Closed armeya25 closed 1 month ago
....Port - Device detected :) Preloader - CPU: MT6768/MT6769(Helio P65/G85 k68v1) Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11002000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - CQ_DMA addr: 0x10212000 Preloader - Var1: 0x25 Preloader - Disabling Watchdog... Preloader - HW code: 0x707 Preloader - Target config: 0xe7 Preloader - SBC enabled: True Preloader - SLA enabled: True Preloader - DAA enabled: True Preloader - SWJTAG enabled: True Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: True Preloader - Mem write auth: True Preloader - Cmd 0xC8 blocked: True Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xca00 Preloader - SW Ver: 0x0 Preloader - ME_ID: 42C4AAF2F423CCF45E0CDEFF8FFE34C4 Preloader - SOC_ID: 079E1680A4388C55E87E111013B78592DE4292E91AA170DC00F105951E8B65B5 Preloader Preloader - [LIB]: Auth file is required. Use --auth option. DaHandler - Device is protected. DaHandler - Device is in BROM-Mode. Bypassing security. DaHandler - Preloader is not supplied. Acquiring it through BROM exploit. PLTools - Loading payload from mt6768_payload.bin, 0x264 bytes Exploitation - Kamakiri Run Exploitation - Done sending payload... PLTools - Successfully sent payload: /home/armeya/Downloads/data/mtkclient-main/mtkclient/payloads/mt6768_payload.bin Port - Device detected :) DaHandler DaHandler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram. Successfully extracted preloader for this device to: preloader_selene.bin DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin XFlashExt - Patching da1 ... Mtk - Patched "Patched loader msg" in preloader Mtk - Patched "hash_check" in preloader Mtk - Patched "Patched loader msg" in preloader Mtk - Patched "get_vfy_policy" in preloader XFlashExt - Patching da2 ... XFlashExt - Security check patched XFlashExt - DA version anti-rollback patched XFlashExt - SBC patched to be disabled XFlashExt - Register read/write not allowed patched DAXFlash - Successfully uploaded stage 1, jumping .. Preloader - Jumping to 0x200000 Preloader - Jumping to 0x200000: ok. DAXFlash - Successfully received DA sync DAXFlash - Sending emi data ... DAXFlash - DRAM setup passed. DAXFlash - Sending emi data succeeded. DAXFlash - Uploading stage 2... DAXFlash - Upload data was accepted. Jumping to stage 2... DAXFlash - Boot to succeeded. DAXFlash - Successfully uploaded stage 2 DAXFlash - DA SLA is disabled DAXFlash - EMMC FWVer: 0x0 DAXFlash - EMMC ID: DP6DAB DAXFlash - EMMC CID: 15010044503644414203999ed31f882b DAXFlash - EMMC Boot1 Size: 0x400000 DAXFlash - EMMC Boot2 Size: 0x400000 DAXFlash - EMMC GP1 Size: 0x0 DAXFlash - EMMC GP2 Size: 0x0 DAXFlash - EMMC GP3 Size: 0x0 DAXFlash - EMMC GP4 Size: 0x0 DAXFlash - EMMC RPMB Size: 0x1000000 DAXFlash - EMMC USER Size: 0xe8f800000 DAXFlash - HW-CODE : 0x707 DAXFlash - HWSUB-CODE : 0x8A00 DAXFlash - HW-VERSION : 0xCA00 DAXFlash - SW-VERSION : 0x0 DAXFlash - CHIP-EVOLUTION : 0x1 DAXFlash - DA-VERSION : 1.0 DAXFlash - Extensions were accepted. Jumping to extensions... DAXFlash - Boot to succeeded. DAXFlash - DA Extensions successfully added Traceback (most recent call last): File "/home/armeya/Downloads/data/mtkclient-main/./mtk.py", line 1000, in <module> mtk = Main(args).run(parser) ^^^^^^^^^^^^^^^^^^^^^^ File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/mtk_main.py", line 664, in run da_handler.handle_da_cmds(mtk, cmd, self.args) File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/DA/mtk_da_handler.py", line 755, in handle_da_cmds self.da_erase(partitions=partitions, parttype=parttype) File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/DA/mtk_da_handler.py", line 468, in da_erase res = self.mtk.daloader.detect_partition(partition, parttype) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/DA/mtk_daloader.py", line 247, in detect_partition data, guid_gpt = self.da.partition.get_gpt(self.mtk.config.gpt_settings, parttype) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/partition.py", line 112, in get_gpt data = self.readflash(addr=0, length=sectors * self.config.pagesize, filename="", ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/DA/xflash/xflash_lib.py", line 827, in readflash if self.cmd_read_data(addr=addr, size=length, storage=storage, parttype=parttype): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/armeya/Downloads/data/mtkclient-main/mtkclient/Library/DA/xflash/xflash_lib.py", line 805, in cmd_read_data param = pack("<IIQQ", storage, parttype, addr, size) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ struct.error: 'Q' format requires 0 <= number <= 18446744073709551615
Duplicate of #1152