MT6580, Unknown lockstate or no lockstate

[beitanam]

Device is a WorldWide Magnum or also known as a Stylus Q80, fastboot says the bootloader is locked. I also can't seem to flash to it. Attached file contains the seccfg and preloader of the device (i couldn't find it online either way): seccfg.zip CMD params: da seccfg unlock --noreconnect

.Port - Device detected :)
Preloader -     CPU:                    MT6580()
Preloader -     HW version:             0x0
Preloader -     WDT:                    0x10007000
Preloader -     Uart:                   0x11005000
Preloader -     Brom payload addr:      0x100a00
Preloader -     DA payload addr:        0x201000
Preloader -     CQ_DMA addr:            0x1020ac00
Preloader -     Var1:                   0xac
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x6580
Preloader - Target config:              0x0
Preloader -     SBC enabled:            False
Preloader -     SLA enabled:            False
Preloader -     DAA enabled:            False
Preloader -     SWJTAG enabled:         False
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required:     False
Preloader -     Mem read auth:          False
Preloader -     Mem write auth:         False
Preloader -     Cmd 0xC8 blocked:       False
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:             0x8a00
Preloader -     HW Ver:                 0xca00
Preloader -     SW Ver:                 0x0
Preloader - ME_ID:                      9DA1851704C64CB9791A5650E9BE1570
DaHandler - Device is unprotected.
DaHandler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6580_payload.bin, 0x258 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: C:\mtkclient-main\mtkclient\payloads\mt6580_payload.bin
Port - Device detected :)
DaHandler
DaHandler - [LIB]: ←[33mDevice is in BROM mode. No preloader given, trying to dump preloader from ram.←[0m
DALegacy - Uploading legacy da...
DALegacy - Uploading legacy stage 1 from MTK_DA_V5.bin
LegacyExt - Legacy DA2 is patched.
LegacyExt - Legacy DA2 CMD F0 is patched.
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DALegacy - Got loader sync !
DALegacy - Reading nand info
DALegacy - Reading emmc info
DALegacy - ACK: 04029c
DALegacy - Setting stage 2 config ...
DALegacy - DRAM config needed for : 7001004548384345380113fd8a29a3b1
DALegacy - Reading dram nand info ...
DALegacy - Sending dram info ... EMI-Version 0x15
DALegacy - RAM-Length: 0xbc
DALegacy - Checksum: 8FA7
DALegacy - M_EXT_RAM_RET : 0
DALegacy - M_EXT_RAM_TYPE : 0x2
DALegacy - M_EXT_RAM_CHIP_SELECT : 0x0
DALegacy - M_EXT_RAM_SIZE : 0x40000000
DALegacy - Uploading stage 2...
DALegacy - Successfully uploaded stage 2
DALegacy - Connected to stage2
DALegacy - m_int_sram_ret = 0x0
m_int_sram_size = 0x20000
m_ext_ram_ret = 0x0
m_ext_ram_type = 0x2
m_ext_ram_chip_select = 0x0
m_int_sram_ret = 0x0
m_ext_ram_size = 0x40000000
randomid = 0x68CBAE4942F447A4B30D87F737D9B60C

m_emmc_ret = 0x0
m_emmc_boot1_size = 0x400000
m_emmc_boot2_size = 0x400000
m_emmc_rpmb_size = 0x400000
m_emmc_gp_size[0] = 0x0
m_emmc_gp_size[1] = 0x0
m_emmc_gp_size[2] = 0x0
m_emmc_gp_size[3] = 0x0
m_emmc_ua_size = 0x1c8000000
m_emmc_cid = 48384345700100458a29a3b1380113fd
m_emmc_fwver = 0100000000000000

DaHandler
DaHandler - [LIB]: ←[31mUnknown lockstate or no lockstate←[0m

[bkerler]

Your seccfg is empty (and not encrypted I assume), most probably you've wiped it.

[beitanam]

Your seccfg is empty (and not encrypted I assume), most probably you've wiped it.

What can i do in this scenario? There are no backups of this EXACT phone online and the phone was just given to me as a broken unit, i also tried dumping via this tool as stated before and the system partition seemed to be just... a google gallery apk? (im not even kidding here that's what i saw on the partition upon opening it after dumping it) The other partitions seemed to be fine though. The phone also doesn't allow me to flash any type of file to it via your tool (MTKClient) or MTK Flash Tool, could it be that the NAND gave up or is perhaps locked somehow? Fastboot reports that the bootloader is still locked and if i try to unlock it via fastboot, fastboot says im not allowed to.

I'd like to point out that the phone does have its bootloader intact... in a way, as it charges and even boots up to the android logo, but everything i have tried so far doesn't work.

[R0rt1z2]

Your seccfg is empty (and not encrypted I assume), most probably you've wiped it.

What can i do in this scenario? There are no backups of this EXACT phone online and the phone was just given to me as a broken unit, i also tried dumping via this tool as stated before and the system partition seemed to be just... a google gallery apk? (im not even kidding here that's what i saw on the partition upon opening it after dumping it) The other partitions seemed to be fine though. The phone also doesn't allow me to flash any type of file to it via your tool (MTKClient) or MTK Flash Tool, could it be that the NAND gave up or is perhaps locked somehow? Fastboot reports that the bootloader is still locked and if i try to unlock it via fastboot, fastboot says im not allowed to.

I'd like to point out that the phone does have its bootloader intact... in a way, as it charges and even boots up to the android logo, but everything i have tried so far doesn't work.

I'm not sure if this applies to all devices, but if I erase seccfg on my MT8163 tablet it automatically regenerates on the next reboot. What errors do you get when trying to flash files with mtkclient or SP Flash Tools?

[beitanam]

In SP Flash Tools i get "S_FT_FORMAT_FAIL(4010)" ill check again in MTKClient, i vaguely remember it saying it was getting timeout if i turned on debug and tried to flash

[R0rt1z2]

S_FT_FORMAT_FAIL

Sounds like your eMMC is dead then.

[beitanam]

Alright, thanks for the help anyways.