GSM Shop
GSM-Forum  

Welcome to the GSM-Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features.
Only registered members may post questions, contact other members or search our database of over 8 million posts.

Registration is fast, simple and absolutely free so please - Click to REGISTER!

If you have any problems with the registration process or your account login, please contact contact us .

Go Back   GSM-Forum > Product Support Sections > Hard/Software Products (official support) > RIFF Box Team > RIFFBOX

Reply
 
LinkBack Thread Tools Display Modes
Old 08-30-2018, 04:28   #1 (permalink)
Product Manager
 
legija's Avatar
 
Join Date: Apr 2006
Age: 50
Posts: 5,743
Member: 256342
Status: Offline
Sonork: None
Thanks Meter: 28,253
RIFF Box Qualcomm Sahara support, tips and tricks


Hello dear users !


We took some time to prepare latest addition to JTAG Manager and built from scratch complete Sahara protocol support (both firehose and streaming download). We didn't just embedded freely available tools from Qualcomm (emmcdl and qh_loader), instead, we used own code.


Great work is done on eMMC Plugin too, which now supports USB, ISP and JTAG access. You can select partition on LU (Logical Unit) to parse.
Among other improvements, we added GPT repair/adjust which serves as analogue to patch0.xml used with QFIL.
"Adjust GPT" will automatically update checksums and resize userdata partition to fill whole chip. This is valuable in cases where gpt is from different chip size.


There is more work, but we feel confident that current functions can satisfy most of the needs in servicing and forensics fields.


So, for start, few important tips:


1. Make sure to have Qualcomm drivers installed
2. Most Snapdragon 200 firehose loaders don't have read support, also some will not output storage info (size, SN, brand). We found out that there is one universal firehose looader which supports all this, but uses a bit different protocol. As this is Alcatel loader, we named it "Alcatel Firehose".
It can be used with MSM8x10, MSM8x12, MSM8x26 which otherwise don't have read support. File is attached here.


3. Sahara protocol requires phone to be in EDL mode. To enter EDL mode, exist few methods:
1. Kill phone BootChain or GPT
2. Switch to EDL from ADB or from TWRP: (TWRP tested on some Samsung models)

"Adb reboot EDL"
3. Use EDL cable (Xiaomi phones for example)
4. Activate Diag mode and JTAG Manager will switch it to EDL automatically if phone supports it.
5. Hold Vol+ for 10 seconds (OnePLus models)

6. Short EDL TP-s if exist
7. Short CMD to GND
9. Most reliable method is to remove eMMC




I'll add some videos to this post later, for now please test functionality and ask for clarification if there is anything unclear.

Last edited by legija; 08-30-2018 at 18:39.
  Reply With Quote
The Following 39 Users Say Thank You to legija For This Useful Post:
Show/Hide list of the thanked
Old 08-30-2018, 09:51   #2 (permalink)
No Life Poster
 
Join Date: Nov 2006
Location: GOOD
Posts: 965
Member: 388862
Status: Offline
Thanks Meter: 60
add oppo r15 sdm660 ,redmi note5 sdm636
  Reply With Quote
Old 08-30-2018, 10:34   #3 (permalink)
Product Manager
 
legija's Avatar
 
Join Date: Apr 2006
Age: 50
Posts: 5,743
Member: 256342
Status: Offline
Sonork: None
Thanks Meter: 28,253
Quote:
Originally Posted by lihua View Post
add oppo r15 sdm660 ,redmi note5 sdm636
Hi,
If You have firehose loaders, simply select "external binary format file" as on screenshot. MCU model is irrelevant.
Attached Images
File Type: jpg ufs.jpg (86.2 KB, 187 views)
  Reply With Quote
Old 08-30-2018, 10:46   #4 (permalink)
No Life Poster
 
zishhaider's Avatar
 
Join Date: Jan 2009
Location: Root tunnel
Age: 31
Posts: 2,043
Member: 952111
Status: Offline
Sonork: I'm not using now.
Thanks Meter: 600
where is loader file? you mentioned as universal
  Reply With Quote
Old 08-30-2018, 11:19   #5 (permalink)
Product Manager
 
legija's Avatar
 
Join Date: Apr 2006
Age: 50
Posts: 5,743
Member: 256342
Status: Offline
Sonork: None
Thanks Meter: 28,253
Redmi Note5 Pro is SDM636. Firehose loader should be embedded with firmware.
Give me some time to check it.

Oppo R15 we haven't tested, but loader is there in ops file. Need to decrypt it, also need some time (few hours).
  Reply With Quote
The Following 2 Users Say Thank You to legija For This Useful Post:
Old 08-30-2018, 11:51   #6 (permalink)
Product Manager
 
legija's Avatar
 
Join Date: Apr 2006
Age: 50
Posts: 5,743
Member: 256342
Status: Offline
Sonork: None
Thanks Meter: 28,253
Quote:
Originally Posted by zishhaider View Post
where is loader file? you mentioned as universal
prog_emmc_ufs_firehose_Sdm660_ddr.elf
prog_emmc_ufs_firehose_Sdm636_ddr.elf
  Reply With Quote
The Following 3 Users Say Thank You to legija For This Useful Post:
Show/Hide list of the thanked
Old 08-30-2018, 12:41   #7 (permalink)
No Life Poster
 
otherboy123's Avatar
 
Join Date: Aug 2013
Location: Yangon
Age: 24
Posts: 792
Member: 2006794
Status: Offline
Sonork: 100.1664636
Thanks Meter: 143
Donate money to this user
very nice update king jtag box i want to test now. Good update love u team.
  Reply With Quote
Old 08-30-2018, 13:47   #8 (permalink)
Junior Member
 
Join Date: Sep 2006
Posts: 25
Member: 349359
Status: Offline
Thanks Meter: 6
i have lg v20 dead with ufs chip , can i revive it . it battery charging sign when battery charge is low but vibrates alone with black screen when battery is charged. can i fix it with this update.
  Reply With Quote
Old 08-30-2018, 13:59   #9 (permalink)
Freak Poster
 
Join Date: Feb 2008
Posts: 249
Member: 694980
Status: Offline
Thanks Meter: 70
support to
Moto X4 XT1900-6
Samsung S6


USB support?
  Reply With Quote
Old 08-30-2018, 17:47   #10 (permalink)
No Life Poster
 
Join Date: May 2009
Location: Bangladesh
Posts: 704
Member: 1034743
Status: Offline
Sonork: 100.1619212
Thanks Meter: 157
Riff box is good,,but team slowly worked..
i hope also update this device regurarly
look like z3x jtag , octoplus jtag , medusa etc
  Reply With Quote
Old 08-30-2018, 20:16   #11 (permalink)
Freak Poster
 
Saffu~A.'s Avatar
 
Join Date: Mar 2011
Location: Chin
Posts: 484
Member: 1531030
Status: Offline
Sonork: Yahoo_Akm
Thanks Meter: 114
excellent update you are great Riff Team............
  Reply With Quote
The Following User Says Thank You to Saffu~A. For This Useful Post:
Old 08-30-2018, 21:57   #12 (permalink)
Insane Poster
 
Join Date: Dec 2014
Posts: 60
Member: 2319200
Status: Offline
Thanks Meter: 5
Best team for jtag well done
  Reply With Quote
Old 08-31-2018, 05:33   #13 (permalink)
Freak Poster
 
Join Date: Aug 2006
Location: Buenos Aires, Argentina
Posts: 419
Member: 331917
Status: Offline
Thanks Meter: 210
Donate money to this user
Quote:
Originally Posted by legija View Post
Hello dear users !


1. Kill phone BootChain or GPT
2. Switch to EDL from ADB or from TWRP: (TWRP tested on some Samsung models)

"Adb reboot EDL"
3. Use EDL cable (Xiaomi phones for example)
4. Activate Diag mode and JTAG Manager will switch it to EDL automatically if phone supports it.
5. Hold Vol+ for 10 seconds (OnePLus models)

6. Short EDL TP-s if exist
7. Short CMD to GND
9. Most reliable method is to remove eMMC



Sir, could you please privide HEX data to do it via diag??

I tried 3A, but no luck.

how many ways to reboot edl mode?


thanks
  Reply With Quote
Old 08-31-2018, 07:33   #14 (permalink)
Product Manager
 
legija's Avatar
 
Join Date: Apr 2006
Age: 50
Posts: 5,743
Member: 256342
Status: Offline
Sonork: None
Thanks Meter: 28,253
Quote:
Originally Posted by Nicogalan View Post
Sir, could you please privide HEX data to do it via diag??

I tried 3A, but no luck.

how many ways to reboot edl mode?


thanks
4B 65 01 00 54 0F 7E

Of course DIAG or manufacturer mode must be enabled first, and of course not all models will comply.
I've tested Huawei few models and they all go to EDL via this, but on LG some do, some not.
  Reply With Quote
The Following User Says Thank You to legija For This Useful Post:
Old 08-31-2018, 16:26   #15 (permalink)
Freak Poster
 
Join Date: Aug 2006
Location: Buenos Aires, Argentina
Posts: 419
Member: 331917
Status: Offline
Thanks Meter: 210
Donate money to this user
Quote:
Originally Posted by legija View Post
4B 65 01 00 54 0F 7E

Of course DIAG or manufacturer mode must be enabled first, and of course not all models will comply.
I've tested Huawei few models and they all go to EDL via this, but on LG some do, some not.
Thanks Sir, I tried on motorola xt1789 and didnt work

thanks anyway for your help
  Reply With Quote
The Following User Says Thank You to Nicogalan For This Useful Post:
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


 



All times are GMT +1. The time now is 04:23.



Powered by Searchlight © 2019 Axivo Inc.
vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
- GSM Hosting Ltd. - 1999-2017 -
Page generated in 0.46820 seconds with 8 queries

SEO by vBSEO