how to find correct programmer (write error)

[mcdoe]

Hello, trying to unbrick. Have firmware.bin which came from successful read of entire firmware. When try write firmware back in using wf firmware.bin, generates this error. UsbClass - [LIB]: wait_fordata:0x1000 UsbClass UsbClass - [LIB]: Timed out UsbClass UsbClass - [LIB]: b'' firehose firehose - [LIB]: Error:{} Error writing to sector

By the way, chip shows up as Qualcomm, Inc. Gobi Wireless Modem (QDL mode) and shows:

HWID: 0x009600e100000000 (MSM_ID:0x009600e1,OEM_ID:0x0000,MODEL_ID:0x0000) CPU detected: "MSM8909" PK_HASH: 0xcc3153a80293939b90d02d3bf8b23e0292e452fef662c74998421adad42a380f Serial: 0x1c5f7aa2

How I can unbrick: is programmer in firmware? a few mbn files in there... https://cellphonetrackers.org/wp-content/uploads/8x60_msimage.mbn_.txt

[bkerler]

Hi, use any msm8909 Loader or use my loaders over there : https://github.com/bkerler/Loaders/ Copy this repo to the Loaders directory and it should work out of the box.

[bkerler]

if you try to write the flash, make sure that you flash back the firmware matching the phone, as other phone dumps might fail.

[mcdoe]

I see. Thanks man! Also, do you know, when finding test points, is every large metal piece ground? Or I always need to find 2 test points? Specifically for the ZTE phones.

[bkerler]

You can find ground anywhere on screws, usb port and shielding. To make usre it's ground, use a multimeter and test for continuity. In order to enter edl, normally "adb reboot edl" should work fine, in other cases, you will need to short clk or dat0 of the emmc temporary with ground on boot to enter 9008 usb mode.

[mcdoe]

Ok, thanks, trying to work out where the emmc is. Right now device is showing up as 19d2:0112 CDMA Technologies MSM QHSUSB__BULK Can I go into DLOAD mode from this hard bricked state, or should I just try to get back into EDL. Thanks for the help btw.

[bkerler]

Never seen that id. you could try to add that vid/pid combination to modem/diag.py script at default_vid_pid and then the use ./diag.py -sahara or ./diag.py -download which hopefully puts you into edl mode.