Most Qualcomm-based Android PDAs support emergency download (EDL) mode allowing to unbrick device, unlock bootloader or modify protected device parameters. If ADB interface is accessible, "adb reboot edl" can be used to reboot to EDL mode.
Many bricked PDAs cannot be booted with full ADB support while FastBoot mode is accessible. But if bootloader is locked, there is no way to flash a partition or boot an image.
Some firmwares support rebooting to EDL in Android Bootloader aboot module (the "reboot-edl" command) but fastboot utility doesn't recognize "reboot-edl" in the command line and refuses to sent the command to the device.
Since FastBoot command protocol is simple and text-based, it is enough to send a packet containing "reboot-edl" text over USB. The simplest way to do that is to patch Windows fastboot.exe file, replacing "reboot-bootloader" text with "reboot-edl". As "reboot-bootloader" string is found in the command line, fastboot.exe sends the same constant string to the device. So if "reboot-bootloader" is replaced with "reboot-edl", you can specify "reboot-edl" in the command line and the same text will be sent to the device.
In the attached example, the mentioned string is located at offset 2685c.
I occasionally locked bootloader in my unlocked/rooted Xiaomi Redmi Note 3 Pro (Snapdragon) so it could boot to FastBoot or Diagnostic 900E modes. Tried to swich from 900E to 9008 with QPST but it reported unspecified error.
Analyzing aboot (emmc_appsboot.mbn), found that it supports "reboot-edl" so the only remaining thing was to find a way to send it to the bootloader.
With the attached fastboot.exe, successfully rebooted to EDL mode (9008) and re-flashed proper partition images.
Of course, patched version does not support "reboot-bootloader" command because it has been replaced by "reboot-edl".
There also is a detailed guide.
Many bricked PDAs cannot be booted with full ADB support while FastBoot mode is accessible. But if bootloader is locked, there is no way to flash a partition or boot an image.
Some firmwares support rebooting to EDL in Android Bootloader aboot module (the "reboot-edl" command) but fastboot utility doesn't recognize "reboot-edl" in the command line and refuses to sent the command to the device.
Since FastBoot command protocol is simple and text-based, it is enough to send a packet containing "reboot-edl" text over USB. The simplest way to do that is to patch Windows fastboot.exe file, replacing "reboot-bootloader" text with "reboot-edl". As "reboot-bootloader" string is found in the command line, fastboot.exe sends the same constant string to the device. So if "reboot-bootloader" is replaced with "reboot-edl", you can specify "reboot-edl" in the command line and the same text will be sent to the device.
In the attached example, the mentioned string is located at offset 2685c.
I occasionally locked bootloader in my unlocked/rooted Xiaomi Redmi Note 3 Pro (Snapdragon) so it could boot to FastBoot or Diagnostic 900E modes. Tried to swich from 900E to 9008 with QPST but it reported unspecified error.
Analyzing aboot (emmc_appsboot.mbn), found that it supports "reboot-edl" so the only remaining thing was to find a way to send it to the bootloader.
With the attached fastboot.exe, successfully rebooted to EDL mode (9008) and re-flashed proper partition images.
Of course, patched version does not support "reboot-bootloader" command because it has been replaced by "reboot-edl".
There also is a detailed guide.
Last edited:
