MT6768/MT6769(Helio P65/G85 k68v1) USBError(19, 'No such device (it may have been disconnected)')

[med-zz-eis]

Hi,

Trying to deal with Moto G13 with which I played a bit with mtkclient and which is showing already "dm-verity corruption" but then I'm unable to work with this device neither in Linux (re_livedvdV4.iso with mtkclient updated) nor Windows 11 (getting even more connection issues there).

Basically in re_live I'm getting:

user@livedvd:~/Desktop/mtk$ python mtk da efuse
MTK Flash/Exploit Client Public V2.0.1 (c) B.Kerler 2018-2024

Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.

....Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.

Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Port - Device detected :)
Preloader -     CPU:            MT6768/MT6769(Helio P65/G85 k68v1)
Preloader -     HW version:     0x0
Preloader -     WDT:            0x10007000
Preloader -     Uart:           0x11002000
Preloader -     Brom payload addr:  0x100a00
Preloader -     DA payload addr:    0x201000
Preloader -     CQ_DMA addr:        0x10212000
Preloader -     Var1:           0x25
Preloader - Disabling Watchdog...
Preloader - HW code:            0x707
Preloader - Target config:      0x5
Preloader -     SBC enabled:        True
Preloader -     SLA enabled:        False
Preloader -     DAA enabled:        True
Preloader -     SWJTAG enabled:     True
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required: False
Preloader -     Mem read auth:      False
Preloader -     Mem write auth:     False
Preloader -     Cmd 0xC8 blocked:   False
Preloader - Get Target info
Preloader -     HW subcode:     0x8a00
Preloader -     HW Ver:         0xca00
Preloader -     SW Ver:         0x0
Preloader - ME_ID:          EF35C6D07455745B5E3127494F150E2C
Preloader - SOC_ID:         3E97ABE0319BDC2CB25FF023BE699E99F2B719E905CD21DB602935B44FF464C0
Mtk - We're not in bootrom, trying to crash da...
Exploitation - Crashing da...
Preloader
Preloader - [LIB]: upload_data failed with error: DAA_SIG_VERIFY_FAILED (0x7024)
Preloader
Preloader - [LIB]: Error on uploading da data
Preloader - Jumping to 0x0
DeviceClass - USBError(5, 'Input/Output Error')
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.

Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Port - Device detected :)
Preloader -     CPU:            MT6768/MT6769(Helio P65/G85 k68v1)
Preloader -     HW version:     0x0
Preloader -     WDT:            0x10007000
Preloader -     Uart:           0x11002000
Preloader -     Brom payload addr:  0x100a00
Preloader -     DA payload addr:    0x201000
Preloader -     CQ_DMA addr:        0x10212000
Preloader -     Var1:           0x25
Preloader - Disabling Watchdog...
Preloader - HW code:            0x707
Preloader - Target config:      0x5
Preloader -     SBC enabled:        True
Preloader -     SLA enabled:        False
Preloader -     DAA enabled:        True
Preloader -     SWJTAG enabled:     True
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required: False
Preloader -     Mem read auth:      False
Preloader -     Mem write auth:     False
Preloader -     Cmd 0xC8 blocked:   False
Preloader - Get Target info
Preloader -     HW subcode:     0x8a00
Preloader -     HW Ver:         0xca00
Preloader -     SW Ver:         0x0
Preloader - ME_ID:          EF35C6D07455745B5E3127494F150E2C
Preloader - SOC_ID:         3E97ABE0319BDC2CB25FF023BE699E99F2B719E905CD21DB602935B44FF464C0
Exploitation - Crashing da...
DeviceClass - USBError(19, 'No such device (it may have been disconnected)')
Preloader
Preloader - [LIB]: Error on DA_Send cmd
Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.

thus each time for any operations after crashing DA I'm getting first upload_data failed with error: DAA_SIG_VERIFY_FAILED (0x7024) and after a 2nd try a device disconnected for some reason.

I read a bit, learnt this could be related with already patched preloader, but I do not really know how to downgrade this device having a bootloader still locked and to which version if necessary (my Moto G13 is under recent A13 update - unfortunately).

Any help appreciated :)

[krynyx]

Some problem here. Mtkclient doesn't work with this chipset.

PLTools - Loading payload from mt6768_payload.bin, 0x264 bytes Exploitation - Kamakiri Run Exploitation Exploitation - [LIB]: Error on sending payload. PLTools - Successfully sent payload: /home/chris/Unbrick/unlock-mediatek-bootloader/mtkclient-main/mtkclient/payloads/mt6768_payload.bin

[bkerler]

The problem isn't the chipset. It's that you need to use a testpoint on motorola to enter brom mode. If you're unlucky, they fully disabled brom mode and only preloader is available.