Closed azwhikaru closed 2 years ago
It should work using Linux. Windows is currently broken.
I tried to run it again in the Ubuntu you provided, but I got the same results as in Windows.
During the attempt to dump brom using mtk brute
, it always tells me we are "testing", but after quite a while still no results appear, it seems to be stuck in a loop?
If it's stuck while bruteforcing just disconnect usb and reconnect in brom mode until it successfully dumps the brom
I added the --debugmode
tag, ran brute
again, and when it tells me "Timed out" somewhere, I unplug the usb and reconnect.
This way, it does continue to run for a while, but it still ends up in a loop.
When we finished testing 0xfffc, I unplugged the usb and reconnected as prompted, but when I reconnected, it was still re-running the last test, still asking me to reconnect the usb after testing 0xfffc, and has been stuck in this loop ever since.
I think this is a problem with any mt8168 platform, I checked all issues about mt8168 and it seems that have the same problem in your mtkclient and chaosmaster's mtk-bypass (I think some part of it is also used for mtkclient?), that dump brom never succeeded.
The same problem occurs on my tab-a05-bd with mt8168. What device are you using? If it is not the same model, this is an issue with the mt8168.
I have checked your issue and it seems we are getting the same error, so I guess this is a bug that would happen with any mt8168 :-(
My device is a smart speaker made by Xiaomi and it runs Android P.
It`s a Mi smarthome screen with mt8168.
I knew it was an mt8168 problem, I rewrote the python program and modified it to try 0xfffc and beyond, but that didn't work either. It doesn't work from bootrom mode or preloader mode.
Sadly, none of the current exploits seem to be able to attack it, any generic payload will not be accepted ;-(
Does any of the devices have sbc disabled ?
It also can be that kamakiri2 doesn't work. Using a patched kernel you could also try brute with kamakiri which should work fine unless the device has been patched.
How to use kamakiri for brute testing? As far as we know, aonet-kamakiri/kamakiri is not working either, it still looks like the payload is not working.
SBC in the Xiaomi smarthome screen is enabled. These days I and my friend had use the kamakiri for testing, but it still doesn`t work
It seems that the payload.bin can`t be use in the progress
As said above, it does work. But in order to see what is causing the issue, the device needs to have sbc disabled (no daa enabled). It doesn't make sense to just try using kamakiri because I haven't adapted it yet, for that I need a bootrom dump first.
double of issue #262
Can't work on mt8168, seems its a newer and rarer one. . . Still I hope we can find something in these logs and my preloader.bin. . .?
log_debugmode.txt log.txt preloader.zip