong hex for that CPU or it's not signed with the proper key hard coding into that device (OEM vender specific))

    I'm sorry to say that I too have moved on to other projects. There just isn't enough free time anymore.

    darkspr1te said:
    It is possible, this tool makes use of the fact that these devices revert to dev board mode under certain conditions. There are major changes when it comes to partition layouts thought. But the principle remains the same, the hex file allows the CPU to start up in a way that you can then write to the emmc, once the .mbn/sdcard mode files are written you can then rewrite your factory partition.
    It is still very much a work around though, some users are getting "cookie not received" errors which we still don't 100% know what it means, top answer are,
    1. Not a signed hex, CPU rejects it
    2. Damaged emmc, could be kernel wipe bug or true failure of emmc
    3. Additional commands are required for further function.


    Can I also ask that users that do have a hex file and associated files for the phone, please post what you have, further dissection of the files does assist in learning about how these devices run, e.g I learned everything from the 8960 docs and files before the 8660 files came about.
    Also there are a few ports of this programs floating around, but none have been posted for others to research into.
    Not to be confused with sister projects like HP touchpad debrick, my debrick contains code from that project and vice versa.

    It has also come to light that it may be possible to run a hex from a similar device, but this is not yet confirmed.

    I no longer have my Qualcomm device so I have not continued the research , if I get another one then I will.


    Darkspr1te


    Sent from my A210 using Tapatalk HD
    Click to expand...
    Click to collapse
    View
    3
    L
    lovepashah
    Thanks Darkspr1te & Babaknuri

    darkspr1te said:
    ,
    Click to expand...
    Click to collapse

    HI Darkspr1te

    Thanks for the wonderful program that you made and thanks to babaknuri for the bootloaders files of SHV-E160S 32 GB

    By Mistakenly i had Flash my SHV-E160S with N7000 International Version Pit File and Firmware which Bricked by Device to QHSUSH_Dloader Mode. Only Black Screen. No Download Mode, No Recovery Mode.

    And I Came Across your thread and tried your method i was able to get my Device on download Mode but my bootloader changed from SHV-E160S to SHV-E160L

    And Thanks to BABAKNURI who had give me the bootloader files after lot of tries of SHV-E160S and i was able to GET my phone up and running.

    Sharing SHV-E160S 32 BG Bootloader including pit file taken backup from your application darkspr1te. AS you didnt had bottloader and will be helpful other SHV-E160S Users

    Thanks again Darkspr1te a lot for the wonderful application.
    View
    3
    darkspr1te
    darkspr1te
    yakovpol said:
    Could someone help with APQ8064T hard bricked device (e980) please? I have one bricked and another fully operational phone, so all information needed can be extracted from the working phone.
    All possible HEX files I found could not help me to put the device into SDCARD mode. I started thinking that digging into Qualcomm chip specs for a way to boot the device from external SD-card would be more productive...
    Click to expand...
    Click to collapse

    All modern Qcom can in someway boot sd-card , it's controlled via either resistors on gpio pins, 'BOOT_CFG', or set in the chip via q-fuse which once set so far cannot be reset.

    My first suggestion BEFORE WRITING anything to the bricked device is document the un-bricked device, part of writing this information is giving your brain a moment to understand it.

    we have a Grand partition table section where users have posted the partition layout required by many devices, you should read this thread to understand the required files for creating and transferring a backup of the partition table. tools are posted there that can assist in gathering this information.

    Linux is not a 100% requirement but is suggested.
    in some cases its possible to write copies of the required bootloaders to a sd-card and boot the device that way , BUT, as always there is a big but, if the BOOT_CFG gpio is set to emmc -> fail to PBL or if it's set via the qfuse then only fixing the emmc or booting via the PBL will you fix the device.
    Adam outler did a great thread on the unbrick-able mod and bootloaders to which some of my work followed also you must read those.

    What files do you have?, what have you tried?
    View

New posts