Flashing Motorola EZX phones ---------------------------- There is a way to flash Motorola EZX phones on Linux machine. Here is a link to tools that can help. Currently flash only EZX part of Phone. LTE part is NOT flashed. unshx - extract all codegroups from SHX file. uncg35 - parse CG35 and extract cramfs from it. fixloader - fix loader at a0200000 and write correct codegroups to erase parseheader - parse shx header and dump some info from it p2kmoto - lib for accessing motorola phones from Linux ezxflash - flasher To build all stuff, libusb and qt4 should be installed Compiling --------- 1. Build p2kmoto lib. It use automake so should be easy (./configure, make, make install) 2. Build ezxflash. Qt4 is required. It use qmake so use: qmake make 3. build other utils. Just launch ./build. Flashing phone -------------- 1. Copy shx file to directory with tools. 2. Use unshx to extract all codegroups from firmare: dion@debian:~/tmp/ezxflash% unshx/unshx firmware.shx This will generate a lot of bin files. filename - address where file will be flashed. Another generated file - list.txt. It contains addresses of all codegroups. 3. Now it's possible to edit codegroups or replace some of them with modified ones. Addresses of all codegroups can show parseheader tool: dion@debian:~/tmp/ezxflash% parseheader/parseheader firmware.shx Codegroups: 15 T N R PR Start End Size Jump ??? ? C1 A C2 ? Ver CRC ?? 00 0 03 23 a0200000 a023c0a3 245924 00000000 00000000 00 0d 02 02 03 00ff00 0209 0000 00 0 00 25 03fd0000 03fefff7 131064 00f8fe03 b17219e9 00 0c 02 02 03 00ff00 02f4 0000 00 0 01 25 10080000 100800c7 200 e7180810 000000b1 00 0c 02 02 06 ffff0d b001 0000 00 1 01 25 100800c8 102defd7 2486032 e7180810 000000b1 01 0c 02 02 06 ffff0d b058 0000 00 3 01 25 10040000 10046aaf 27312 e7180810 000000b1 01 0c 02 02 06 ffff0d b0f7 0000 00 2 01 25 10390000 103fffff 458752 00002800 4ca494ba 00 0c 02 02 02 00ff00 0254 0800 00 18 01 25 10310000 103107ff 2048 10003110 000000b1 00 0c 02 02 02 00ff00 022d 0000 00 38 03 23 08c00000 0a799077 28938360 00000000 00000000 00 0d 02 02 02 00ff00 02c3 0000 00 32 03 23 00020000 000f5f6f 876400 00000000 00000000 00 0d 02 02 02 00ff00 02ca 0000 00 33 03 23 00120000 0190bfff 25083904 00000000 00000000 00 0d 02 02 02 00ff00 02a7 0000 00 34 03 23 01a00000 01f7ffff 5767168 00000000 00000000 00 0d 02 02 02 00ff00 0252 0000 00 35 03 23 08000000 08b2724f 11694672 00000000 00000000 00 0d 02 02 02 00ff00 02e6 0000 00 37 03 23 01fc0000 01fdffff 131072 00000000 00000000 00 0d 02 02 02 00ff00 02e8 0000 00 36 03 23 01fa0000 01fa5fff 24576 00000000 00000000 00 0d 02 02 02 00ff00 025f 0000 00 39 03 23 01fe0000 01fe00c3 196 00000000 00000000 00 0d 02 02 02 00ff00 023d 0000 N - codegroup number, Start - start address. Also if codegroup is not modified, it's possible to remove it. So it will not be flashed and save some time and battery. After removing file with CG, don't forget to remove CG from list.txt 4. Run fixloader. This tool will modify loader at a0200000. It will check that all codegroups have correct size and will write this size to loader. Also it will remove from loader info about removed CG's: dion@debian:~/tmp/ezxflash% fixloader/fixloader Will erase 13 CG's Boot loader: a0200000 CG at 03fd0000 not found. Possible LTE CG. Ignored CG at 10080000 not found. Possible LTE CG. Ignored CG at 10040000 not found. Possible LTE CG. Ignored CG at 10390000 not found. Possible LTE CG. Ignored CG at 10310000 not found. Possible LTE CG. Ignored 38 08c00000 0a799077 08c00000 0bffffff 32 00020000 000f5f6f 00020000 0011ffff 33 00120000 0190bfff 00120000 019fffff 34 01a00000 01f7ffff 01a00000 01f9ffff 35 08000000 08b2724f 08000000 08bfffff 37 01fc0000 01fdffff 01fc0000 01fdffff 36 01fa0000 01fa5fff 01fa0000 01fbffff 39 01fe0000 01fe00c3 01fe0000 01ffffff This tool will generate list_ezx.txt with list of all EZX codegroups which will be flashed. 5. Flash phone. Launch ezxflash tool. This tool can flash phone, send some commands to it, send loader and some other things. Power on phone by pressing Camera, Volume- and Power button. Blue screen should appear. Program should detect phone. Click to correct device in device list and press "Use device". After this, press "Flash" button and locate file list_ezx.txt. ---------------------------------------------------------------------------------------- DON'T TRY TO USE list.txt. It contains also LTE codegroups which can not be flashed now. ---------------------------------------------------------------------------------------- During flashing, there will be one device reenumeration. Phone will disappear for a moment, and then appear again. This is normal. Dmitry.