EDL is an interface of Qualcomm chipsets, used to flash fastboot ROMs. It is used for unbricking purposes so it is allowed on many phones but it's been locked down on most recent Android models.
The screen will appear black and it will appear that the device is turned off, but to verify that this is not the case, we need the tools in EDL mode. The most famous is QFIL (Qualcomm Flash Image Loader), a proprietary software, but on GitHub there are many alternative open source projects.
Since we have a lot of Qualcomm-based devices, some of them can be quirky to guess how to enter EDL mode, or how to do it correctly, for instance:
On Alcatel Cingular Flip you have to first hold both volume keys, then only one of them;
On CAT B35 you have to hold * and #;
On Nokia 8110 4G you have to hold Up and Down, and during this you must insert the cable.
It is important to know first how to access EDL mode on the KaiOS device. You can try a variety of combinations like the ones just described.
Here is a list of EDL tools successfully tested on each KaiOS phone:
Click the link to the repositories, it will open a GitHub page with all the instructions on installing the tool and the commands to be used;
Click on the device icon to enter the page of the "KaiOS DEVICES" section where you can download the dedicated firehose loader.
All tests were carried out by Luxferre.
The tests on Nokia 8110 4G were carried out by Scottz.
All tests were carried out by LiKiWii U (on Discord) and Yossi.
Here is the basic guide of how to use EDL mode of Qualcomm-based devices specific for the plugnburn (by Luxferre, forked from B. Kerler) and andybalholm tools, without any proprietary dependency.
Prerequisites
Python 3.7 64-Bit;
Firehose loader binaries for your device (for example, on edl.bananahackers.net and Google Groups)
Installation
Clone the repository and install the dependencies:
git clone https://github.com/plugnburn/edl
sudo -H pip3 install pyusb pyserial capstone keystone-engine
if you're running Linux and having issues with device access, append "blacklist qcserial" to "/etc/modprobe.d/blacklist.conf", copy 51-edl.rules to /etc/udev/rules.d and 50-android.rules to /etc/udev/rules.d
NOTE, in all the next examples we will use a firehose for CAT B35, "generic_CAT_B35.mbn", you have to enter the exact name of your firehose.
Get the partition layout
using the command "python3 edl.py -loader generic_CAT_B35.mbn -printgpt", you should get something like this:
You can also dump the raw partition table into a file with the comman -gpt [filename] option, like this:
python3 edl.py -loader generic_CAT_B35.mbn -gpt gpt.img
Partition readback
You can backup any partition from the device with -r [partname] [filename] option, for instance:
python3 edl.py -loader generic_CAT_B35.mbn -r recovery recovery.img
This will save the recovery partition contents into the recovery.img file.
Erase a partition
Supply the -e [partname] option, for example to erase "userdata":
python3 edl.py -loader generic_CAT_B35.mbn -e userdata
Flash a partition
Supply the -w [partname] [filename] option, for example to replace the userdata:
python3 edl.py -loader generic_CAT_B35.mbn -w userdata userdata.img
This will write the userdata partition contents from the userdata.img file. The edl.py utility also allows raw sector-to-sector writing but you're welcome to see the command help yourself if you need to do this.
Reboot the device
After you're done with all necessary operations, it's convenient to reboot the device into a normal mode with -reset option:
python3 edl.py -loader generic_CAT_B35.mbn -reset
1. Get a spare microUSB cable and strip the insulation somewhere in the middle;
2. Detect the D+ and GND wires (usually green and black) and strip the insulation on them.
This operation is necessary to allow the two cables to connect temporarily to send the signal to the PC that a device in EDL mode is connected (see the following diagram).
Turn off the phone and connect the microUSB end of the cable to it, press the stripped wires against each other and connect USB plug to the PC;
Keep holding the wires for at least 5 seconds, then disconnect them from each other;
After this, disconnect the wires from each other. Now the PC should detect the phone in EDL mode / USB PID 9008.
You have just transformed a simple, common and inexpensive microUSB cable into a necessary tool to perform operations in EDL mode on Qualcomm-based devices. In fact an official cable with connector and which may require welding would require costs and not easy availability.
This guide was provided by Victor C. on Google Groups, that wanted to share a quick write-up on accessing EDL where button combinations / USB cable don't work (since "access ELD mode" is not always simple), using its Canadian carrier-branded Alcatel A405DL. It's not exactly the same as US unlocked A405DL so none of other methods worked for EDL. And for him EDL was required to do "userdata" partition read / write with CAT B35 firehose like others have successfully done in the previous tests (see above).
For Victor, this method will work for most Qualcomm chipsets that support EDL, as long as manufacturer wired EDL pin somewhere on the board, sure that most of them have it since this undocumented feature helps should be needed to remove the back cover, find the ground, keep shortening different test-points to the ground until you find the one that triggers EDL mode. There is a slight risk of damaging the phone.
So, let go see the detailed steps!
Remove battery and rear cover of the phone exposing various test points. Connect phone to the computer with USB cable. Run a repetitive probe of usb devices list. In linux it can be infinte bash loop: "while true; do lsusb; sleep 1; done";
Find a ground point which is any large piece of metal e.g. sim card socket, sd card socket, RF shielding etc. Prepare two probes shorted to each other or a stiff thin wire. Multimeter with leads connected to a 10A socket of the multimeter is the best option as it's also allowing you to see when you short some wrong pins;
The phone will be rebooting on it's own while plugged into USB (if yours doesn't then you need to boot it by hand each time you try a new test-point). Go ahead and short different test-points to the ground one-by-one and observe boot behavior. Depending on which test point you short to the ground you can see:
a) Multimeter shows nothing, "lsusb" shows nothing, phone keeps rebooting - move to the next test-point
b) Multimeter shows nothing, "lsusb" shows nothing, phone does not boot - move to the next test point
c) Multi meter shows current of a few 100's mA, phone does not boot - remove your leads ASAP, as you a shorting a power line and risk damaging the phone. Move to the next test-point
d) Multimeter shows nothing, "lsusb" starts showing device ID "05c6:9008" - congratulations you are in EDL mode
....
z) something else happens and you phone no longer boots - sorry, for the next KaiOS phone you may want something that supports apps side-loading
Once you determine correct test-point for edl, you may want to drill a small hole in the back cover around the same place so you can keep it accessible with cover on the phone. Pictures illustrating EDL testpoints on A405DL:
no cover
modified cover
5. Once you know how to get into edl, use a matching firehose, edl.py to read / write "userdata" partition.