Find contentSorry I will open another topic about hard-softbricked d6603.
Introduction:
I have two z3, one have hardware damage but still boot up. I wasnot able to fix that hardware damage with my air reflow station. So swapping emmc isnot a solution (for now).
I really would find a software way to solve this. I have almost any time it require and *some* lab equipments.
How I bricked it:
I 'accidentaly' wrote junk into the TZ partition while attempting to solve HW encryption support into LineageOS. To be accurate, the flashtool sin extract failed and I got like 8B of junk before the right header.
Anyway, the device doesn't start anymore.
What had been tested:
Here, in xda, there is almost everything I already have done. I will try to make a resume:
- With the known testpoint device got detected as "SOMC flash device" but no software seems able to handle it.
- flashtool recognise it but looks like there is no flash mode for it,
- s1tool is able to communicate, retrieve hardware ID and throw 'unsupported'
- The actual bootloader output show booting until TZ exec where it fail (obviously)
- Insert a sdcard clearly have effects as loading times increased a lot (depending of sdcard speed)
Someone on IRC really helped me with that sdcard trick but for now with no results. I just order a v30 sdcard because slow sdcard seems to be problematic on other devices he tried.
The idea behind sdcard is to write a specific gpt table, with the right partition type, as the preloader can load them, instead of the emmc ones.
Am wondering if:
- there is a specific testpoint for the sdcard swap,
- it is require to have specific board/box/software for jtag reflash (I prefer software way but, you know, I want to fix it) or a buspirate/raspberrypi can do the trick,
- a specific test point exist to use 'alt_' partition instead of normal ones / how trigger a copy of 'alt_' partition into normal ones?
Idea behind is: solve my device, make something usable for everyone (lot of devices are bricked on xda because of that bootloader DRM ****)
Thanks in advance for your advices.
P.S.: from the 'UART' connector (lets call RX 1 and the opposite one 20) I notice some similar curves with my scope (analog, no way to dump):
9 seems to be the 'SOMC' testpoint
11,12,13,15,16,18 have really similar curves: jump at high level while cpu is on, but only the 'SOMC' testpoint have a resistance of 150k?. All the ones listed have really low, or really high impedances.
P.S.2: sorry for wrong vocabulary and bad english, am really new to this world 
