Closed team-orangeBlue closed 7 months ago
can you send your gpt ?
can you send your gpt ?
Failed with same error Windows 10 1809 x64, AMD based
[START] C:\Users\OBGuy\mtkclient>python mtk printgpt --preloader=F:\Android\Samsung\fw\SM-T220\SER\FIRMWARE_UNPACKED\preloader_ot8.bin MTK Flash/Exploit Client V1.57 (c) B.Kerler 2018-2022
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Hint:
Power off the phone before connecting. For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb. For preloader mode, don't press any hw button and connect usb.
.......Port - Device detected :)
Preloader - CPU: MT6765/MT8768t(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: 9BA7CBD574A9DE763322CE25A76C2144
Preloader - SOC_ID: 28806D9EF9ABE22D189B2705A2E9681863B88E2F6C7E8E4B75276426C1A3508F
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: C:\Users\OBGuy\mtkclient\mtkclient\payloads\mt6765_payload.bin
Port - Device detected :)
DA_handler - Device is protected.
DA_handler - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading xflash stage 1 from MTK_AllInOne_DA_5.2152.bin
xflashext - Patching da2 ...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - DRAM config needed for : 1501005250363441
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DAXFlash - Successfully uploaded stage 2
DAXFlash - EMMC FWVer: 0x0
DAXFlash - EMMC ID: RP64AB
DAXFlash - EMMC CID: 150100525036344142009b34cc4098c9
DAXFlash - EMMC Boot1 Size: 0x400000
DAXFlash - EMMC Boot2 Size: 0x400000
DAXFlash - EMMC GP1 Size: 0x0
DAXFlash - EMMC GP2 Size: 0x0
DAXFlash - EMMC GP3 Size: 0x0
DAXFlash - EMMC GP4 Size: 0x0
DAXFlash - EMMC RPMB Size: 0x1000000
DAXFlash - EMMC USER Size: 0xe8f800000
DAXFlash - HW-CODE : 0x766
DAXFlash - HWSUB-CODE : 0x8A00
DAXFlash - HW-VERSION : 0xCA00
DAXFlash - SW-VERSION : 0x0
DAXFlash - CHIP-EVOLUTION : 0x0
DAXFlash - DA-VERSION : 1.0
DAXFlash - Upload data was accepted. Jumping to stage 2...
DAXFlash - DA Extensions successfully added
Traceback (most recent call last):
File "C:\Users\OBGuy\mtkclient\mtk", line 740, in
C:\Users\OBGuy\mtkclient> [END]
so someone has a solution for this problem
Hi!
So I had this same experience with unbricking my Redmi 9 (cattail) (Indian Variant), probably because of my pc shutting down while installing the stock rom. With this, I had my SP Flash Tool stuck at Download DA 100%
. I totally thought my device is completely dead.
A few days later, I came across this post - https://www.hovatek.com/blog/my-experience-unbricking-a-dead-boot-lg-stylo-6/, where the OP ran python mtk plstage --preloader=<preloader_for_your_device>
to fix the dead boot. I ran the same command, and fortunately, my device displayed something! It was a empty battery icon. I quickly plugged in the charger and waited for another 10 mins. I ran the same command, and my device vibrated! It went to the stock MI recovery. I did a quick factory reset but still the phone didnt boot to system. Thankfully, the device was booting to fastboot mode and I was able to flash the stock rom back to my device ^-^
Issue closed.
PGPT was damaged. We're good now, guys. My skills never gave me up.
How-to? TLDR: Do anything, I do not know, to just get SP flashtool to flash your device. As much as possible. It should rebuild the GPT. After which the device should boot again.
Then just flash all partitions and probably lk
too, to get somewhere.
Using MT8768 device - Samsung Galaxy Tab A7 lite (requires custom preloader preloader_ot8.zip - running without preloader argument will fail on EMI data send)
Log written below. Attempted on Windows 7 + Ubuntu 20 machines [START] root@obguy-MacBookPro:/home/obguy/mtkclient# python3 mtk da seccfg lock --preloader='/media/obguy/Phone data/Android/Samsung/fw/SM-T220/SER/FIRMWARE_UNPACKED/preloader_ot8.bin' MTK Flash/Exploit Client V1.57 (c) B.Kerler 2018-2022
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Hint:
Power off the phone before connecting. For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb. For preloader mode, don't press any hw button and connect usb.
....Port - Device detected :) Preloader - CPU: MT6765/MT8768t(Helio P35/G35) Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11002000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - CQ_DMA addr: 0x10212000 Preloader - Var1: 0x25 Preloader - Disabling Watchdog... Preloader - HW code: 0x766 Preloader - Target config: 0xe5 Preloader - SBC enabled: True Preloader - SLA enabled: False Preloader - DAA enabled: True Preloader - SWJTAG enabled: True Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: True Preloader - Mem write auth: True Preloader - Cmd 0xC8 blocked: True Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xca00 Preloader - SW Ver: 0x0 Preloader - ME_ID: 9BA7CBD574A9DE763322CE25A76C2144 Preloader - SOC_ID: 28806D9EF9ABE22D189B2705A2E9681863B88E2F6C7E8E4B75276426C1A3508F PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes PLTools - Kamakiri / DA Run Kamakiri - Trying kamakiri2.. Kamakiri - Done sending payload... PLTools - Successfully sent payload: /home/obguy/mtkclient/mtkclient/payloads/mt6765_payload.bin Port - Device detected :) DA_handler - Device is protected. DA_handler - Device is in BROM mode. Trying to dump preloader. DAXFlash - Uploading xflash stage 1 from MTK_AllInOne_DA_5.2152.bin xflashext - Patching da2 ... DAXFlash - Successfully uploaded stage 1, jumping .. Preloader - Jumping to 0x200000 Preloader - Jumping to 0x200000: ok. DAXFlash - Successfully received DA sync DAXFlash - DRAM config needed for : 1501005250363441 DAXFlash - Sending emi data ... DAXFlash - DRAM setup passed. DAXFlash - Sending emi data succeeded. DAXFlash - Uploading stage 2... DAXFlash - Upload data was accepted. Jumping to stage 2... DAXFlash - Successfully uploaded stage 2 DAXFlash - EMMC FWVer: 0x0 DAXFlash - EMMC ID: RP64AB DAXFlash - EMMC CID: 150100525036344142009b34cc4098c9 DAXFlash - EMMC Boot1 Size: 0x400000 DAXFlash - EMMC Boot2 Size: 0x400000 DAXFlash - EMMC GP1 Size: 0x0 DAXFlash - EMMC GP2 Size: 0x0 DAXFlash - EMMC GP3 Size: 0x0 DAXFlash - EMMC GP4 Size: 0x0 DAXFlash - EMMC RPMB Size: 0x1000000 DAXFlash - EMMC USER Size: 0xe8f800000 DAXFlash - HW-CODE : 0x766 DAXFlash - HWSUB-CODE : 0x8A00 DAXFlash - HW-VERSION : 0xCA00 DAXFlash - SW-VERSION : 0x0 DAXFlash - CHIP-EVOLUTION : 0x0 DAXFlash - DA-VERSION : 1.0 DAXFlash - Upload data was accepted. Jumping to stage 2... DAXFlash - DA Extensions successfully added Traceback (most recent call last): File "mtk", line 740, in
mtk = Main(args).run()
File "/home/obguy/mtkclient/mtkclient/Library/mtk_main.py", line 558, in run
da_handler.handle_da_cmds(mtk, cmd, self.args)
File "/home/obguy/mtkclient/mtkclient/Library/mtk_da_cmd.py", line 719, in handle_da_cmds
v = mtk.daloader.seccfg(args.flag)
File "/home/obguy/mtkclient/mtkclient/Library/mtk_daloader.py", line 244, in seccfg
return self.xft.seccfg(lockflag)
File "/home/obguy/mtkclient/mtkclient/Library/xflash_ext.py", line 500, in seccfg
data, guid_gpt = self.xflash.partition.get_gpt(self.mtk.config.gpt_settings, "user")
File "/home/obguy/mtkclient/mtkclient/Library/partition.py", line 47, in get_gpt
data = self.readflash(addr=0, length=sectors * self.config.pagesize, filename="",
File "/home/obguy/mtkclient/mtkclient/Library/mtk_daxflash.py", line 841, in readflash
if self.cmd_read_data(addr=addr, size=length, storage=storage, parttype=parttype):
File "/home/obguy/mtkclient/mtkclient/Library/mtk_daxflash.py", line 822, in cmd_read_data
param = pack("<IIQQ", storage, parttype, addr, size)
struct.error: argument out of range
[END]