As long as it's in 9008 mode and not an UFS device it should .
Sent from my OnePlus 6T using XDA Labs
[GUIDE][9008][EDL|QDL][QUALCOMM ONLY] Unbrick via external sdcard (no QFIL!)
- Thread starter steadfasterX
- Start date
Sent from my OnePlus 6T using XDA Labs
Hi,
thanks. Now I am trying to use the instructions, but I need some help.
In step 4, you say Connect your external sdcard to FWUL. How to do this?
I start LG/SALT but I do have a warning message "No device connected", which I skip, and then another window with no_* messages.
So, for now I need to solve "how to connect my sdcard to FWUL?"
Thanks for any help.
the sdcard is not related to SALT. you use SALT to extract a KDZ or backup your device in download mode.
simply start FWUL from an USB stick and plugin your sdcard. it will be detected automatically.
.-
Thanks for the message.
Now I understand better the process. I have made a try following your instruction. No luck!
I do have a few questions, and I thank you in advance for any help.
- first, so far I don't see why I have to boot with FWUL, because after all, I can do all the flashes (dd command) in my linux; am I missed something?
- if it is for SALT, as I do have a moto xp, I can extract the stock firmware without SALT; right?
- next, my sdcard is reconized as a /dev/sdb device; is this within the cases that you method works?
- at any case, the dd command flash all the files without any error message, but the sdcard device is unmounted automatically (at leat it does not show anymore in my file explorer); when I try to see the content of sdcard with the command "ls -la /dev/disk/by-partlabel/sbl1" I get an error; should I modify this command? for example, what is by-partlabel; my /dev/sdb1?
- finally, I don't really see how flashing files to sdcard will help my plugged phone to enter in fastboot/download mode; is this because somehow tha sdcard is mapped to phone memory?
Thanks for any comment.
> first, so far I don't see why I have to boot with FWUL, because after all, I can do all the flashes (dd command) in my linux; am I missed something?
well.. read the requirements again. #1 states clearly that you do NOT have to use FWUL as long as if you have another linux and be able to handle it.
the main reason is FWUL is made for tasks like this, contains remote access stuff a user can easily enable and so give me as a supporter a known, for sure working and dedicated environment to work with.
> if it is for SALT, as I do have a moto xp, I can extract the stock firmware without SALT; right?
SALT is a LG only tool so you have to extract moto firmware with whatever you need to use there.
> next, my sdcard is reconized as a /dev/sdb device; is this within the cases that you method works?
that does not matter. the name depends on how you add it to your system. use a sdcard reader is different then using an adapter card directly.
> at any case, the dd command flash all the files without any error message, but the sdcard device is unmounted automatically (at leat it does not show anymore in my file explorer); when I try to see the content of sdcard with the command "ls -la /dev/disk/by-partlabel/sbl1" I get an error; should I modify this command? for example, what is by-partlabel; my /dev/sdb1?
the by-partlabel path is generic and does NOT need to be adapted to the sdcard name. it indicates if the GPT flashing was successful regardless with which device name your sdcard was detected.
When it does not come up like this your GPT is not correct. Ensure you have the correct gpt file otherwise it will not work.
you said you flashed everything and THEN trying to access that path. did you followed the steps thoroughly? You flash first the GPT , then you have to reconnect the sdcard(!!!!) and THEN you verify with the partlabel command and flash all the partitions.
its not necessarily that a sbl1 exists on yours. every device has its own namings for partitions so what do you see with `ls -la /dev/disk/by-partlabel/` afterwards? The important part here is that you should see a lot of partition names here before proceeding with flashing.
It would also help a lot to see screenshots of ALL the commands you do and their results.
> finally, I don't really see how flashing files to sdcard will help my plugged phone to enter in fastboot/download mode; is this because somehow tha sdcard is mapped to phone memory?
Qualcomm devices have a kind of "emergency rescue" mode when the main partitions are unreadable e.g because of a wrong firmware flashing.
The phone will (in some not all cases) auto-boot to this QDL/EDL/9008 emergency rescue mode which then can be used with e.g. QFIL. QFIL is a special programming tool which is able to communicate in that mode (only) but requires proper prepared files and it is a dangerous process as you need to download those from anywhere - which can easily completely damage your phone. Just an example: for the LG G4 there are QFIL files out there which increases the ARB (a physical fuse) and so even when you were able to recover at the end you had a paperweight as no cell service works anymore after. I dont go through the details here but the point is that using untrusted files can work but may cause issues.
so what about this sdcard method then? Well Qualcomm has not just implemented that emergency rescue mode but before it starts into this mode it will check if there is a sdcard inserted with a valid (!) GPT and if that is the case your phone will boot from the sdcard. The goal here is to get access to fastboot, download mode, whatever you have and re-flash the original firmware back to the real flash.
btw there is a tiny thanks button beneath every post.. if you find a post helpful...
Last edited:
Thanks! Your comments help.
I work on a Debian machine. It seems that my process stops at the very first step, namely when I flash gpt file. Indeed, I run
dd if=gpt.bin of=/dev/sdb
sync,
then I unmount and disconnect the sdcard, and then I connect it again. But when I run
ls -la /dev/disk/by-partlabel/
my /dev/sdb device does not show. So, worthless to continue without having my sdcard device mounted at this step.
My gpt.bin is the one of moto stock rom. Any hint what may cause not having sdcard mounted after flashing gpt.bin? My sdcard is a sandisk 32gb.
Thanks.
I work on a Debian machine. It seems that my process stops at the very first step, namely when I flash gpt file. Indeed, I run
dd if=gpt.bin of=/dev/sdb
sync,
then I unmount and disconnect the sdcard, and then I connect it again. But when I run
ls -la /dev/disk/by-partlabel/
my /dev/sdb device does not show. So, worthless to continue without having my sdcard device mounted at this step.
My gpt.bin is the one of moto stock rom. Any hint what may cause not having sdcard mounted after flashing gpt.bin? My sdcard is a sandisk 32gb.
Thanks.
exactly what I thought. as stated in the OP a 32 GB may not sufficient. If it is just 1 bit smaller (which happens a LOT of times as not each vendor takes the real size serious) as your internal flash it will not work.
what does this command show on your gpt file?
Code:
gdisk -l gpt.bin.-
I will re-try with a > 32GB sdcard. For now, the output of the command
gdisk -l gpt.bin
is in the attached file gpt.bin.txt.
Thanks.
great. so there is one thing which looks odd here: userdata= 0 bytes . that should usually be the correct size.. (biggest one)
do you have just a gpt.bin file or also others like gpt_backup and gpt_main ?
if you have them :
Code:
cat gpt_main0.bin gpt_backup0.bin > gpt_both.bin
gdisk -l gpt_both.binso try finding or testing another gpt. do the "gdisk -l" command on it and verify that the partition table looks ok (i.e. userdata shouldnt be 0 bytes)
Even when gdisk states "GPT damaged" that is not necessarily the case as it is saying this even on those which work in QDL mode.
.-
Hi again,
I re-tried with a 64GB card. But not good results yet. It seems that gpt.bin file is not flashed properly, or it is incorrect. In fact, once gpt.bin is flashed, synced, disconnected and connected, the system does not recognize the sdcard. fdisk sees the sdcard as a new/empty device which needs a new partitioning.
I looked at the files I got from extracting the stock firmware zip file, but I didn't find any file that could be added to gpt.bin file (I have attached the list of files, if you want to see it).
Any further idea that I could follow? I am sure that I have the right stock firmware, and I wonder why gpt.bin file may be not correct.
Thanks again.
Last edited:
Well I told you all that , the gpt is not ok. I also told you what to try:
> so try finding or testing another gpt. do the "gdisk -l" command on it and verify that the partition table looks ok (i.e. userdata shouldnt be 0 bytes)
What I meant with this was: extract other firmware versions and check the gpt until you find a working one which you can identify as described above or by flashing it and verify after.
Sent from my OnePlus 6T using XDA Labs
Hi, I have tried a number of stck moto xp roms, but none of them have worked. All they have the gpt.bin file with 0 userdata. Do you think any of custom roms (cyanogenmod, lineage) can work with your method? I have extracted these roms but the files they pack are quite different from those of stock roms.
Well if that's the case Motorola flashing may just grow the userdata partition while flashing ... Sorry then I can't help you here. Custom roms can't help you as they do not have a gpt file. Depending on how strict Motorola devices are you could try to repair the GPT or make an own one ..
Sent from my OnePlus 6T using XDA Labs
I am going to ask what are probably stupid questions. The motivation is to make working with the LG v35 easier and to maybe unlock its bootloader without specialized hardware. If the questions are stupid, I at least hope they are good for a laugh.
The v35 does not have fastboot commands, but there is an engineering abl available that does. Would the 9008 method you describe allow the engineering bootloader to be booted and possibly flashed to the phone in download mode.
Here is the second question in the form of a scenario. Suppose a bootloader unlocked v35 is available. Can the partition table and bootloader be imaged by dd and then flashed to another v35 thereby unlocking it?
The v35 does not have fastboot commands, but there is an engineering abl available that does. Would the 9008 method you describe allow the engineering bootloader to be booted and possibly flashed to the phone in download mode.
Here is the second question in the form of a scenario. Suppose a bootloader unlocked v35 is available. Can the partition table and bootloader be imaged by dd and then flashed to another v35 thereby unlocking it?
Last edited:
An easier approach would be using lglaf coming with SALT but it requires a low laf version (means =< 100002)
SALT shows the version when connecting in dl mode. Then you could flash with SALT the abl and boom.
Usually everything newer then nougat has a higher laf version but checking it doesn't hurt.
This method here requires that the device is in 9008/EDL mode and won't work with shorten pins etc.
So the only way to make use of this method here would be by bringing the device in that mode first. For the LG g4 it can be enforced by wiping (SALT can do so regardless of the laf version) a special partition but that's extremely risky if you don't know how to recover..
So let's say you go that way nevertheless and the sdcard method works (there is no guarantee though - so you might have a paperweight after), then you would flash the engineering abl to the sdcard plus all the other bootloader stack files and it should (no guarantee) let you boot to fastboot . From here you should be able to flash the abl to the internal flash .
The other idea of cloning a device will not help. Unlocking a LG device depends internally on the imei and the device id. The imei could be replaced (and would be if doing a clone) but the device id is hardware bound. The unlocked state will be checked and verified on boot against both and so will fail on your clone .
Sent from my OnePlus 6T using XDA Labs
Hey @steadfasterX,
Thank you for the response. That is a lot to consider.
I am going to move forward and experiment on my v35 and see if I can flash the engineering abl. I will start by getting SALT going one way or the other.
With luck, installation under opensuse will go smoothly. In the first page of your post on SALT, you mention that it is possible to open a shell on the device in 9008 mode. I am looking forward to seeing what is inside....
Thank you for the response. That is a lot to consider.
I am going to move forward and experiment on my v35 and see if I can flash the engineering abl. I will start by getting SALT going one way or the other.
With luck, installation under opensuse will go smoothly. In the first page of your post on SALT, you mention that it is possible to open a shell on the device in 9008 mode. I am looking forward to seeing what is inside....
Last edited:
Nope . SALT operates in download mode ONLY. not in 9008 mode. Btw there is that little thx button...
Sent from my OnePlus 6T using XDA Labs
I tried recovery from the SD card with reference to your thread.([GUIDE][9008][EDL|QDL][QUALCOMM ONLY] Unbrick via external sdcard (no QFIL!))
The conclusion is a failure and if you have any comments.
I tried various roms using a 128GB memory card.
(such as LGH810AT-01-V21y-310-410-JUN-20-2016-ARB03 + 0, H81120x_00_1108, H81120o_00_0613, PR H810PR10a_04)
Only the SALT backup ROM(H81021z(ARB3)) that is only worked.(other was keep black screen and Qualcomm HS-USB QDLoader 9008 mode)
But it has "Secure booting Error! Error Code :1009 OFFICIAL !!" (Downloading mode and normal boot? only white imei mode is move)
I tried both type
1: only flashing sbl1,aboot,pmic,rpm,tz,laf,sdi,hyp
2: flashing all of full backup(include system, cache,userdata)
There was no difference in the movement of both.
Thank you.
The conclusion is a failure and if you have any comments.
I tried various roms using a 128GB memory card.
(such as LGH810AT-01-V21y-310-410-JUN-20-2016-ARB03 + 0, H81120x_00_1108, H81120o_00_0613, PR H810PR10a_04)
Only the SALT backup ROM(H81021z(ARB3)) that is only worked.(other was keep black screen and Qualcomm HS-USB QDLoader 9008 mode)
But it has "Secure booting Error! Error Code :1009 OFFICIAL !!" (Downloading mode and normal boot? only white imei mode is move)
I tried both type
1: only flashing sbl1,aboot,pmic,rpm,tz,laf,sdi,hyp
2: flashing all of full backup(include system, cache,userdata)
There was no difference in the movement of both.
Thank you.
What is exactly your device model? If confusion search online by imei and clear the model is. Then download the latest version firmware and extract it. Make your own SD Cad dump files and write them SD card by QFIL tools. I think It's the best way to fix your problem. You can find video on youtube. *Only one video for how to write SD card using QFIL (watch it very carefully ).
so in sum H81021z works for you and the only thing you are scared of is the Secure booting error? It means there is no signature code checking and tbh thats awesome as it is like UsU'd and so unlocked.
If you can boot into fastboot, flash TWRP there or try "fastboot boot <twrp-filename>". It should work.
.-
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone