MT6789 stuck on Jumping to 0x200000

4aiman commented 3 months ago

Similar to #361, my device (equipped with MT6789) is stuck right after Jumping to 0x200000.

(mtkenv) PS F:\Mobile\mtkclient> ./mtk_gui
qt.core.plugin.factoryloader: checking directory path "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platforms" ...
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platforms/qdirect2d.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platforms/qdirect2d.dll, metadata=
{
    "IID": "org.qt-project.Qt.QPA.QPlatformIntegrationFactoryInterface.5.3",
    "MetaData": {
        "Keys": [
            "direct2d"
        ]
    },
    "archlevel": 1,
    "className": "QWindowsDirect2DIntegrationPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("direct2d")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platforms/qminimal.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platforms/qminimal.dll, metadata=
{
    "IID": "org.qt-project.Qt.QPA.QPlatformIntegrationFactoryInterface.5.3",
    "MetaData": {
        "Keys": [
            "minimal"
        ]
    },
    "archlevel": 0,
    "className": "QMinimalIntegrationPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("minimal")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platforms/qoffscreen.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platforms/qoffscreen.dll, metadata=
{
    "IID": "org.qt-project.Qt.QPA.QPlatformIntegrationFactoryInterface.5.3",
    "MetaData": {
        "Keys": [
            "offscreen"
        ]
    },
    "archlevel": 0,
    "className": "QOffscreenIntegrationPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("offscreen")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platforms/qwindows.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platforms/qwindows.dll, metadata=
{
    "IID": "org.qt-project.Qt.QPA.QPlatformIntegrationFactoryInterface.5.3",
    "MetaData": {
        "Keys": [
            "windows"
        ]
    },
    "archlevel": 0,
    "className": "QWindowsIntegrationPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("windows")
qt.core.plugin.factoryloader: checking directory path "C:/Python312/platforms" ...
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platforms/qwindows.dll" loaded library
qt.core.plugin.factoryloader: checking directory path "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/platformthemes" ...
qt.core.plugin.factoryloader: checking directory path "C:/Python312/platformthemes" ...
qt.core.plugin.factoryloader: checking directory path "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/styles" ...
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/styles/qmodernwindowsstyle.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/styles/qmodernwindowsstyle.dll, metadata=
{
    "IID": "org.qt-project.Qt.QStyleFactoryInterface",
    "MetaData": {
        "Keys": [
            "windowsvista",
            "windows11"
        ]
    },
    "archlevel": 0,
    "className": "QModernWindowsStylePlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("windowsvista", "windows11")
qt.core.plugin.factoryloader: checking directory path "C:/Python312/styles" ...
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/styles/qmodernwindowsstyle.dll" loaded library
qt.core.plugin.factoryloader: checking directory path "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/accessible" ...
qt.core.plugin.factoryloader: checking directory path "C:/Python312/accessible" ...
qt.core.plugin.factoryloader: checking directory path "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/iconengines" ...
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/iconengines/qsvgicon.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/iconengines/qsvgicon.dll, metadata=
{
    "IID": "org.qt-project.Qt.QIconEngineFactoryInterface",
    "MetaData": {
        "Keys": [
            "svg",
            "svgz",
            "svg.gz"
        ]
    },
    "archlevel": 0,
    "className": "QSvgIconPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("svg", "svgz", "svg.gz")
qt.core.plugin.factoryloader: checking directory path "C:/Python312/iconengines" ...
qt.core.plugin.factoryloader: checking directory path "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats" ...
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qgif.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qgif.dll, metadata=
{
    "IID": "org.qt-project.Qt.QImageIOHandlerFactoryInterface",
    "MetaData": {
        "Keys": [
            "gif"
        ],
        "MimeTypes": [
            "image/gif"
        ]
    },
    "archlevel": 0,
    "className": "QGifPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("gif")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qicns.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qicns.dll, metadata=
{
    "IID": "org.qt-project.Qt.QImageIOHandlerFactoryInterface",
    "MetaData": {
        "Keys": [
            "icns"
        ],
        "MimeTypes": [
            "image/x-icns"
        ]
    },
    "archlevel": 0,
    "className": "QICNSPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("icns")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qico.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qico.dll, metadata=
{
    "IID": "org.qt-project.Qt.QImageIOHandlerFactoryInterface",
    "MetaData": {
        "Keys": [
            "ico",
            "cur"
        ],
        "MimeTypes": [
            "image/vnd.microsoft.icon",
            "image/vnd.microsoft.icon"
        ]
    },
    "archlevel": 0,
    "className": "QICOPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("ico", "cur")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qjpeg.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qjpeg.dll, metadata=
{
    "IID": "org.qt-project.Qt.QImageIOHandlerFactoryInterface",
    "MetaData": {
        "Keys": [
            "jpg",
            "jpeg"
        ],
        "MimeTypes": [
            "image/jpeg",
            "image/jpeg"
        ]
    },
    "archlevel": 0,
    "className": "QJpegPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("jpg", "jpeg")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qpdf.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qpdf.dll, metadata=
{
    "IID": "org.qt-project.Qt.QImageIOHandlerFactoryInterface",
    "MetaData": {
        "Keys": [
            "pdf"
        ],
        "MimeTypes": [
            "application/pdf"
        ]
    },
    "archlevel": 0,
    "className": "QPdfPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("pdf")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qsvg.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qsvg.dll, metadata=
{
    "IID": "org.qt-project.Qt.QImageIOHandlerFactoryInterface",
    "MetaData": {
        "Keys": [
            "svg",
            "svgz"
        ],
        "MimeTypes": [
            "image/svg+xml",
            "image/svg+xml-compressed"
        ]
    },
    "archlevel": 0,
    "className": "QSvgPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("svg", "svgz")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qtga.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qtga.dll, metadata=
{
    "IID": "org.qt-project.Qt.QImageIOHandlerFactoryInterface",
    "MetaData": {
        "Keys": [
            "tga"
        ],
        "MimeTypes": [
            "image/x-tga"
        ]
    },
    "archlevel": 0,
    "className": "QTgaPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("tga")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qtiff.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qtiff.dll, metadata=
{
    "IID": "org.qt-project.Qt.QImageIOHandlerFactoryInterface",
    "MetaData": {
        "Keys": [
            "tiff",
            "tif"
        ],
        "MimeTypes": [
            "image/tiff",
            "image/tiff"
        ]
    },
    "archlevel": 0,
    "className": "QTiffPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("tiff", "tif")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qwbmp.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qwbmp.dll, metadata=
{
    "IID": "org.qt-project.Qt.QImageIOHandlerFactoryInterface",
    "MetaData": {
        "Keys": [
            "wbmp"
        ],
        "MimeTypes": [
            "image/vnd.wap.wbmp"
        ]
    },
    "archlevel": 0,
    "className": "QWbmpPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("wbmp")
qt.core.plugin.factoryloader: looking at "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qwebp.dll"
qt.core.plugin.loader: Found metadata in lib F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qwebp.dll, metadata=
{
    "IID": "org.qt-project.Qt.QImageIOHandlerFactoryInterface",
    "MetaData": {
        "Keys": [
            "webp"
        ],
        "MimeTypes": [
            "image/webp"
        ]
    },
    "archlevel": 0,
    "className": "QWebpPlugin",
    "debug": false,
    "version": 395008
}

qt.core.plugin.factoryloader: Got keys from plugin meta data QList("webp")
qt.core.plugin.factoryloader: checking directory path "C:/Python312/imageformats" ...
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qgif.dll" loaded library
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qicns.dll" loaded library
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qico.dll" loaded library
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qjpeg.dll" loaded library
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qpdf.dll" loaded library
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qsvg.dll" loaded library
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qtga.dll" loaded library
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qtiff.dll" loaded library
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qwbmp.dll" loaded library
qt.core.library: "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/imageformats/qwebp.dll" loaded library
qt.core.plugin.factoryloader: checking directory path "F:/Mobile/mtkclient/mtkenv/Lib/site-packages/PySide6/plugins/accessiblebridge" ...
qt.core.plugin.factoryloader: checking directory path "C:/Python312/accessiblebridge" ...
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode
Preloader -     CPU:                    MT6789(MTK Helio G99)
Preloader -     HW version:             0x0
Preloader -     WDT:                    0x10007000
Preloader -     Uart:                   0x11002000
Preloader -     Brom payload addr:      0x100a00
Preloader -     DA payload addr:        0x201000
Preloader -     Var1:                   0xa
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x1208
Preloader - Target config:              0xe0
Preloader -     SBC enabled:            False
Preloader -     SLA enabled:            False
Preloader -     DAA enabled:            False
Preloader -     SWJTAG enabled:         False
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required:     False
Preloader -     Mem read auth:          True
Preloader -     Mem write auth:         True
Preloader -     Cmd 0xC8 blocked:       True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:             0x8a00
Preloader -     HW Ver:                 0xca00
Preloader -     SW Ver:                 0x0
Preloader - ME_ID:                      556B56CC473F6191882543187FDBE1FF
Preloader - SOC_ID:                     2DAE8FBBDB78BFB8BDA730338E236311B0BE5EF980A193D5BAD51CAD335B1EDA
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
Progress: |██████████████████████████████████████████████████| 100.0% Written (Sector 0x2A3 of 0x2A3, ) 1.89 MB/s

Key notes:

on the 1st boot into bootloader it's stuck at Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode
on the 2nd one it gets stuck after Jumping to 0x200000
subsequential reboots do nothing
sometimes it writes "None" after writing sector 0x2A3, but freezes anyway
the device becomes unresponsive (holding any buttons does nothing) until I unplug it from the PC
sometimes upon re-plug (after being stuck at Jumping to 0x200000 for a couple of minutes or so) it spits out DeviceClass - USBError(5, 'Input/Output Error') but not always.
I have no idea if it helps, but there's no publicly accessible firmware
Trying this on Windows 11
The device itself sports Android 13 (developer options allow for OEM unlocking)
I've seen #758, but it doesn't go as far as in that issue for me (and is gotten sidetracked into "are we there yet")

similar to #889, it's not clear if SLA is enabled or not, as only in GUI in the debug log section does it show the following:

[11:23:25]: Device detected :)
[11:23:25]: Device is unprotected.
[11:23:25]: Device is in BROM-Mode. Bypassing security.
[11:23:25]: Failed to dump preloader from ram, provide a valid one via --preloader option
[11:23:25]: Uploading xflash stage 1 from MTK_DA_V6.bin
[11:23:26]: Successfully uploaded stage 1, jumping ..
[11:23:32]: Stage 1 successfully loaded.
[11:23:32]: Uploading stage 2...
[11:23:32]: Successfully uploaded stage 2.
[11:23:32]: Successfully uploaded stage 2
[11:23:32]: SLA is enabled

rusantiman commented 3 months ago

hi I have a teclast t50 pro (mediatek G99). I also had a doogee t30 pro and a Headwolf HPad6. All are G99. All SLAs etc. are false. All of these have the same problem with MTK_DA_V6.bin as you do. However, if I use DA_BR.bin from the firmware of the tablet I own, all of my tablets are recognized by mtkclient. Try getting DA_BR.bin from the firmware you have. Or, as I did, you may be able to use DA_BR.bin from a model you don't have.

I'm not a developer, so I just renamed DA_BR.bin to MTK_DA_V6.bin and used it.

ktdt00 commented 3 months ago

hi I have a teclast t50 pro (mediatek G99). I also had a doogee t30 pro and a Headwolf HPad6. All are G99. All SLAs etc. are false. All of these have the same problem with MTK_DA_V6.bin as you do. However, if I use DA_BR.bin from the firmware of the tablet I own, all of my tablets are recognized by mtkclient. Try getting DA_BR.bin from the firmware you have. Or, as I did, you may be able to use DA_BR.bin from a model you don't have.

I'm not a developer, so I just renamed DA_BR.bin to MTK_DA_V6.bin and used it.

I have a Headwolf HPad5. I've tried a bunch of DA_BR.bin files found via Google but none has worked. How did you get one from the firmware of your HPad6? Can you share one that works with your HPad? It might work with mine too.

rusantiman commented 3 months ago

hi I have a teclast t50 pro (mediatek G99). I also had a doogee t30 pro and a Headwolf HPad6. All are G99. All SLAs etc. are false. All of these have the same problem with MTK_DA_V6.bin as you do. However, if I use DA_BR.bin from the firmware of the tablet I own, all of my tablets are recognized by mtkclient. Try getting DA_BR.bin from the firmware you have. Or, as I did, you may be able to use DA_BR.bin from a model you don't have. I'm not a developer, so I just renamed DA_BR.bin to MTK_DA_V6.bin and used it.

I have a Headwolf HPad5. I've tried a bunch of DA_BR.bin files found via Google but none has worked. How did you get one from the firmware of your HPad6? Can you share one that works with your HPad? It might work with mine too.

I used DA_BR.bin from teclast t50 pro (a6d4). This firmware is officially released by teclast. DA_BR.bin from doogee t30 pro also worked with hpad6.

Firmware for alldocube G99 series has also been officially released. I haven't tried it, but it might work.

4aiman commented 3 months ago

Thanks for the help, @rusantiman! Unfortunately, as I've stated in the opening post, there's no firmware for my device (KENSHI E12) in the wild. I've tried DA_BR.bin from Teclast t50 and it did help getting into the device after 2 reboots 🥳 (Removed MTK_DA_V6.bin, copied DA_BR.bin and renamed DA_BR.bin -> MTK_DA_V6.bin)

[11:05:18]: Device detected :)
[11:05:37]: [Errno 5] Input/Output Error
[11:05:38]: Device detected :)
[11:05:38]: Device is unprotected.
[11:05:38]: Device is in BROM-Mode. Bypassing security.
[11:05:38]: Failed to dump preloader from ram, provide a valid one via --preloader option
[11:05:38]: Uploading xflash stage 1 from MTK_DA_V6.bin
[11:05:38]: Successfully uploaded stage 1, jumping ..
[11:05:44]: Stage 1 successfully loaded.
[11:05:44]: Uploading stage 2...
[11:05:44]: Successfully uploaded stage 2.
[11:05:44]: Successfully uploaded stage 2
[11:05:44]: SLA is disabled

Question is, does a preloader from a different device break anything? Like, can I safely backup the device and be sure that the backup doesn't have anything to do with the teclast t50?

Edit: While we're at it: do I need to generate keys? MTK Client freezes if I try.

pewterbrass commented 3 months ago

If you can get it to work, it's probably ok for reading and even writing. Try reading and writing a non-essential partition first, like something on a _b slot.

4aiman commented 3 months ago

I think this can be marked as solved, since I did get a backup of all partitions and was able to flash those back (some of them anyway). Didn't manage to root the device, but oh, boy, is it nice to have a backup ;)

bkerler / mtkclient

MT6789 stuck on Jumping to 0x200000 #1019