search

bkerler / mtkclient

MTK reverse engineering and flash tool
GNU General Public License v3.0
2.36k stars 485 forks source link

Preloader error on mt6735 #1003

Open wctrl opened 2 months ago

wctrl commented 2 months ago 
DA_handler - Device is protected.
DA_handler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6737_payload.bin, 0x258 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/wctrl/mtkclient/mtkclient/payloads/mt6737_payload.bin
Port - Device detected :)
DALegacy - Uploading legacy da...
DALegacy - Uploading legacy stage 1 from MTK_DA_V5.bin
legacyext - Legacy DA2 is patched.
legacyext - Legacy DA2 CMD F0 is patched.
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DALegacy - Got loader sync !
DALegacy - Reading nand info
DALegacy - Reading emmc info
DALegacy - ACK: 04029b
DALegacy - Setting stage 2 config ...
DALegacy - DRAM config needed for : 460001154d32323795550042630926d0
DALegacy - Reading dram nand info ...
DALegacy - Sending dram info ...
DALegacy - RAM-Length: 0xbc
DALegacy - Checksum: 7C8E
DALegacy - M_EXT_RAM_RET : 3012
DALegacy
DALegacy - [LIB]: Preloader error: 0xBC4 => DEVICE_NOT_FOUND (0xbc4)

Any advice?

bkerler commented 1 month ago

Dump the preloader using "mtk dumppreloader" and then use it with --preloader option.

wctrl commented 1 month ago

I used preloader from firmware, same result (Preloader error)

bkerler commented 1 week ago

Can you upload the preloader from firmware ?

wctrl commented 1 week ago

Sure, preloader_lcsh6735m_35u_m.bin.zip