search

bkerler / mtkclient

MTK reverse engineering and flash tool
GNU General Public License v3.0
2.71k stars 528 forks source link

--auth on bypass daa #1147

Closed Hackatoan closed 2 months ago

Hackatoan commented 3 months ago

Hey im trying to flash my nothing 2a phone, it has DAA so i tried the bypass but im getting an auth error. not sure if this matters but the state of my phone is it doesnt turn the screen on at all right now but it is connecting to my computer i just got reccommended to try this

this is the cmd line that was output after running the gui and it connected


Preloader -     CPU:                    MT6886(Dimensity 7200 Ultra)
Preloader -     HW version:             0x0
Preloader -     WDT:                    0x1c007000
Preloader -     Uart:                   0x11002000
Preloader -     Brom payload addr:      0x100a00
Preloader -     DA payload addr:        0x2001000
Preloader -     CQ_DMA addr:            0x10212000
Preloader -     Var1:                   0xa
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x1229
Preloader - Target config:              0xe5
Preloader -     SBC enabled:            True
Preloader -     SLA enabled:            False
Preloader -     DAA enabled:            True
Preloader -     SWJTAG enabled:         True
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required:     False
Preloader -     Mem read auth:          True
Preloader -     Mem write auth:         True
Preloader -     Cmd 0xC8 blocked:       True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:             0x8a00
Preloader -     HW Ver:                 0xca01
Preloader -     SW Ver:                 0x1
Preloader - ME_ID:                      36399B1ADACB2CA01082232EBA5E8426
Preloader
Preloader - [LIB]: upload_data failed with error: DAA_Security_Error (0x7017)
Preloader
Preloader - [LIB]: Error on uploading da data
None

so i tried running python mtk.py payload and i get

PS C:\Users\Hackatoa\mtkclient> python mtk.py payload
MTK Flash/Exploit Client Public V2.0.1 (c) B.Kerler 2018-2024

Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode
Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
Port - Device detected :)
Preloader -     CPU:                    MT6886(Dimensity 7200 Ultra)
Preloader -     HW version:             0x0
Preloader -     WDT:                    0x1c007000
Preloader -     Uart:                   0x11002000
Preloader -     Brom payload addr:      0x100a00
Preloader -     DA payload addr:        0x2001000
Preloader -     CQ_DMA addr:            0x10212000
Preloader -     Var1:                   0xa
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x1229
Preloader - Target config:              0xe5
Preloader -     SBC enabled:            True
Preloader -     SLA enabled:            False
Preloader -     DAA enabled:            True
Preloader -     SWJTAG enabled:         True
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required:     False
Preloader -     Mem read auth:          True
Preloader -     Mem write auth:         True
Preloader -     Cmd 0xC8 blocked:       True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:             0x8a00
Preloader -     HW Ver:                 0xca01
Preloader -     SW Ver:                 0x1
Preloader - ME_ID:                      36399B1ADACB2CA01082232EBA5E8426
Preloader
Preloader - [LIB]: Auth file is required. Use --auth option.
PLTools - Loading payload from generic_patcher_payload.bin, 0x538 bytes
Exploitation - Kamakiri Run
Exploitation
Exploitation - [LIB]: Error on sending payload.
PLTools
PLTools - [LIB]: Error on sending payload: C:\Users\Hackatoa\mtkclient\mtkclient\payloads\generic_patcher_payload.bin
Traceback (most recent call last):
  File "C:\Users\Hackatoa\mtkclient\mtk.py", line 1000, in <module>
    mtk = Main(args).run(parser)
          ^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\Hackatoa\mtkclient\mtkclient\Library\mtk_main.py", line 630, in run
    self.cmd_payload(mtk=mtk, payloadfile=payloadfile)
  File "C:\Users\Hackatoa\mtkclient\mtkclient\Library\mtk_main.py", line 691, in cmd_payload
    plt.runpayload(filename=payloadfile)
  File "C:\Users\Hackatoa\mtkclient\mtkclient\Library\pltools.py", line 104, in runpayload
    self.error(f"Error, payload answered instead: {hexlify(ack).decode('utf-8')}")
                                                   ^^^^^^^^^^^^
TypeError: a bytes-like object is required, not 'int'
PS C:\Users\Hackatoa\mtkclient>

i see that im suppose to use --auth but i have no idea what im suppose to put for it.

im using windows 11 btw

Michelestr commented 2 months ago

I'm in the same situation when I put python mtk.py payload, I want to get my nothing phone 2a out of brom mode, but I haven't been able to because of that error

Port - Device detected :) Preloader - CPU: MT6886(Dimensity 7200 Ultra) Preloader - HW version: 0x0 Preloader - WDT: 0x1c007000 Preloader - Uart: 0x11002000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x2001000 Preloader - CQ_DMA addr: 0x10212000 Preloader - Var1: 0xa Preloader - Disabling Watchdog... Preloader - HW code: 0x1229 Preloader - Target config: 0xe5 Preloader - SBC enabled: True Preloader - SLA enabled: False Preloader - DAA enabled: True Preloader - SWJTAG enabled: True Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: True Preloader - Mem write auth: True Preloader - Cmd 0xC8 blocked: True Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xca01 Preloader - SW Ver: 0x1 Preloader - ME_ID: ED0F775B2DA7776932731B8C7A793414 Preloader Preloader - [LIB]: ←[33mAuth file is required. Use --auth option.←[0m PLTools - Loading payload from generic_patcher_payload.bin, 0x538 bytes Exploitation - Kamakiri Run Exploitation Exploitation - [LIB]: ←[31mError on sending payload.←[0m PLTools PLTools - [LIB]: ←[31mError on sending payload: C:\Users\HP\Desktop\MTK CLIENT\mtkclient-main\mtkclient\payloads\generic_patcher_payload.bin←[0m Traceback (most recent call last): File "C:\Users\HP\Desktop\MTK CLIENT\mtkclient-main\mtk.py", line 1000, in mtk = Main(args).run(parser) ^^^^^^^^^^^^^^^^^^^^^^ File "C:\Users\HP\Desktop\MTK CLIENT\mtkclient-main\mtkclient\Library\mtk_main.py", line 630, in run self.cmd_payload(mtk=mtk, payloadfile=payloadfile) File "C:\Users\HP\Desktop\MTK CLIENT\mtkclient-main\mtkclient\Library\mtk_main.py", line 691, in cmd_payload plt.runpayload(filename=payloadfile) File "C:\Users\HP\Desktop\MTK CLIENT\mtkclient-main\mtkclient\Library\pltools.py", line 104, in runpayload self.error(f"Error, payload answered instead: {hexlify(ack).decode('utf-8')}") ^^^^^^^^^^^^ TypeError: a bytes-like object is required, not 'int'

Michelestr commented 2 months ago

Por fin pude revivir mi nothing phone 2a, tengo la solucion si quieres puedo compartirte como lo logre para que revivas tu 2a

Hackatoan commented 2 months ago

Por fin pude revivir mi nothing phone 2a, tengo la solucion si quieres puedo compartirte como lo logre para que revivas tu 2a

Por favor me gustaría escuchar su solución.

Michelestr commented 2 months ago

Algún medio por el cual te pueda decir los pasos?

bkerler commented 2 months ago

You need to provide a proper da loader and .auth file for this specific device.