Factory Restore for FxTec Pro1


Introduction

Factory restore allows you to reset your device to a completely clean state, (almost) exactly as it was shipped from the factory. This is usually only be done as a last resort when other attempts at fixing a misbehaving device have failed.

Background

You should be aware of the factory restore process and some of the terminology before attempting to perform a factory restore.

About Factory Restore Mode

Qualcomm implements factory restore mode with a special protocol that is accessed very early in the startup process before Android is loaded. This mode is commonly known as EDL (Emergency DownLoad) mode or sometimes "Deep Flash" mode. All recent Qualcomm devices have the ability to enter EDL mode. This is how the factory installs the initial software on the device from a blank flash memory chip.

EDL mode requests a "programmer" from the host over the USB port using a proprietary protocol known as "sahara". Once loaded, the programmer waits for commands in another proprietary protocol known as "firehose". This protocol allows the host to write arbitrary data to the flash memory, among other things.

Note! The EDL protocol is "one shot". If anything fails, the device halts and it must be restarted in EDL mode to try again.

Boot Loader Stages

Qualcomm devices boot in stages. This is a very brief, non-technial overview of the boot stages relevant to EDL.
Stage 1: Primary Boot Loader
The Primary Boot Loader (PBL) is implemented in ROM (real, actual, read-only memory that cannot be overwritten).
Stage 2: Extended Boot Loader
The Extended Boot Loader (XBL), sometimes called the Secondary Boot Loader (SBL) is in the "xbl" partition in flash memory.
Stage 3: Application Boot Loader
The Application Boot Loader (ABL) is in the "abl" partition in flash memory. ABL is the user visible "bootloader" that is invoked when the user requests booting to the bootloader. ABL implements the fastboot protocol, among other things.

Accessing EDL Mode

EDL mode may commonly be accessed in three different ways. Not all of these are accessible on all devices. Further, only the PBL (method 1) is guaranteed to always be available. The other two depend on various stages of the boot loader working properly.
Method 1: Via PBL
This does not require anything on the device to be funcional. However, it does require disassembling the device and shorting two of the pin pads on the motherboard. Please contact me if you need to use this method.
Method 2: Via XBL
This requires XBL to be functional and requires the use of a "deep flash" cable. If you do not have such a cable, a short strand of copper wire may be used in a pinch. Please contact me for instructions if you wish to use a copper wire.

Start with the device powered off. Attach the cable to the device. Hold the "deep flash" button down on the cable while plugging the cable into a PC. Wait about 3 to 5 seconds, then release the button.

Method 3: Via ABL
This requires XBL and ABL to both be functional.

Start with the device powered off. Hold both volume keys down and then press the power key. The screen will briefly flash the boot logo and then go blank again. Release all the keys.

Host Configuration

Some host operating systems require a bit of configuration.

Linux

Create file /etc/udev/rules.d/99-qcom.rules with the following contents:
SUBSYSTEM=="usb", ATTRS{idVendor}=="05c6", GROUP="plugdev"
  
Ensure your login user is in the plugdev group.

MacOS

No configuration is necessary.

Windows

Obtain a copy of zadig and run it.

Connect your device in EDL mode.

Ensure that the driver for QUSB__BULK with USB ID 05C6:9008 is set to WinUSB.

After setting up the driver, reboot your device in EDL mode to ensure that it is ready to communicate with teh programmer. Remember, EDL is a "one shot" protocol.

Please note that Qualcomm has an official EDL driver that will install by default. The official EDL driver is not compatible with this programming tool. It must use WinUSB.

Programming the Device

In order to program the device, you will need the programmer application and a data file containing the factory firmware.

Obtaining the Programmer

The programmer is available via the following links:

Linux

MD5: ff31f29031ba23725993ef3166e81ce3

SHA1: ed3ddf49d68ae562a1a5e86fa33a0dfd83484569

MacOS

MD5: 1c700479bf8e88ae1a830a3d8e1b655f

SHA1: bcf4c53b014414d2cfb4d8458acdaad337b22274

Windows

MD5: 0b711c64e9356ade609297fb543d51ea

SHA1: 5015038b0a5942c1ab696fb884c83104eae65f12

Obtaining the Factory Firmware

Download one of the following firmware files:

2020-07-07

MD5: c322d323c712ffc0489c596930425170

SHA1: a1473c1a4f566c03506f8d5703fc15ac0aeec535

2019-10-28

MD5: 6b0dfc932e8fd2b64de8fb4167b7ac06

SHA1: 645eeda671ac5a22de6c56fb3adea34a6687ae15

Flashing the Factory Firmware

The programmer should be pretty self explanatory.

Open the factory firmware file. The programmer will validate its integrity.

Connect your device in EDL mode at any time.

In the option menu you may select "No Write" to do a "dry run" which will not actually write to the device. You may also select the flash type:

After the integrity check completes and the device is detected, the flash button will appear. Press it to begin the flash process.

Do not disconnect the device until the flash process is complete!

You may cancel the flash process at any time. The program will not stop writing until after the base data has been written. This ensures that the boot loader is functional up to at least ABL.

Once the flash process is complete, the device will automatically reboot.