search

bkerler / mtkclient

MTK reverse engineering and flash tool
GNU General Public License v3.0
2.57k stars 511 forks source link

redmi 10(selene) : for evrything always get this error #1136

Closed armeya25 closed 1 month ago

armeya25 commented 1 month ago 

....Port - Device detected :)
Preloader -     CPU:            MT6768/MT6769(Helio P65/G85 k68v1)
Preloader -     HW version:     0x0
Preloader -     WDT:            0x10007000
Preloader -     Uart:           0x11002000
Preloader -     Brom payload addr:  0x100a00
Preloader -     DA payload addr:    0x201000
Preloader -     CQ_DMA addr:        0x10212000
Preloader -     Var1:           0x25
Preloader - Disabling Watchdog...
Preloader - HW code:            0x707
Preloader - Target config:      0xe7
Preloader -     SBC enabled:        True
Preloader -     SLA enabled:        True
Preloader -     DAA enabled:        True
Preloader -     SWJTAG enabled:     True
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required: False
Preloader -     Mem read auth:      True
Preloader -     Mem write auth:     True
Preloader -     Cmd 0xC8 blocked:   True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:     0x8a00
Preloader -     HW Ver:         0xca00
Preloader -     SW Ver:         0x0
Preloader - ME_ID:          42C4AAF2F423CCF45E0CDEFF8FFE34C4
Preloader - SOC_ID:         079E1680A4388C55E87E111013B78592DE4292E91AA170DC00F105951E8B65B5
Preloader
Preloader - [LIB]: Auth file is required. Use --auth option.
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
DaHandler - Preloader is not supplied. Acquiring it through BROM exploit.
PLTools - Loading payload from mt6768_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: /home/armeya/Downloads/data/mtkclient-main/mtkclient/payloads/mt6768_payload.bin
Port - Device detected :)
DaHandler
DaHandler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram.
Successfully extracted preloader for this device to: preloader_selene.bin
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
XFlashExt - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
XFlashExt - Patching da2 ...
XFlashExt - Security check patched
XFlashExt - DA version anti-rollback patched
XFlashExt - SBC patched to be disabled
XFlashExt - Register read/write not allowed patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DAXFlash - Boot to succeeded.
DAXFlash - Successfully uploaded stage 2
DAXFlash - DA SLA is disabled
DAXFlash - EMMC FWVer:      0x0
DAXFlash - EMMC ID:         DP6DAB
DAXFlash - EMMC CID:        15010044503644414203999ed31f882b
DAXFlash - EMMC Boot1 Size: 0x400000
DAXFlash - EMMC Boot2 Size: 0x400000
DAXFlash - EMMC GP1 Size:   0x0
DAXFlash - EMMC GP2 Size:   0x0
DAXFlash - EMMC GP3 Size:   0x0
DAXFlash - EMMC GP4 Size:   0x0
DAXFlash - EMMC RPMB Size:  0x1000000
DAXFlash - EMMC USER Size:  0xe8f800000
DAXFlash - HW-CODE         : 0x707
DAXFlash - HWSUB-CODE      : 0x8A00
DAXFlash - HW-VERSION      : 0xCA00
DAXFlash - SW-VERSION      : 0x0
DAXFlash - CHIP-EVOLUTION  : 0x1
DAXFlash - DA-VERSION      : 1.0
DAXFlash - Extensions were accepted. Jumping to extensions...
DAXFlash - Boot to succeeded.
DAXFlash - DA Extensions successfully added
Traceback (most recent call last):
  File "/home/armeya/Downloads/data/mtkclient-main/./mtk.py", line 1000, in <module>
    mtk = Main(args).run(parser)
          ^^^^^^^^^^^^^^^^^^^^^^
  File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/mtk_main.py", line 664, in run
    da_handler.handle_da_cmds(mtk, cmd, self.args)
  File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/DA/mtk_da_handler.py", line 755, in handle_da_cmds
    self.da_erase(partitions=partitions, parttype=parttype)
  File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/DA/mtk_da_handler.py", line 468, in da_erase
    res = self.mtk.daloader.detect_partition(partition, parttype)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/DA/mtk_daloader.py", line 247, in detect_partition
    data, guid_gpt = self.da.partition.get_gpt(self.mtk.config.gpt_settings, parttype)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/partition.py", line 112, in get_gpt
    data = self.readflash(addr=0, length=sectors * self.config.pagesize, filename="",
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/DA/xflash/xflash_lib.py", line 827, in readflash
    if self.cmd_read_data(addr=addr, size=length, storage=storage, parttype=parttype):
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/DA/xflash/xflash_lib.py", line 805, in cmd_read_data
    param = pack("<IIQQ", storage, parttype, addr, size)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
struct.error: 'Q' format requires 0 <= number <= 18446744073709551615
bkerler commented 1 month ago

Duplicate of #1152