181 replies to this topic

[jw0914]

I foolishly attempted to run a userinit.sh and realized after I selected restart on my phone that it was a script meant for CM10.  The phone no longer shows anything on the screen, except the hollow abyss of blackness. userinit.sh script I added was:

 

#!/system/bin/sh
REALMNT=/mnt/fuse/sdcard1_real
if ! [ -d "$REALMNT" ]; then
mkdir "$REALMNT" || exit 1
fi
mount -t ext4 /dev/block/mmcblk1p1 "$REALMNT"
sdcard "$REALMNT" /storage/sdcard1 1023 1023 &

 

I'm obviously an idiot, and assume this script is preventing the boot sequence on the boot partition from loading... though my assumption could be wrong.

 

There is power, as my laptop recognizes a USB device connected, however, instead of it being recognized as Moto or ADB, it's a serial port (COM5) "Qualcomm HS-USB QDLoader 9008".

 

Holding down the sequence to hard reset, then load the boot options still shows a black screen with no text or graphics, although via the sound alerts from Windows, it recognizes when the phone is reset then powered back up even though nothing appears on the phone screen,

 

RSD Lite did recognize it for a bit, but as a Qualcomm device only and it was unable to force it into fastboot mode... additionally, I tried adb and fastboot commands via cmd and all I get is <waiting for device>.
 

Using QPST, it sees the XT926 on COM5, however is unable to connect to it as it says the device is in "Download Mode", which is also delineated under ESN, Phone Number, and Banner as "Download".  While QPST is only mean to be used with older non-android CDMA devices, the configuration portion of QPST will always provide accurate information about devices on COM ports.

 

Any help to either be able to remotely access the phone's file system and delete the userinit.sh or allow the phone to be placed in AP fastboot to allow a flash would be greatly appreciate =]

[johnthehillbilly]

Last I knew..... There was no coming back from Qualcomm Downloader mode....

[jw0914]

Last I knew..... There was no coming back from Qualcomm Downloader mode....

The good news is there is a way, and the clearest tutorial on how to can be found in the link below, however it's for a Moto X:

 

Please Login or Register to see this Hidden Content

 

What I need is for someone with an XT926 to please execute this in a terminal emulator:

 

dd if=/dev/block/mmcblk0 of=/sdcard/MOTO_X_JTAG_BETA_200MB.bin ---> I made a mistake and this is incorrect... further explanation in posts #56 & #57

 

and then post the resulting file so I can compare it to the one for the Moto X and find what needs to be changed.  Using qflash, the command to input into cmd to allow access to fastboot new firmware would be:

 

qflash.exe -com(PORT NUMBER) -ramload MPRG8960.hex -mbn 33 MSM8960_bootloader_singleimage.bin -v -o

 

 

If anyone with an XT926 could take 5 min and post the resulting file from the terminal command, or even better, if anyone knows what needs to be changed in the hex file below (MPRG8960.hex) to make it for an XT926 instead of a Moto X, that would be amazing and I would be extremely appreciative =] 

MPRG8960.hex and other files involved (for XT907 and XT912 ONLY)--->

Please Login or Register to see this Hidden Content

  

Edited by jw0914, 28 July 2014 - 12:15 PM.

[johnthehillbilly]

I have a 926...... I'll snatch that file for you when I get home from work......

[jw0914]

Thanks a bunch

[jw0914]

From additional research, it was also recommended to get the mbn (binary images) of the bootloader, recovery, and mmc (the only other file is the proper hex file for the MSM8960). I'm a novice at best with Android and Linux and was wondering if you knew if it's possible to get these binaries from the firmware file, or is the only way to access them from a working device?  If it's the latter, do you by chance know how to pull those?  

 

There's a lot written about qflash, but not a lot of concrete answers, so besides the information contained within the

Please Login or Register to see this Hidden Content

, the rest of this is basically a hauppauge of information taken from a post here and a post there.  I figure once I find the correct information that needs to go into the bootloader, recovery and mmc binaries, as well as the hex file for the XT926, I'll write a tutorial up for the XT926.  While this kind of bricking doesn't seem widespread on the XT926, I've come across a handful of individuals with the same problem.

 

List of files I need for a blank flash:

1. mbn (binaries) of:
   • bootloader
   • mmc
   • recovery
   • 8960_msiimage.mbn (not sure if this is the same as one of the three above)
2. hex file for MSM8960
   • the Moto X files have a MSM8960 xml, but the hex file is named MPRG8960 and I'm not sure if this is unique to the Moto X or if I can use the MPRG8960 hex to qflash my XT926

      

[johnthehillbilly]

Its in the process of dd-ing the first file .....(its up to 2.5 gig now).......

[xKroniK13x]

I'd love to experiment with one of these bricked devices, I've been looking for one online for a while. Looking forward to the results of this thread... Good luck!

Sent from my RAZR M (CM Nightlies) from Tapatalk Pro.

[jw0914]

Awesome, thanks johnthehillbilly =]

 

xkronik13x if you have a device available that you can brick, simply do what I did... create a userinit.sh script from the script in the the first post and place it in /data/local/ You'll be bricked as soon as you reboot   lol nvm, just re-read and saw you stated you were looking to buy a device bricked in this fashion

[jw0914]

Okay, so I found a binary file for the MSM8960 mbn (8960_msimage.mbn), and it's usually accompanied by a second file, MPRG8960.hex... I'm not sure what the MPRG stands for or if it's a universal hex for any device with a MSM8960 or if it's specific to the Moto X.  

 

EDIT:

 

So here's a rundown of all the the files needed to blank flash a bootloader:

 

Specific to XT926

1. 8960_blankflash.py (still fiddling with python and trying to figure out if I need to create a new file for the XT926, as I've never heard of python before) 3kb
2. MPRG8960.hex (213kb, one long hexadecimal string)
3. MSM8960_bootloader_singleimage.bin (largest file at 1.9MB)

Not Specific to XT926

1. 8960_blankflash.bat (1kb)
2. MSM8960_blankflash.xml (1kb)
3. qflash.dll (53kb)
4. qflash.exe (111kb)

I PM'd the OP of the XDA post, as well as asked the same question in the thread, asking what information do I need out of the terminal output file, however I haven't received a response back yet.  I know how to open bin files created on windows, however, it doesn't appear bin or img files for Linux are the same as they error out as corrupted.  I'm sure a simple internet search would come up with a program that can view them in Windows and was planning on searching after a bit more research into blank flashing.

The terminal command I got from the XDA OP's post on a google plus page asking for someone to do the same on a working Moto X, but never specified where in that file the information needed was, or what files to input that information into once found.

[johnthehillbilly]

Silly question...... What all should be in that [first] file...... Its up to 10gig and not finished yet.......:/

[jw0914]

Wow... I'm sorry, but I have no clue.  Unfortunately, the OP of the XDA article didn't detail out what it was he needed from it.  I don't want to waste your time, so I would stop the process.  When I posted asking for someone to do that, I expected a few hundred megabytes, at most 3 gigs or so, but nothing on that scale.  I apologize, as I should have said something when you posted 2.5g's, but I made the wrong assumption that you were almost done... my bad

[nobe1976]

Silly question...... What all should be in that [first] file...... Its up to 10gig and not finished yet.......:/

 

From what that sounds like you are coping everything from the /mmcblk0 partitions, and I mean everything like including your data apps as well from the sounds of it being at 10 gigs right now..

 

I would say pick the partitions that is needed from this run down of the partition table

Please Login or Register to see this Hidden Content

. Then dd what ya need..

[johnthehillbilly]

From what that sounds like you are coping everything from the /mmcblk0 partitions, and I mean everything like including your data apps as well from the sounds of it being at 10 gigs right now..

That's what I was thinking........ So....... Its stopped (for now)....

[jw0914]

Thanks for trying to help, I really appreciate it =]

 

Do you by chance know what would be included in MSM8960_bootloader_singleimage.bin?  I think every file in the blank flash folder will work for the XT926 (although I'm still on the fence about MPRG8960.hex), except this one, as I assume the Razr HD and X have different bootloaders

 

EDIT: What file(s) within the firmware flash contain information for the bootloader (obviously boot.img I would assume, but I was hoping I could do something with the files in the firmware to create a bin file to use)?

[nobe1976]

gpt.bin, fsg.mbm, emmc_appsboot.mbn, and boot.img.. Being it be motorola the gpt.bin cannot be overwritten, even being unlocked, but turns out that the gpt.bin on both 4.1.2 and 4.4.2 are not that far off since I was able to use the rest in the Flashback to switch between to 2 bootloaders. 

[jw0914]

I'm a novice at best and am still in the process of learning linux, but was wondering if either of you guys might be able to shed light on what mmcblock I need?  When I run the command to blank flash, this is the output:

 

c:\Programs\blankflash>qflash.exe -com5 -ramload MPRG8960.hex -mbn 33 MSM8960_bootloader_singleimage.bin -v -o

Motorola qflash Utility version 1.3

qflash - com5 is an invalid port

Invalid COM port entered

c:\Programs\blankflash>qflash.exe -com5 -ramload MPRG8960.hex -mbn 33 MSM8960_bootloader_singleimage.bin -v -o

Motorola qflash Utility version 1.3

COMPORT      :COM5

RAMLOADER    :MPRG8960.hex

type is 0x21

7 mbn file name MSM8960_bootloader_singleimage.bin type 33

verbose mode on

Motorola qflash dll version 1.6

RAMLOADER VERSION: PBL_DloadVER2.0

------------------------------------------------------

DEVICE INFORMATION:

------------------------------------------------------

Version       : 0x8

Min Version   : 0x1

Max Write Size: 0x600

Model         : 0x90

Device Size   : 0

Description   : Intel 28F400BX-TL or Intel 28F400BV-TL

------------------------------------------------------

Using passed in packet size, changing from 0x600 -> 0x600

EXTENDED_LINEAR_ADDRESS_REC @ 0x2a000000

 

Write 65536 bytes @ 0x2a000000

100EXTENDED_LINEAR_ADDRESS_REC @ 0x2a010000

 

Write 11840 bytes @ 0x2a010000

100START_LINEAR_ADDRESS_REC @ 0x2a000000

No data read from USB. This may not be an error. Trying again...

No data read from USB. This may not be an error. Trying again...

No data read from USB. This may not be an error. Trying again...

No data read from USB. This may not be an error. Trying again...

No data read from USB. This may not be an error. Trying again...

Still no data, giving up!

dmss_go : failed to receive ACK

Error loading MPRG8960.hex into device

 

The error loading the MPRG8960.hex is what makes me wonder if that hex file is unique to the Moto M and the XT926 needs its own... however I'm not sure where that hex needs to be pulled from on an XT926.

 

From the XDA post, qflash should return an output like this: 

 

C:\Android>qflash.exe -com10 -ramload MPRG8960.hex -mbn 33 MSM8960_bootloader_si
ngleimage.bin -v -o
Motorola qflash Utility version 1.3
COMPORT :COM10
RAMLOADER :MPRG8960.hex
type is 0x21
7 mbn file name MSM8960_bootloader_singleimage.bin type 33
verbose mode on
Motorola qflash dll version 1.6
RAMLOADER VERSION: PBL_DloadVER2.0
------------------------------------------------------
DEVICE INFORMATION:
------------------------------------------------------
Version : 0x8
Min Version : 0x1
Max Write Size: 0x600
Model : 0x90
Device Size : 0
Description : Intel 28F400BX-TL or Intel 28F400BV-TL
------------------------------------------------------
Using passed in packet size, changing from 0x600 -> 0x600
EXTENDED_LINEAR_ADDRESS_REC @ 0x2a000000

Write 65536 bytes @ 0x2a000000
100EXTENDED_LINEAR_ADDRESS_REC @ 0x2a010000

Write 11840 bytes @ 0x2a010000
100START_LINEAR_ADDRESS_REC @ 0x2a000000
EOF_REC
Sleeping for 3s
-----------------------------------------------------
RAM DOWNLOADER INFORMATION
-----------------------------------------------------
cmd : 0x2
description : QCOM fast download protocol targ
version_number : 0x7
compatible_version: 0x2
max_block_size : 0x400
flash_base_address: 0x0
flash_id_len : 0x4
flash id : eMMC
window_size : 0x1e
number_of_sectors : 0x80
-----------------------------------------------------
sdl_send_security_mode: secutiry mode 0x0
Flashing MSM8960_bootloader_singleimage.bin 1969664 bytes into device
Keeping the first packet (1024 bytes) as hostage
Will release it if all is flashed well
100
Hostage released!

done

 

Is there a way to create a bootloader single image bin from the firmware files, or is there an easy way for an XT926 user to compile this on their end?  I don't want to ask anyone to take a significant amount of time to simply compile a file they don't need and won't use, and if it is time intensive, I'm more than happy to pay someone for their time.  I thought about sending my phone in, however I don't believe it's right because I was the idiot that misread something that caused this, combined with the fact I have an unlocked bootloader that I'll lose since it seems may have already started rolling out an update to fix the exploit in 4.4.2.

[jw0914]

gpt.bin, fsg.mbm, emmc_appsboot.mbn, and boot.img.. Being it be motorola the gpt.bin cannot be overwritten, even being unlocked, but turns out that the gpt.bin on both 4.1.2 and 4.4.2 are not that far off since I was able to use the rest in the Flashback to switch between to 2 bootloaders. 

Awesome =] This at least gives me a starting point... is there a way to combine these into a single bin?  I don't think I'm using the right search parameters, as I keep coming up with bin/cue for music files.  I don't need an explanation, just someone to point me in the right direction on where to look

[nobe1976]

This can be put together with the command that you posted, but one would have to have a locked bootloader and be willing to wipe the data completely off there device. The reason behind that is if a unlocked device does this the tz partition would be already modified and it might not load up properly. This program is basically a clean slate installer. I use the same process on my G2 to revert back to 4.2.2 from 4.4.2 and for unflagging the root status. Complete Stock .bin is fully recommended for this processes.

[SamuriHL]

emmc_appsboot.mbn

 

That's the bootloader.  (aboot on snapdragon based phones).  boot.img is the kernel. fsg is part of the modem. gpt is the partition table.