search

bkerler / mtkclient

MTK reverse engineering and flash tool
GNU General Public License v3.0
2.7k stars 528 forks source link

mtkclient crashing at 'Reconnecting to stage2 with higher speed' #1061

Closed MarkPCExpertYT closed 4 months ago

MarkPCExpertYT commented 4 months ago

I'm using MTKClient 2.0.1 and a Moto C Plus xt1723 mtkclient.log

Preloader -     CPU:                    MT6737M/MT6735G()
Preloader -     HW version:             0x0
Preloader -     WDT:                    0x10212000
Preloader -     Uart:                   0x11002000
Preloader -     Brom payload addr:      0x100a00
Preloader -     DA payload addr:        0x201000
Preloader -     CQ_DMA addr:            0x10217c00
Preloader -     Var1:                   0x28
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x335
Preloader - Target config:              0x5
Preloader -     SBC enabled:            True
Preloader -     SLA enabled:            False
Preloader -     DAA enabled:            True
Preloader -     SWJTAG enabled:         True
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required:     False
Preloader -     Mem read auth:          False
Preloader -     Mem write auth:         False
Preloader -     Cmd 0xC8 blocked:       False
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:             0x8a00
Preloader -     HW Ver:                 0xcb00
Preloader -     SW Ver:                 0x0
Preloader - ME_ID:                      34563D6693210384AC8D813CB4BA2B31
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6737_payload.bin, 0x258 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: C:\Users\Mark\Downloads\mtk\mtkclient\mtkclient\payloads\mt6737_payload.bin
Port - Device detected :)
DaHandler
DaHandler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram.
DALegacy - Uploading legacy da...
DALegacy - Uploading legacy stage 1 from MTK_DA_V5.bin
LegacyExt - Legacy DA2 is patched.
LegacyExt - Legacy DA2 CMD F0 is patched.
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DALegacy - Got loader sync !
DALegacy - Reading nand info
DALegacy - Reading emmc info
DALegacy - ACK: 04029b
DALegacy - Setting stage 2 config ...
DALegacy - DRAM config needed for : 460001154d323645650f034277b8e1f2
DALegacy - Reading dram nand info ...
DALegacy - Sending dram info ... EMI-Version 0x14
DALegacy - RAM-Length: 0xbc
DALegacy - Checksum: 2A27
DALegacy - M_EXT_RAM_RET : 0
DALegacy - M_EXT_RAM_TYPE : 0x2
DALegacy - M_EXT_RAM_CHIP_SELECT : 0x0
DALegacy - M_EXT_RAM_SIZE : 0x40000000
DALegacy - Uploading stage 2...
DALegacy - Successfully uploaded stage 2
DALegacy - Connected to stage2
DALegacy - Reconnecting to stage2 with higher speed
<mtkclient exits>

I'm using Windows 10. I already installed the MTK USB drivers, and UsbDk.

s1204IT commented 4 months ago

You can try --noreconnect option.

bkerler commented 4 months ago

Exactly. That's a windows driver issue (on reconnect you'd need to replace the new port driver with winusbdk as well ... or use --noreconnect but then the connection is pretty slow or unstable.