bkerler / loaders Goto Github PK
View Code? Open in Web Editor NEWEDL Loaders
EDL Loaders
This file is a disk image with a GPT and 4 ELF images, none of them a Firehose.
qualcomm/model_generic/apq8016/0000000000000000_d58522cd602a501c_fhprg.bin
Moto G Power (2021) XT2117-4
HWID: 0014d0e102e80000, QC: 0014d0e1, OEM: 02e8, Model: 0000
Hash: abbcc86fe393b13d-59e2a2ec944af26d-a3fa3d4b2a1ccd2f-b383c73e0fffc30d
The Firehose file is posted here: https://forum.xda-developers.com/t/moto-g-power-2021-borneo-stock-firmware.4227231/post-86191813 as "programmer.zip".
Shorting two pins to enter EDL on E5788, and when I run a command edl --loader ENPRG9x55.mbn printgpt
I get AttributeError: 'NoneType' object has no attribute 'NAND_DEV0_CFG0'
:
$ ls E5788
ENPRG9x55_e5788.mbn.signed ENPRG9x55.mbn partition.mbn
$ ./edl --loader E5788/ENPRG9x55.mbn printgpt
Qualcomm Sahara / Firehose Client V3.62 (c) B.Kerler 2018-2024.
main - Using loader E5788/ENPRG9x55.mbn ...
main - Waiting for the device
main - Device detected :)
sahara - Protocol version: 2, Version supported: 1
main - Mode detected: sahara
sahara -
Version 0x2
------------------------
HWID: 0x000320e10015005a (MSM_ID:0x000320e1,OEM_ID:0x0015,MODEL_ID:0x005a)
CPU detected: "MDM9250"
PK_HASH: 0xf8007a99dd99ac53b734be80a664a5af560dec68dbb7210c9dd975fdaf0469ce
Serial: 0xc9342f46
sahara - Protocol version: 2, Version supported: 1
sahara - Uploading loader E5788/ENPRG9x55.mbn ...
sahara - 32-Bit mode detected.
sahara - Firehose mode detected, uploading...
sahara - Loader successfully uploaded.
Streaming - Successfully uploaded programmer :)
Streaming - Unpatched loader detected. Using standard QC mode. Limited methods supported: peek
Streaming - HELLO protocol version: 3
Streaming - Flash memory: MT29F4G08ABBEA, (vendor: 0x00 image_id: 0x00)
Streaming - Page size: 4096 bytes (0 sectors)
Streaming - The number of pages in the block: 64
Streaming - OOB size: 0 bytes
Streaming - ECC: R-S, 0 bit
Streaming - ЕСС size: 0 bytes
Successfully uploaded programmer :)
Traceback (most recent call last):
File "/home/user/Documents/edl/./edl", line 393, in <module>
base.run()
File "/home/user/Documents/edl/./edl", line 373, in run
sc.handle_streaming(cmd, options)
File "/home/user/Documents/edl/edlclient/Library/streaming_client.py", line 101, in handle_streaming
partitions = self.streaming.get_partitions()
File "/home/user/Documents/edl/edlclient/Library/streaming.py", line 652, in get_partitions
partdata = self.read_partition_table()
File "/home/user/Documents/edl/edlclient/Library/streaming.py", line 639, in read_partition_table
buffer, spare = self.flash_read(block, 0, 1, cwsize)
File "/home/user/Documents/edl/edlclient/Library/streaming.py", line 495, in flash_read
cfg0 = self.regs.NAND_DEV0_CFG0
AttributeError: 'NoneType' object has no attribute 'NAND_DEV0_CFG0'
I got ENPRG9x55_e5788.mbn.signed
from this specific comment bkerler/edl#231 (comment) and I got ENPRG9x55.mbn
and partition.mbn
from this other specific comment bkerler/edl#231 (comment)
Trying to use Loaders/qualcomm/model_generic/mdm9x5x/000320e100000000_cc3153a80293939b_fhprg_nand_sim7080.elf
or any file in Loaders/qualcomm/patched/mdm9x5x/
as loader would stuck on sahara - Firehose mode detected, uploading...
. The same applies to using ENPRG9x55_e5788.mbn.signed
and partition.mbn
as loaders (I don't know what is the partition.mbn
file for, it does not look like a loader).
Now after doing all of this, my E5788 won't boot anymore. It always enters EDL mode. Maybe the loader bricked the E5788 device? if so, how to unbrick it? (The E5788 device does not have secure boot)
What files for this need?
http://deviceinfohw.ru/devices/item.php?item=49947
Hi i've my OW19W8 stock in bootloop. Can help me for repair it? I can make donation if it will works. Thanks
Loaders/t2mobile/000940e100420050_1357fdaeabb7becb_fhprg.bin
and Loaders/hmd/000940e100420050_1357fdaeabb7becb_fhprg.bin
are the same file.
I would like to express my gratitude for this invaluable repository. I’ve been on the hunt for an EDL loader file for a week, unaware that this repository existed and could be of assistance.
Despite my extensive efforts, I discovered that the loader I require is not present among the current loaders.
--------------------------------
Sunmi T2S L1561 (SDM660)
--------------------------------
HWID: 0x0008c0e100000000 (MSM_ID:0x0008c0e1,OEM_ID:0x0000,MODEL_ID:0x0000)
CPU detected: "SDM660"
PK_HASH: 0x3720a9d9e03543ae4ad244d93d4b56ef588a499106c7d1f931f42704173a3414
Serial: 0x7679407d
sahara - [LIB]: Couldn't find a loader for given hwid and pkhash (0008c0e100000000_3720a9d9e03543ae[FHPRG/ENPRG].bin) :(
PROCESSOR
CPU Architecture: AArch64 Processor rev 2 (aarch64)
Board: sdm[660](tel:660)
Chipset: Qualcomm Technologies, Inc SDM[660](tel:660)
Cores: 8
Clock Speed: [1401](tel:1401) MHz - [2208](tel:2208) MHz
Instruction Sets: arm64-v8a
CPU Features: fp asimd evtstrm aes pmull sha1 sha2 crc32
CPU Governor: performance
Kernel Version: [4.4.153](tel:4.4.153)-perf
Kernel Architecture: aarch64
Could you kindly include the Sunmi T2S L1561 (SDM660) loader?
In ZTE there is both
Loaders-main\zte\009600E100040000_86c4f630cbc412fd_FHPRG_peek.bin
Loaders-main\zte\009600e100040000_86c4f630cbc412fd_fhprg_peek.bin
Which are identical.
In ZTE there is both
Loaders-main\zte\009720E100040000_4673478f4dd4d43c_FHPRG_peek.bin
Loaders-main\zte\009720e100040000_4673478f4dd4d43c_fhprg_peek.bin
Which are different. This causes problem with case-insensitive file systems.
There are 3 other loaders that have FHPRG instead of fhprg.
Please i need the file for xiaomi redmi note 9s
It doesn't have any certs whatsoever,
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ELF, 32-bit LSB executable, ARM, version 1 (SYSV)
84664 0x14AB8 XML document, version: "1.0"
84948 0x14BD4 SHA256 hash constants, little endian
fhloaderparse also says its invalid, where did this file come from? Needed for my no-display SM-T560NU Samsung. APQ8016
AFAIK, firehose of xiamo redmi note 10 pro requires authentication.
Is there here one working without authentication?
Please add Oneplus 9RT Loaders
$ ./edl reset
Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022.
main - Trying with no loader given ...
main - Waiting for the device
Traceback (most recent call last):
File "C:\Users\Llamar\Downloads\edl\edl", line 391, in
base.run()
File "C:\Users\Llamar\Downloads\edl\edl", line 299, in run
conninfo = self.doconnect(loop)
File "C:\Users\Llamar\Downloads\edl\edl", line 193, in doconnect
self.cdc.connected = self.cdc.connect(portname=self.portname)
File "C:\Users\Llamar\Downloads\edl\edlclient\Library\Connection\usblib.py", line 226, in connect
self.configuration = self.device.get_active_configuration()
File "C:\Users\Llamar\AppData\Local\Programs\Python\Python39\lib\site-packages\usb\core.py", line 921, in get_active_configuration
return self._ctx.get_active_configuration(self)
File "C:\Users\Llamar\AppData\Local\Programs\Python\Python39\lib\site-packages\usb\core.py", line 113, in wrapper
return f(self, *args, **kwargs)
File "C:\Users\Llamar\AppData\Local\Programs\Python\Python39\lib\site-packages\usb\core.py", line 249, in get_active_configuration
self.managed_open()
File "C:\Users\Llamar\AppData\Local\Programs\Python\Python39\lib\site-packages\usb\core.py", line 113, in wrapper
return f(self, *args, **kwargs)
File "C:\Users\Llamar\AppData\Local\Programs\Python\Python39\lib\site-packages\usb\core.py", line 131, in managed_open
self.handle = self.backend.open_device(self.dev)
File "C:\Users\Llamar\AppData\Local\Programs\Python\Python39\lib\site-packages\usb\backend\libusb1.py", line 804, in open_device
return _DeviceHandle(dev)
File "C:\Users\Llamar\AppData\Local\Programs\Python\Python39\lib\site-packages\usb\backend\libusb1.py", line 652, in init
_check(_lib.libusb_open(self.devid, byref(self.handle)))
File "C:\Users\Llamar\AppData\Local\Programs\Python\Python39\lib\site-packages\usb\backend\libusb1.py", line 600, in _check
raise NotImplementedError(_strerror(ret))
NotImplementedError: Operation not supported or unimplemented on this platform
i have found huawei e5788 original bootloaders it is base upon qualcomm 9x5x chipset ,i try all bootloaders in your folder loaders/qualcomm/9x5x/enprg_9x55p.mbn it not work , so i have original bootloaders ,loader is attached please patch bootloaders and add in loader/qualcomm/9x5x/ folder .
bootloaderimage_e5788.zip
Hi all,
Anyone has SDX62/65 loaders?
Thx in advance
Here is a link to my personal collection of loaders.
I would like to express my gratitude for this invaluable repository. I’ve been on the hunt for an EDL loader file for a week, unaware that this repository existed and could be of assistance.
Despite my extensive efforts, I discovered that the loader I require is not present among the current loaders.
--------------------------------
Sunmi T2S L1562 (SDM660)
--------------------------------
HWID: 0x0008c0e100000000 (MSM_ID:0x0008c0e1,OEM_ID:0x0000,MODEL_ID:0x0000)
CPU detected: "SDM660"
PK_HASH: 0x44b1b939b9db8396050ac589ab3d0e80590841cb0a93fb9d0c9521551b22ab02
Serial: 0xc1bb7de7
sahara - [LIB]: Couldn't find a loader for given hwid and pkhash (0008c0e100000000_44b1b939b9db8396_[FHPRG/ENPRG].bin) :(
Could you kindly include the Sunmi T2S L1562 (SDM660) loader?
This loader has an incorrect SHA384 on program 15
These three loaders were re-signed with SHA256 despite originally being signed SHA384
just found this loader, kindly add unified juice (citrus,lemon,pomelo,lime)
https://forum.xda-developers.com/t/solved-i-need-help-edl-9t-lime.4385727
xubuntu@xubuntu:/media/xubuntu/18CC6C07CC6BDE0E/src/edl$ python3 edl.py --loader='/media/xubuntu/18CC6C07CC6BDE0E/Android/Backup/citrus/POCO M3 - Redmi 9T nfc - Redmi 9 Power - Redmi note 9 4G/prog_firehose_ddr.elf' --memory=UFS r recovery recovery.img
Capstone library is missing (optional).
Keystone library is missing (optional).
Qualcomm Sahara / Firehose Client V3.52 (c) B.Kerler 2018-2021.
main - Using loader /media/xubuntu/18CC6C07CC6BDE0E/Android/Backup/citrus/POCO M3 - Redmi 9T nfc - Redmi 9 Power - Redmi note 9 4G/prog_firehose_ddr.elf ...
main - Waiting for the device
main - Device detected :)
main - Mode detected: sahara
Device is in EDL mode .. continuing.
sahara -
------------------------
HWID: 0x0014d0e100720000 (MSM_ID:0x0014d0e1,OEM_ID:0x0072,MODEL_ID:0x0000)
Unknown CPU, please send log as issue to https://github.com/bkerler/edl
PK_HASH: 0x1bebe3863a6781db4b01086063007334de9e5ca14971c7c4f4358ec9d79cda46
Serial: 0x8c5d23d2
sahara - Uploading loader /media/xubuntu/18CC6C07CC6BDE0E/Android/Backup/citrus/POCO M3 - Redmi 9T nfc - Redmi 9 Power - Redmi note 9 4G/prog_firehose_ddr.elf ...
Successfully uploaded programmer :)
firehose - INFO: Chip serial num: 2354914258 (0x8c5d23d2)
firehose - Supported Functions: program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest
firehose -
firehose
firehose - [LIB]: Couldn't detect MaxPayloadSizeFromTargetinBytes
firehose
firehose - [LIB]: Couldn't detect TargetName
firehose - TargetName=Unknown
firehose - MemoryName=UFS
firehose - Version=1
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest
firehose -
Reading from physical partition 0, sector 22808, sectors 32768
Progress: |██████████████████████████████████████████████████| 100.0% Complete
Dumped sector 22808 with sector count 32768 as recovery.img
i just could not find a loader for my device.
Here the Hash i could receive via edl.exe
Found EDL 9008, handshaking... version 2.1
HWID: 001350e100200000, JTAG: 001350e1, OEM: 0020, Model: 0000
Hash: a828a44aea37b6b8-a1783b79d7d6f0a0-ceadcba32faed6db-a66247062afaaf1b-7b0b81cd7f8c6ccd-f6f38f759b953ee8
0000000000000000-0000000000000000-0000000000000000-0000000000000000-0000000000000000-0000000000000000 (x2)
Maybe you know how to decode it.
What is it that I'm doing wrong?
This was edl 3.1's response but the latest one also spits out the same thing. Thanks!!
feitlimit@pop-os:~/Desktop/edl$ edl printgpt --memory=UFS
Qualcomm Sahara / Firehose Client V3.60 (c) B.Kerler 2018-2022.
main - Trying with no loader given ...
main - Waiting for the device
main - Device detected :)
sahara - Protocol version: 2, Version supported: 1
main - Mode detected: sahara
sahara -
------------------------
HWID: 0x000460e100000000 (MSM_ID:0x000460e1,OEM_ID:0x0000,MODEL_ID:0x0000)
CPU detected: "MSM8953"
PK_HASH: 0x57158eaf1814d78fd2b3105ece4db18a817a08ac664a5782a925f3ff8403d39a
Serial: 0xb94b1788
sahara - Detected loader: /usr/local/lib/python3.10/dist-packages/edlclient-3.60-py3.10.egg/edlclient/../Loaders/xiaomi/EDLAuth/000460e100000000_57158eaf1814d78f_fhprg_edlauth_peek.bin
sahara - Protocol version: 2, Version supported: 1
sahara - Uploading loader /usr/local/lib/python3.10/dist-packages/edlclient-3.60-py3.10.egg/edlclient/../Loaders/xiaomi/EDLAuth/000460e100000000_57158eaf1814d78f_fhprg_edlauth_peek.bin ...
sahara - 32-Bit mode detected.
sahara - Firehose mode detected, uploading...
sahara - Loader successfully uploaded.
main - Trying to connect to firehose loader ...
firehose - Xiaomi EDL Auth detected.
Traceback (most recent call last):
File "/usr/local/bin/edl", line 4, in <module>
__import__('pkg_resources').run_script('edlclient==3.60', 'edl')
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 656, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 1453, in run_script
exec(code, namespace, namespace)
File "/usr/local/lib/python3.10/dist-packages/edlclient-3.60-py3.10.egg/EGG-INFO/scripts/edl", line 393, in <module>
base.run()
File "/usr/local/lib/python3.10/dist-packages/edlclient-3.60-py3.10.egg/EGG-INFO/scripts/edl", line 387, in run
if fh.connect(sahara):
File "/usr/local/lib/python3.10/dist-packages/edlclient-3.60-py3.10.egg/edlclient/Library/firehose_client.py", line 109, in connect
if self.firehose.configure(0):
File "/usr/local/lib/python3.10/dist-packages/edlclient-3.60-py3.10.egg/edlclient/Library/firehose.py", line 907, in configure
if self.modules.edlauth():
File "/usr/local/lib/python3.10/dist-packages/edlclient-3.60-py3.10.egg/edlclient/Library/Modules/init.py", line 71, in edlauth
return self.xiaomi.edl_auth()
File "/usr/local/lib/python3.10/dist-packages/edlclient-3.60-py3.10.egg/edlclient/Library/Modules/xiaomi.py", line 38, in edl_auth
if rsp[0]:
TypeError: 'response' object is not subscriptable
will the 10t cph2417 be supported there are no msm tools what so ever for the 10t.
Sahara v3 is no show PKHASH
need --loader option
But now filename is difficulty
So I think add support device list file
hello, i sent you a message on twitter please replay my message my id : @robin2530
i use the loader from zte mf980 but not work
i searched in all of world wide internet but not find any firmware or loader for that
HWID: 0x009500e100000000 (MSM_ID:0x009500e1,OEM_ID:0x0000,MODEL_ID:0x0000)
CPU detected: "MDM9x40"
PK_HASH: 0xcc3153a80293939b90d02d3bf8b23e0292e452fef662c74998421adad42a380f
Serial: 0xb7a77f9e
I have a running Pixel 4a. I can't seem to find firehose files anywhere on internet, in case my phone bricks. How can I grab firehose files and from my own device? I'd like to contribute to this repo.
Thanks
Please add Samsung A715F Binary 8 firehose loader
My device is hard-bricked
Please help me
As in title, how do we identify which loader is which?
Please add loader for Vodafone VFD 600
Partial output including error:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest,gethwversion,getrfversion,getprjversion,setprojmodel,demacia,sha256init,sha256final,eraseuserdata
oneplus - Oneplus protection with prjid 18821 detected
firehose - GetStorageInfo:
--------------------
Traceback (most recent call last):
File "/Users/sean/OnePlus 7 Pro/root/edl/./edl", line 391, in <module>
base.run()
File "/Users/sean/OnePlus 7 Pro/root/edl/./edl", line 386, in run
fh.handle_firehose(cmd, options)
File "/Users/sean/OnePlus 7 Pro/root/edl/edlclient/Library/firehose_client.py", line 647, in handle_firehose
return self.firehose.cmd_getstorageinfo_string()
File "/Users/sean/OnePlus 7 Pro/root/edl/edlclient/Library/firehose.py", line 1308, in cmd_getstorageinfo_string
data = self.xml.getlog(val.data)
File "/Users/sean/OnePlus 7 Pro/root/edl/edlclient/Library/xmlparser.py", line 29, in getlog
lines = input.split(b"<?xml")
AttributeError: 'dict' object has no attribute 'split'
The issue is getstorageinfo is returnin JSON:
{'value': 'ACK', 'rawmode': 'false'}
Changing getlog() to this:
def getlog(self, input):
data = []
try:
lines = input.split(b"<?xml")
except Exception:
data.append(input)
return data
snip...
Hi, i was wondering if someone here managed to get a firehose out of the paid unlocktool in elf format for usage with bkerler/edl for example?
Here is a reference table of Firehose loaders available on two sites.
You can search by PK hash or file MD5 to locate a loader.
This table is copyright, but feel free to link it in README.md if you like.
http://www.temblast.com/ref/loaders.htm
It should be updated regularly.
Here is a loader for the SM6225, 001b80e1 (and others?).
It was patched from a manufacturer's loader that had severe limitations on what areas it could program.
Since it was patched it will only work on devices without Secure Boot enabled.
The original certs have been wiped to avoid confusion.
This works on Onyx GoColor7 and Go103 ereaders.
............main - Device detected :)
sahara - Protocol version: 2, Version supported: 1
main - Mode detected: sahara
sahara -
------------------------
HWID: 0x0013d0e100000000 (MSM_ID:0x0013d0e1,OEM_ID:0x0000,MODEL_ID:0x0000)
CPU detected: "qcm2150"
PK_HASH: 0xcc3153a80293939b90d02d3bf8b23e0292e452fef662c74998421adad42a380f
Serial: 0xc6457f44
gsmxt com /edl-samsung-loader-files-2024/
LOADER_SAMSUNG_2024.zip
I found a vulnerability in the loader samsung/0000000000200000_b64fa0e813ee4321_fhprg.bin but don't know to which device this file corresponds to. Anyone tested it?
device info
main - Device detected :)
main - Mode detected: sahara
Device is in EDL mode .. continuing.
sahara -
------------------------
HWID: 0x001490e100720000 (MSM_ID:0x001490e1,OEM_ID:0x0072,MODEL_ID:0x0000)
CPU detected: "rennell_v1.1"
PK_HASH: 0x1bebe3863a6781db4b01086063007334de9e5ca14971c7c4f4358ec9d79cda46
Serial: 0xXXXXXXXX
sahara
sahara - [LIB]: Couldn't find a loader for given hwid and pkhash (001490e100720000_1bebe3863a6781db_[FHPRG/ENPRG].bin) :(
Device is in an unknown sahara state, resetting
resp={'cmd': 1, 'len': 48, 'version': 2, 'version_min': 1, 'max_cmd_len': 1024, 'mode': 0, 'res1': 0, 'res2': 0, 'res3': 0, 'res4': 0, 'res5': 0, 'res6': 0, 'object_size': 48, 'raw_data': bytearray(b'\x01\x00\x00\x000\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.