search

bkerler / mtkclient

MTK reverse engineering and flash tool
GNU General Public License v3.0
2.71k stars 528 forks source link

[mt8168] Unlocking bootloader failed. #675

Closed bmb7 closed 1 year ago

bmb7 commented 1 year ago

No name chinese mt8168 tab, android 10.

... DAXFlash - DRAM setup passed. DAXFlash - Detected working cfg file: mt8168.bin DAXFlash - Uploading stage 2... DAXFlash - Upload data was accepted. Jumping to stage 2... DAXFlash - Successfully uploaded stage 2 DAXFlash - EMMC FWVer: 0x0 DAXFlash - EMMC ID: SCA32G DAXFlash - EMMC CID: df01185343413332471005a84054b921 DAXFlash - EMMC Boot1 Size: 0x400000 DAXFlash - EMMC Boot2 Size: 0x400000 DAXFlash - EMMC GP1 Size: 0x0 DAXFlash - EMMC GP2 Size: 0x0 DAXFlash - EMMC GP3 Size: 0x0 DAXFlash - EMMC GP4 Size: 0x0 DAXFlash - EMMC RPMB Size: 0x400000 DAXFlash - EMMC USER Size: 0x748000000 DAXFlash - HW-CODE : 0x8168 DAXFlash - HWSUB-CODE : 0x8A00 DAXFlash - HW-VERSION : 0xCB01 DAXFlash - SW-VERSION : 0x100 DAXFlash - CHIP-EVOLUTION : 0x0 DAXFlash - DA-VERSION : 1.0 DAXFlash - Upload data was accepted. Jumping to stage 2... DAXFlash - DA Extensions successfully added sej - HACC init sej - HACC run sej - HACC terminate sej - HACC init sej - HACC run sej - HACC terminate DA_handler DA_handler - [LIB]: Device has is either already unlocked or algo is unk nown. Aborting. root:mtkclient/ #

seccfg.zip preloader_tb8168p1_bsp.zip

ghost commented 1 year ago

Apparently your bootloader was never locked.

bmb7 commented 1 year ago

When i flash patched boot and vbmeta, tab goes into red state. So it is locked. I looked into seccfg, it has flag 01 - default state, obviously it means locked, otherwise it would accept patched boot.

dragonpt commented 1 year ago

Apparently your bootloader was never locked.

Yeah ...

bmb7 commented 1 year ago

Apparently your bootloader was never locked.

Yeah ...

Another smartass. fastboot getvar all b'INFO': b'max-download-size: 0x8000000' b'INFO': b'variant: ' b'INFO': b'logical-block-size: 0x200' b'INFO': b'erase-block-size: 0x0' b'INFO': b'hw-revision: 0' b'INFO': b'battery-soc-ok: yes' b'INFO': b'battery-voltage: 4120mV' ... b'INFO': b'off-mode-charge: 1' b'INFO': b'warranty: yes' b'INFO': b'unlocked: no' b'INFO': b'secure: yes' b'INFO': b'kernel: lk' b'INFO': b'product: tb8168p1_bsp' b'INFO': b'is-userspace: no' b'INFO': b'slot-count: 0' b'INFO': b'version-baseband: N/A' b'INFO': b'version-bootloader: tb8168p1_bsp-11111111111' b'INFO': b'version-preloader: 0.1.00' b'INFO': b'version: 0.5' b'OKAY': b'Done!!' b'Done!!'

bmb7 commented 1 year ago

Figured it out and fixed it.

UnitTHK commented 1 year ago

Figured it out and fixed it.

How did you fix it? I have a device that's similar but never found a fix