Factory Restore for FxTec Pro1
Introduction
Factory restore allows you to reset your device to a completely clean
state, (almost) exactly as it was shipped from the factory. This is
usually only be done as a last resort when other attempts at fixing a
misbehaving device have failed.
Background
You should be aware of the factory restore process and some of the
terminology before attempting to perform a factory restore.
About Factory Restore Mode
Qualcomm implements factory restore mode with a special protocol that is
accessed very early in the startup process before Android is loaded. This
mode is commonly known as EDL (Emergency DownLoad) mode or sometimes "Deep
Flash" mode. All recent Qualcomm devices have the ability to enter EDL
mode. This is how the factory installs the initial software on the device
from a blank flash memory chip.
EDL mode requests a "programmer" from the host over the USB port using a
proprietary protocol known as "sahara". Once loaded, the programmer waits
for commands in another proprietary protocol known as "firehose". This
protocol allows the host to write arbitrary data to the flash memory,
among other things.
Note! The EDL protocol is "one shot". If anything fails, the
device halts and it must be restarted in EDL mode to try again.
Boot Loader Stages
Qualcomm devices boot in stages. This is a very brief, non-technial
overview of the boot stages relevant to EDL.
Stage 1: Primary Boot Loader
The Primary Boot Loader (PBL) is implemented in ROM (real, actual,
read-only memory that cannot be overwritten).
Stage 2: Extended Boot Loader
The Extended Boot Loader (XBL), sometimes called the Secondary Boot Loader
(SBL) is in the "xbl" partition in flash memory.
Stage 3: Application Boot Loader
The Application Boot Loader (ABL) is in the "abl" partition in flash
memory. ABL is the user visible "bootloader" that is invoked when the
user requests booting to the bootloader. ABL implements the fastboot
protocol, among other things.
Accessing EDL Mode
EDL mode may commonly be accessed in three different ways. Not all of
these are accessible on all devices. Further, only the PBL (method 1) is
guaranteed to always be available. The other two depend on various stages
of the boot loader working properly.
Method 1: Via PBL
This does not require anything on the device to be funcional. However, it
does require disassembling the device and shorting two of the pin pads on
the motherboard. Please contact me
if you need to use this method.
Method 2: Via XBL
This requires XBL to be functional and requires the use of a "deep flash"
cable. If you do not have such a cable, a short strand of copper wire may
be used in a pinch. Please contact me
for instructions if you wish to use a copper wire.
Start with the device powered off. Attach the cable to the device. Hold
the "deep flash" button down on the cable while plugging the cable into a
PC. Wait about 3 to 5 seconds, then release the button.
Method 3: Via ABL
This requires XBL and ABL to both be functional.
Start with the device powered off. Hold both volume keys down and then
press the power key. The screen will briefly flash the boot logo and then
go blank again. Release all the keys.
Host Configuration
Some host operating systems require a bit of configuration.
Linux
Create file /etc/udev/rules.d/99-qcom.rules with the following
contents:
SUBSYSTEM=="usb", ATTRS{idVendor}=="05c6", GROUP="plugdev"
Ensure your login user is in the plugdev group.
MacOS
No configuration is necessary.
Windows
Obtain a copy of zadig and run it.
Connect your device in EDL mode.
Ensure that the driver for QUSB__BULK
with USB ID 05C6:9008 is set to WinUSB.
After setting up the driver, reboot your device in EDL mode to ensure that
it is ready to communicate with teh programmer. Remember, EDL is a "one
shot" protocol.
Please note that Qualcomm has an official EDL driver that will install by
default. The official EDL driver is not compatible with this programming
tool. It must use WinUSB.
Programming the Device
In order to program the device, you will need the programmer application
and a data file containing the factory firmware.
Obtaining the Programmer
The programmer is available via the following links:
Linux
MD5: ff31f29031ba23725993ef3166e81ce3
SHA1: ed3ddf49d68ae562a1a5e86fa33a0dfd83484569
MacOS
MD5: 1c700479bf8e88ae1a830a3d8e1b655f
SHA1: bcf4c53b014414d2cfb4d8458acdaad337b22274
Windows
MD5: 0b711c64e9356ade609297fb543d51ea
SHA1: 5015038b0a5942c1ab696fb884c83104eae65f12
Obtaining the Factory Firmware
Download one of the following firmware files:
2020-07-07
MD5: c322d323c712ffc0489c596930425170
SHA1: a1473c1a4f566c03506f8d5703fc15ac0aeec535
2019-10-28
MD5: 6b0dfc932e8fd2b64de8fb4167b7ac06
SHA1: 645eeda671ac5a22de6c56fb3adea34a6687ae15
Flashing the Factory Firmware
The programmer should be pretty self explanatory.
Open the factory firmware file. The programmer will validate its
integrity.
Connect your device in EDL mode at any time.
In the option menu you may select "No Write" to do a "dry run" which will
not actually write to the device. You may also select the flash type:
- Full: write all data to the device.
- Keep Data: do not write the userdata partition.
- Base Only: only flash the "base" files; exclude boot, system, vendor, etc.
After the integrity check completes and the device is detected, the flash
button will appear. Press it to begin the flash process.
Do not disconnect the device until the flash process is complete!
You may cancel the flash process at any time. The program will not stop
writing until after the base data has been written. This ensures that
the boot loader is functional up to at least ABL.
Once the flash process is complete, the device will automatically reboot.