Ok I used the open source EDL this time. My first attempts ended here:
$ ./edl printgpt --memory=ufs
Qualcomm Sahara / Firehose Client V3.53 (c) B.Kerler 2018-2021.
main
main - [LIB]: Please first install libusb_win32 driver from Zadig
main - Trying with no loader given ...
main - Waiting for the device
main - Device detected :)
main - Mode detected: sahara
Device is in EDL mode .. continuing.
sahara -
------------------------
HWID: 0x001630e100210001 (MSM_ID:0x001630e1,OEM_ID:0x0021,MODEL_ID:0x0001)
CPU detected: "sd7250"
PK_HASH: 0x1c3d8d7ea24e435d7b540e0ffb34aa4bd57421c5f3570eef54f354610953a24c
Serial: 0x6b5c62d3
So I searched for a loader which is kinda the same as the requested one.
I used OnePlus Nord CE 5G because it has the same SoC (SM7225).
But it looks like the signature won’t be accepted or the problem is something else.
$ ./edl printgpt --memory=ufs --loader=Loaders/oneplus/0000000000515198_2354228eebcbc203_fhprg_op_nordce.bin --debugmode
...
(many upload_loader stuff)
...
sahara - [LIB]: Unexpected error on uploading, maybe signature of loader wasn't accepted ?
'NoneType' object is not subscriptable
No suitable loader found :(
I don’t think it was, as far as I understand that topic, the Fairphone 3 was able to use a generic loader But then again I haven’t been around when those posts were written, I’m just grasping for straws here in search for answers about low level Qualcomm stuff…
This
I get why they can’t do it, but boy would it be easier if Fairphone just released the necessary files.
Why does the right to repair have to stop at some random proprietary wall?
Does anybody know if there is a possibility to extract the edl-loader-bin from stock-rom or ota-update-zip or one of the device partitions?
Or is the edl-loader completely independent from the software on the device?
If you mean firehose files (or loaders in edl speak), those aren’t on device. I like to think of them more of like a map to the internals and if you don’t have one you get lost. I mean the mode is called Sahara for a reason
The edl readme has this useful piece of piece of information
or sniff existing edl tools using Totalphase Beagle 480
So you can extract them yourself, you just need access to an official programmer and a protocol analyzer for the cheap price of $1,295.00…
Unfortunately, I think @hirnsushi is right.
I couldn’t find a working edl loader on the internet and it seems you need to have the right one to unbrick your phone.
You could try reaching out to the developer of edl, maybe he can help.
Or you could ask @k4y0z where he got the edl loader for FP3.
Sadly there won’t be anything interesting in edl (apart from looking at some hardware info) without a loader.
edl itself knows nothing about the hardware layout, so we won’t be able to modify the system at the current state
It seems @k4y0z got the EDL loader from the Xiaomi Redmi 7 firmware package:
I tried the EDL loader from the Xiaomi Mi 10T Lite which also has a Qualcomm Snapdragon 750G but also got the signature error. The EDL loader for the FP4 is signed, so loaders for other smartphones won’t work as on the FP3.
A Fairphone employee just confirmed me they can’t publish the EDL loader because of the legal situation and because publishing it would work around parts of the security model of Qualcomm devices.
Unfortunately, this only leaves the option with the official programmer and the protocol analyzer for $1,295.00 for EDL unbricking as @hirnushi pointed out. Reading about the security implications of this, I don’t think even that would be a good idea.
Maybe there’s another way not involving EDL mode, but based on countless other online forum posts of other people in your situation, I think the only way is to send it to Fairphone.
That has always been the case, but good to know there’s an official response on that matter
Since there are already official programmers out there, this isn’t really a concern to me. At some point that loader will get leaked and the question is, will there be people selling access to it or does the community benefit from it.
I’m pretty sure EDL is the last resort already, but maybe we missed something along the way (not getting my hopes up)
Using this guide from XDA combined with this XDA forum post I was able to extract hidden FP4 fastboot commands from the bootloader. They are the same on FP OS and /e/ OS.
Yeah the boot command isn’t available if OEM/bootloader is locked:
$ fastboot boot boot.img
downloading 'boot.img'...
OKAY [ 2.345s]
booting...
FAILED (remote: Fastboot boot command is not available in locked device)
finished. total time: 2.350s
Is it maybe possible to spoof the loader signature somehow?
Nope, that won’t work.
Not only would we need a loader we know actually works, but we would also need to pad that binary until we somehow end up with the exact hash that’s required. Even with a HPC cluster from a university I’m pretty sure that’s not easily achievable.
At that point that protocol analyzer and bribing someone with access to a programmer might be cheaper
Did it still come to a solution here?
I have exactly the same problem, only that I wanted to go from Lineageos back to StockRom.
And yes I was a bit fast with closing the boot partition :-(.
But I run into the same problems as my predecessor in fastboot.
Sadly we still don’t have access to a firehose file (as far as I know), so there’s no access to proper EDL for now and without that no way for the community to fix a bricked phone.