Samsung Z130H v0.6
Samsung Z130H v.07
Xiami Redmi Note 4X
HTC SensationXL (PI3920000) ISP
HTC One M8y (0P6B63000) ISP
RIFF Box v1 (Black box) users who havent used 15 days trial can activate it after installing JTAG Manager v1.76 and downloading new data.
In case that trial period is used but fw version is still 1.48 or older, please request trial reset in "Account recovery" section.
Box S/N and "Trial reset" required.
- fixed RIFF1 firmware bug which caused random box restarts during ISP flashing
- fixed RIFF1 firmware bug which caused freezing during consequtive eMMC write operations in single session
- fixed RIFF1 & RIFF2 firmware bug which caused erasing the first block of eMMC chip's user area after reading eMMC firmware or reading Samsung Smart Info
- added USB mode: it is possible to connect supported devices via USB cable; (Qualcomm Sahara Firehose and Streaming Download protocols)
- added UFS memories support via USB interface.
- added feature to remember each partition address and length settings on USB read/write page;
- added feature to remember each partition address and length settings on eMMC read/write page;
now when partition is changed, the relevant Address and Length fields are changed to correspond values which were set for selected partition;
- fixed an issue with settings when there are no downloaded resurrectors or if there are not all kinds of resurrectors are present;
Now informative dialogs are displayed for users to be able to clue out what's to be done.
- fixed an issue when user tries to select Resurrectors filter (for example to filter only ISP Resurrectors) and there are no Resurrectors of the selected Filter kind;
Now informative dialogs are displayed for users to be able to clue out what's wrong. And deadloop with settings is avoided now.
- added information on the Plugins page - in case there are no plugins are downloaded yet, the not experienced user can see information about plugins and how to get them;
- revised the "Resurrector Settings" logic: renamed to "Automatic Parameters" and "Manual Parameters by User".
When selected "Automatic Parameters", the required connection settings are used from the Resurrector DLL: for all modes - JTAG, eMMC, USB.
Please note, any settings (values) present in the ISP Resurrector DLLs are copied when DLL is selected and are not forced not to be changed later by user.
Thus for ISP mode, all settings (interface, SD_CLK, voltage and bus width) can be modified anytime, and are not grayed out in the "Automatic Parameters" mode.
When selected "Manual Parameters by User", the required connection settings are used from correspondent fields.
Additional checks added to eliminate irregularities during connection to the device when incorrect mode DLL is selected in the list.
Message dialogs are displayed to inform user what has to be done in order to fix the problems
- completely reworked scenarios for cases when "Automatic Parameters" or "Manual Parameters by User" option is selected
It now complies to following rules: when "Manual Parameters by User" are selected, the settings block is changed depending to currently active Page.
For example, if eMMC Read/Write page is active, ISP settings block is displayed, if DCC Read/Write page is active, JTAG Custom Settings block is displayed, etc.
In case "Automatic Parateres" is selected, no matter what active page is selected, the settings block which corresponds to the mode of selected resurrector is displayed.
This helps to eliminate illogical scenarios - for eample, when selected resurrector is ISP Resurrector and user tries to Read/Write memory on DCC Read/Write Page.
In this case Error Message dialog is displayed for user.
- implemented more informative and self-explainable run-time rebuild of the JTAG Manager's settings blocks interface when Automatic Parameters" or "Manual Parameters by User" are selected.
- added USB Connection Mode (Qualcomm Sahara)
- added support for parsing EFI,PIT,MBR-type dumps from UFS memory (Page Size = 0x1000)
- added option to select active Partition to be parsed - in this case "Parse Connected Memory' button will parse precisely the selected partition,
and "Parse Local Dump File" button will assume that parsed dump was read from the specified partition;
- [Parse Official Firmware]: Improved loading MTK partition files which are named with prefix '__NODL_' while on disk those are named without prefix.
- [Parse Official Firmware]: fixed the bug when clicking the "Read Form Connected Device" button to read partition sizes during the MTK scatter file parsing did nothing.
- for PIT/EFI parsed dumps/devices improved parsing when 'Show Gaps' is checked; __NOT_ALLOCATED space at the end of image file is autodetected for BACKUP_GPT partition.
- added automatic select/deselct all partitions feature to context menu (right-click on partitions list, then chose desired action)
- fixed the bug when plugin loaded (injected) in total more than 2GB of partitions data then reading wrong data could occur.
- default chip size (which is used when expanding expandable partitions - those with size = 0) is changed flrom 64GB to 512GB
- [Load Firmware Files]: fixed bug when loading firmware files from GPT partition: if "gpt_backup" file was present, the gpt_backup file was loaded into gpt partition, instead of 'gpt_main';
- fixed EXT4 File System Parser bug: 64bit addressing was handled incorrectly, thus some contents (directories/files) may be not parsed
- EXT4 File System Parser is optimized, parsing is done much faster
- Fixed file names encoding in EXT4 File System Parser. Now names are recognized as UTF-8 strings
- when loading official firmware, the partitions list is automatically rewinded to always keep showing currently loaded partition progress;
- reworked the main interface window - now parsed partitions list and File System contents explorer are moved to separate pages.
- File System contents explorer now builds the list of all partitions detected with supported file systems at once; to initate the parsing of selected partition just enough to expand its tree node
- added 'Preview' to the The contents explorer. It is possible to instantly start checking the selected file's conents - supported currently: text files, picture files, ELF files.
To check the file it is not necessary to export it to the hard disk first, just click on file and in preview window the contents of the file will be displayed.
- [Parse Official Firmware]: added support for Qualcomm XML programming files: to load click the "Parse Official Firmware" button and select Qualcomm's XML file (like rawprogram0.xml); Plugin will create list of partitions from it,
will load required files into partitions and will be instantly ready to flash those into connected device.
- Renamed old buttons 'Read Selected', 'Flash Selected' to 'Read Selected Full Area', 'Flash Selected Full Area'
and added 'Flash Selected Used Area' button: it is possible now to flash either only the used area of partition or the full partition area.
For example, if full partition size is 1GB, but the meaningfull data file injected into it was 1MB, there is no point flashing full partition area (1GB). Instead, to save time just first 1MB can be flashed with 'Flash Selected Used Area' button
This feature is especially useful when flashing partitions after [Parse Official Firmware] is executed.
- [Parse Official Firmware] - optimized parsing firmware file. Loading any firmware files now happen almost instantly. Plugin now works with external files of partitions on-the-fly, so it is not required now to waste time injecting file's data into partition during parsing stage.
Sparse packed files are handled on-the-fly as well. All operations are performed in the background.
From the user point of view, you just keep working with the parsed partitions as usually - as if local dump were loaded and parsed.
Xiaomi Redmi Note 5A (MDG6)
LG N3 Nexus 5X
Samsung J330F - World First
Samsung T585 - World First
HTC One X S702e PJ4610000
HTC One SV V520e PL8013000
HTC One M9 0PJA20040
HTC One M8 0P6B70000
HTC One M7 PN0711000
HTC One DS PN0771000
HTC Desire D816V 0P9C80000
HTC Desire D500 0P3Z11200
HTC Desire 626 0PM921000
HTC Desire 616 0PBM10000
HTC Desire 601 0P4E21000
HTC Desire 526G 0PL410000
HTC Desire 510 0PCV20000
Fly IQ4505 - World First
Xiaomi Redmi Note 4
Hello dear users !
We took some time to prepare latest addition to JTAG Manager and built from scratch complete Sahara protocol support (both firehose and streaming download). We didn't just embedded freely available tools from Qualcomm (emmcdl and qh_loader), instead, we used own code.
Great work is done on eMMC Plugin too, which now supports USB, ISP and JTAG access. You can select partition on LU (Logical Unit) to parse.
Among other improvements, we added GPT repair/adjust which serves as analogue to patch0.xml used with QFIL.
"Adjust GPT" will automatically update checksums and resize userdata partition to fill whole chip. This is valuable in cases where gpt is from different chip size.
There is more work, but we feel confident that current functions can satisfy most of the needs in servicing and forensics fields.
So, for start, few important tips:
1. Make sure to have Qualcomm drivers installed
2. Most Snapdragon 200 firehose loaders don't have read support, also some will not output storage info (size, SN, brand). We found out that there is one universal firehose looader which supports all this, but uses a bit different protocol. As this is Alcatel loader, we named it "Alcatel Firehose".
It can be used with MSM8x10, MSM8x12, MSM8x26 which otherwise don't have read support. File is attached here.
3. Sahara protocol requires phone to be in EDL mode. To enter EDL mode, exist few methods:
1. Kill phone BootChain or GPT
2. Switch to EDL from ADB or from TWRP: (TWRP tested on some Samsung models)
"Adb reboot EDL"
3. Use EDL cable (Xiaomi phones for example)
4. Activate Diag mode and JTAG Manager will switch it to EDL automatically if phone supports it.
5. Hold Vol+ for 10 seconds (OnePLus models)
6. Short EDL TP-s if exist
7. Short CMD to GND
9. Most reliable method is to remove eMMC
During testing period I've received Xiaomi Redmi 3x device with locked MiCloud, so here is link to it's firmware with custom rom and unlocked bootloader, flashable as XML firmware.
AOSP ROM, micro GAPPS preinstalled:
Redmi Note 4X
Redmi Note 4
Redmi 5 Plus
Redmi Note 5A
Redmi Note 5A Prime (MDG6S)
Mi 5X (MDT2)
reworked the Error Handling mechanics in ISP eMMC reading code.
Now errors are handled in smart way, when read errors happen, plugin automatically re-reads erroneous address as many times as needed until the read happens without errors
This greatly increases plugin ISP read stability, and allows working even with very poor quality of ISP connection;
the counter of I/O read errors happened during operation is added to the plugin main window status bar.
added Backup partitions feature: For this, select needed partitions, right-click with mouse, and choose ‘Backup partitions’.
This will extract current data from partitions and store contents into single file.
This backup can be restored later with ‘Load Backup File…’ right-click feature.
added ‘Used Size’ column into the parsed partitions list window
partitions extraction (like save Partition, save Selected Partitions, etc) algorythm is changed: now are to be saved only used part
of partition (specified by used size), the remaining of allocated partition bytes are not saved.
added UFS-based devices support for Repair Packages
interface skin is updated
some other fixes applied.
global CTRL+A shortcut is added to start eMMC Plugin
global CTRL+E shortcut is added to start Edit Package
Full revisision of Jtag Manager interface is performed. Some visual changes are implemented.
JTAG Manager now supports Windows 10 high-resolution screens (DPI settings from 100 to 300% were tested, and interface looks nice and smooth)
Added ‘Recalculate GPT’ action to Package (PKG) Manager. Starting from current JTAG Manager version, packages with this action can be created/executed
Added ‘Erase Flash Memory via ISP/USB’ action to Package (PKG) Manager. Starting from current JTAG Manager version, packages with this action can be created/executed
Added ‘Reset USB Loader’ action to Package (PKG) Manager. Starting from current JTAG Manager version, packages with this action can be created/executed
“Save to File” button on eMMC Read/Write and USB Read/Write is changed to “Show HEX” button when SHIFT key is pressed.
“Show HEX” button will open hex window with data from previous read operations.
added feature to wait for Qualcomm Emergency Download Mode (EDL) when booting devices through this mode;
improved the box firmware update process.
fixed eMMC Erase: any erase (from JTAG Manager eMMC Read/Write page) were performed on User Area Partition, no matter what partition was selected in the JTAG Manager;