OnePlus 7t flashed with stock ROM, boot, recovery, and firmware, still bricked

zaphida commented 1 year ago

My phone is bricked after I accidentally flashed a OnePlus 6t fastboot ROM instead of OnePlus 7t fastboot ROM. The phone is completely unresponsive: no charging screen, no vibration. Its only sign of life is that it can be detected in EDL mode. I tried flashing it using files extracted using oppo_decrypt from the ops from https://onepluscommunityserver.com/list/Unbrick_Tools/OnePlus_7T/Global_HD65AA/R/OnePlus_7T_Global_OxygenOS_11.0.5.1.zip What should I try next? Android 10 firmware, Indian/European firmware?

 kernel  ~  extract  SIGINT  for i in 0 1 2 3 4 5; do edl --loader=prog_firehose_ddr.elf qfil program${i}.xml patch${i}.xml .;doneCapstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022.
main - Using loader prog_firehose_ddr.elf ...
main - Waiting for the device
......
main - Hint:   Press and hold vol up+dwn, connect usb. For some, only use vol up.
main - Xiaomi: Press and hold vol dwn + pwr, in fastboot mode connect usb.
        Run "./fastpwn oem edl".
main - Other:  Run "adb reboot edl".

...............
.....main - Device detected :)
sahara - Protocol version: 2, Version supported: 1
main - Mode detected: sahara
sahara - 
------------------------
HWID:              0x000a50e100514985 (MSM_ID:0x000a50e1,OEM_ID:0x0051,MODEL_ID:0x4985)
CPU detected:      "SM8150"
PK_HASH:           0x2acf3a85fde334e2e28d64cbc416b2474e0e95cad4698f143e27479d67e92d995a20da04e40395b61a140f3db7c32720
Serial:            0x8495d434

sahara - Protocol version: 2, Version supported: 1
sahara - Uploading loader prog_firehose_ddr.elf ...
sahara - 64-Bit mode detected.
sahara - Firehose mode detected, uploading...
sahara - Loader successfully uploaded.
main - Trying to connect to firehose loader ...
firehose - Binary build date: Dec 10 2021 @ 18:50:47
firehose - Binary build date: Dec 10 2021 @ 18:50:47 
firehose - Chip serial num: 2224411700 (0x8495d434)
firehose - Supported Functions (23):
firehose - program
firehose - read
firehose - nop
firehose - patch
firehose - configure
firehose - setbootablestoragedrive
firehose - erase
firehose - power
firehose - firmwarewrite
firehose - getstorageinfo
firehose - benchmark
firehose - emmc
firehose - ufs
firehose - fixgpt
firehose - getsha256digest
firehose - gethwversion
firehose - getrfversion
firehose - getprjversion
firehose - setprojmodel
firehose - demacia
firehose - sha256init
firehose - sha256final
firehose - eraseuserdata
firehose - End of supported functions 23
firehose_client
firehose_client - [LIB]: No --memory option set, we assume "UFS" as default ..., if it fails, try using "--memory" with "UFS","NAND" or "spinor" instead !
firehose
firehose - [LIB]: Couldn't detect MaxPayloadSizeFromTargetinBytes
firehose
firehose - [LIB]: Couldn't detect TargetName
firehose - TargetName=Unknown
firehose - MemoryName=UFS
firehose - Version=1
firehose - Trying to read first storage sector...
firehose - Running configure...
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - 0x1
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest,gethwversion,getrfversion,getprjversion,setprojmodel,demacia,sha256init,sha256final,eraseuserdata,demacia,setprojmodel
oneplus - Oneplus protection with prjid 18865 detected
firehose_client - [qfil] raw programming...
firehose_client - [qfil] programming program0.xml
firehose_client - [qfil] raw programming ok.
firehose_client - [qfil] patching...
firehose_client - [qfil] patching with patch0.xml
firehose_client - [qfil] patching DISK sector(2), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="2728" filename="DISK" physical_partition_number="0" size_in_bytes="8" start_sector="2" value="NUM_DISK_SECTORS-6." what="Update last partition 22 'userdata' with actual size in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-5.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="2728" filename="DISK" physical_partition_number="0" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-5." value="NUM_DISK_SECTORS-6." what="Update last partition 22 'userdata' with actual size in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="0" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-6." what="Update Primary Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="0" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-6." what="Update Backup Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="32" filename="DISK" physical_partition_number="0" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-1." what="Update Primary Header with BackupGPT Header Location." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="24" filename="DISK" physical_partition_number="0" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-1." what="Update Backup Header with CurrentLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="72" filename="DISK" physical_partition_number="0" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1" value="NUM_DISK_SECTORS-5." what="Update Backup Header with Partition Array Location." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="0" size_in_bytes="4" start_sector="1" value="CRC32(2,4096)" what="Update Primary Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="0" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-5.,4096)" what="Update Backup Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="0" size_in_bytes="4" start_sector="1" value="0" what="Zero Out Header CRC in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="0" size_in_bytes="4" start_sector="1" value="CRC32(1,92)" what="Update Primary Header with CRC of Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="0" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="0" what="Zero Out Header CRC in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="0" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-1.,92)" what="Update Backup Header with CRC of Backup Header." />
 </data>
firehose_client - [qfil] patching ok
Capstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022.
main - Using loader prog_firehose_ddr.elf ...
main - Waiting for the device
main - Device detected :)
main - Mode detected: firehose
main - Trying to connect to firehose loader ...
firehose - Chip serial num: 2224411700 (0x8495d434)
firehose - Supported Functions (23):
firehose - program
firehose - read
firehose - nop
firehose - patch
firehose - configure
firehose - setbootablestoragedrive
firehose - erase
firehose - power
firehose - firmwarewrite
firehose - getstorageinfo
firehose - benchmark
firehose - emmc
firehose - ufs
firehose - fixgpt
firehose - getsha256digest
firehose - gethwversion
firehose - getrfversion
firehose - getprjversion
firehose - setprojmodel
firehose - demacia
firehose - sha256init
firehose - sha256final
firehose - eraseuserdata
firehose - End of supported functions 23
firehose_client
firehose_client - [LIB]: No --memory option set, we assume "UFS" as default ..., if it fails, try using "--memory" with "UFS","NAND" or "spinor" instead !
firehose
firehose - [LIB]: Couldn't detect MaxPayloadSizeFromTargetinBytes
firehose
firehose - [LIB]: Couldn't detect TargetName
firehose - TargetName=Unknown
firehose - MemoryName=UFS
firehose - Version=1
firehose - Trying to read first storage sector...
firehose - Running configure...
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - 0x1
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest,gethwversion,getrfversion,getprjversion,setprojmodel,demacia,sha256init,sha256final,eraseuserdata,demacia,setprojmodel
oneplus - Oneplus protection with prjid 18865 detected
firehose_client - [qfil] raw programming...
firehose_client - [qfil] programming program1.xml
firehose_client - [qfil] raw programming ok.
firehose_client - [qfil] patching...
firehose_client - [qfil] patching with patch1.xml
firehose_client - [qfil] patching DISK sector(2), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="296" filename="DISK" physical_partition_number="1" size_in_bytes="8" start_sector="2" value="NUM_DISK_SECTORS-6." what="Update last partition 3 'last_parti' with actual size in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-5.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="296" filename="DISK" physical_partition_number="1" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-5." value="NUM_DISK_SECTORS-6." what="Update last partition 3 'last_parti' with actual size in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="1" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-6." what="Update Primary Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="1" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-6." what="Update Backup Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="32" filename="DISK" physical_partition_number="1" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-1." what="Update Primary Header with BackupGPT Header Location." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="24" filename="DISK" physical_partition_number="1" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-1." what="Update Backup Header with CurrentLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="72" filename="DISK" physical_partition_number="1" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1" value="NUM_DISK_SECTORS-5." what="Update Backup Header with Partition Array Location." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="1" size_in_bytes="4" start_sector="1" value="CRC32(2,4096)" what="Update Primary Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="1" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-5.,4096)" what="Update Backup Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="1" size_in_bytes="4" start_sector="1" value="0" what="Zero Out Header CRC in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="1" size_in_bytes="4" start_sector="1" value="CRC32(1,92)" what="Update Primary Header with CRC of Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="1" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="0" what="Zero Out Header CRC in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="1" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-1.,92)" what="Update Backup Header with CRC of Backup Header." />
 </data>
firehose_client - [qfil] patching ok
firehose - Setbootablestoragedrive succeeded.
firehose_client - [qfil] partition(1) is now bootable

Capstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022.
main - Using loader prog_firehose_ddr.elf ...
main - Waiting for the device
main - Device detected :)
main - Mode detected: firehose
main - Trying to connect to firehose loader ...
firehose - Chip serial num: 2224411700 (0x8495d434)
firehose - Supported Functions (23):
firehose - program
firehose - read
firehose - nop
firehose - patch
firehose - configure
firehose - setbootablestoragedrive
firehose - erase
firehose - power
firehose - firmwarewrite
firehose - getstorageinfo
firehose - benchmark
firehose - emmc
firehose - ufs
firehose - fixgpt
firehose - getsha256digest
firehose - gethwversion
firehose - getrfversion
firehose - getprjversion
firehose - setprojmodel
firehose - demacia
firehose - sha256init
firehose - sha256final
firehose - eraseuserdata
firehose - End of supported functions 23
firehose_client
firehose_client - [LIB]: No --memory option set, we assume "UFS" as default ..., if it fails, try using "--memory" with "UFS","NAND" or "spinor" instead !
firehose
firehose - [LIB]: Couldn't detect MaxPayloadSizeFromTargetinBytes
firehose
firehose - [LIB]: Couldn't detect TargetName
firehose - TargetName=Unknown
firehose - MemoryName=UFS
firehose - Version=1
firehose - Trying to read first storage sector...
firehose - Running configure...
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - 0x1
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest,gethwversion,getrfversion,getprjversion,setprojmodel,demacia,sha256init,sha256final,eraseuserdata,demacia,setprojmodel
oneplus - Oneplus protection with prjid 18865 detected
firehose_client - [qfil] raw programming...
firehose_client - [qfil] programming program2.xml
firehose_client - [qfil] raw programming ok.
firehose_client - [qfil] patching...
firehose_client - [qfil] patching with patch2.xml
firehose_client - [qfil] patching DISK sector(2), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="296" filename="DISK" physical_partition_number="2" size_in_bytes="8" start_sector="2" value="NUM_DISK_SECTORS-6." what="Update last partition 3 'last_parti' with actual size in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-5.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="296" filename="DISK" physical_partition_number="2" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-5." value="NUM_DISK_SECTORS-6." what="Update last partition 3 'last_parti' with actual size in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="2" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-6." what="Update Primary Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="2" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-6." what="Update Backup Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="32" filename="DISK" physical_partition_number="2" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-1." what="Update Primary Header with BackupGPT Header Location." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="24" filename="DISK" physical_partition_number="2" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-1." what="Update Backup Header with CurrentLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="72" filename="DISK" physical_partition_number="2" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1" value="NUM_DISK_SECTORS-5." what="Update Backup Header with Partition Array Location." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="2" size_in_bytes="4" start_sector="1" value="CRC32(2,4096)" what="Update Primary Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="2" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-5.,4096)" what="Update Backup Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="2" size_in_bytes="4" start_sector="1" value="0" what="Zero Out Header CRC in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="2" size_in_bytes="4" start_sector="1" value="CRC32(1,92)" what="Update Primary Header with CRC of Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="2" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="0" what="Zero Out Header CRC in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="2" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-1.,92)" what="Update Backup Header with CRC of Backup Header." />
 </data>
firehose_client - [qfil] patching ok
Capstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022.
main - Using loader prog_firehose_ddr.elf ...
main - Waiting for the device
main - Device detected :)
main - Mode detected: firehose
main - Trying to connect to firehose loader ...
firehose - Chip serial num: 2224411700 (0x8495d434)
firehose - Supported Functions (23):
firehose - program
firehose - read
firehose - nop
firehose - patch
firehose - configure
firehose - setbootablestoragedrive
firehose - erase
firehose - power
firehose - firmwarewrite
firehose - getstorageinfo
firehose - benchmark
firehose - emmc
firehose - ufs
firehose - fixgpt
firehose - getsha256digest
firehose - gethwversion
firehose - getrfversion
firehose - getprjversion
firehose - setprojmodel
firehose - demacia
firehose - sha256init
firehose - sha256final
firehose - eraseuserdata
firehose - End of supported functions 23
firehose_client
firehose_client - [LIB]: No --memory option set, we assume "UFS" as default ..., if it fails, try using "--memory" with "UFS","NAND" or "spinor" instead !
firehose
firehose - [LIB]: Couldn't detect MaxPayloadSizeFromTargetinBytes
firehose
firehose - [LIB]: Couldn't detect TargetName
firehose - TargetName=Unknown
firehose - MemoryName=UFS
firehose - Version=1
firehose - Trying to read first storage sector...
firehose - Running configure...
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - 0x1
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest,gethwversion,getrfversion,getprjversion,setprojmodel,demacia,sha256init,sha256final,eraseuserdata,demacia,setprojmodel
oneplus - Oneplus protection with prjid 18865 detected
firehose_client - [qfil] raw programming...
firehose_client - [qfil] programming program3.xml
firehose_client - [qfil] raw programming ok.
firehose_client - [qfil] patching...
firehose_client - [qfil] patching with patch3.xml
firehose_client - [qfil] patching DISK sector(2), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="552" filename="DISK" physical_partition_number="3" size_in_bytes="8" start_sector="2" value="NUM_DISK_SECTORS-6." what="Update last partition 5 'last_parti' with actual size in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-5.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="552" filename="DISK" physical_partition_number="3" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-5." value="NUM_DISK_SECTORS-6." what="Update last partition 5 'last_parti' with actual size in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="3" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-6." what="Update Primary Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="3" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-6." what="Update Backup Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="32" filename="DISK" physical_partition_number="3" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-1." what="Update Primary Header with BackupGPT Header Location." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="24" filename="DISK" physical_partition_number="3" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-1." what="Update Backup Header with CurrentLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="72" filename="DISK" physical_partition_number="3" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1" value="NUM_DISK_SECTORS-5." what="Update Backup Header with Partition Array Location." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="3" size_in_bytes="4" start_sector="1" value="CRC32(2,4096)" what="Update Primary Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="3" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-5.,4096)" what="Update Backup Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="3" size_in_bytes="4" start_sector="1" value="0" what="Zero Out Header CRC in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="3" size_in_bytes="4" start_sector="1" value="CRC32(1,92)" what="Update Primary Header with CRC of Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="3" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="0" what="Zero Out Header CRC in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="3" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-1.,92)" what="Update Backup Header with CRC of Backup Header." />
 </data>
firehose_client - [qfil] patching ok
Capstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022.
main - Using loader prog_firehose_ddr.elf ...
main - Waiting for the device
main - Device detected :)
main - Mode detected: firehose
main - Trying to connect to firehose loader ...
firehose - Chip serial num: 2224411700 (0x8495d434)
firehose - Supported Functions (23):
firehose - program
firehose - read
firehose - nop
firehose - patch
firehose - configure
firehose - setbootablestoragedrive
firehose - erase
firehose - power
firehose - firmwarewrite
firehose - getstorageinfo
firehose - benchmark
firehose - emmc
firehose - ufs
firehose - fixgpt
firehose - getsha256digest
firehose - gethwversion
firehose - getrfversion
firehose - getprjversion
firehose - setprojmodel
firehose - demacia
firehose - sha256init
firehose - sha256final
firehose - eraseuserdata
firehose - End of supported functions 23
firehose_client
firehose_client - [LIB]: No --memory option set, we assume "UFS" as default ..., if it fails, try using "--memory" with "UFS","NAND" or "spinor" instead !
firehose
firehose - [LIB]: Couldn't detect MaxPayloadSizeFromTargetinBytes
firehose
firehose - [LIB]: Couldn't detect TargetName
firehose - TargetName=Unknown
firehose - MemoryName=UFS
firehose - Version=1
firehose - Trying to read first storage sector...
firehose - Running configure...
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - 0x1
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest,gethwversion,getrfversion,getprjversion,setprojmodel,demacia,sha256init,sha256final,eraseuserdata,demacia,setprojmodel
oneplus - Oneplus protection with prjid 18865 detected
firehose_client - [qfil] raw programming...
firehose_client - [qfil] programming program4.xml
firehose_client - [qfil] raw programming ok.
firehose_client - [qfil] patching...
firehose_client - [qfil] patching with patch4.xml
firehose_client - [qfil] patching DISK sector(4), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="1832" filename="DISK" physical_partition_number="4" size_in_bytes="8" start_sector="4" value="NUM_DISK_SECTORS-6." what="Update last partition 79 'last_parti' with actual size in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-3.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="1832" filename="DISK" physical_partition_number="4" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-3." value="NUM_DISK_SECTORS-6." what="Update last partition 79 'last_parti' with actual size in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="4" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-6." what="Update Primary Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="4" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-6." what="Update Backup Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="32" filename="DISK" physical_partition_number="4" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-1." what="Update Primary Header with BackupGPT Header Location." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="24" filename="DISK" physical_partition_number="4" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-1." what="Update Backup Header with CurrentLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="72" filename="DISK" physical_partition_number="4" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1" value="NUM_DISK_SECTORS-5." what="Update Backup Header with Partition Array Location." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="4" size_in_bytes="4" start_sector="1" value="CRC32(2,12288)" what="Update Primary Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="4" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-5.,12288)" what="Update Backup Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="4" size_in_bytes="4" start_sector="1" value="0" what="Zero Out Header CRC in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="4" size_in_bytes="4" start_sector="1" value="CRC32(1,92)" what="Update Primary Header with CRC of Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="4" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="0" what="Zero Out Header CRC in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="4" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-1.,92)" what="Update Backup Header with CRC of Backup Header." />
 </data>
firehose_client - [qfil] patching ok
Capstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022.
main - Using loader prog_firehose_ddr.elf ...
main - Waiting for the device
main - Device detected :)
main - Mode detected: firehose
main - Trying to connect to firehose loader ...
firehose - Chip serial num: 2224411700 (0x8495d434)
firehose - Supported Functions (23):
firehose - program
firehose - read
firehose - nop
firehose - patch
firehose - configure
firehose - setbootablestoragedrive
firehose - erase
firehose - power
firehose - firmwarewrite
firehose - getstorageinfo
firehose - benchmark
firehose - emmc
firehose - ufs
firehose - fixgpt
firehose - getsha256digest
firehose - gethwversion
firehose - getrfversion
firehose - getprjversion
firehose - setprojmodel
firehose - demacia
firehose - sha256init
firehose - sha256final
firehose - eraseuserdata
firehose - End of supported functions 23
firehose_client
firehose_client - [LIB]: No --memory option set, we assume "UFS" as default ..., if it fails, try using "--memory" with "UFS","NAND" or "spinor" instead !
firehose
firehose - [LIB]: Couldn't detect MaxPayloadSizeFromTargetinBytes
firehose
firehose - [LIB]: Couldn't detect TargetName
firehose - TargetName=Unknown
firehose - MemoryName=UFS
firehose - Version=1
firehose - Trying to read first storage sector...
firehose - Running configure...
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - 0x1
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest,gethwversion,getrfversion,getprjversion,setprojmodel,demacia,sha256init,sha256final,eraseuserdata,demacia,setprojmodel
oneplus - Oneplus protection with prjid 18865 detected
firehose_client - [qfil] raw programming...
firehose_client - [qfil] programming program5.xml
firehose_client - [qfil] raw programming ok.
firehose_client - [qfil] patching...
firehose_client - [qfil] patching with patch5.xml
firehose_client - [qfil] patching DISK sector(2), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="1192" filename="DISK" physical_partition_number="5" size_in_bytes="8" start_sector="2" value="NUM_DISK_SECTORS-6." what="Update last partition 10 'last_parti' with actual size in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-5.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="1192" filename="DISK" physical_partition_number="5" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-5." value="NUM_DISK_SECTORS-6." what="Update last partition 10 'last_parti' with actual size in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="5" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-6." what="Update Primary Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="48" filename="DISK" physical_partition_number="5" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-6." what="Update Backup Header with LastUseableLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="32" filename="DISK" physical_partition_number="5" size_in_bytes="8" start_sector="1" value="NUM_DISK_SECTORS-1." what="Update Primary Header with BackupGPT Header Location." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="24" filename="DISK" physical_partition_number="5" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1." value="NUM_DISK_SECTORS-1." what="Update Backup Header with CurrentLBA." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1), size=8
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="72" filename="DISK" physical_partition_number="5" size_in_bytes="8" start_sector="NUM_DISK_SECTORS-1" value="NUM_DISK_SECTORS-5." what="Update Backup Header with Partition Array Location." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="5" size_in_bytes="4" start_sector="1" value="CRC32(2,4096)" what="Update Primary Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="88" filename="DISK" physical_partition_number="5" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-5.,4096)" what="Update Backup Header with CRC of Partition Array." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="5" size_in_bytes="4" start_sector="1" value="0" what="Zero Out Header CRC in Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(1), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="5" size_in_bytes="4" start_sector="1" value="CRC32(1,92)" what="Update Primary Header with CRC of Primary Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="5" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="0" what="Zero Out Header CRC in Backup Header." />
         </data>
firehose_client - [qfil] patching DISK sector(NUM_DISK_SECTORS-1.), size=4
<?xml version="1.0" ?><data>
 <patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="16" filename="DISK" physical_partition_number="5" size_in_bytes="4" start_sector="NUM_DISK_SECTORS-1." value="CRC32(NUM_DISK_SECTORS-1.,92)" what="Update Backup Header with CRC of Backup Header." />
 </data>
firehose_client - [qfil] patching ok

zaphida commented 1 year ago

I decided to try to set active slot between a and b to see what happened and this is what I got:

 kernel  ~  extract  SIGINT  edl setactiveslot b --loader=prog_firehose_ddr.elf
Capstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022.
main - Using loader prog_firehose_ddr.elf ...
main - Waiting for the device
......
main - Hint:   Press and hold vol up+dwn, connect usb. For some, only use vol up.
main - Xiaomi: Press and hold vol dwn + pwr, in fastboot mode connect usb.
        Run "./fastpwn oem edl".
main - Other:  Run "adb reboot edl".

.main - Device detected :)
sahara - Protocol version: 2, Version supported: 1
main - Mode detected: sahara
sahara - 
------------------------
HWID:              0x000a50e100514985 (MSM_ID:0x000a50e1,OEM_ID:0x0051,MODEL_ID:0x4985)
CPU detected:      "SM8150"
PK_HASH:           0x2acf3a85fde334e2e28d64cbc416b2474e0e95cad4698f143e27479d67e92d995a20da04e40395b61a140f3db7c32720
Serial:            0x8495d434

sahara - Protocol version: 2, Version supported: 1
sahara - Uploading loader prog_firehose_ddr.elf ...
sahara - 64-Bit mode detected.
sahara - Firehose mode detected, uploading...
sahara - Loader successfully uploaded.
main - Trying to connect to firehose loader ...
firehose - Binary build date: Dec 10 2021 @ 18:50:47
firehose - Binary build date: Dec 10 2021 @ 18:50:47 
firehose - Chip serial num: 2224411700 (0x8495d434)
firehose - Supported Functions (23):
firehose - program
firehose - read
firehose - nop
firehose - patch
firehose - configure
firehose - setbootablestoragedrive
firehose - erase
firehose - power
firehose - firmwarewrite
firehose - getstorageinfo
firehose - benchmark
firehose - emmc
firehose - ufs
firehose - fixgpt
firehose - getsha256digest
firehose - gethwversion
firehose - getrfversion
firehose - getprjversion
firehose - setprojmodel
firehose - demacia
firehose - sha256init
firehose - sha256final
firehose - eraseuserdata
firehose - End of supported functions 23
firehose_client
firehose_client - [LIB]: No --memory option set, we assume "UFS" as default ..., if it fails, try using "--memory" with "UFS","NAND" or "spinor" instead !
firehose
firehose - [LIB]: Couldn't detect MaxPayloadSizeFromTargetinBytes
firehose
firehose - [LIB]: Couldn't detect TargetName
firehose - TargetName=Unknown
firehose - MemoryName=UFS
firehose - Version=1
firehose - Trying to read first storage sector...
firehose - Running configure...
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - 0x1
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest,gethwversion,getrfversion,getprjversion,setprojmodel,demacia,sha256init,sha256final,eraseuserdata,demacia,setprojmodel
oneplus - Oneplus protection with prjid 18865 detected
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
 kernel  ~  extract  edl setactiveslot a --loader=prog_firehose_ddr.elf
Capstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022.
main - Using loader prog_firehose_ddr.elf ...
main - Waiting for the device
main - Device detected :)
main - Mode detected: firehose
main - Trying to connect to firehose loader ...
firehose - Chip serial num: 2224411700 (0x8495d434)
firehose - Supported Functions (23):
firehose - program
firehose - read
firehose - nop
firehose - patch
firehose - configure
firehose - setbootablestoragedrive
firehose - erase
firehose - power
firehose - firmwarewrite
firehose - getstorageinfo
firehose - benchmark
firehose - emmc
firehose - ufs
firehose - fixgpt
firehose - getsha256digest
firehose - gethwversion
firehose - getrfversion
firehose - getprjversion
firehose - setprojmodel
firehose - demacia
firehose - sha256init
firehose - sha256final
firehose - eraseuserdata
firehose - End of supported functions 23
firehose_client
firehose_client - [LIB]: No --memory option set, we assume "UFS" as default ..., if it fails, try using "--memory" with "UFS","NAND" or "spinor" instead !
firehose
firehose - [LIB]: Couldn't detect MaxPayloadSizeFromTargetinBytes
firehose
firehose - [LIB]: Couldn't detect TargetName
firehose - TargetName=Unknown
firehose - MemoryName=UFS
firehose - Version=1
firehose - Trying to read first storage sector...
firehose - Running configure...
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - {'UFS fInitialized': '0x1', 'UFS Current LUN Number: ': ' 0xd0', 'UFS Total Active LU': '0x6', 'UFS wManufacturerID': '0x1ce', 'UFS Boot Partition Enabled': '0x1', 'UFS Raw Device Capacity: ': ' 0xee64000', 'UFS Min Block Size': '0x8', 'UFS Erase Block Size': '0x2000', 'UFS Allocation Unit Size': '0x1', 'UFS RPMB ReadWrite Size: ': ' 0x40', 'UFS Number of Allocation Uint for This LU': '0x0', 'UFS Logical Block Size': '0x0', 'UFS Provisioning Type': '0x0', 'UFS LU Write Protect': '0x0', 'UFS Boot LUN ID: ': ' 0x0', 'UFS Memory Type': '0x0', 'UFS LU Total Blocks': '0x0', 'UFS Supported Memory Types': '0x800f', 'UFS dEnhanced1MaxNAllocU': '0x7732', 'UFS wEnhanced1CapAdjFac': '0x300', 'UFS dEnhanced2MaxNAllocU: ': ' 0x0', 'UFS wEnhanced2CapAdjFac': '0x0', 'UFS dEnhanced3MaxNAllocU': '0x0', 'UFS wEnhanced3CapAdjFac': '0x0', 'UFS dEnhanced4MaxNAllocU': '0x0', 'UFS wEnhanced4CapAdjFac': '0x0', 'UFS LUN Enable Bitmask': '0x3f', 'UFS Logical Block Count': '0x0', 'UFS bConfigDescrLock': '0x0', 'UFS iManufacturerName String Index': '0x0', 'UFS iProductName String Index': '0x1', 'UFS iSerialNumber String Index': '0x2', 'UFS iOemID String Index': '0x3', 'UFS Inquiry Command Output': 'SAMSUNG KLUDG4UHDB-B2D1 0400 '}
firehose - 0x1
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest,gethwversion,getrfversion,getprjversion,setprojmodel,demacia,sha256init,sha256final,eraseuserdata,demacia,setprojmodel
oneplus - Oneplus protection with prjid 18865 detected
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']
firehose
firehose - [LIB]: Error:['ERROR: patch size too large 128']

zaphida commented 1 year ago

I was able to unbrick the phone by using MsmDownloadTool after putting Windows into test mode. It took the expected amount of time. The flash using this edl utility went suspiciously fast, just a few seconds. Did I miss something?

bkerler commented 1 year ago

Most likely you overwrote critical partitions that hold stuff like serialnumbers. You could try to completely wipe and then write gpt first, reboot and then write the critical partitions, reboot and then write the firmware. But still, imei etc. will be gone forever.

zaphida commented 1 year ago

@bkerler It's nice to communicate directly with the creator of this project. Your Github repositories display some impressive feats of real hacking. Actually, the IMEIs of both SIM slots and the devices serial number are all present on the device, viewable under Settings > About Phone > Status. The phone is fully functional following the flashing of the stock firmware using MsmDownloadTool. It would be nice to know how to perform the same operation using your edl tool under Linux. That is, restore a hardbricked device that had wrong firmware flashed to stock ROM and retain IMEI(s) and serial number without having to touch a Microsoft Windows system.

dtql commented 6 months ago

@zaphida I managed to restore my Oneplus 7 using only edl on Linux. I tried the instructions here: https://github.com/bkerler/edl/issues/432 to generate the files to run the qfil command, but qfil runs really quickly which is strange as I assumed it would take some time to write the files, especially system.img. Looking at firehose_client.py indeed that is what it should be doing, but for me it was not.

Anyway, I ended up manually running all the writes manually, as below (Note: initially I used the --lun=x option, but it seems to actually make the commands fail if lun!=0 so I removed them). After the reset, phone is restored :) edl w persist persist.img edl w param param.bin edl w op2 op2.img edl w oem_dycnvbk dynamic_nvbk.bin edl w oem_stanvbk static_nvbk.bin edl w config config.bin edl w system_a system.img edl w odm_a odm.img edl w metadata metadata.img edl w userdata userdata.img // this command appears to be super slow for some reason, and i ended up skipping it edl w xbl_a xbl.elf edl w xbl_config_a xbl_config.elf edl w aop_a aop.mbn edl w tz_a tz.mbn edl w hyp_a hyp.mbn edl w modem_a NON-HLOS.bin edl w bluetooth_a BTFM.bin edl w abl_a abl.elf edl w dsp_a dspso.bin edl w keymaster_a km4.mbn edl w boot_a boot.img edl w cmnlib_a cmnlib.mbn edl w cmnlib64_a cmnlib64.mbn edl w devcfg_a devcfg.mbn edl w qupfw_a qupv3fw.elf edl w vendor_a vendor.img edl w vbmeta_a vbmeta.img edl w dtbo_a dtbo.img edl w uefisecapp_a uefi_sec.mbn edl w imagefv_a imagefv.elf edl w LOGO_a logo.bin edl w fw_ufs1_a fw_ufs1.bin edl w fw_ufs2_a fw_ufs2.bin edl w multiimgoem_a multi_image.mbn edl w uefisecapp_b uefi_sec.mbn edl w imagefv_b imagefv.elf edl w op1 op1.img edl w apdp apdp.mbn edl w msadp msadp.mbn edl w logfs logfs_ufs_8mb.bin edl w storsec_a storsec.mbn edl w secdata sec.elf edl w reserve1 reserve1.bin edl w reserve2 reserve2.bin edl qfil rawprogram0.xml patch0.xml . edl qfil rawprogram1.xml patch1.xml . edl qfil rawprogram2.xml patch2.xml . edl qfil rawprogram3.xml patch3.xml . edl qfil rawprogram4.xml patch4.xml . edl qfil rawprogram5.xml patch5.xml . edl reset

bkerler / edl

OnePlus 7t flashed with stock ROM, boot, recovery, and firmware, still bricked #402