Unknown CPU

[elmnn]

Hi all. Device: Redmi Note 12 4G (TAPAS). CPU snapdragon 680. log: Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022. main - Trying with no loader given ... main - Waiting for the device main - Device detected :) sahara - Protocol version: 2.1 main - Mode detected: sahara sahara - HWID: 0x001b80e100720000 (MSM_ID:0x001b80e1,OEM_ID:0x0072,MODEL_ID:0x0000) Unknown CPU, please send log as issue to https://github.com/bkerler/edl PK_HASH: 0x1bebe3863a6781db4b01086063007334de9e5ca14971c7c4f4358ec9d79cda46 Serial: 0x4552c912

sahara - Found possible loader: /opt/edl/edlclient/../Loaders/qualcomm/factory/sd765/0000000000720000_1bebe3863a6781db_fhprg.bin sahara - Found possible loader: /opt/edl/edlclient/../Loaders/xiaomi/0014d0e100000000_1bebe3863a6781db_fhprg.bin sahara - Found possible loader: /opt/edl/edlclient/../Loaders/xiaomi/0010a0e100720000_1bebe3863a6781db_fhprg.bin sahara - Found possible loader: /opt/edl/edlclient/../Loaders/xiaomi/001360e100720000_1bebe3863a6781db_fhprg_redmi9t.bin sahara - Found possible loader: /opt/edl/edlclient/../Loaders/xiaomi/EDLAuth/000950e100720000_1bebe3863a6781db_fhprg_edlauth.bin sahara - Found possible loader: /opt/edl/edlclient/../Loaders/xiaomi/EDLAuth/000a50e100720000_1bebe3863a6781db_fhprg_edlauth.bin sahara - Found possible loader: /opt/edl/edlclient/../Loaders/xiaomi/EDLAuth/000e60e100720000_1bebe3863a6781db_fhprg_edlauth.bin sahara - Found possible loader: /opt/edl/edlclient/../Loaders/xiaomi/EDLAuth/001590e100720000_1bebe3863a6781db_fhprg_edlauth.bin sahara - Protocol version: 2.1 sahara - Uploading loader /opt/edl/edlclient/../Loaders/xiaomi/EDLAuth/001590e100720000_1bebe3863a6781db_fhprg_edlauth.bin ... sahara - 64-Bit mode detected. sahara - Firehose mode detected, uploading... sahara sahara - [LIB]: Error: Invalid data size received in image header Connection detected, quiting.

[RenateUSB]

Try qualcomm/factory/sdm662/0014d0e100000000_d40eee56f3194665_FHPRG.bin The actual hash of this is "one baby", 1bebe... and it handles 001b80e1 SM_DIVAR.

[AleXoundOS]

@RenateUSB, 0014d0e100000000_d40eee56f3194665_FHPRG.bin doesn't seem to work.

edl printgpt --loader=Loaders/qualcomm/factory/sdm662/0014d0e100000000_d40eee56f3194665_FHPRG.bin --debugmode

...

------------------------
HWID:              0x001b80e100720000 (MSM_ID:0x001b80e1,OEM_ID:0x0072,MODEL_ID:0x0000)
Unknown CPU, please send log as issue to https://github.com/bkerler/edl
PK_HASH:           0x1bebe3863a6781db4b01086063007334de9e5ca14971c7c4f4358ec9d79cda4692ce5e948c6fd409408f4c919fcadfe3
Serial:            0x4e6bbecc

...

DeviceClass - USBError(5, 'Input/Output Error')
sahara
sahara - [LIB]: Unknown response received on uploading loader.

[RenateUSB]

I can't see what it's doing and the error message is less than intelligible. Power reset and try again, maybe with more verbosity.

If you are rooted and can pull an xbl/sbl I can check it for compatibility.

[AleXoundOS]

@RenateUSB, sorry for incomplete report.

Device is Redmi 10C phone (here it says it's Qualcomm SM6225 Snapdragon 680). The phone is not rooted.

1. I powered off the phone.
2. Shorted test point pins.
3. Connected phone to laptop via USB Type-C cable. Got these new dmesg messages:

   2024-04-24T21:44:45,640492+04:00 usb 1-2: new high-speed USB device number 48 using xhci_hcd
   2024-04-24T21:44:45,768540+04:00 usb 1-2: New USB device found, idVendor=05c6, idProduct=9008, bcdDevice= 0.00
   2024-04-24T21:44:45,768556+04:00 usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
   2024-04-24T21:44:45,768562+04:00 usb 1-2: Product: QUSB_BULK_CID:043A_SN:4E6BBECC
   2024-04-24T21:44:45,768567+04:00 usb 1-2: Manufacturer: Qualcomm CDMA Technologies MSM
   2024-04-24T21:44:45,771034+04:00 qcserial 1-2:1.0: Qualcomm USB modem converter detected
   2024-04-24T21:44:45,771343+04:00 usb 1-2: Qualcomm USB modem converter now attached to ttyUSB0

4. Released test point pins.
5. Executed edl printgpt --loader=Loaders/qualcomm/factory/sdm662/0014d0e100000000_d40eee56f3194665_FHPRG.bin --debugmode: log.txt logs/log.txt
6. Got these new dmesg messages:

   2024-04-24T21:49:03,209645+04:00 qcserial ttyUSB0: Qualcomm USB modem converter now disconnected from ttyUSB0
   2024-04-24T21:49:03,209661+04:00 qcserial 1-2:1.0: device disconnected
   2024-04-24T21:49:04,618188+04:00 usb 1-2: USB disconnect, device number 48
   2024-04-24T21:49:04,949518+04:00 usb 1-2: new high-speed USB device number 49 using xhci_hcd
   2024-04-24T21:49:05,078374+04:00 usb 1-2: New USB device found, idVendor=05c6, idProduct=9008, bcdDevice= 0.00
   2024-04-24T21:49:05,078390+04:00 usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
   2024-04-24T21:49:05,078396+04:00 usb 1-2: Product: QUSB_BULK_CID:043A_SN:4E6BBECC
   2024-04-24T21:49:05,078401+04:00 usb 1-2: Manufacturer: Qualcomm CDMA Technologies MSM
   2024-04-24T21:49:05,080798+04:00 qcserial 1-2:1.0: Qualcomm USB modem converter detected
   2024-04-24T21:49:05,081062+04:00 usb 1-2: Qualcomm USB modem converter now attached to ttyUSB0

[RenateUSB]

That's strange. Apparently it did not like the cert chain. I think we're talking USB noise/corruption here. Try another box, another OS, another port, another cable.

[AleXoundOS]

I think we're talking USB noise/corruption here. Try another box, another OS, another port, another cable.

@RenateUSB, I tried on another laptop, booted from the Live DVD V4 and used another 2 cables. All logs are the same as with previous setup, including dmesg and log.txt:

Using loader Loaders/qualcomm/factory/sdm662/0014d0e100000000_d40eee56f3194665_FHPRG.bin ...
Waiting for the device
Device detected :)
Protocol version: 2.1
Mode detected: sahara

------------------------
HWID:              0x001b80e100720000 (MSM_ID:0x001b80e1,OEM_ID:0x0072,MODEL_ID:0x0000)
Unknown CPU, please send log as issue to https://github.com/bkerler/edl
PK_HASH:           0x1bebe3863a6781db4b01086063007334de9e5ca14971c7c4f4358ec9d79cda46
Serial:            0x4e6bbecc

Protocol version: 2.1
Uploading loader Loaders/qualcomm/factory/sdm662/0014d0e100000000_d40eee56f3194665_FHPRG.bin ...
64-Bit mode detected.
Firehose mode detected, uploading...
Unknown response received on uploading loader.
user@livedvd:/opt/edl$ 

Maybe the chip gets rebooted during the upload?

[RenateUSB]

Well, Xiaomi already makes it suspicious. I don't see any HWID or OEM or model limitations in the certs It doesn't seem to like the hashes/signature/certs chain somewhere.

[AleXoundOS]

I tried again on another laptop with "Live DVD V4" and still result is the same. @RenateUSB, Is there anything else I can try to do?

[RenateUSB]

Can you get the sbl/xbl out of an update or off the device?

[AleXoundOS]

I downloaded tgz archive from xiaomifirmwareupdater.com for my Redmi 10C model, unpacked it. @RenateUSB, here is the xbl.elf.gz file (I compressed it with gzip) from archive.

Here is the list of all files in image directory:

$ ls -1 abl.elf about.html anti_version.txt boot.img BTFM.bin config.bin crclist.txt cust.img devcfg.mbn dspso.bin dtbo.img dummy.bin dummy.img elf_path.txt featenabler.mbn gpt_backup0.bin gpt_backup1.bin gpt_backup2.bin gpt_backup3.bin gpt_backup4.bin gpt_backup5.bin gpt_both0.bin gpt_both1.bin gpt_both2.bin gpt_both3.bin gpt_both4.bin gpt_both5.bin gpt_main0.bin gpt_main1.bin gpt_main2.bin gpt_main3.bin gpt_main4.bin gpt_main5.bin hyp.mbn imagefv.elf km41.mbn logfs_ufs_8mb.bin metadata.img misc.img multi_image.mbn NON-HLOS.bin partition.xml patch0.xml patch1.xml patch2.xml patch3.xml patch4.xml patch5.xml persist.img prog_firehose_ddr.elf prog_firehose_lite.elf qupv3fw.elf rawprogram0.xml rawprogram1.xml rawprogram2.xml rawprogram3.xml rawprogram4.xml rawprogram5.xml rescue.img rpm.mbn sparsecrclist.txt storsec.mbn super.img tz.mbn uefi_sec.mbn userdata.img vbmeta.img vbmeta_system.img vendor_boot.img vmlinux xbl_config.elf xbl.elf

[RenateUSB]

Edit: Oops, I got a little confused. I thought this was the Sahara 3 issue. In any case, what I said is true. Try it.

@AleXoundOS you're getting me all confused. The OP was about a Redmi Note 12 4G I suggested a Firehose loader. They never responded, so I can't even tell if it worked. You come along with a Redmi 10C and piggy-back on.

The hash is the one that Xiaomi likes to use for everything: 1bebe3863a6781db There are 20 Firehose loaders in this repo that have that hash. But only five of them use somewhat compatible address layouts:

qualcomm/factory/sdm662/0014d0e100000000_d40eee56f3194665_FHPRG.bin
quectel/prog_firehose_life_ddr_patched.elf
xiaomi/0010a0e100720000_1bebe3863a6781db_fhprg.bin
xiaomi/001360e100720000_1bebe3863a6781db_fhprg_redmi9t.bin
xiaomi/0014d0e100000000_1bebe3863a6781db_fhprg.bin

Yes, the two Qualcomm/Quectel ones are actually Xiaomi. Apparently they were tested on devices that did not have SecureBoot and so miscategorized.

Try all five sequentially, but be sure to do a full long power button press between trials. You'll know because the USB disconnects for a second. A failed loading may look like it rebooted, but it's usually all confused. Good luck

[AleXoundOS]

be sure to do a full long power button press between trials

@RenateUSB, how can I ensure that it's really turned off?

---

Thank you for instructions! I will try now.

[elmnn]

I apologize for the long silence. None of the bootloader is working. I've tried everything possible. I only noticed in debug mode that the expected length of the response header does not match when using any loader. I will add that there are no solutions for this processor among the paid options. At least I didn't get find.

[RenateUSB]

@elmnn

None of the bootloader is working.

How many did you try? You do realize that my suggestion of five loaders was based on Alex's xbl, not yours? You do realize that the error messages are incorrect?

[AleXoundOS]

Try all five sequentially, but be sure to do a full long power button press between trials.

I tried all five sequentially (powered the phone off between attempts) without success. Though, error messages in logs were different (unfortunately, I didn't save logs).

[RenateUSB]

Error messages are important.