search

bkerler / mtkclient

MTK reverse engineering and flash tool
GNU General Public License v3.0
2.73k stars 529 forks source link

Error trying to flash corot device (Xiaomi 13T Pro - MT6985) #1293

Open yfaykya opened 2 days ago

yfaykya commented 2 days ago

python mtk.py w --auth ../Downloads/auth_sv6.auth --preloader ../extract_android_ota_payload/images/preloader_raw.img boot_a ../extract_android_ota_payload/images/boot.img MTK Flash/Exploit Client Public V2.0.1 (c) B.Kerler 2018-2024

ArgHandler - O:Var1: 0x0 Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode ^[[A Port - Device detected :) Preloader - CPU: MT6985(Dimensity 9200/9200+) Preloader - HW version: 0x0 Preloader - WDT: 0x1c007000 Preloader - Uart: 0x1c011000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - Var1: 0xa Preloader - Disabling Watchdog... Preloader - HW code: 0x1296 Preloader - Target config: 0xe7 Preloader - SBC enabled: True Preloader - SLA enabled: True Preloader - DAA enabled: True Preloader - SWJTAG enabled: True Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: True Preloader - Mem write auth: True Preloader - Cmd 0xC8 blocked: True Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xca02 Preloader - SW Ver: 0x0 Preloader - ME_ID: 89F71B5605F8A15F50A8443B74EFAA93 Preloader - SOC_ID: 14F887457F769EDE93E9B19413A921C31980487E525729E677337376C5262770 Traceback (most recent call last): File "/home/osulliv/Downloads/PhoneFW/mtkclient/mtk.py", line 1021, in main() File "/home/osulliv/Downloads/PhoneFW/mtkclient/mtk.py", line 1017, in main mtk = Main(args).run(parser) ^^^^^^^^^^^^^^^^^^^^^^ File "/home/osulliv/Downloads/PhoneFW/mtkclient/mtkclient/Library/mtk_main.py", line 682, in run mtk = da_handler.configure_da(mtk, preloader) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/osulliv/Downloads/PhoneFW/mtkclient/mtkclient/Library/DA/mtk_da_handler.py", line 90, in configure_da mtk.preloader.init() File "/home/osulliv/Downloads/PhoneFW/mtkclient/mtkclient/Library/mtk_preloader.py", line 256, in init self.handle_sla(func=None, isbrom=self.config.is_brom) File "/home/osulliv/Downloads/PhoneFW/mtkclient/mtkclient/Library/mtk_preloader.py", line 676, in handle_sla response = generate_brom_sla_challenge(data=challenge, d=n, e=d) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/osulliv/Downloads/PhoneFW/mtkclient/mtkclient/Library/Auth/sla.py", line 26, in generate_brom_sla_challenge d = bytes_to_long(bytes.fromhex(d)) ^^^^^^^^^^^^^^^^ TypeError: fromhex() argument must be str, not int

yfaykya commented 2 days ago

I noticed in the keys (mtkclient/mtkclient/Library/Auth/sla_keys.py) that a string was commented out after e n and d are set as ints so I set to the strings and got : 

Preloader - SOC_ID:         14F887457F769EDE93E9B19413A921C31980487E525729E677337376C5262770
Using IMG_AUTH_KEY.ini
DeviceClass
DeviceClass - [LIB]: USB Overflow
Preloader
Preloader - [LIB]: Send auth error:NO_AUTH_NEEDED (0x1d0c)
DaHandler - Device is protected.
DaHandler - Device is in BROM-Mode. Bypassing security.
DAXML - Uploading xflash stage 1 from MTK_DA_V6.bin
Preloader
Preloader - [LIB]: Error on DA_Send cmd
DAXML
DAXML - [LIB]: Error on sending DA.