Recovering from a bad flash

[Guest Silpion]

Remember: This is a list of what should NOT be done.

It is a work in progress, it is not a complete list and may even be wrong.

I do not advise you to do anything and will not be responsible for any of your actions.

That being said, any corrections are welcome. :(

Using total phone transfer (TPT)

• If the rom overwrites the part of the phone responsible for TPT and this part of the rom is corrupt. Be extra careful when flashing a rom containing the following files: oemsbl.mbn, amss.mbn and qcsbl.mbn (delete those). The following four are required for a TPT flash: appsboot.mbn appsboothd.mbn partition.mbn & partition_zte.mbn.
  
• There is no recovery if the TPT part of the phone is damaged. Otherwise TPT is able to recover the phone by flashing a rom that contains all partitions that need to be recovered.
  
  • If the bootloader partition is flashed (this is different from the boot partition). Can be recovered using TPT.
    
  • Is locked on newer phones.
    
    • Flashing the recovery partition with a corrupt image while boot/system is already corrupted.
      
    • Can be recovered if fastboot is available or TPT.
      

    Using a rooted system

    [*]Flashing the boot/system partitions with a corrupt image while not having an installed recovery rom like Clockwork.

    [*]Can be recovered if fastboot is available or TPT.

    -------

    Original post:

    Hello,

    while waiting for my Blade/Lutea, I've been gathering bookmarks on how to correctly flash a custom ROM and especially what actions I should avoid in order to prevent a brick. But basically I'm interested in the whole boot process. I'd be happy if you notify me of any errors in the following thoughts and help with the questions.

    As far as I could find out an android build contains the following images: bootloader, boot, recovery, system, data, kernel, ramdisk (android.com) and the following partitions: misc, recovery, boot, system, cache, userdata (android-dls.com).

    Which partition contains the bootloader? A partition hidden to the android system (post #3).

    Does flashing via TPT also rewrite the bootloader? Yes (post #3).

    In order to use fastboot, an unlocked bootloader is required (android-dls.com). Fastboot mode is entered by turning the phone on and pressing Volume up. Older blades support fastboot out of the box (modaco.com, method 5).

    What about newer Blades, is there a secure method to make them support fastboot?

    Does the "BASE Lutea" version of the Blade support fastboot?

    When not entering fastboot mode, the bootloader loads the kernel from boot or recovery (if Volume down is pressed) to the RAM. If boot and recovery are erased, the phone will always enter fastboot mode (cyanogenmod.com), as long as the bootloader supports it.

    This leads to the conclusion that it is impossible to brick a phone using fastboot as long as the bootloader is not changed. True (post #3).

    Is it possible to flash the bootloader using fastboot? No (post #3).

    Any insightful knowledge is appreciated. :(

Edited March 12, 2011 by Silpion

[Guest El Nino9]

...

This leads to the conclusion that it is impossible to brick a phone using fastboot as long as the bootloader is not changed.

Is it possible to flash the bootloader using fastboot?

Any insightful knowledge is appreciated. :(

as far as i know there is no change to bootloader apart from the Hungarian update that fixes the ram issue.

so with that being said there is very low chance of bricking the device.

the reason being that the blade doesnt have a radio image that can be flashed where as other devices mainly htc's do. a bad radio or a bad bootloader flash can kill your device thats why people tell you to do a md5 checksum of the file before the flash for those two mainly. an unlocked bootloader can flash another bootloader using the fastboot command.

if you have an unlocked bootloader they have such huge benefits, specially in cases of simi bricked devices and when people get bootloops with no access to a custom recovery (this is based on other devices and not the blade)

as i no longer own my two blades (due to hot demand of oled) i can't say about the new bootloader if its locked down but there's always ways around fixing android devices usually.

i hope to have helped :(

[Guest wbaw]

Hello,

while waiting for my Blade/Lutea, I've been gathering bookmarks on how to correctly flash a custom ROM and especially what actions I should avoid in order to prevent a brick. But basically I'm interested in the whole boot process. I'd be happy if you notify me of any errors in the following thoughts and help with the questions.

As far as I could find out an android build contains the following images: bootloader, boot, recovery, system, data, kernel, ramdisk (android.com) and the following partitions: misc, recovery, boot, system, cache, userdata (android-dls.com).

Which partition contains the bootloader?

Does flashing via TPT also rewrite the bootloader?

The bootloader is on a partition which is hidden to android, like the radio firmware, the tpt flashing program & a few other 'secret' things. it is flashed by the tpt method, but that just flashes a bootloader which is similar to the original one, it can be hacked to support different partition sizes, but that's it.

In order to use fastboot, an unlocked bootloader is required (android-dls.com). Fastboot mode is entered by turning the phone on and pressing Volume up. Older blades support fastboot out of the box (modaco.com, method 5).

What about newer Blades, is there a secure method to make them support fastboot?

Does the "BASE Lutea" version of the Blade support fastboot?

They come with an unlocked bootloader, they're sold like that, it's not like an htc or a sony. until the recent models you could enter bootloader mode just by holding vol+ when you power on & use fastboot from there, now you need to root them & reboot bootloader, or tpt them. You don't need to use fastboot to install a custom rom, just root it & install rom manager, that can flash clockwork & a new rom.

When not entering fastboot mode, the bootloader loads the kernel from boot or recovery (if Volume down is pressed) to the RAM. If boot and recovery are erased, the phone will always enter fastboot mode (cyanogenmod.com), as long as the bootloader supports it.

This leads to the conclusion that it is impossible to brick a phone using fastboot as long as the bootloader is not changed.

Is it possible to flash the bootloader using fastboot?

Any insightful knowledge is appreciated. :(

It's impossible to brick it, unless you use a corrupted tpt install, or interrupt a tpt. You can't change the bootloader with fastboot. A tpt is the only possible way to brick it & then you have to do something wrong or have a freak accident. if you use a newer style of tpt install, which doesn't include all the radio firmware & the tpt program itself, it just flashes the bootloader & a few small setting files, it's probably impossible to brick it, i think you'd need to break both the bootloader and the tpt flash program, or something even more vital in the radio firmware to brick it.

Edited March 11, 2011 by wbaw

[Guest Silpion]

Thanks for your replies, I have reworked the first post to contain a preliminary list.

New questions:

• Is the current list in the first post correct?
  
• Which part of the boot process initiates a TPT? The bootloader itself?
  
• Is there a method to find out if a phone is compatible with a TPT image? Is it possible to dump an image of the TPT-responsible part in order to compare it to others?
  

[Guest wbaw]

the tpt is run by a program in the hidden area of the phone's internal memory, it's separate to the bootloader, but in the same kind of hidden partition. if you have an /image folder on the sdcard with the right files in it, it'll flash them if you hold volume + & power on. it's a low level zte flashing program, loaded before anything to do with android. the program is included in the original full tpt update, the jj9 image install, etc, but it doesn't need to flash itself, only 4 files are needed for the tpt update & they dont include the update program itself. it looks like it is oemsbl.mbn which does the flash, but it's already on the phone, it doesn't need to flash itself, amss.mbn looks like the radio firmware, a corruption in that could be bad. appsboot.mbn seems to be the android bootloader, that has to be flashed, but i dont think the tpt flash requires the bootloader to do another flash, so another tpt flash could still fix it, if that was corrupt. so, i think, my newer minimal tpts are safe, but the older ones aren't, if it goes wrong, that said, it's hard to get wrong.

Edited March 11, 2011 by wbaw

[Guest Grain]

What needs to be changed on newer Blades to enable Power+VolumeUp booting to fastboot mode? I guess flashing with a normal update.zip does not unlock this? Any safer way than TPT to unlock fastboot mode?

[Guest oh!dougal]

Thanks for your replies, I have reworked the first post to contain a preliminary list.

New questions:

• Is the current list in the first post correct?
  
• Which part of the boot process initiates a TPT? The bootloader itself?
  
• Is there a method to find out if a phone is compatible with a TPT image? Is it possible to dump an image of the TPT-responsible part in order to compare it to others?
  

Welcome to the Forum.

Two things you don't seem to understand about TPT

1/ Apart from anything else, its THE de-brick method.

2/ It has worked on all Blades (so far). But it is strongly recommended NOT to be used on any not-exactly-a Blade relative, such as the V880 and Softbank 003z. If the phone will successfully run 'Blade' firmware, then TPT should be fine.

TPT is an install method. You can use it to successfully install firmware that may not be ideal for your phone - for example you could install stuff that wouldn't work your scandinavian 5mp camera. That's nothing to do with the method, its user foolishness. And the phone is curable by installing something appropriate.

In my experience of n00bs and Blades, the most prevalent reason for screwing up an install seems to be installing a 'corrupt' (damaged, errored) download. Don't know why, but that seems most common with IE (+windows) downloads.

Checking the MD5 (checksum) of a download is important, and for a TPT essential - to avoid the stress of a faulty install.

If what you've downloaded doesn't give the same MD5 as published, bin it and try again to download.

Then there's people having troubles with Windows drivers - which aren't needed for a TPT install.

And another issue is people using 'roms' and versions of Clockwork that don't go together. There are now 3 different types of install script. No version of Clockwork undersands more than 2, and some only do one.

Do installs with a well-charged battery.

Check the MD5.

Don't take shortcuts.

Then you needn't worry about 'bricking' the device.

Bad installs are usually fixable.

Hardware damage isn't.

Be careful how you put the back on.

You don't need to be a particularly strong idiot to break the power switch by pressing the back straight down on it.

[Guest Lew247]

Using fastboot

• Is not available on newer phones.
  

It can still be accessed on the new phones (B10 and other models)

Simply install Android Commander (A windows program) connect the phone and choose your reboot methed

[Guest IronDoc]

It can still be accessed on the new phones (B10 and other models)

Simply install Android Commander (A windows program) connect the phone and choose your reboot methed

Does quickboot work then?

[Guest kendon]

saying "not available" is missleading. the correct wording would be "locked" or "secured" or anything in that direction. it can generally be unlocked, depends on the phone modell whether a procedure is available or not.

[Guest wbaw]

The only person I've heard of bricking it is somebody that pulled the battery in the middle of a tpt install.

If you tpt flash a corrupt oemsbl.mbn and a corrupt appsboot.mbn then that will break it & theres no simple way to fix it. A corrupt amss.mbn might have the same effect, but I'm not sure if that's actually required to be able to flash it again with another tpt. qcsbl.mbn is flashed first, to the first part of the hidden memory, so that could be vital to everything too.

Thankfully we don't need to flash any of those really dangerous to break files with a tpt install, the only hidden (.mbn) files which need to be flashed are appsboot.mbn appsboothd.mbn partition.mbn & partition_zte.mbn it shouldn't be possible to permanently break the phone by flashing any corrupted versions of those files, but I'm not going to test it out myself. All the other .mbn files can & should be deleted from any tpt install.

We only have one version of the .mbn tpt files, from a leaked update from hungary's t-mobile (they accidentally sold some 256mb blades, that was the fix to make them 512mb). So if one tpt doesn't work, none of them will, all the low level stuff is the same. They should work on all ZTE blades & do nothing on non-ZTE phones. Other ZTE phones (like the joe?) might have a similar tpt flash program & might be persuaded to install a blade tpt, but it's likely to brick it.

Edited March 11, 2011 by wbaw

[Guest Silpion]

Thanks again for your replies. I updated the first post.

oh!dougal:

That is correct, I didn't know how TPT works (and I thought V880 is a Blade variant like OSF or BASE Lutea). So it is ZTE specific and happens prior to anything android. That's great! And while it also seems to be the most comfortable, I guess I'm the type who feels more secure with fastboot since it can not brick the device by accident, or otherwise I would have to manually check every rom whether it overwrites the TPT part or not. But for beginners who are not interested in the internals I agree, TPT sounds like the most simple method, as long as checking the checksum is emphasized enough. Unfortunately freak accidents happen, just some weeks ago I updated my E71 and discovered only hours before that the USB port has a loose connection and switches on and off depending how the cable is moved.

Lew247:

The Android Commander looks great for those devices that do not have an engineering bootloader. But since it explicitly states "Reboot to Bootloader", does that mean it can only enter fastboot mode if a working system is up and running?

The screenshots look like a GUI on top of ADB. I'm trying to convince it to run under Linux+Wine but it needs the Windows version of the android SDK and that needs a Windows version of Java... this will probably take some time but since my blade won't arrive for another 4 or 5 days...

kendon:

Thanks, I changed the wording.

wbaw:

Excellent. I'll look out for those files but will probably not try any experiments with them, too.

Edited March 11, 2011 by Silpion

[Guest wbaw]

Lew247:

The Android Commander looks great for those devices that do not have an engineering bootloader. But since it explicitly states "Reboot to Bootloader", does that mean it can only enter fastboot mode if a working system is up and running?

The screenshots look like a GUI on top of ADB. I'm trying to convince it to run under Linux+Wine but it needs the Windows version of the android SDK and that needs a Windows version of Java... this will probably take some time but since my blade won't arrive for another 4 or 5 days...

Every zte blade has an unlocked engineering bootloader, the only thing that changed was they stopped the phone booting straight into that mode by holding the vol + key. You can reboot into bootloader mode using adb or an android terminal, or any of the reboot apps, but I think you'll need to get root first.

If you do a tpt install on a new blade, it'll enable that vol+ bootloader mode, just like on the older blades.

If the rest of the system doesn't work, it'll automatically go into fastboot mode, if you broke boot & recovery.

I'll repeat that rom manager is the safest, easiest, fastest & best way to install a rom & recovery. There is no possible way to brick your phone using rom manager or recovery manager. You don't ever need to use fastboot, only if you want to change your splash screen or something, or if fastboot is the only option left working except tpt after you've broken everything else.

TPTs are a good last resort option to try to fix a phone that appears to be broken, other than that or unlocking 256mb greek blades, their only use is to repartition your phone's internal memory to give more room on userdata.

The tpt program doesn't check file integrity before flashing, it'll flash almost anything with the right file name. You can get AFV (android file verifier), free on the market, to check the md5 of all the tpt files on the phone. I've been including a nandroid.md5 file with my tpt files, which can easily be checked by afv before flashing.

You can't remove appsboot.mbn from a tpt install, it wont work without it. you need 4 .mbn files, no more, no less, those 4 are appsboot.mbn appsboothd.mbn partition.mbn & partition_zte.mbn any other mbn files should be deleted, but you do need those 4 to make it work.

Edited March 11, 2011 by wbaw

[Guest HMZX]

I HEAVILY suggest that you change the title.

'How to brick the blade'

insanely misleading

[Guest Silpion]

Hmm... I agree that it can confuse people who need a helping guide and search by using the keywords brick and blade. I'm going to change the title to "Recovering from a bad flash". At least the topic shows by which method the phone can be recovered.