Tried flashing directly with a spare module and that one now only boots to EDL. Do you have the original firmware to see if recovery is even possible? It was RM520NGLAPR01A03M4G_01.001.01.001.
EDIT: Module EDL port is bricked and cannot write anything to the module. Any flash operation in firehose now errors with ERROR: Failed to open device, type:nand, slot:0, lun:0 error:4
The erase command failed with WARN: [205]NAND Error -2 (4)
This upgrade seems to be impossible as the module is completely bricked now with a non functioning EDL port and no other ports visible.
Update on the AA flash. Spare is no longer hard-bricked.
@cgi2099 and I successfully flashed two modules so far. My spare is bricked when flashing R01A08 so not sure about success rate. The spare already had flash attempts with Lenovo firmware so it might be that you must start from base R01A03 or else the flash won’t work. The spare will now only run boot into Lenovo firmware.
The flashed module with A01R08 fails to exit airplane mode. I keep getting generic failures. I was not able to backup the QCN data but legacy CEFS was backed up. Should I restore the CEFS? AT+CFUN=1 +CMEERROR:0
as the logs I showed you some days ago, my esim installtaion was failed. that’s why I ask your help here, please point the key out to solve this problem. esim installtation logs
:
quectel_lpad_v1.0.2# ./quectel_lpad -A 1$ecprsp.eastcompeace.com$5248941DA51B424C999E9F470F66292C$ -D 1
Quctel LPAd Version: 1.0.2
Log level : 1
SIM slot : 1
Activation code : 1$ecprsp.eastcompeace.com$5248941DA51B424C999E9F470F66292C$
Confirmation code :
User consent : 0
[DEBUG] [QMIM] [qmi_manager//qmi_manager.c] [433] module works in QMI mode
[INFO ] [QMIM] [qmi_manager//qmi_manager.c] [481] Init QMI Client(0) Success
[INFO ] [QMIM] [qmi_manager//qmi_manager.c] [481] Init QMI Client(1) Success
[DEBUG] [QMIM] [qmi_manager//qmi_manager.c] [500] Do UIM HTTP Transaction Request
[DEBUG] [QMIM] [qmi_manager//qmi_manager.c] [205] Enter QMI Recieve Thread Main Loop
[DEBUG] [QMIM] [qmi_manager//qmi_manager.c] [508] Send Result : 3
[WARN ] [MAIN] [app//main.c] [386] Send QMI UIM HTTP Message Failure, But It Matched Expectation
[DEBUG] [QMIM] [qmi_manager//qmi_manager.c] [504] Do UIM Add Profile Request
[DEBUG] [QMIM] [qmi_manager//qmi_manager.c] [508] Send Result : 3
[ERROR] [MAIN] [app//main.c] [394] Send UIM Add Profile Message Failure
QPST was able to detect the modem fine. The backup for the XQCN failed and left a 1kb file. Only the CEFS backup from the main module succeeded. I was able to successfully backup the XQCN from a spare but restoring that didn’t work and still left the modem locked in CFUN 5 or CFUN 7.
Restoring a donor AA XQCN allows the modem to exit CFUN 5/7 but the factory defaults seem to be missing or have been overwritten.
AT+QCFG=“ResetFactory” now restores the data from the state my module was last in. My IMEI revision and other data seems to have been burned into the factory defaults with the update. This command previously worked before the flash and has successfully reverted all my changes before. Including the modems real IMEI.
I can confirm this by changing IMEI with AT+EGMR=1,7,”IMEI” Then checking with AT+EGMR=0,7 to make sure the change succeeded. The IMEI check returns the new one but once AT+QCFG=“ResetFactory” is called my previously used IMEI is restored. The previous IMEI is definitely my IMEI that I set and used prior to the update and not the modules or the donor XQCN’s IMEI.
Other settings also reflect this like the QNWPREFCFG band locks that were previously set and used.
Could restoring the CEFS backup fix this? I tried but the QPST fails on entering sahara DL mode.
AT+QCFG=“ResetFactory” is factory reset and some configuration will be clear. It is not only recover CESF, also include others.
I am not sure if restore CEFS will help you.
Interesting, The XQCN I successfully pulled from the spare was 322kb. The donor AA XQCN I used was around 2mb which worked in getting the module out of CFUN 5 / 7.
This should be the behaviour but my custom IMEI set with AT+EGMR=1,7,"IMEI" was not cleared along with the band lock I set previously. The module does reboot and report RDY about 20 seconds after running the factory reset command. This previously worked on the original firmware and set the IMEI back to the modules IMEI.
The module otherwise functions and has held a connection for more than 24 hours so far. I will leave it as is then since the CEFS restore attempts fail in QPST. Thanks for your help so far!