# Qualcomm Sahara / Firehose Attack Client / Diag Tools
(c) B. Kerler 2018-2021
Guide made By @Jacoa on Telegram

IF YOU ALREADY UNLOCKED YOUR BOOTLOADER YOU CAN JUST RUN TWRP.BAT AFTER INSTALLING DRIVERS AND UsbDk_1.0.22_x64.msi

- Install Qualcomm_Diag_QD_Loader_2016_driver.exe from Drivers\Windows

- Boot device into 9008 mode (https://t.me/LGEV30/601417)

- Install UsbDk_1.0.22_x64.msi from Drivers\Windows (Might need to reboot computer after)

- Run Flash.bat

- Hold power and volume down, when the device reboots let go of power and do not let go of volume down (If this doesn't make your phone boot into fastboot then use adb to reboot to bootloader)

- Run Unlock.bat in Unlock folder

FOR ROOT: Transfer the zips from the ROOT folder to your phone and flash them all in any order

IF TWRP CAN NOT DECRYPT DATA/INTERNAL STORAGE YOU HAVE FOR FORMAT DATA IN THE WIPE SECTION
IF YOU WANT TO FLASH AOSP 10/11 YOU WILL HAVE TO FORMAT DATA IF YOU DID NOT ALREADY



All Commands:
edl.py printgpt --memory=ufs --lun=0" -> to print gpt on lun 0
edl.py printgpt --memory=ufs" -> to print gpt of all lun
edl.py rf lun0.bin --memory=ufs --lun=0" -> to dump whole lun 0
edl.py rf flash.bin --memory=ufs" -> to dump all luns as lun0_flash.bin, lun1_flash.bin, ...
edl.py rl dumps --memory=ufs --lun=0 --skip=userdata,vendor_a" -> to dump all partitions from lun0 to directory dumps for device with ufs and skip userdata and vendor_a partition
edl.py rl dumps --memory=ufs --genxml" -> to dump all partitions from all lun to directory dumps and write rawprogram[lun].xml
edl.py rs 0 15 data.bin --memory=ufs --lun=0" -> to dump 15 sectors from starting sector 0 from lun 0 to file data.bin
edl.py r boot_a boot.img --memory=ufs --lun=4" -> to dump the partition "boot_a" from lun 4 to the filename boot.img
edl.py r boot_a boot.img --memory=ufs" -> to dump the partition "boot_a" to the filename boot.img using lun autodetection
edl.py r boot_a,boot_b boot_a.img,boot_b.img --memory=ufs" -> to dump multiple partitions to multiple filenames
edl.py footer footer.bin --memory=ufs" -> to dump the crypto footer
edl.py w boot boot.img --memory=ufs --lun=4" -> to write boot.img to the "boot" partition on lun 4 on the device with ufs flash
edl.py wl dumps --memory=ufs --lun=0" -> to write all files from "dumps" folder to according partitions to flash lun 0
edl.py wl dumps --memory=ufs" -> to write all files from "dumps" folder to according partitions to flash and try to autodetect lun
edl.py wf dump.bin --memory=ufs --lun=0" -> to write the rawimage dump.bin to flash lun 0
edl.py e misc --memory=ufs --lun=0" -> to erase the partition misc on lun 0
edl.py gpt . --genxml --memory=ufs" -> dump gpt_main[lun].bin/gpt_backup[lun].bin and write rawpartition[lun].xml to current directory (".")