Related
Hello,
I recently try to flash my Lenovo TB-8703F under Lineage ROM.
But not my device is completly bricked and I can't power on it anymore.
When I try to flash it again under Download mode with QFLASH I get the following message :
HTML:
01:07:28: ERROR: function: rx_data:247 Error occurred while reading from COM port
01:07:28: ERROR: function: sahara_main:854 Sahara protocol error
01:07:28: ERROR: function: main:265 Uploading Image using Sahara protocol failed
Download Fail:Sahara Fail:QSaharaServer Fail:Process fail
can you help me? I just want to revive this tablet.
I've join th full log in attchment.
Thank you in advance for your help.
Ptitsnake
How can I flash my Nokia Lumia 630?
I tried on WPInternals, but it says:
Flash failed! Error 0x1106: Security header validation failed
I also tried THOR2, which also failed. It says:
Initiating FFU flash operation
WinUSB in use.
isDeviceInNcsdMode
isDeviceInNcsdMode is false
Device mode 6 Uefi mode
[THOR2_flash_state] Pre-programming operations
Disable timeouts
Detecting UEFI responder
Lumia UEFI Application did not respond to version info query
Device is not in Lumia UEFI mode
Device mode get failed, mode is 6
Connection lost, trying to re-connect
Rebooting to the normal mode...
Rebooting from the WP/MMOS failed.
Operation took about 16.00 seconds.
THOR2_ERROR_TO_COMMUNICATE_WITH_DEVICE
THOR2 1.8.2.18 exited with error code 84102 (0x14886)
Can someone help me?
I'm also having issues unbricking my Nokia 630 (RM-979),
It's completely bricked. Nothing shows on the screen. Completely black.
It is detected on Windows Device Manager as QDLoader 9008 (COM7), but I'm not being able to flash it.
I have tried:
- Windows Phone Internals
- Windows Device Recovery Tool
- NaviFirm
- Thor
Result from thor:
> thor2 -mode ffureader -ffufile "C:\rm-914\XXX.ffu" -dump_gpt -filedir C:\dump
THOR2 1.8.2.18
Built for Windows @ 13:36:46 Jun 16 2015
Thor2 is running on Windows of version 6.2
thor2 -mode ffureader -ffufile C:\rm-914\XXX.ffu -dump_gpt -filedir C:\dump
Process started Wed Dec 29 17:13:00 2021
Logging to file C:\Users\Angelo\AppData\Local\Temp\thor2_win_20211229171300_ThreadId-13244.log
Debugging enabled for ffureader
Initiating do FFUReader operations
Version of FfuReader is 2015061501
Parsing FFU... Please wait...
Failed to parse FFU file. Header size: 0x00000000, Payload size: 0x0000000000000000, Chunk size: 0x00000000, Header offset: 0x00000000, Payload offset: 0x0000000000000000
File open failed
THOR2_ERROR_FFUREAD_CORRUPTED_FFU
THOR2 1.8.2.18 exited with error code 84204 (0x148EC)
Any ideas?
Angelo Marzolla said:
I'm also having issues unbricking my Nokia 630 (RM-979),
It's completely bricked. Nothing shows on the screen. Completely black.
It is detected on Windows Device Manager as QDLoader 9008 (COM7), but I'm not being able to flash it.
I have tried:
- Windows Phone Internals...
Click to expand...
Click to collapse
I don't have bricked Nokia, but did you format the whole phone storage when Windows said it's broken? Because it can be the reason why your phone is bricked.
E:\Damn God Android Repairer\mtkclient-main>python mtk w boot_a boot.img
MTK Flash/Exploit Client V1.52 (c) B.Kerler 2018-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Preloader
Preloader - [LIB]: ←[31mStatus: Handshake failed, retrying...←[0m
Preloader
Preloader - [LIB]: ←[31mStatus: Handshake failed, retrying...←[0m
Preloader
Preloader - [LIB]: ←[31mStatus: Handshake failed, retrying...←[0m
Port - Device detected
Preloader - CPU: MT6735/T()
Preloader - HW version: 0x0
Preloader - WDT: 0x10212000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10217c00
Preloader - Var1: 0x28
Preloader - Disabling Watchdog...
Preloader - HW code: 0x321
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: D5844894FB09EE8D9D4EC77074C057D5
PLTools - Loading payload from mt6735_payload.bin, 0x258 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: E:\Damn God Android Repairer\mtkclient-main\mtkclient\payloads\mt6735_payload.bin
Port - Device detected
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DALegacy - Uploading da...
DALegacy - Uploading stage 1...
Preloader
Preloader - [LIB]: ←[31mError on DA_Send cmd←[0m
Main
Main - [LIB]: ←[31mError uploading da←[0m
Does anyone have the solution for me? im trying to fix my hard bricked samsung galaxy j2 prime
Kei1999 said:
E:\Damn God Android Repairer\mtkclient-main>python mtk w boot_a boot.img
MTK Flash/Exploit Client V1.52 (c) B.Kerler 2018-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Preloader
Preloader - [LIB]: ←[31mStatus: Handshake failed, retrying...←[0m
Preloader
Preloader - [LIB]: ←[31mStatus: Handshake failed, retrying...←[0m
Preloader
Preloader - [LIB]: ←[31mStatus: Handshake failed, retrying...←[0m
Port - Device detected
Preloader - CPU: MT6735/T()
Preloader - HW version: 0x0
Preloader - WDT: 0x10212000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10217c00
Preloader - Var1: 0x28
Preloader - Disabling Watchdog...
Preloader - HW code: 0x321
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: D5844894FB09EE8D9D4EC77074C057D5
PLTools - Loading payload from mt6735_payload.bin, 0x258 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: E:\Damn God Android Repairer\mtkclient-main\mtkclient\payloads\mt6735_payload.bin
Port - Device detected
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DALegacy - Uploading da...
DALegacy - Uploading stage 1...
Preloader
Preloader - [LIB]: ←[31mError on DA_Send cmd←[0m
Main
Main - [LIB]: ←[31mError uploading da←[0m
Does anyone have the solution for me? im trying to fix my hard bricked samsung galaxy j2 prime
Click to expand...
Click to collapse
Note: Questions go in Q&A Forum
If you are posting a Question Thread post it in the Q&A forum. Technical discussion of Android development and hacking. No noobs, please. Device-specific releases should go under the appropriate device forum...
forum.xda-developers.com
Hello XDA community !
To be honest I'm a newbie here, and not really experienced on mobile phone technical stuff
My Zenfone suddenly stopped working last week, without any particular reason.
The only thing I can see when I on the device is the "Powered by Android" logo. But nothing else happens after.
Then I wanted to start the recovery menu, but even when I select "recovery mode" or "fastboot" nothing happens, it's still showing "Powered by Android" logo and no more
See this screenshot :
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I tried to plug the device with USB to my linux laptop with android studio installed, but adb devices show nothing
I also tried to create a microSD card, bootable, with exFAT partition and put the phone firmware on the root of the card (as described https://www.asus.com/supportonly/zenfone max plus (m1)(zb570tl)/helpdesk_download/). Even with it, recovery or fastboot options give the same screen as above
My idea was to be able to boot from sd card and be able to "revive" somehow the phone, and at least being able to download user data from it with the help of adb
I'm not sure if it's possible of if I should prepare the microsd with another format or partition layout
Any idea to guide me ?
Don't think you can recover any user-data this because probably bootloader completely got corrupted. Re-flash Stock ROM.
Thanks for your answer.
Sorry also because I made a mistake : I think fastboot mode is active
What I did : In the menu above, I selected "Fastboot mode"
then I got an output : "CSC FASTBOOT mode"
Then I plugged the phone on my laptop USB
The "lsusb" command returned an additionnal device :
Code:
Bus 001 Device 004: ID 0bb4:0c01 HTC (High Tech Computer Corp.) Dream / ADP1 / G1 / Magic / Tattoo / FP1
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x0bb4 HTC (High Tech Computer Corp.)
idProduct 0x0c01 Dream / ADP1 / G1 / Magic / Tattoo / FP1
bcdDevice 1.00
iManufacturer 1 MediaTek
iProduct 2 Android
iSerial 3 J1AXJR04D658EJ6
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0020
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 256mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 66
bInterfaceProtocol 3
iInterface 4 fastboot
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 1
Device Status: 0x0001
Self Powered
"adb devices" still returns nothing but "fastboot devices" does :
J1AXJR04D658EJ6 fastboot
"fastboot reboot" does also reboot the phone ...
From there I guess at least I can do something. I don't know if I'll be able to recover some data, but anyway if I can recover my phone that would be fine too.
you can unlock bootloader with mtkclient (do a backup beforehand) and flash TWRP from fastboot, to see if that leads to something.
ok thanks a lot. I'll have a look to mtkclient / TWRP and try to manage !
Will let you know soon.
keep in mind unlocking from fastboot forces factory reset. It will flush keystore in TEE, don't try this even with full backup. TEE can't backed up.
unlocking from mtkclient afaik does not wipe userdata. but do a backup of userdata + metadata + seccfg (or even better full dump) just in case.
you can try to boot into EDL mode with both vol keys + usb, modified fastboot, DIY deep flash cable or test point method.
[GUIDE][TOOL] Reboot to EDL mode from FASTBOOT! No More "Test Point Method"! [kenzo]
[GUIDE][TOOL] Reboot to EDL mode from FASTBOOT! No More "Test Point Method"! [kenzo] Reboot to EDL mode from FASTBOOT! No more Test Point Method needed ;) Technical Details: Redmi Note 3 support rebooting to EDL in Android Bootloader aboot...
forum.xda-developers.com
also please note TWRP is maybe not able to decrypt, because encryption keys are bonded to bootloader lock state.
however some people claim it's possible, maybe due the fact that seccfg is patched in way to circumvent this (untested).
if you can't boot into recovery from bootloader, you can boot into file from fastboot (requires bootable slot)
Code:
fastboot boot twrp.img
thanks Alecxs for all the information. I'll take some time to read carefully everything.
In the meantime, I installed successfully mtkclient on my laptop. I didn't know about this tool before
I used first the read partition tool, which went fine for almost all partitions except userdata :-(
it started but stopped after 9 GB (over 52) with the following message
Failed to dump sector 12517376 with sector count 109592543 as MyZenfone-partition dump/userdata.bin
18.0% Read (Sector 0x12D6C80 of 0x6883FDF, 42m:19s left) 18.67 MB/sDAXFlash
DAXFlash - [LIB]: Error on reading data: MMC error (0xc0040030)
looks like game over ...
well.. if this is game over, then you have nothing to lose I guess? so backup all partitions excluding userdata (--skip=userdata) then only try to unlock seccfg (do not erase any partition ignore instructions) then boot into fastboot and check if TWRP can boot
TRY AT OWN RISK YOU MAY CORRUPT USERDATA ENCRYPTION OR ERASE USERDATA
Code:
python3 mtk da seccfg unlock
python3 mtk payload --metamode FASTBOOT
fastboot boot path/to/twrp.img
might be possible to dump userdata excluding unreadable sectors. but you need to read the instructions. nevertheless the dump (even if healthy) is impossible to decrypt on PC, can only be decrypted on the origin phone itself...
thanks alecxs, I think I'll try to boot into twrp
My concern is to find a suitable twrp for my device. There is no official port for Asus X018D
I tried to find it by googling and found this on "unofficial twrp" site
twrp 3.2.3 For Mediatek MT6750 Phone
which could be ok for mine maybe except they it's for android 8 and 8.1, while I was still on Nougat 7
I don't know if trying this could work or not ?
you need TWRP for the Plus variant. can you share boot.img + recovery.img read off device?
yes I can share the dumped partitions from mtkclient (the extension is .bin)
boot.bin :
boot.bin
drive.google.com
recovery.bin
recovery.bin
drive.google.com
okay let me try to port generic TWRP. you can meanwhile try that Oreo+recovery+tested.img (login required)
edit: X018D_TWRP.img for android 9 (no login required)
So I tried to unlock bootloader from mtkclient, which resulted in :
sej - HACC init
sej - HACC run
sej - HACC terminate
sej - HACC init
sej - HACC run
sej - HACC terminate
Done |--------------------------------------------------| 0.0% Write (Sector 0x0 of 0x1) 0.00 MB/sDAXFlash
DAXFlash - [LIB]: Error on writeflash: MMC error (0xc0040030)
and then after (maybe I shouldn't have ...)
python3 mtk payload --metamode FASTBOOT
I think I did something wrong, because now I cannot list GPT
python mtk printgpt
gives
Code:
Port - Device detected :)
Preloader - CPU: MT6755/MT6750/M/T/S(Helio P10/P15/P18)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212c00
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x326
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xcb00
Preloader - SW Ver: 0x1
Preloader - ME_ID: 10A8E97D4708BDEB74D8D7B3C7E0EBFA
PLTools - Loading payload from mt6755_payload.bin, 0x258 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: /home/laurent/Applications/DevOps/Android/mtkclient/mtkclient/payloads/mt6755_payload.bin
Port - Device detected :)
DA_handler - Device is protected.
DA_handler - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading xflash stage 1 from MTK_AllInOne_DA_5.2136.bin
xflashext - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
xflashext
xflashext - [LIB]: Error on patching da1 version check...
Mtk - Patched "Patched loader msg" in preloader
xflashext - Patching da2 ...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash
DAXFlash - [LIB]: xread error: unpack requires a buffer of 12 bytes
DAXFlash
DAXFlash - [LIB]: Error jumping to DA: -1
actually, the second command was just to exit preloader mode and switch into fastboot... sorry for the confusion. I have also attached the android 7 version of twrp for testing.. (see above)
If I got this right, unlocking was trying to write Sector 0x0 of 0x1 but it deny writing anything because eMMC is not writeable at 0xc0040030. But isn't that in userdata area?
however, on android 7 for some mediatek devices it's possible to boot into TWRP on locked bootloader. but needs flashing. you can try another flash tool, but it requires windows
edit:
@arthur.levene I got it wrong, seems there is also linux version. Anyway, please read golden rules for SP Flash Tool.
I recommend to create your own scatter file based on the current partition table, either with mtkclient or with WwR MTK v2.51 (most likely you can use the one that already comes with that twrp as the recovery start address is at 0x8000 on many devices, but I personally generally don't trust any scatter file just random downloaded).
lol thought 0xc0040030 was the address of the unreadable sector. turns out it is a fault code. so that could mean eMMC error (most likely) or insufficient permissions.
So any flashing attempts will probably fail no matter what tool used. maybe there is a cheat with heating gun or refrigerator (just guesswork, beware of condensating water)
thanks again alecxs for your time and advice.
I will continue my investigations based on your informations. If i understand your comment about eMMC error, this is not good news.
I will try also the flashing solution in case it could work, though not very skilled on that part too
actually I have never used mtkclient myself but according to documention flashing looks quite easy.
Code:
python3 mtk w recovery twrp.img
However, as you stated in OP you can't enter recovery mode from bootloader menu, so this could be bigger challenge.
I tried but currently I have an error
DAXFlash - Upload data was accepted. Jumping to stage 2...
DAXFlash - DA Extensions successfully added
Done |--------------------------------------------------| 0.0% Write (Sector 0x0Progress: |███████-------------------------------------------| 14.0% Write (SectProgress: |██████████████------------------------------------| 28.0% Write (Sector 0x2000 of 0x7254, 01s left) 6.74 MB/s
DAXFlash
DAXFlash - [LIB]: unpack requires a buffer of 12 bytes
quick search gives hint is might be driver issue. but you're on linux right? you could try again with libusb-1.0-0-dev_1.0.26-1_amd64.deb
https://github.com/bkerler/mtkclient/issues/192
I'm noob to android cracking/bypassing
Is there any way to bypass the screen 'This device is locked' Activate or Open WF? I flashed firmware dandelion_global_images_V12.5.7.0.RCDMIXM_20221107.0000.00_11.0_global_3319fae180.tgz successfully
I use linux arch and I've read that you need to format 'persist' +'frp' partitions
Cheers guys!
tendouser said:
I'm noob to android cracking/bypassing
Is there any way to bypass the screen 'This device is locked' Activate or Open WF? I flashed firmware dandelion_global_images_V12.5.7.0.RCDMIXM_20221107.0000.00_11.0_global_3319fae180.tgz successfully
I use linux arch and I've read that you need to format 'persist' +'frp' partitions
Cheers guys!
Click to expand...
Click to collapse
Hi, try this.
Jan Skokan said:
Hi, try this.
Click to expand...
Click to collapse
it doesn't work
there is an unbricking thingy called SPflash tool, it might work for what you want
Ivan.Adriazola said:
there is an unbricking thingy called SPflash tool, it might work for what you want
Click to expand...
Click to collapse
I installed mtkclient under arch successfully and ran it in the terminal....
Code:
mtkclient]# python mtk payload
MTK Flash/Exploit Client V1.6.1 (c) B.Kerler 2018-2023
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
mtkclient]# python mtk payload
MTK Flash/Exploit Client V1.6.1 (c) B.Kerler 2018-2023
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
...........
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
.....Port - Device detected :)
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: 46D2502A61B6F1630BA8BCECFBB37D02
Preloader - SOC_ID: 63AF61F17131312A0BA4C909AA5A849D22A50DF2CC7A880698AF40C4F21655BB
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: /home/*******/mtkclient/mtkclient/payloads/mt6765_payload.bin
I guess it was patched in latest dandelion ROM since is not working in order to disable SLA/DAA (Mi Account)
tendouser said:
I installed mtkclient under arch successfully and ran it in the terminal....
Code:
mtkclient]# python mtk payload
MTK Flash/Exploit Client V1.6.1 (c) B.Kerler 2018-2023
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
mtkclient]# python mtk payload
MTK Flash/Exploit Client V1.6.1 (c) B.Kerler 2018-2023
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
...........
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.
.....Port - Device detected :)
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: 46D2502A61B6F1630BA8BCECFBB37D02
Preloader - SOC_ID: 63AF61F17131312A0BA4C909AA5A849D22A50DF2CC7A880698AF40C4F21655BB
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: /home/*******/mtkclient/mtkclient/payloads/mt6765_payload.bin
I guess it was patched in latest dandelion ROM since is not working to disable SLA/DAA (Mi Account)
Click to expand...
Click to collapse
Listen I don't know enough about it to understand all that code, but that's not entirely what I was suggesting, I was suggesting you investigate the unbricking tool SPflash tool and how to use it
The first step would be to install MTK drivers, then the libisb filter wizard, turn off your phone, plug it and pressing both volup voldown at the same time, installing filter for your device, using a bootroom bypass tool, and then using SPFlash tool.
That would be useful if you havent unlocked bootloader, if you did, I'm pretty sure you can even just use miflash tool.
Look for yurian's post, I've left extensive guides on how to unbrick dead devices, from what I understand that's not what you want, but it should work as in it (maybe) would work on the worst possible scenario, I haven't tried on locked bootloader, but from what I gather of how it is supposed to work it's definitely possible.
The first step would be to install MTK drivers, then the libisb filter wizard, turn off your phone, plug it and pressing both volup voldown at the same time, installing filter for your device, using a bootroom bypass tool, and then using SPFlash tool.
Click to expand...
Click to collapse
is there any tutorial on how to install those drivers/filters under linux?
tendouser said:
is there any tutorial on how to install those drivers/filters under linux?
Click to expand...
Click to collapse
Uff... Gotta be honest, I've used both Linux and windows, Linux is great for people that know a lot more about programming than me, even myself (I consider myself an ignorant) have found stuff easier to do in Linux than windows, but for really useful stuff, someone always made it before you and even left instructions, the difference is on windows they tell it like you're dumb and in Linux they assume you know it already.
IDK man, I can't help you.