search

MTK-bypass / bypass_utility

MIT License
460 stars 114 forks source link

Is it bypass script issue or efuse protected ? #42

Closed kne-eraj closed 3 years ago

kne-eraj commented 3 years ago

Ran script with 'python3 main.py'. Device is a MT6761.

Following error received:

Traceback (most recent call last):
  File "C:\Users\nj\Downloads\bypass_utility-master\main.py", line 213, in <module>
    main()
  File "C:\Users\nj\Downloads\bypass_utility-master\main.py", line 42, in main
    device = Device().find()
  File "C:\Users\nj\Downloads\bypass_utility-master\src\device.py", line 45, in find
    self.dev = serial.Serial(port.device, BAUD, timeout=TIMEOUT)
  File "C:\Users\nj\AppData\Local\Programs\Python\Python39\lib\site-packages\serial\serialwin32.py", line 33, in __init__
    super(Serial, self).__init__(*args, **kwargs)
  File "C:\Users\nj\AppData\Local\Programs\Python\Python39\lib\site-packages\serial\serialutil.py", line 244, in __init__
    self.open()
  File "C:\Users\nj\AppData\Local\Programs\Python\Python39\lib\site-packages\serial\serialwin32.py", line 64, in open
    raise SerialException("could not open port {!r}: {!r}".format(self.portstr, ctypes.WinError()))
serial.serialutil.SerialException: could not open port 'COM5': PermissionError(13, 'The device is not ready.', None, 21)
chaosmaster commented 3 years ago 
serial.serialutil.SerialException: could not open port 'COM5': PermissionError(13, 'The device is not ready.', None, 21)

Make sure your device is in bootrom mode, also try running as Administrator.

kne-eraj commented 3 years ago

Tried running as Administrator. Still the same. Can't put in bootrom mode as I don't have the DA file. This can be explained by 'STATUS_BROM_CMD_SEND_DA_FAIL' from SP Flash tool. Any other way to bypass ?

chaosmaster commented 3 years ago

Accessing bootrom mode has nothing to do with having a DA file and bootrom mode is required for bypass to work.

kne-eraj commented 3 years ago

Can you confirm in case of secure boot implementation using an efuse, is it possible to get into bootrom mode ?

chaosmaster commented 3 years ago

It's not related to secure boot, but it is possible to disable bootrom mode via an efuse, yes.

kne-eraj commented 3 years ago

Okay, thanks. I know this is off post, but is there a way to bypass efuse as well ? Besides the EMFI attack on ESP32 ?

chaosmaster commented 3 years ago

If bootrom mode is disabled via efuse, then you cannot use the bypass.

kne-eraj commented 3 years ago

Okay, thanks