We're hiring! Apply Now

Hovatek Forum MOBILE Android [Please help] Unisoc Alldocube iPlay 20 - Wifi and BT driver time out

[Please help] Unisoc Alldocube iPlay 20 - Wifi and BT driver time out

[Please help] Unisoc Alldocube iPlay 20 - Wifi and BT driver time out

24-10-2023, 02:55 AM
#1



Hello, I recently got my hands on a bunch of alldocube devices running an Unisoc 9863a SoC. They come from a distributor and are running that distributor's proprietary firmware. Therefore I will refer to this firmware as "distributor firmware" (dumped from a stock device), and refer to the manufacturer's firmware as "stock firmware" or "alldocube firmware". I need these devices for a specific task and with their not-so-great specs I am looking for ways to squeeze more free RAM out of them. Therefore the first thing that came to my mind is modifying the stock firmware and making my own custom ROM. I have worked with various other android devices over the years for my own personal use, but I'm completely unfamiliar with the Unisoc platform so fixing any weird issues myself is pretty much out of my reach. 

During my journey I managed to soft brick my test device a couple of times but found out that I could (almost) always recover with the ResearchDownload tool. After some trial and error (and with the help of the amazing tutorials on this forum!) I managed to make my own keys and sign magisk as well as orangefox (build broken for now, so no custom recovery to help out). With this I can access the su binary on my test device and do all the usual magisk stuff. 

However, it seems that at some point my wifi and bluetooth stopped working and no longer turn on. Logcat dumps these interesting messages after waiting for a while:

Code:

(...)
WifiHAL : Timed out wating on Driver ready
(...)
android.hardware.wifi@1.0-service: Timed out awaiting driver ready

There are, of course, a bunch of other errors and I will try to post the full log of me turning on the wifi when I'm able to.

Anyway this is surprising as I made sure not to touch anything other than the various vbmetas, boot and recovery partitions. What's even more strange is that this happened on another device after I dumped firmware from it (without flashing anything!) to recover my original test device after a particularly bad brick. Both devices boot just fine, but both are experiencing wifi and bluetooth issues. I read that this can happen when the NVRAM data is corrupted or otherwise lost, but wouldn't this cause me to lose my IMEI numbers as well? Both my SIM slots report an IMEI number and cellular networking seems to be working (cannot check but it's not reporting errors). The wifi and bluetooth adapters, however, both report "unknown" MAC addresses.

With both devices experiencing the same issues only AFTER talking to ResearchDownload it leads me to believe that it is responsible for these issues. When flashing I always made sure to unselect everything and only flash the partitions I needed. When I dumped the original firmware from a stock tablet I unselected everything in the main page, enabled "active read flash" in the "flash operations" page and selected the partitions I wanted to read. This produced working stock firmware files but just after that it seems that the wifi stopped working. 

One thing has struck me as odd though - why am I required to flash these FDL1 and FDL2 binaries? These seem to be synced to the device no matter what operation I run and I suspect they may play a role here? It may very well be harmless but I have literally no other lead right now. No matter what I flash onto the device the wifi issue does not disappear. I tried flashing the distributor's firmware (which produced a working device, without wifi), various versions of the alldocube firmware (again, working device, no wifi). I also tried restoring the device from a backup I had made earlier with no avail. (This actually produces a bricked device but after fixing it up I still get no wifi)

So, to summarize:
- I'm a complete noobie when it comes to Unisoc but have some general knowledge of android modding. 
- I have access to around 10 or so of these devices, but before messing with any more of them I have to have a guarantee that I will not break yet another device.
- I have created a firmware dump from another clean device that is now experiencing a severe wifi and bt deficiency!
- After recovering my original test device with said firmware dump, wifi is also no longer working.

Some questions:
- Has anyone experienced similar problems after using ResearchDownload?
- Could the NVRAM corruption be the cause, and if so, why are the IMEI numbers unaffected?
- What am I really flashing with these FDL1 and FDL2 partitions. 
- What exactly is the "backup" page in ResearchDownload? It seems to contain a bunch of NVRAM items and it is my understanding that these are backed up before flashing and restored after the process completes. Is that correct? When I uncheck some of these backups and flash stock NVRAM I get warned that my NVRAM will be destroyed and my IMEI numbers will have to be programmed again but upon booting they're still there.

I would really appreciate any guidance or insight into resolving these problems.
AutoResponder
AutoResponder
AutoResponder
Verified Account
609
24-10-2023, 02:55 AM
#2
Thank you for reaching out for support. Due to high demand, our free support services may experience some delays in response time. We apologize for any inconvenience this may cause.
Alternatively, we offer private support where you can receive dedicated attention and prompt support. These sessions are designed to provide personalized solutions to your specific needs.
If you are interested in scheduling a private session, please visit https://www.hovatek.com/remote
hovatek
hovatek
hovatek
Administrator
49,789
25-10-2023, 12:18 PM
#3
(24-10-2023, 02:55 AM)lifetimemistake ..
Some questions:
- Has anyone experienced similar problems after using ResearchDownload?
- Could the NVRAM corruption be the cause, and if so, why are the IMEI numbers unaffected?
- What am I really flashing with these FDL1 and FDL2 partitions. 
- What exactly is the "backup" page in ResearchDownload? It seems to contain a bunch of NVRAM items and it is my understanding that these are backed up before flashing and restored after the process completes. Is that correct? When I uncheck some of these backups and flash stock NVRAM I get warned that my NVRAM will be destroyed and my IMEI numbers will have to be programmed again but upon booting they're still there.

I would really appreciate any guidance or insight into resolving these problems.



If there's one thing I can tell you about Unisoc or Spreadtrum phones, it's that they're quite inconsistent in behaviour and results so it's not really you per se.

To answer some of your questions:

- Has anyone experienced similar problems after using ResearchDownload?

I would advise you only do a dump for keeps. if you must flash, a factory firmware would be better i.e "stock firmware" or "alldocube firmware". The "distributor firmware" could also come in handy. Try using Factory Download & Upgrade Download tool to flash when you get weird results from the Research Download Tool.

Depending on your Android version and available securities, the phones might or might not play nicely with dumps/backups.


- Could the NVRAM corruption be the cause, and if so, why are the IMEI numbers unaffected?

I would look at NVdata and other NV partitions. First, try doing a factory reset after such a flash. If you still encounter WiFi and Bluetooth issues then try re-writing your WiFi (MAC) and Bluetooth addresses as explained @ https://www.hovatek.com/forum/thread-27308.html


- What am I really flashing with these FDL1 and FDL2 partitions.

Firmware Downloader. This is the code that can read/write flash memory. Usually divided into two stages FDL1 and FDL2, a small first stage is needed to initialize external RAM and then loads FDL2 into RAM. i.e are required for the tools to communicate with your phone in download/flash mode.


- What exactly is the "backup" page in ResearchDownload?

The backup page allows you to backup selected partitions before whatever operation you are trying to do. There's also an NV section which lists NV partitions that will be backed up and flashed back to your device after whatever you are trying to do. This is a potential flash point because reflashing an improperly done backup could be the problem. I would leave out this option
This post was last modified: 25-10-2023, 12:26 PM by hovatek.

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
26-10-2023, 05:58 PM
#4
(25-10-2023, 12:18 PM)hovatek - Has anyone experienced similar problems after using ResearchDownload?

I would advise you only do a dump for keeps. if you must flash, a factory firmware would be better i.e "stock firmware" or "alldocube firmware". The "distributor firmware" could also come in handy. Try using Factory Download & Upgrade Download tool to flash when you get weird results from the Research Download Tool.

The devices came with the distributor's firmware and if possible I'd liike to keep their branding and such to appear as non-invasive as possible. However I don't mind abandoning that firmware at all if necessary. I could always just write the distributor's boot logos and animations. As for my experiments, I only conduct them on alldocube's firmware to save myself some trouble.

(25-10-2023, 12:18 PM)hovatek - Could the NVRAM corruption be the cause, and if so, why are the IMEI numbers unaffected?

I would look at NVdata and other NV partitions. First, try doing a factory reset after such a flash. If you still encounter WiFi and Bluetooth issues then try re-writing your WiFi (MAC) and Bluetooth addresses as explained @ https://www.hovatek.com/forum/thread-27308.html

I have tried flashing various alldocube firmware versions and always factory reset the device before the first boot. The results are the same, after a few minutes I get greeted with android setup and cannot use wifi or bluetooth. IMEI numbers seem to still be intact.

Every time I flash I leave EraseUBOOT, SPL_LOADER, EraseMisc, EraseSysdumpdb, EraseMetadata and UBOOT_LOADER turned off as I'm not sure what the consequences of a bad uboot write would be. Do I need to flash these files/run these operations as well? The device boots just fine without the new uboot firmware and I would expect it to stay that way regardless of the firmware version.

Anyway, I downloaded the WriteIMEI tool and it doesn't seem to be working. It also looks like Spreadtrum devices have a bunch of different modes that I don't fully understand. I always assumed that by holding down POWER + VOL DOWN, I was booting into flash mode, and by booting into fastboot/fastbootd I was booting into fastboot mode as outlined on the Spreadtrum website. WriteIMEI requires that I boot my device into "diag mode". Now, I'm just an ordinary person and I don't have no box or dongle for phone repairs so I assumed these two modes are the only modes I can boot in. But upon entering into flash mode it seems that my device is actually recognized as a "SPRD U2S Diag" serial port.
So now I'm really confused.

Regardless, I tried to use the tool just like in the tutorial, trying to read my current IMEI numbers before writing anything. But it seems that the device does not recognize the commands the tool is sending as I get a time out:

Quote:No response from phone, please make sure phone has been powered on.
IMEI1:
IMEI2:
BT:
Wifi:

I'm not really sure how to proceed from here. The device is still recognized by ResearchDownload in this mode, and it stays connected as a serial port throughout the procedure.

(25-10-2023, 12:18 PM)hovatek - What am I really flashing with these FDL1 and FDL2 partitions.

Firmware Downloader.  This is the code that can read/write flash memory. Usually divided into two stages FDL1 and FDL2, a small first stage is needed to initialize external RAM and then loads FDL2 into RAM. i.e  are required for the tools to communicate with your phone in download/flash mode.

Okay, I expected that to just be a downloader but since I'm completely lost I was still suspicious. 

(25-10-2023, 12:18 PM)hovatek - What exactly is the "backup" page in ResearchDownload?

The backup page allows you to backup selected partitions before whatever operation you are trying to do. There's also an NV section which lists NV partitions that will be backed up and flashed back to your device after whatever you are trying to do. This is a potential flash point because reflashing an improperly done backup could be the problem. I would leave out this option

This is another part I don't fully get. There are a bunch of options here that aren't explained anywhere (to be honest, the tool really needs documentation!)
.png
image.png
Size: 21.42 KB / Downloads: 5

If these boxes are checked what is the operation order? Does the tool back up my nvdata, flash it from the pac file, and restore it?
If I wanted to clear my nvdata, which boxes do I unselect? Just the NV_LTE and ProdNV at the bottom in "File Backup"?
I presume that if I were to check "Save file to local" it would dump that backup to the Backup directory I found in the tool.

What about the "Repartition" option from the "Options" tab? How exactly does it perform the repartitioning? I have been flashing with the option selected. Does it repartition all partitions according to the pac file or only the selected partitions? I suppose it doesn't really matter as all the firmwares have the same partition layout, but would you recommend to keep this on or off?

Anyway, thanks for your tutorials and guidance so far, hopefully this issue can be resolved soon. Why do you think the WIMEI tool isn't working? Am I not in the correct mode after all? And is it possible to enter the correct mode without any external dongles or such? I'm not really sure how all the low-level bits and pieces of SPD devices work. 
What do these boxes do that I can't do with a USB port and some software?
hovatek
hovatek
hovatek
Administrator
49,789
27-10-2023, 06:34 AM
#5



You've asked a number of questions so I'll just touch on them briefly

(26-10-2023, 05:58 PM)lifetimemistake Every time I flash I leave EraseUBOOT, SPL_LOADER, EraseMisc, EraseSysdumpdb, EraseMetadata and UBOOT_LOADER turned off as I'm not sure what the consequences of a bad uboot write would be. Do I need to flash these files/run these operations as well?

When you load the pac file, just leave everything as default and flash

(26-10-2023, 05:58 PM)lifetimemistake But it seems that the device does not recognize the commands the tool is sending as I get a time out:

Once the tool is ready, try connecting the phone without holding any button

(26-10-2023, 05:58 PM)lifetimemistake If these boxes are checked what is the operation order? Does the tool back up my nvdata, flash it from the pac file, and restore it?

It would backup , flash the pac then restore them

(26-10-2023, 05:58 PM)lifetimemistake If I wanted to clear my nvdata, which boxes do I unselect? Just the NV_LTE and ProdNV at the bottom in "File Backup"?

This doesn't clear them, it just doesn't back them up. To clear them, you go under Flash Operations > Erase flash then tick Active Erase Flash

(26-10-2023, 05:58 PM)lifetimemistake What about the "Repartition" option from the "Options" tab? How exactly does it perform the repartitioning?

You should tick it when flashing. Its just incase the pac you're flashing has different partition sizes from what's currently on the phone
This post was last modified: 27-10-2023, 06:49 AM by hovatek.

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
Join us
WhTlYt