Hovatek Forum MOBILE Android Spflashtool author & how to flash LG X150 (LG Bello 2)?
Try our Online TWRP Builder..its free!
Can't login? Please, reset your password.


Spflashtool author & how to flash LG X150 (LG Bello 2)?

Spflashtool author & how to flash LG X150 (LG Bello 2)?

Pages (4): Previous 1 2 3 4
hovatek
hovatek
hovatek
Administrator
49,570
22-01-2018, 08:00 AM
#31



(21-01-2018, 03:45 AM)nijazxp ...
Yeah, going for whole new os, verification of flash files (checksums etc), and all apps reinstalling. That's only way to know for sure.
Now I am at worse condition than i was before yesterday!

I don't think any of your files got corrupted. From my past experiences, this sometimes happens when you combine files of different builds / force-flash just to get a Mediatek phone to come up.
The phone might work for a while then suddenly go into a bootloop then into a Coma.
Flashing combinations / firmware that previously worked either give a mismatch error or just don't work anymore.
A firmware of a higher build revived the phone in two cases (a Gionee and a Tecno) but in one of the cases, the phone went dead a second time and only came up after a mother board jumper.
I was unable to figure out what caused the phones to work for a while and then implode but in both cases, I recall combining files between builds because the stock rom stopped working.

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
nijazxp
nijazxp
nijazxp
Techie Member
55
22-01-2018, 04:22 PM
#32
That's what I thought, and confirmed today, although still not sure what was exact cause. These phones have unknown or secret locations in their flash memory (emmc or nand). For example scatter files show memory locations where someting is found. But even there, I noticed that there are different types of memory. So that 0x0 and 0x0 may not be the same location. Maybe physical location is absolute, while linear location is relative (more complicated to understand), or vice versa. That's whay I called this topic with two names, my phone and spflash tool. So let's talk about spflash tool more.

Let's analyze scatter file. What do we observe?

All partitions have "type" which can be "SV5_BL_BIN", "NORMAL_ROM", "NONE", "YAFFS_IMG". That are types found in my scatter file.

There is "region" and I found these: "EMMC_BOOT_1", "EMMC_USER".

There is "storage": "HW_STORAGE_EMMC".

There is "operation_type": "BOOTLOADERS", "UPDATE", "PROTECTED", "BINREGION", "INVISIBLE", "RESERVED".

Seems complicated. Maybe there are parallel or in series chips found. As you see "physical start address" of preloader and mbr is same. While linear is different. I doubt they overlap. Maybe linear is real (absolute), while physical is relative (tells only on what subchip or part of chip it is found). So 0x0 for region EMMC_USER and region EMMC_BOOT_1 is not same. Looks like region is important. If it was not region, then mbr could be part of bootloader, because it is same address, but smaller partition size.

Luckily these all can be investigated using flashing and readback, and investigating (comparing and observing files and their bytes). I have good detection skills, easy to detect differences in each byte. That is useful for life generally, but especially for software and hardware.

I think my bootloader never gets flashed, even when I select it.

There are settings such as "format whole flash except bootloader". I never used formatting alone. Maybe gonna try it. It says "WARNING! Calibration data is erased if begin address is 0." Maybe try doing readback of whole flash then do that.

My phone now at least bootloops. I think I formatted it in "format + download" option. But I reflashed lg x160 first then x150, now it bootloops. I am still not sure what is what, what is cause etc. I also deleted and reunpacked spflashtool both versions.

I think what made my phone not to bootloop 2 days ago is that i installed/updated various apps, including those that were damages in system in x150, while using x160. So that it was not trying to read from system but from data, this time.

My phone bootloops sometimes dueing logo (after 2 movements of shiny dot on lg logo), but sometimes while optimizing apps (8th or 10th or 9th...). Keeps reseting.

Now I put into that img file various system apps so that now my root integrity check results are changes from-to like this:
366 new files reduced to 365
10 modified files increased to 27 (these may seem like worse than before, but it's not, because lost files are replaced)
46 lost files eliminated aka reduced to 0

New files are not problem. My phone had them since it was working, they are mostly binaries of busybox. Apps that I replaced, in most cases I replaced both apk and odex, so they should be compatible (same apk and same odex of x160 system). It's weird why it says that odex is different when odex is of exactly the same app. Maybe odex is a bit dynamic file, gets some data depending on firmware.

Now gonna try installing all updated apps normally on x160, then while that data is installed, see if x150 system will stop bootlooping, then see what next. Actually now I have flashed all of x150 and only system of x160...everything is almost ready for x150. If these apps do not problem by themselves, then try permissions. I notice that when I copy some file from x160 system to x150 img system, permissions get changed a bit from lower to higher number. Also maybe try check disk so it fixes if finds something unusual.
This post was last modified: 22-01-2018, 04:25 PM by nijazxp.
nijazxp
nijazxp
nijazxp
Techie Member
55
30-01-2018, 03:42 PM
#33
How odex files are made? When os is made, how odexes are made? By which app? On which device? That would be the only way to generate original odex files. Currently only odex files and boot.oat is changed. Deodexing doesn't work. It bricks even lg x160. Lucky patcher doesn't make original odex files. Also boot.oat is not problem. I know it's made by dex2oat that comes on my android system. Just need original way of making odex files, the same way manufacturer used. I think my boot.oat is not cause of problems, because modified time is 1st october, but my phone stopped working on 1st december. I used option removed all odex files in lucky patcher, becasue i thought system apps have inside them dex files, and can regenerate odex just like lucky patcher can do for normal or deodexed apps. Later i figured out those system apps are not installable, they are odexed. Learned it recently.

When I put deodexed files, my integrity results are:
4 new files
27 lost files
27 modified files

new files are:
/system/bin/su
/system/bin/vold.original (i forgot to remove this one, probably added by busybox a while ago)
/system/xbin/su
/system/sbin/su

that 3 su files are not able to be renamed, moved, changed, removed, even though they are from mounted img file, while all others can

lost files are odex files of apps:
Newsstand
ChromeWithBrowser
EditorsDocs
YouTube
Drive
EditorsSheets
Photos
Music2
GoogleTTS
PlayGames
KoreanIME
LatinIME
WebViewGoogle
LiveWallpapers
talkback
Videos
Hangouts
Gmail2
CalendarGoogle
EditorsSlides
Books
Maps
PlusOne
GoogleServicesFramework
Velvet
GmsCore

/system/bin/app_process (wtf, i did not remove this, maybe it's cause of bootloop???, luckily x160 contains same original file so will try it later)

modified are same as above apps just apk extensions of course, that are of course different because they now contain dex inside them

For some reason lgx160 deodexing works only on non-rooted phone. but even then few error popup later. When I root it with kingoroot apk and deodex, it bootloops. Very sensitive systems!

I found my firmware but files are encrypted, guy wants money to tell people password. I checked and file sizes are correct, no fake. So now using rar password bruteforce cracking, will probably take months to years to figure out password. Tried all characters length from 1 to 3. Now for 4 chars it's taking whole day!
http://karimkhantelecom.blogspot.com/201...ficel.html

[Image: cracking.jpg]
This post was last modified: 30-01-2018, 05:10 PM by nijazxp.
nijazxp
nijazxp
nijazxp
Techie Member
55
07-03-2018, 03:05 AM
#34
I fixed it! Guess what was reason of bootloop?! Guess why my phone didn't act like it was before backing up and flashing, but bootlooped even when i restore backup made by using spflashtool readback, mtkdroidtool processing to scatter files and reflashing?

No, i didn't succeed in bruteforcing that file to get that firmware, it would take years except if i were rich enough to buy multiple gpus to speed up it, but than i would buy firmware for billion times cheaper price of course...

It was all about spflashtool scatter file !!! Nothing in system partition. But i figured out that most of my backups like nvram, flex and others were not getting flashed. Then i replaced all text in my scatter file "is_download = false" to "is_download=true", except for bmtpool, data, cache, like it was set for files that were getting flashed. Then my files appeared on list in spflashtool but their addresses showed zeroes only. Then i replaced file_name: NONE to my file names made by mtkdroidtool (same as partition name). And it worked. I think it's flex partition that is most responsible. Lg x160 also bootloops when flex is used of another phone like lg x150.

So i now learned that nvram and any partition can be flashed using spflashtool only. Miracle box never works with these phones. I don't know if miracle box makes same not finished scatter files like mtkdroidtool. It's responsible for making my scatter...

Also i can use format all + download option even when i don't have all flash files like data and cache, unlike you said. We just turn them off by changing true to false text for them. And yes i used one step to replace all text in notepad++, easy!

Now deodexed few of these problematic apps which are exactly same (compared them via hashmyfiles and searchmyfiles) and put them to my phone. Still sometimes gmail and few not important apps had problem like randomly appearing or closing. But fixed when updated (and if needed moved updated to system).

Reason why my phone sometimes didn't even wanna power up is because important files were not getting flashed. Even ones of lg x160 made by readback... But signed original files of lg x160 had 13 files on list, but unsigned ones made by readback of lg x160 or 150 were never having flex on their list.

Now everything is OK, i am just learning little reverse engineering of software to try to make original firmware to have good starting point. Already noticed a huge bug in fbwintools during packing!!! I believe whole system partition can be remade and correct checksum got (ones for each file when i learn how to make exactly same odexes) and another for partition. But that's not longer a problem, just challenge/preference.

You should make video how to fix spflashtool not displaying all flash files (12 out of 20 in my case i think). Also we can finally flash nvram using it
nijazxp
nijazxp
nijazxp
Techie Member
55
07-03-2018, 03:27 AM
#35



See huge difference:

Bad:
[Image: bad.jpg]

Good (if i scroll down there are more files, but can't fit in this pic):
[Image: good.jpg]


I named this topic spflashtool because i wanted a full tutorial for it, but i learned myself how to properly use it and scatter file.
This post was last modified: 07-03-2018, 03:40 AM by nijazxp.
hovatek
hovatek
hovatek
Administrator
49,570
07-03-2018, 11:17 AM
#36
(07-03-2018, 03:05 AM)nijazxp ....
You should make video how to fix spflashtool not displaying all flash files (12 out of 20 in my case i think). Also we can finally flash nvram using it
..

Took my time to read through, thanks for sharing your fix.
One vital piece of information I somehow missed was that there were hidden files / partitions not being flashed.
Yes, you can manipulate a scatter file using Notepad++ to either hide or unhide a partition by simply editing is_download between true and false. I'd learnt this during my days of MTK droid tools backups which don't include Userdata and Cache.
We had to leave this out of the SP flash tool tutorial because we had some people hiding other partitions when they had only scatter file and recovery then doing a firmware upgrade or format + download. That level of tweaking is reserved for desperate times.
You are right that a separate tutorial and video on this topic would be good. If you can write up a brief tutorial and include a video then we'll be happy to share else we'll pen it down and create as soon as we can

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
nijazxp
nijazxp
nijazxp
Techie Member
55
07-03-2018, 12:41 PM
#37
Here is possible lg x150 firmware, the only I found for free: http://www.mediafire.com/file/yv2mkl3nnt...3.zip/file
Here is post on which I found that link: https://forum.xda-developers.com/android...2-t3836199
I've been successfully using lgx155 firmware tough, but nice to hear x150 is available too, and file looks legitimate after I downloaded it.
Needs to be flashed with spflashtool newer than 5.1532 (last version to work with non encrypted flash files) and older than 5.2036 (no preloader for older phones in database, error message at start).
It works with 5.1828. All versions are available here: https://androidmtk.com/smart-phone-flash-tool
Then can be flashed via kingoroot apk or try kingoroot on pc.
Then if need to install supersu instead of kingoroot then remove kingouser but not kingoroot, and install supersu 2.75 and install normally, then reboot then remove kingoroot too. Because supersu makes apps2sd work perfectly on this phone. See guide: https://forum.xda-developers.com/android...y-t3573361
To make apps2sd compatible with all files linking such as odex ones, also enable su during boot in supersu and compatible namespace mount separation in supersu.
Then besides making 2nd ext4 primary partition via minitool partition wizard on sd card, also in app2sd settings allow addition of commands in startup script, then recreate mount script, then choose defaults (ext4, i have supersu), then add the following commands to be executed before startup script:
su
setenforce 0


It is very important to press enter key, aka go to new line after line setenforce 0 or it won't work. Then reboot.
Everything is tested and works perfectly. No need to use lgx160 or lgx155 firmware for me anymore.
Other root methods and custom recoveries (twrp, philz...) did not work for me.
Then it all could be readback via spflashtool to make rooted firmware backup, no need to use kingoroot and internet again.
Also not recommended to format anything via spflash tool because then we could get problem via imei, mac address, bluetooth address and have to use another tool to remake it.
For restoring backups spflashtool 5.1532 should only work, because only it works with nonencrypted readback files.
Remember to use linear start address when making readbacks! And partition size! Not physical start address!
Also xposed framework for lollipop works on this phone.
For changing imei engineering mode works.
This post was last modified: 24-10-2020, 03:20 PM by nijazxp.
Pages (4): Previous 1 2 3 4
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram