Open oneingan opened 1 month ago
Running HEAD version of mkt.py in my Energizer E282SC gives me this error:
HEAD
mkt.py
No patched linux:
# uname -a Linux x2100 6.10.11 #1-NixOS SMP PREEMPT_DYNAMIC Wed Sep 18 17:25:18 UTC 2024 x86_64 GNU/Linux
# python3 mkt.py printgpt Port - Device detected :) Preloader - CPU: MT6739/MT6731/MT8765() Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11002000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - CQ_DMA addr: 0x10212000 Preloader - Var1: 0xb4 Preloader - Disabling Watchdog... Preloader - HW code: 0x699 Preloader - Target config: 0x0 Preloader - SBC enabled: False Preloader - SLA enabled: False Preloader - DAA enabled: False Preloader - SWJTAG enabled: False Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: False Preloader - Mem write auth: False Preloader - Cmd 0xC8 blocked: False Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xcb00 Preloader - SW Ver: 0x2 Preloader - ME_ID: 239DA135B4495BA6D07E7CC9D4EBE832 Preloader - SOC_ID: EAADADB8B692ECB70774717461EF562C1141265C84147DCFBBA6A3B954C12326 DaHandler - Device is unprotected. DaHandler - Device is in BROM-Mode. Bypassing security. PLTools - Loading payload from mt6739_payload.bin, 0x264 bytes Exploitation - Kamakiri Run Exploitation - Done sending payload... PLTools - Successfully sent payload: /home/juanjop/mtkclient/mtkclient/payloads/mt6739_payload.bin Port - Device detected :) DaHandler DaHandler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram. Successfully extracted preloader for this device to: preloader_fise6731_kaio_m.bin DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin XFlashExt - Patching da1 ... Mtk - Patched "Patched loader msg" in preloader Mtk - Patched "hash_check" in preloader Mtk - Patched "Patched loader msg" in preloader Mtk - Patched "get_vfy_policy" in preloader XFlashExt - Patching da2 ... XFlashExt - Security check patched XFlashExt - DA version anti-rollback patched XFlashExt - SBC patched to be disabled XFlashExt - Register read/write not allowed patched DAXFlash - Successfully uploaded stage 1, jumping .. Preloader - Jumping to 0x200000 Preloader - Jumping to 0x200000: ok. DAXFlash - Successfully received DA sync DAXFlash - Sending emi data ... DAXFlash - DRAM setup passed. DAXFlash - Sending emi data succeeded. DAXFlash - Uploading stage 2... DAXFlash - Upload data was accepted. Jumping to stage 2... DAXFlash - Boot to succeeded. DAXFlash - Successfully uploaded stage 2 DAXFlash - DA SLA is disabled DAXFlash - EMMC FWVer: 0x0 DAXFlash - EMMC ID: H4G2a DAXFlash - EMMC CID: 90014a4834473261110211001014b4e1 DAXFlash - EMMC Boot1 Size: 0x400000 DAXFlash - EMMC Boot2 Size: 0x400000 DAXFlash - EMMC GP1 Size: 0x0 DAXFlash - EMMC GP2 Size: 0x0 DAXFlash - EMMC GP3 Size: 0x0 DAXFlash - EMMC GP4 Size: 0x0 DAXFlash - EMMC RPMB Size: 0x400000 DAXFlash - EMMC USER Size: 0xe9000000 DAXFlash - HW-CODE : 0x699 DAXFlash - HWSUB-CODE : 0x8A00 DAXFlash - HW-VERSION : 0xCB00 DAXFlash - SW-VERSION : 0x2 DAXFlash - CHIP-EVOLUTION : 0x1 DAXFlash - DA-VERSION : 1.0 DAXFlash - Extensions were accepted. Jumping to extensions... DAXFlash DAXFlash - [LIB]: Stage was't executed. Maybe dram issue ?. DAXFlash DAXFlash - [LIB]: DA Extensions failed to enable Traceback (most recent call last): File "/home/juanjop/mtkclient/mtk.py", line 1021, in <module> main() File "/home/juanjop/mtkclient/mtk.py", line 1017, in main mtk = Main(args).run(parser) ^^^^^^^^^^^^^^^^^^^^^^ File "/home/juanjop/mtkclient/mtkclient/Library/mtk_main.py", line 684, in run da_handler.handle_da_cmds(mtk, cmd, self.args) File "/home/juanjop/mtkclient/mtkclient/Library/DA/mtk_da_handler.py", line 703, in handle_da_cmds data, guid_gpt = mtk.daloader.get_gpt() ^^^^^^^^^^^^^^^^^^^^^^ File "/home/juanjop/mtkclient/mtkclient/Library/DA/mtk_daloader.py", line 274, in get_gpt data, guid_gpt = self.da.partition.get_gpt(self.mtk.config.gpt_settings, parttype) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/juanjop/mtkclient/mtkclient/Library/partition.py", line 70, in get_gpt data = self.readflash(addr=0, length=2 * self.config.pagesize, filename="", parttype=parttype, display=False) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/juanjop/mtkclient/mtkclient/Library/DA/xflash/xflash_lib.py", line 826, in readflash self.get_packet_length() File "/home/juanjop/mtkclient/mtkclient/Library/DA/xflash/xflash_lib.py", line 731, in get_packet_length resp = self.send_devctrl(self.Cmd.GET_PACKET_LENGTH) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/juanjop/mtkclient/mtkclient/Library/DA/xflash/xflash_lib.py", line 185, in send_devctrl status[0] = self.status() ^^^^^^^^^^^^^ File "/home/juanjop/mtkclient/mtkclient/Library/DA/xflash/xflash_lib.py", line 136, in status magic, datatype, length = unpack("<III", hdr) ^^^^^^^^^^^^^^^^^^^ struct.error: unpack requires a buffer of 12 bytes
To get into BROM mode i do UP+DOWN in the D-pad
Running
HEADversion ofmkt.pyin my Energizer E282SC gives me this error:No patched linux:
To get into BROM mode i do UP+DOWN in the D-pad