I updated Nokia 8.1 from Pie to Android 10 and then to Android 11. Pie was good for network because Android 10 made network connection weaker and less stable then Pie. Android 11 is the most worse Android ever released. I started hating it and was desperate to get rid of it. It was slow and didn't offered me worth more than Android 10. For security 11 is better but performance is poor. Finally after 7-10 days of effort gave me success in rolling back Nokia 8.1 to Android 10.
I never unlocked bootloader of my phone and i tried lots of methods and apps and all failed. I then started going deep into the process of how this flashing apps actually worked. I cracked it and i flashed Android 10 431A stock ROM. Before i start the whole process it is critical to understand the basics. I will describe the required details even normal PC user can understand.
Just like PC where we have hard disk which contains OS phones/tablets have solid state storage. The storage that is present in SSD, Pendrive etc. The storage is split into multiple parts called partitions. Its like C, D, E etc drives of windows. If you are Linux user you will understand the phone storage much better than Windows users. Partitions are important because the files of each partitions doesn't interfere with other files of other partition. Example D drive has multimedia data and if full will not effect C drive which contains OS. If you fill media in C drive it will affect the OS.
Now coming to Phone storage & partitions. Nokia has eMMC storage. There is also UFS storage on many other devices. Knowing this storage type is critical before flashing ROM. Nokia 8.1 is powered by Qualcomm Snapdragon 710 chip. This is another critical information needed for flashing stock rom.
Now coming directly to the flashing process. You need below things and conditions to achieve flashing of rom.
- Phone in EDL mode. This is another big topic which varies from device to device. I will only write about Nokia 8.1. You can try EDL cables if it works. I opened the back cover of phone and shorted the TEST POINTS to enter into EDL mode. You can search internet for same its easily available how to do it.
- Qualcomm 9008 driver. Nokia USB driver. You can also download OST tool 6.2.8 which contains all the drivers Or download driver separately.
- QPST/QFIL (QPST_2.7.496) tool with firehose file. Firehose file is specific to a chip. I will share relevant files which are smaller in size here. Firehose file is available insize stock roms.
- Any C type cable with fast charging capability. This means cable must be able to handle 18W power which Nokia 8.1 adapter delivers. Also try to flip type c side of port horizontally because sometimes one side does not work.
- USB 2.0 port
- Windows 7/8/10. Probably 11 which i have not tested.
- Global Stock ROM PNX-431A-0-00WW-B01. Search internet to get this rom.
- "nb0 tools FIH Mobile v3.4.exe" tool to extract NB0 rom file.
Now before proceeding to flash process lets understand what these tools do.
NOTE: click on images to see them in bigger size.
Qualcomm EDL mode works with 2 communication protocols. Sahara mode and Firehose mode. Sahara mode allows user to send Firehose file to the device during EDL mode. This file understands how to communicate with device in emergency download mode. One thing to understand is during flashing process DOWNLOAD means to actually upload data to device. Device will download something not us!. This causes confusion among users who are doing it first time.
Firehose protocol works with XML format. It understands XML language and accepts file sent with xml configuration. Firehose only knows to write data to eMMC/UFS storage. Using which we write files on eMMC.
Now install the drivers, QPST, QFIL tool. Verify if drivers are installed. Turn off phone, remove battery connector from motherboard, short the test points with clip, connect phone to PC. Start device manager and check PORTS section. If you can see Qualcomm 9008 COM port everything is setup and ready to flash device. Go to QFIL tool configuration and set settings like below image.
The stock rom which you have download contains NB0 file. Which is extracted using nb0 tool. Run QFIL in admin mode and it should show like below.
Some critical notes -
- Enter into EDL mode just before taking upload/download actions using QFIL tool. EDL mode can stop responding if not utilized quickly.
- Load firehose file from extracted ROM folder into QFIL. If connected in EDL mode QFIL -> Tools -> Partition Manager will be available. Enter into partition manager. Here you can see partitions of eMMC.
- MAKE BACKUP of your eMMC partitions VERY CAREFULLY. If you lost mfd, fbo etc partitions forget your device will work again because you will need these partitions in any conditions to turn on phone. Below images shows all partitions.
- Left click on a partition then right click on it. DO NOT DIRECTLY right click because this will not select the partition your mouse is over. It will select whole disk or first partition. Click manage partitions and read image. This will create a file like below in %APPDATA%/qualcomm or QPST directory. Look at logs in QFIL where file has been extracted. Collect all partitions and save somewhere.
ReadData_emmc_Lun0_0x828_Len1024_DT_****.bin. DT is followed by date of dump. 0x???? part tell the start location of partition and Len tell length of the partition.
I am warning you again. The above step is more important than anything else in this guide. Don't blame me if your device stops starting again. Try to delete MFD partition and your device will not boot. Delete FDP partition and you will see "Your device is corrupt..... press power button to shutdown.... shutdown in 30 seconds". FDP partition holds data to verify device. MAKE BACKUP OF EVERY PARTITION. You can ignore system, vendor, userdata but this will erase your devices present state. MAKE BACKUP of every partition if possible because you can later write them back into emmc to get your phone back into the exact condition it is now. Read button copies the partition into you PC, load button writes partition into phone.
After making backup lets proceed to preparing ROM to flash. Before writing rom lets understand what these flashing tools actually do. Below is extra information. For quick flashing go to section FLASHING ROM below.
The flashing tools like OST tool, Nokia service tool and other tools simply use sahara, firehose protocols provided by Qualcomm. They use fh_loader.exe file to write data to emmc. The login process, account verification etc all extra stuff they have added to make money from their tool. You can do flashing process from command line itself with just QPST/QFIL.QFIL must be run from within QPST installation folder. Many times QFIL doesn't work when run from its own separate package without QPST.
The first thing these tools do is send firehose programmer file to device using Sahara mode. Its done by this command -
QSaharaServer.exe -p \\.\COM4 -s 13:C:\LogData\OST\Data\PNX-0-6210-prog_firehose_lite.elf
This is what OST tool does. -p tells the com port. -s tells the firehose programmer file. After this you are ready to use fh_loader.exe to write data to eMMC (OR UFS).
NOTE:
if your bootloader is unlocked then these commands and tools are not needed. fastboot mode also does the same job. fastboot handles editing of the partitions.
After sahara has sent firehose file fh_loader can write partitions. A big xml file rawprogram0.xml is sent to fh_loader. It reads it and verifies the xml and starts sending the data according to xml file. What we have to do is edit this xml file to send all the partitions at once.
OST etc tools use default raw program xml to write service abl/xbl bootloaders and then use fastboot to flash partitions. This is where flashing fails when bootloader is locked. You can various errors like Error = SE_ERR_ADB_CMD_GET_FAIL_RESULT (0xC6DA), Error 0x0c3be uploading image using sahara protocol failed. These are all due to locked bootloader or other restrictions.
FLASHING ROM:
Go to extracted ROM folder and create a new file "rawprogram0_RECOVER_431A.xml" and paste below into it.
<?xml version="1.0" ?>
<data>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-xbl.elf" label="xbl_a" num_partition_sectors="7168" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="3584.0" sparse="false" start_byte_hex="0x4000000" start_sector="131072"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-xbl.elf" label="xbl_b" num_partition_sectors="7168" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="3584.0" sparse="false" start_byte_hex="0x4380000" start_sector="138240"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-xbl_config.elf" label="xbl_config_a" num_partition_sectors="256" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="128.0" sparse="false" start_byte_hex="0xb000000" start_sector="360448"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-xbl_config.elf" label="xbl_config_b" num_partition_sectors="256" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="128.0" sparse="false" start_byte_hex="0xb020000" start_sector="360704"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-tz.mbn" label="tz_a" num_partition_sectors="4096" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="2048.0" sparse="false" start_byte_hex="0xc000000" start_sector="393216"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-tz.mbn" label="tz_b" num_partition_sectors="4096" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="2048.0" sparse="false" start_byte_hex="0xc200000" start_sector="397312"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-aop.mbn" label="aop_a" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0xc400000" start_sector="401408"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-aop.mbn" label="aop_b" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0x10000000" start_sector="524288"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-hyp.mbn" label="hyp_a" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0x14000000" start_sector="655360"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-hyp.mbn" label="hyp_b" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0x14080000" start_sector="656384"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-keymaster64.mbn" label="keymaster_a" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0x14300000" start_sector="661504"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-keymaster64.mbn" label="keymaster_b" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0x14380000" start_sector="662528"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-cmnlib.mbn" label="cmnlib_a" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0x14400000" start_sector="663552"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-cmnlib64.mbn" label="cmnlib64_a" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0x14480000" start_sector="664576"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-cmnlib.mbn" label="cmnlib_b" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0x14500000" start_sector="665600"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-cmnlib64.mbn" label="cmnlib64_b" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0x14580000" start_sector="666624"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-NON-HLOS.bin" label="modem_a" num_partition_sectors="266240" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="133120.0" sparse="false" start_byte_hex="0x14600000" start_sector="667648"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-NON-HLOS.bin" label="modem_b" num_partition_sectors="266240" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="133120.0" sparse="false" start_byte_hex="0x1c800000" start_sector="933888"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-dspso.bin" label="dsp_a" num_partition_sectors="65536" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="32768.0" sparse="false" start_byte_hex="0x24a00000" start_sector="1200128"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-dspso.bin" label="dsp_b" num_partition_sectors="65536" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="32768.0" sparse="false" start_byte_hex="0x26a00000" start_sector="1265664"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-abl.elf" label="abl_a" num_partition_sectors="2048" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="1024.0" sparse="false" start_byte_hex="0x28a00000" start_sector="1331200"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-abl.elf" label="abl_b" num_partition_sectors="2048" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="1024.0" sparse="false" start_byte_hex="0x28b00000" start_sector="1333248"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-logfs_ufs_8mb.bin" label="logfs" num_partition_sectors="16384" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="8192.0" sparse="false" start_byte_hex="0x34000000" start_sector="1703936"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-BTFM.bin" label="bluetooth_a" num_partition_sectors="2048" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="1024.0" sparse="false" start_byte_hex="0x38104000" start_sector="1837088"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-BTFM.bin" label="bluetooth_b" num_partition_sectors="2048" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="1024.0" sparse="false" start_byte_hex="0x38204000" start_sector="1839136"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-00WW-dtbo.img" label="dtbo_a" num_partition_sectors="16384" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="8192.0" sparse="false" start_byte_hex="0x3c022000" start_sector="1966352"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-00WW-dtbo.img" label="dtbo_b" num_partition_sectors="16384" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="8192.0" sparse="false" start_byte_hex="0x3c822000" start_sector="1982736"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-persist.img" label="persist" num_partition_sectors="65536" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="32768.0" sparse="false" start_byte_hex="0x3d426000" start_sector="2007344"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-00WW-010-keyinfo.img" label="keystore" num_partition_sectors="1024" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="512.0" sparse="false" start_byte_hex="0x3f526000" start_sector="2074928"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-devcfg.mbn" label="devcfg_a" num_partition_sectors="256" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="128.0" sparse="false" start_byte_hex="0x3f5a6000" start_sector="2075952"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-devcfg.mbn" label="devcfg_b" num_partition_sectors="256" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="128.0" sparse="false" start_byte_hex="0x3f5c6000" start_sector="2076208"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-qupv3fw.elf" label="qupfw_a" num_partition_sectors="128" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="64.0" sparse="false" start_byte_hex="0x3f5e6000" start_sector="2076464"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-qupv3fw.elf" label="qupfw_b" num_partition_sectors="128" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="64.0" sparse="false" start_byte_hex="0x3f5f6000" start_sector="2076592"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-storsec.mbn" label="storsec_a" num_partition_sectors="256" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="128.0" sparse="false" start_byte_hex="0x43886000" start_sector="2212912"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-storsec.mbn" label="storsec_b" num_partition_sectors="256" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="128.0" sparse="false" start_byte_hex="0x438a6000" start_sector="2213168"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-00WW-vbmeta.img" label="vbmeta_a" num_partition_sectors="128" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="64.0" sparse="false" start_byte_hex="0x4c000000" start_sector="2490368"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-00WW-vbmeta.img" label="vbmeta_b" num_partition_sectors="128" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="64.0" sparse="false" start_byte_hex="0x4c010000" start_sector="2490496"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-0010-0001-hidden.img.ext4" label="hidden_a" num_partition_sectors="81920" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="40960.0" sparse="false" start_byte_hex="0x50000000" start_sector="2621440"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-0010-0001-hidden.img.ext4" label="hidden_b" num_partition_sectors="81920" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="40960.0" sparse="false" start_byte_hex="0x52800000" start_sector="2703360"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-00WW-030-cda.img" label="cda_a" num_partition_sectors="16384" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="8192.0" sparse="false" start_byte_hex="0x55000000" start_sector="2785280"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-00WW-030-cda.img" label="cda_b" num_partition_sectors="16384" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="8192.0" sparse="false" start_byte_hex="0x55800000" start_sector="2801664"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="systeminfo.img" label="systeminfo_a" num_partition_sectors="512" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="256.0" sparse="false" start_byte_hex="0x56000000" start_sector="2818048"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="systeminfo.img" label="systeminfo_b" num_partition_sectors="512" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="256.0" sparse="false" start_byte_hex="0x56040000" start_sector="2818560"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-00WW-030-splash.img" label="splash_a" num_partition_sectors="65536" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="32768.0" sparse="false" start_byte_hex="0x56080000" start_sector="2819072"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-00WW-030-splash.img" label="splash_b" num_partition_sectors="65536" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="32768.0" sparse="false" start_byte_hex="0x58080000" start_sector="2884608"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-00WW-030-multi-splash.img" label="zplash_a" num_partition_sectors="8192" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="4096.0" sparse="false" start_byte_hex="0x5a080000" start_sector="2950144"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-00WW-030-multi-splash.img" label="zplash_b" num_partition_sectors="8192" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="4096.0" sparse="false" start_byte_hex="0x5a480000" start_sector="2958336"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-NV-default.mbn" label="nvdef_a" num_partition_sectors="8192" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="4096.0" sparse="false" start_byte_hex="0x5a880000" start_sector="2966528"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-NV-default.mbn" label="nvdef_b" num_partition_sectors="8192" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="4096.0" sparse="false" start_byte_hex="0x5ac80000" start_sector="2974720"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-00WW-001-sutinfo.img" label="sutinfo" num_partition_sectors="8" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="4.0" sparse="false" start_byte_hex="0x5b080000" start_sector="2982912"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-00WW-boot.img" label="boot_a" num_partition_sectors="131072" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="65536.0" sparse="false" start_byte_hex="0x5e081000" start_sector="3081224"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-00WW-boot.img" label="boot_b" num_partition_sectors="131072" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="65536.0" sparse="false" start_byte_hex="0x62081000" start_sector="3212296"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-00WW-system.img" label="system_a" num_partition_sectors="6291456" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="3145728.0" sparse="true" start_byte_hex="0x66081000" start_sector="3343368"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-00WW-system_other.img" label="system_b" num_partition_sectors="6291456" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="3145728.0" sparse="true" start_byte_hex="0x126081000" start_sector="9634824"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-00WW-vendor.img" label="vendor_a" num_partition_sectors="1572864" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="786432.0" sparse="true" start_byte_hex="0x1e8000000" start_sector="15990784"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-00WW-vendor.img" label="vendor_b" num_partition_sectors="1572864" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="786432.0" sparse="true" start_byte_hex="0x218000000" start_sector="17563648"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="userdata" num_partition_sectors="0" partofsingleimage="false" physical_partition_number="0" readbackverify="false" size_in_KB="0" sparse="true" start_byte_hex="0x248000000" start_sector="19136512"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-gpt_main0.bin" label="PrimaryGPT" num_partition_sectors="34" partofsingleimage="true" physical_partition_number="0" readbackverify="false" size_in_KB="17.0" sparse="false" start_byte_hex="0x0" start_sector="0"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="PNX-0-431A-gpt_backup0.bin" label="BackupGPT" num_partition_sectors="33" partofsingleimage="true" physical_partition_number="0" readbackverify="false" size_in_KB="16.5" sparse="false" start_byte_hex="(512*NUM_DISK_SECTORS)-16896." start_sector="NUM_DISK_SECTORS-33."/>
</data>
Flash process:
- Start QFIL in admin mode. Switch to flat build.
- Select firehose programmer path "PNX-0-431A-prog_firehose_lite.elf" present inside extracted rom dir. Load XML -> (All files *.* mode) -> load rawprogram0_RECOVER_431A.xml, then do same for patch0.xml. patch is already present in rom dir.
- Connect phone in EDL mode. Port will be shown in QFIL. If not then select port from select port button.
- Press download button. Flashing will start. It will takes 5-10+ minutes to write the rom.
- Re-enter EDL mode by unplugging usb. Start partition manager and erase userdata. Click userdata then right click userdata and erase it. Same can be done from Phone by entering recovery mode. Turn off phone, press UP button then power for few seconds. When device starts release power button but keep UP pressed. When dead android robot icon is seen press power then press UP. Wipe cache and userdata. Reboot.
In case you are seeing "Your device is corrupt. It cannot be trusted. Press button to continue". You should enable dm-verity enforcing. Search internet for multiple ways to do it. e.g. https://forum.xda-developers.com/t/guide-fix-dm-verity-is-not-enforcing-when-trying-to-boot-error.3898526/
If everything has been done as written you must be having a good backup of device to get back into your initial condition and a working Android 10 on your device. I did it and i am enjoying Android 10.
CRITICAL information for experimentation:
Always verify if a file which has to be written into device is sparse or not. elf, mbn etc are raw and not sparse. IMG files can and cannot be sparse. Sparse means post processed raw image to reduce size or other purpose. Always use sparse="true" in rawprogram xml when not sure. fh_laoder will test and tell itself when download button is pressed. However best way verify xml and data is to try to create xml digest. Its present in tools section in QFIL.
