EC20 QFlash

The EC20 Qflash utility is using 3 different device modes to update the firmware:
a) QDL
b) QDL SBL / also named "Go mode" by Qflash
c) fastboot

Overview of one flash procedure

  1. Reboot into QDL mode
  2. QDL: Upload NPRG9x15.hex to enter QDL Streaming Mode
  3. Streaming: Flash *.mbn
  4. Streaming: Flash SBL2_temp
  5. Reboot into fastboot mode
  6. fastboot: Flash other parts
  7. Reboot into QDL
  8. QDL: Upload ENPRG9x15.hex to enter QDL Streaming Mode
  9. Streaming: Flash SBL2
  10. Reboot into new Firmware

QFLash in detail

How to enter QDL mode

Do one of:
  • Erase everything
  • Pull down/up a specific GPIO
  • AT+QDL

QDL mode

The QDL mode allows to load code into memory and execute it.
It's also possible to read Memory
QFlash is using loading and executing NPRG9x15.hex or ENPRG9x15.hex. to enter the

Try: ./ec20/NPRG9x15.hex or if it fails try ./ec20/ENPRG9x15.hex to enter next mode. E in ENPRG9x15 stand for emergency.

Qflash in QDL

Send Nop `0x7e 0x06 CRC 0x7e`
Send preq `0x7e 0x07 CRC 0x7e`
Upload hex file `0x7e 0x0f loadaddr|32bit size|16bit data CRC 0x7e`.
Go `0x7e 0x05 loadaddr|32bit CRC 0x7e`.
The device now go's into SBL / Go Mode

SBL / Go mode

Magic enter "QCOM fast download protocol host"
Upload partition table `0x7e 0x19 data CRC 0x7e`
- use partition.mbn if not accepted, try partition2.mbn
Flash mbns:
- SBL1: `sbl1.mbn`
- SBL2: `sbl2_tmp.mbn`
- RPM: `rpm.mbn`
- APPSBL: `appsboot_tmp.mbn`

The device now reboots into fastboot using the USB id 18d1:d00d (Google fastboot).

Device is in fastboot mode

flash parts:
- sbl2
- aboot
- dsp1
- dsp2
- dsp3
- system
- userdata
- recoveryfs
- boot
- recovery

Now reboots.

2nd QDL and QDL SBL mode:

The devices now reboots into QDL mode.
Enter SBL mode / Go mode using the emergency ENPRG9x15.hex.

It's flashing now the real SBL2 bootloader.

How Qflash finds out in which mode the device is?

Send `0x7e 0x06 CRC 0x73`
if recv "0x7e,0x02,0x6a,0xd3,0x7e" => download mode (QDL)
if recv "0x13,0x06,0x88,0xd5,0x7e" => normal mode (diag?)
if recv "0x7e,0x0e" => go mode (SBL)

FAQ: The device is in QDL and disconnect and reconnecting every 2 seconds

Uninstall the gobi-loader. The gobi-loader will try to load the Gobi2000 firmware into
the EC20 because the udev rules contains the QDL usb id (9008).