Unfortunately, I think @hirnsushi is right.
I couldn’t find a working edl loader on the internet and it seems you need to have the right one to unbrick your phone.
You could try reaching out to the developer of edl, maybe he can help.
Or you could ask @k4y0z where he got the edl loader for FP3.
2 Likes
Hmm, speaking about edl, doesn’t this paragraph allow you somehow to enable OEM unlock?
Throwing this here for more knowledgeable people to look at, I was just reading through the edl README 
2 Likes
Thanks, but edl modules oemunlock enable also requires the right edl loader
Output
Qualcomm Sahara / Firehose Client V3.53 (c) B.Kerler 2018-2021.
main - Trying with no loader given ...
main - Waiting for the device
main - Device detected :)
main - Mode detected: sahara
Device is in EDL mode .. continuing.
sahara -
------------------------
HWID: 0x001630e100210001 (MSM_ID:0x001630e1,OEM_ID:0x0021,MODEL_ID:0x0001)
CPU detected: "sd7250"
PK_HASH: 0x1c3d8d7ea24e435d7b540e0ffb34aa4bd57421c5f3570eef54f354610953a24c
Serial: 0x3de6ed5b
sahara
sahara - [LIB]: Couldn't find a loader for given hwid and pkhash (001630e100210001_1c3d8d7ea24e435d_[FHPRG/ENPRG].bin) :(
Device is in an unknown sahara state, resetting
resp={'cmd': 1, 'len': 48, 'version': 2, 'version_min': 1, 'max_cmd_len': 1024, 'mode': 0, 'res1': 0, 'res2': 0, 'res3': 0, 'res4': 0, 'res5': 0, 'res6': 0, 'object_size': 48, 'raw_data': bytearray(b'\x01\x00\x00\x000\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')}
5 Likes
Sadly there won’t be anything interesting in edl (apart from looking at some hardware info) without a loader.
edl itself knows nothing about the hardware layout, so we won’t be able to modify the system at the current state 
5 Likes
It seems @k4y0z got the EDL loader from the Xiaomi Redmi 7 firmware package:
I tried the EDL loader from the Xiaomi Mi 10T Lite which also has a Qualcomm Snapdragon 750G but also got the signature error. The EDL loader for the FP4 is signed, so loaders for other smartphones won’t work as on the FP3.
4 Likes
A Fairphone employee just confirmed me they can’t publish the EDL loader because of the legal situation and because publishing it would work around parts of the security model of Qualcomm devices.
Makes sense to me, reading this blog post discussing the security implications of leaked / published EDL loaders: Exploiting Qualcomm EDL Programmers (1): Gaining Access & PBL Internals
Unfortunately, this only leaves the option with the official programmer and the protocol analyzer for $1,295.00 for EDL unbricking as @hirnushi pointed out. Reading about the security implications of this, I don’t think even that would be a good idea.
Maybe there’s another way not involving EDL mode, but based on countless other online forum posts of other people in your situation, I think the only way is to send it to Fairphone.
9 Likes
That’s what I feared 
That has always been the case, but good to know there’s an official response on that matter 
Since there are already official programmers out there, this isn’t really a concern to me. At some point that loader will get leaked and the question is, will there be people selling access to it or does the community benefit from it.
I’m pretty sure EDL is the last resort already, but maybe we missed something along the way 
(not getting my hopes up)
7 Likes
Using this guide from XDA combined with this XDA forum post I was able to extract hidden FP4 fastboot commands from the bootloader. They are the same on FP OS and /e/ OS.
/e/ OS extraction on Linux
unzip IMG-e-0.21-r-20220112156786-stable-FP4.zip
binwalk -e abl.img
cd _abl.img.extracted
strings -f 3078 | grep oem
3078: oem clear-rollback-index
3078: oem enable-charger-screen
3078: oem disable-charger-screen
3078: oem off-mode-charge
3078: oem select-display-panel
3078: oem device-info
3078: oem enable-root
3078: oem disable-root
3078: Enter fastboot oem off-mode-charge 0/1
Unfortunately, these commands won’t help us.
What happens if you try to boot the newest boot.img from code.fairphone.com or the one included in the /e/ OS image?
fastboot boot boot.img
6 Likes
Great find 
I’m pretty sure fastboot boot requires a unlocked bootloader though… 
1 Like
Yeah the boot command isn’t available if OEM/bootloader is locked:
$ fastboot boot boot.img
downloading 'boot.img'...
OKAY [ 2.345s]
booting...
FAILED (remote: Fastboot boot command is not available in locked device)
finished. total time: 2.350s
Is it maybe possible to spoof the loader signature somehow?
1 Like
Nope, that won’t work.
Not only would we need a loader we know actually works, but we would also need to pad that binary until we somehow end up with the exact hash that’s required. Even with a HPC cluster from a university I’m pretty sure that’s not easily achievable.
At that point that protocol analyzer and bribing someone with access to a programmer might be cheaper 
4 Likes
Did it still come to a solution here?
I have exactly the same problem, only that I wanted to go from Lineageos back to StockRom.
And yes I was a bit fast with closing the boot partition :-(.
But I run into the same problems as my predecessor in fastboot.
Sadly we still don’t have access to a firehose file (as far as I know), so there’s no access to proper EDL for now and without that no way for the community to fix a bricked phone.
Your best bet is to #contactsupport
2 Likes
thank you for the quick feedback.
Too bad that this file is missing :-(.
Have times written to the support, am curious what comes back.
1 Like
Hey all,
I have the same problem.
I have contacted Fairphone support, maybe they can help me.
Same here,
no flashing/boot/erase commands possible since Bootloader is locked, recovery unavailable.
oem unlock likewise disabled. On boot it always goes directly to bootloader, even if I try to go to recovery.
I haven’t tried the edl stuff you mentioned, but everything else (including hours of googling) didn’t work.
I also contacted support and am waiting for their reply.
Hello,
has anyone received any feedback from Fairphone support?
Unfortunately I do not receive any feedback on my request.
If you are using eOS then your port of call would be e-foundation. Fairphone supports only those phones running the default Android OS.
I think it depends on where/with which OS you bought the phone.
6 Likes
I bought it with the Fairphone OS directly from the Fairphone Shop.
1 Like