Tweet
Hello dear users !
We took some time to prepare latest addition to JTAG Manager and built from scratch complete Sahara protocol support (both firehose and streaming download). We didn't just embedded freely available tools from Qualcomm (emmcdl and qh_loader), instead, we used own code.
Great work is done on eMMC Plugin too, which now supports USB, ISP and JTAG access. You can select partition on LU (Logical Unit) to parse.
Among other improvements, we added GPT repair/adjust which serves as analogue to patch0.xml used with QFIL.
"Adjust GPT" will automatically update checksums and resize userdata partition to fill whole chip. This is valuable in cases where gpt is from different chip size.
There is more work, but we feel confident that current functions can satisfy most of the needs in servicing and forensics fields.
So, for start, few important tips:
1. Make sure to have Qualcomm drivers installed
2. Most Snapdragon 200 firehose loaders don't have read support, also some will not output storage info (size, SN, brand). We found out that there is one universal firehose looader which supports all this, but uses a bit different protocol. As this is Alcatel loader, we named it "Alcatel Firehose".
It can be used with MSM8x10, MSM8x12, MSM8x26 which otherwise don't have read support. File is attached here.
3. Sahara protocol requires phone to be in EDL mode. To enter EDL mode, exist few methods:
1. Kill phone BootChain or GPT [IMG]http://www.****************/images/smilies/biggrin.gif[/IMG]
2. Switch to EDL from ADB or from TWRP: (TWRP tested on some Samsung models)
"Adb reboot EDL"
3. Use EDL cable (Xiaomi phones for example)
4. Activate Diag mode and JTAG Manager will switch it to EDL automatically if phone supports it.
5. Hold Vol+ for 10 seconds (OnePLus models)
6. Short EDL TP-s if exist
7. Short CMD to GND
9. Most reliable method is to remove eMMC
I'll add some videos to this post later, for now please test functionality and ask for clarification if there is anything unclear.
We took some time to prepare latest addition to JTAG Manager and built from scratch complete Sahara protocol support (both firehose and streaming download). We didn't just embedded freely available tools from Qualcomm (emmcdl and qh_loader), instead, we used own code.
Great work is done on eMMC Plugin too, which now supports USB, ISP and JTAG access. You can select partition on LU (Logical Unit) to parse.
Among other improvements, we added GPT repair/adjust which serves as analogue to patch0.xml used with QFIL.
"Adjust GPT" will automatically update checksums and resize userdata partition to fill whole chip. This is valuable in cases where gpt is from different chip size.
There is more work, but we feel confident that current functions can satisfy most of the needs in servicing and forensics fields.
So, for start, few important tips:
1. Make sure to have Qualcomm drivers installed
2. Most Snapdragon 200 firehose loaders don't have read support, also some will not output storage info (size, SN, brand). We found out that there is one universal firehose looader which supports all this, but uses a bit different protocol. As this is Alcatel loader, we named it "Alcatel Firehose".
It can be used with MSM8x10, MSM8x12, MSM8x26 which otherwise don't have read support. File is attached here.
3. Sahara protocol requires phone to be in EDL mode. To enter EDL mode, exist few methods:
1. Kill phone BootChain or GPT [IMG]http://www.****************/images/smilies/biggrin.gif[/IMG]
2. Switch to EDL from ADB or from TWRP: (TWRP tested on some Samsung models)
"Adb reboot EDL"
3. Use EDL cable (Xiaomi phones for example)
4. Activate Diag mode and JTAG Manager will switch it to EDL automatically if phone supports it.
5. Hold Vol+ for 10 seconds (OnePLus models)
6. Short EDL TP-s if exist
7. Short CMD to GND
9. Most reliable method is to remove eMMC
I'll add some videos to this post later, for now please test functionality and ask for clarification if there is anything unclear.