What is possible with this phone without completely breaking it

I want to create my own Linux distribution for a Meizu Pro 5 phone, but I couldn’t find some informations I need on the internet.

I have the Ubuntu edition of the phone, and I have made a copy of /dev/sd{a,b,c} using dd.

It seams like fastboot and the bootloader are on sdb, is this correct?

sdc seams to be empty (completly zeroed out), has it any purpose?

Can I use fastboot to flash an Image to address 0x0 of sda in order to flash an Image of the whole sda which I created using dd?

sda contains a protective MBR and a GPT partitiontable starting at 0x1000. The system, recovery, etc. partitions are on sda. If I override sda completly with zeros, would it still be possible to flash an image to sda using fastboot, and if not, what can I not change without breaking fastboot?

If I flash a partition using fastboot, how does fastboot know at which address to flash the image? Does fastboot read the GPT partition table or is the offset hardcoded?

Is the recovery partition the only partition required in order for the recovery mode to work?

Is the offset of the bootimg and the recovery partition hardcoded in the bootloader, or can I change where these partitions are located?

Is there a way to display kernel boot messages during boot time and/or emulate the hardware of a Meizu Pro 5?

I am currently performing some reverse engineering on the bootloader on sdb, it appears to be a fork of an old u-boot bootloader from 2012, I found the following in the bootloader binary:

U-Boot 2012.07-g8fc98d3 (Mar 17 2016 - 18:42:51) for M86 release

As far as I can tell, there doesn’t seam to be a way to flash an image to an arbitrary address of sda, nor to change the partition table using fastboot, but I keep searching. Since it is an U-Boot bootloader, it should use the GPT Partition table when flashing images using fastboot and when booting the bootimg, etc. but I haven’t tried this out yet, since I still don’t know a way to fix the partition table if I make a mistake.

I also found a fastboot oem command, read_psn, It just returns the psn number.

The bootloader seams to contain some code to restore the initial GPT Partition table, but I couldn’t find a way to access it using fastboot yet.

I just found some more OEM commands:

  • random // returns a random 128bit number in hexadecimal format (32 characters)
  • reboot [recovery] //reboots the device, devaults to bootimg if nothing else specified
  • unroot

I also found some fastboot getvar variables:

  • product: smdk
  • downloadsize: a0000000
  • chipid: 06b68e687b88
  • lock_state: unlocked
  • version: 0.4

@Daniel-Abrecht I don’t understand 50% of what it’s described but i support you we need more guys like you to port custom roms and mods to this device ! :astonished: :)

It seams like other people already knew about these bootloader command, since I found them in this thread recently. There are also some other interesting oem commands, like cmd “fdisk -c 0” for example, I wonder what they do, and if they are documented somewhere, because this could be exactly what I am looking for, once I know exactly what those commands are doing, I may be able to repair my phone if I break my Partition table as long as I don’t override the boot loader, which would mean I could try out all those things I couldn’t do yet without risking to completely breaking my device.

Looks like your connection to Meizufans was lost, please wait while we try to reconnect.