How to Dump / Read Qualcomm Firmware

dumping firmware on Qualcomm devices is not easy like mediatek devices because it require test point and a firehose file, so if you know how to do test point then definitely  you can Read any qcom device firmware by following the below Instructions.

Requirement:

• QFIL
• emmcdl
• 9008 usb driver
• Firehose/Programmer

Instructions:

• Install QCOM 9008 USB driver
• short test point + Connect Phone to computer using usb
• Open QFIL, Then choose “Flat Build” as Build Type load Firehose file
• Then you have to choose correct storage type in QFIL Setting’s
• click tool & select partition manager

• Please take note on the Start LBA and LBA number of the last partition.
  Take Redmi 5a partition table for example, the last partition is “Data”, it’s Start LBA and LBA number are 0x01E20000 and 0x0545BFDF. Add both of them will get the total sector numbers of whole eMMC storage – in this case, 0x0747BFDF, or 122,142,687 sectors. Multiple the sector numbers with 512 will get the total bytes of the eMMC storage, in this case, the capacity of eMMC storage is 62,437,055,744‬ bytes.
• You’ll need the number 122,142,687 for later use.
• Open device manager and note down QCOM 9008 USB device PORT
• Now Open command window and send below code (replace COM Port and num_sectors with correct data

C:\Program Files (x86)\Qualcomm\QPST\bin\fh_loader.exe" --port=\\.\COM8 --search_path=D:\android\ --convertprogram2read --sendimage=full_dump.bin --start_sector=0 --lun=0 --num_sectors=122142687 --noprompt --showpercentagecomplete --zlpawarehost=1 --memoryname=emmc

• wait for dumping procedure complete.
• Flash dump, (Replace COM port and file Path)

C:\Program Files (x86)\Qualcomm\QPST\bin\fh_loader.exe" --port=\\.\COM8 --search_path=D:\path\to\your\dump --sendimage=full_dump.bin --start_sector=0 --lun=0 --noprompt --showpercentagecomplete --zlpawarehost=1 --memoryname=emmc

write single partition using FH_loader.exe (replace COM port, Sector and storage type)

fh_loader.exe --port=\\.\com --sendimage=keymaster_a.img --start_sector=83466 --lun=4 --noprompt --showpercentagecomplete --zlpawarehost=1 --memoryname=ufs

Method 2:

in this Method we use EMMCDL to dump device partition

• Install QCOM 9008 USB driver
• short test point + Connect Phone to computer using usb
• open CMD in EMMCDL Folder and send code one by one, replacing partition name

emmcdl -p COM10 -f prog_emmc_firehose_8953_ddr.mbn -d recovery -o recovery.img

COM10= correct device port from device manager
prog_emmc_firehose_8953_ddr.mbn = correct programmer file for your device.

Get partition table

emmcdl.exe" -p COM8 -f  prog_emmc_firehose_8953_ddr.mbn -gpt