Notifications

Clear all

Qualcomm Download Mode 9006

Thomass30 · 2018-06-08T20:19:34Z

Hello,Im trying to test the method when I get physical dump via Qualcomm Download Mode 9006.I have testing model of Samsung galaxy S4 i9505 with Qualcomm Snapdragon 600 Processor so I assume it will qualify to my test .I downloaded eMMC RAW Tool in order to image the device.I have installed Qualcomm drivers into Win10here is my problemI was trying to Switch S4 i9505 into Qualcomm Download Mode 9006 by pressing and holding the volume down key and connecting the device to computer via a USB and all I get is that my device goes into Download Modewhen I start eMMC RAW Tool I dont see any deviceQualcomm Download Mode 9006 looks the same as Download mode like link above or am I doing something wrong ?What should I do in order to get physical dump using Qualcomm Download Mode 9006 feature ? roll

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by aslez 6 years ago

14 Posts

6 Users

0 Reactions

9,226 Views

RSS

passcodeunlock

(@passcodeunlock)

Prominent Member

Joined: 9 years ago

Posts: 792

11/06/2018 9:09 pm

Don't rely on unknown loaders ) The vendor service software is always right!

ReplyQuote

arcaine2

(@arcaine2)

Estimable Member

Joined: 9 years ago

Posts: 239

11/06/2018 10:22 pm

I'm thinking about firehose/sahara loaders. You can't always get vendor firmware with those, especially not for Samsung or LG devices as they're for internal use only 😉

ReplyQuote

legija

(@legija)

New Member

Joined: 7 years ago

Posts: 2

26/09/2018 7:56 pm

To actually make a dump from this mode a correct loader is required, nowhere to be found publicly.

Available since model is released, sadly it's DMSS streaming download and it's very slow.

But, since these phones even now come up for extraction, I may up put those loaders for rest of the "public".

https://drive.google.com/file/d/1Ozo3qYV-wF-EfJ6iC6lCDXIL-z1RgnO4/view?usp=sharing

This will work only with i9505, not with the US/CA counterparts.
I have also some other S4 models loaders, can provide on request.

On how to use it, simplest way I can think of now is

1. Enter EDL by shorting CMD or CLK to GND
2. QPST->emmcswdownload ->qfuses -> select hex file ->send image
3. Close QPST from taskbar to release port
4. RIFF JTAG Manager -> USB TAB -> set "Streaming download protocol" (other irrelevant as phone is booted)
5. Click "Check Memory" - tick auto fullflash, click read memory.

Edit

I had one working board here and after testing this method wont work, for simple reason that reading is not compiled into loader. So, it's just good for writes, and building and uploading msimage didnt resulted with success, phone didnt entered 9006 mass storage mode.

ReplyQuote

aslez

(@aslez)

New Member

Joined: 6 years ago

Posts: 1

08/03/2019 5:14 pm

So we have an LG Rebel 4 from Tracfone (same as LG Aristo 2, LG Aristo 2 Plus, LG Phoenix 4, etc. all the x210 models and x212).
We found the test point to short to get the phone into 9008 mode.
We cannot find any programmer (mbn/firehose) publicly, but there are FRP unlocks and various code unlock exploits for the various other models.
Any idea how to get one of these into 9006 mode? I created an 8917_msimage.mbn but cannot flash it without a programmer (hex or firehose). I don't see a JTAG interface anywhere even though we do have a test point.

Motherboard photos https://slickdeals.net/f/12870790-simple-mobile-rebel-4-l211vl-black-12-99-at-best-buy?p=125854501#post125854501
9008 test point (see area circled in the next post #229)

Any help would be appreciated in locating the JTAG port, or giving ideas on how to either flash or download the current image.

ReplyQuote

Page 2 / 2 Prev

8 Forums
15.7 K Topics
92.3 K Posts
231 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed