If you are comfortable on the command line you can use edl as well. That’s at least open source software and not leaked Qualcomm tools only available on some dodgy websites
But without a firehose file you arrived at the prompt to stare at I mentioned before…
Edit: The more appropriate general instructions on what to do are here
That sounds good. And @FireCubex has remarked that the device is already in EDL/QDL Mode (9008).
So you mean that the same way of unbricking works with the FP4? Or is there another MBN-File for Soc SM7225 needed (in Fairphone 3 unbricking the file update.zip contains only prog_emmc_firehose_8953_ddr.mbn) ?
Yeah, without a firehose file for the Snapdragon 750G (SM7225) there’s not much we can do in EDL mode.
Someone with access to factory equipment has to leak a firehose file (doesn’t necessarily need to be for the Fairphone 4, others might work as well). So far I haven’t been able to find one.
The exact process to unbrick the phone has to come afterwards, generally it should work a similar way. But without actual access this is purely theoretical at this point.
Ok I used the open source EDL this time. My first attempts ended here:
$ ./edl printgpt --memory=ufs
Qualcomm Sahara / Firehose Client V3.53 (c) B.Kerler 2018-2021.
main
main - [LIB]: Please first install libusb_win32 driver from Zadig
main - Trying with no loader given ...
main - Waiting for the device
main - Device detected :)
main - Mode detected: sahara
Device is in EDL mode .. continuing.
sahara -
------------------------
HWID: 0x001630e100210001 (MSM_ID:0x001630e1,OEM_ID:0x0021,MODEL_ID:0x0001)
CPU detected: "sd7250"
PK_HASH: 0x1c3d8d7ea24e435d7b540e0ffb34aa4bd57421c5f3570eef54f354610953a24c
Serial: 0x6b5c62d3
So I searched for a loader which is kinda the same as the requested one.
I used OnePlus Nord CE 5G because it has the same SoC (SM7225).
But it looks like the signature won’t be accepted or the problem is something else.
$ ./edl printgpt --memory=ufs --loader=Loaders/oneplus/0000000000515198_2354228eebcbc203_fhprg_op_nordce.bin --debugmode
...
(many upload_loader stuff)
...
sahara - [LIB]: Unexpected error on uploading, maybe signature of loader wasn't accepted ?
'NoneType' object is not subscriptable
No suitable loader found :(
I don’t think it was, as far as I understand that topic, the Fairphone 3 was able to use a generic loader But then again I haven’t been around when those posts were written, I’m just grasping for straws here in search for answers about low level Qualcomm stuff…
This
I get why they can’t do it, but boy would it be easier if Fairphone just released the necessary files.
Why does the right to repair have to stop at some random proprietary wall?
Does anybody know if there is a possibility to extract the edl-loader-bin from stock-rom or ota-update-zip or one of the device partitions?
Or is the edl-loader completely independent from the software on the device?
If you mean firehose files (or loaders in edl speak), those aren’t on device. I like to think of them more of like a map to the internals and if you don’t have one you get lost. I mean the mode is called Sahara for a reason
The edl readme has this useful piece of piece of information
or sniff existing edl tools using Totalphase Beagle 480
So you can extract them yourself, you just need access to an official programmer and a protocol analyzer for the cheap price of $1,295.00…
Unfortunately, I think @hirnsushi is right.
I couldn’t find a working edl loader on the internet and it seems you need to have the right one to unbrick your phone.
You could try reaching out to the developer of edl, maybe he can help.
Or you could ask @k4y0z where he got the edl loader for FP3.
Sadly there won’t be anything interesting in edl (apart from looking at some hardware info) without a loader.
edl itself knows nothing about the hardware layout, so we won’t be able to modify the system at the current state
It seems @k4y0z got the EDL loader from the Xiaomi Redmi 7 firmware package:
I tried the EDL loader from the Xiaomi Mi 10T Lite which also has a Qualcomm Snapdragon 750G but also got the signature error. The EDL loader for the FP4 is signed, so loaders for other smartphones won’t work as on the FP3.
A Fairphone employee just confirmed me they can’t publish the EDL loader because of the legal situation and because publishing it would work around parts of the security model of Qualcomm devices.
Unfortunately, this only leaves the option with the official programmer and the protocol analyzer for $1,295.00 for EDL unbricking as @hirnushi pointed out. Reading about the security implications of this, I don’t think even that would be a good idea.
Maybe there’s another way not involving EDL mode, but based on countless other online forum posts of other people in your situation, I think the only way is to send it to Fairphone.
That has always been the case, but good to know there’s an official response on that matter
Since there are already official programmers out there, this isn’t really a concern to me. At some point that loader will get leaked and the question is, will there be people selling access to it or does the community benefit from it.
I’m pretty sure EDL is the last resort already, but maybe we missed something along the way (not getting my hopes up)
Using this guide from XDA combined with this XDA forum post I was able to extract hidden FP4 fastboot commands from the bootloader. They are the same on FP OS and /e/ OS.
Yeah the boot command isn’t available if OEM/bootloader is locked:
$ fastboot boot boot.img
downloading 'boot.img'...
OKAY [ 2.345s]
booting...
FAILED (remote: Fastboot boot command is not available in locked device)
finished. total time: 2.350s
Is it maybe possible to spoof the loader signature somehow?
Nope, that won’t work.
Not only would we need a loader we know actually works, but we would also need to pad that binary until we somehow end up with the exact hash that’s required. Even with a HPC cluster from a university I’m pretty sure that’s not easily achievable.
At that point that protocol analyzer and bribing someone with access to a programmer might be cheaper