MT6789 da2 patching results in TypeError / Support for newer V6 / bootrom patched based devices (MT68xx/MT69xx)

[JamiKettunen]

I see https://github.com/bkerler/mtkclient/commit/81694c4aae9af5190e9ea1d037e727bf1f7dbe5a at least may be relevant, I ran mtkclient from commit 4549fdc3963ad71a04ebe55c79dd3ccca8eae397. Let me know if I can help in any way. The device is a Gigaset GX4

$ mtk printgpt
MTK Flash/Exploit Client V1.6.3 (c) B.Kerler 2018-2023

Preloader - Status: Waiting for PreLoader VCOM, please connect mobile

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.

Port - Device detected :)
Preloader -     CPU:            MT6789(MTK Helio G99)
Preloader -     HW version:     0x0
Preloader -     WDT:            0x10007000
Preloader -     Uart:           0x11002000
Preloader -     Brom payload addr:  0x100a00
Preloader -     DA payload addr:    0x201000
Preloader -     Var1:           0xa
Preloader - Disabling Watchdog...
Preloader - HW code:            0x1208
Preloader - Target config:      0x0
Preloader -     SBC enabled:        False
Preloader -     SLA enabled:        False
Preloader -     DAA enabled:        False
Preloader -     SWJTAG enabled:     False
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required: False
Preloader -     Mem read auth:      False
Preloader -     Mem write auth:     False
Preloader -     Cmd 0xC8 blocked:   False
Preloader - Get Target info
Preloader -     HW subcode:     0x8a00
Preloader -     HW Ver:         0xca00
Preloader -     SW Ver:         0x0
DA_handler - Device is unprotected.
DA_handler - Device is in Preloader-Mode :(
DAXFlash - Uploading xflash stage 1 from MTK_AllInOne_DA_mt6789.bin
xflashext - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
xflashext
xflashext - [LIB]: Error on patching da1 version check...
Mtk - Patched "Patched loader msg" in preloader
xflashext - Patching da2 ...
Traceback (most recent call last):
  File "/usr/bin/mtk", line 855, in <module>
    mtk = Main(args).run(parser)
          ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/mtkclient/Library/mtk_main.py", line 635, in run
    mtk = da_handler.configure_da(mtk, preloader)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/mtkclient/Library/mtk_da_cmd.py", line 119, in configure_da
    if not mtk.daloader.upload_da(preloader=preloader):
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/mtkclient/Library/mtk_daloader.py", line 211, in upload_da
    return self.da.upload_da()
           ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/mtkclient/Library/mtk_daxflash.py", line 1170, in upload_da
    if self.upload():
       ^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/mtkclient/Library/mtk_daxflash.py", line 1092, in upload
    da2 = self.xft.patch_da2(da2)
          ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/mtkclient/Library/xflash_ext.py", line 193, in patch_da2
    da2patched[is_security_enabled:is_security_enabled + 2] = b"\x00\x23"
                                   ~~~~~~~~~~~~~~~~~~~~^~~
TypeError: unsupported operand type(s) for +: 'NoneType' and 'int'

[ryenyuku]

Wait that was a different thing, let me try this one Update: it's a paid tool and the pricing is around 12 euro for me

[hopez13]

@bkerler https://forum.gsmhosting.com/vbb/f898/05-07-2021-all-mtk-dimensity-cpu-supported-bypass-daa-sla-auth-2978698/

[bkerler]

Maybe you should ask them to open source their solution 😆

[Shakib-BD]

@bkerler https://forum.gsmhosting.com/vbb/f898/05-07-2021-all-mtk-dimensity-cpu-supported-bypass-daa-sla-auth-2978698/

I'm waiting for support mt6789 :(

[bkerler]

That's a great idea, let's all wait for it. Maybe it will be magically supported ;)

[BorneQuantique]

Hi guys, how have you been?

On what date will we be able to unlock our MT6789 Auth Bypass for Infinix?. Is the solution still a long way off?

[hopez13]

[Shakib-BD]

Can we hope? :'(

[bkerler]

Without a brom exploit, there is no way to bypass sla. And there is currently no such exploit available for newer chipsets

[hopez13]

@bkerler if you have mt6789's brom dump then please share here

[drodge1]

help me if there is any bypass pro poco m5 mt6789 i need help i've been having this problem for about 2 months

[Shakib-BD]

help me if there is any bypass pro poco m5 mt6789 i need help i've been having this problem for about 2 months

Did you tried auth flash?

[hopez13]

Without a brom exploit, there is no way to bypass sla. And there is currently no such exploit available for newer chipsets

but first we need brom dump in order to analyse it following info would be very helpful for analysis: base address of brom , address range of sram , offset of reset vector or entry point or startup ( most probably will be 0x0 or 0x4 )

architecture of binary i think would still be armv7a instead of being armv8a also bindiff with unpatched Brom will be very handy

[Arsetha]

help me if there is any bypass pro poco m5 mt6789 i need help i've been having this problem for about 2 months

Did you tried auth flash?

Reach out to me, we're gonna try something impossible or possible, we're gonna try using tecno's auth for your redmi 11 prime, maybe it will work🤔 check your tg I have contacted you

[hopez13]

@bkerler bro did they fix it ?? 👀

[BorneQuantique]

help me if there is any bypass pro poco m5 mt6789 i need help i've been having this problem for about 2 months

I have 1 year with my Infinix Note 12 Pro 4G X676B MT6789 damaged.

[Shinwa69]

help me if there is any bypass pro poco m5 mt6789 i need help i've been having this problem for about 2 months

Did you tried auth flash?

Reach out to me, we're gonna try something impossible or possible, we're gonna try using tecno's auth for your redmi 11 prime, maybe it will work🤔 check your tg I have contacted you

Can you share the tecno auth for me as well? I need auth file for tecno pova 4 (if the auth file is working for pova 4)

[Shinwa69]

help me if there is any bypass pro poco m5 mt6789 i need help i've been having this problem for about 2 months

I have 1 year with my Infinix Note 12 Pro 4G X676B MT6789 damaged.

I think Auth file for infinix and tecno is the same if we get the auth file for one of each we can try to auth flash with it

[hopez13]

Without a brom exploit, there is no way to bypass sla. And there is currently no such exploit available for newer chipsets

but first we need brom dump in order to analyse it following info would be very helpful: base address of brom address range of sram offset of reset vector or entry point or startup ( most probably will be 0x0 or 0x4 )

architecture of binary i think would still be armv7a instead of being armv8a also bindiff with unpatched Brom will be very handy

ok so mostly probably these would be base addresses brom: 0x00000000 sram: 0x00100000 l2_sram: 0x00200000

[BorneQuantique]

Greetings.

I want to learn to program to fix cell phones. What programming language do you recommend? Would Python be used to fix cell phone software?

[seedmonn]

Hello, guys. Can you give me advice how to unbrick my Infinix Note 13 (X6833B). Phone is in bootloop state, and I cannot access adb and fastboot to flash it. Mtkclient show this when i try to turn on phone when +lvl button is press:

Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Preloader
Preloader - [LIB]: ←[31mStatus: Handshake failed, retrying...←[0m
Preloader -     CPU:                    MT6789(MTK Helio G99)
Preloader -     HW version:             0x0
Preloader -     WDT:                    0x10007000
Preloader -     Uart:                   0x11002000
Preloader -     Brom payload addr:      0x100a00
Preloader -     DA payload addr:        0x201000
Preloader -     Var1:                   0xa
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x1208
Preloader - Target config:              0xe5
Preloader -     SBC enabled:            True
Preloader -     SLA enabled:            False
Preloader -     DAA enabled:            True
Preloader -     SWJTAG enabled:         True
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required:     False
Preloader -     Mem read auth:          True
Preloader -     Mem write auth:         True
Preloader -     Cmd 0xC8 blocked:       True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:             0x8a00
Preloader -     HW Ver:                 0xca00
Preloader -     SW Ver:                 0x0
Preloader - ME_ID:                      DECDAC9E5681D8EDE36C05C2411DA953
None

before brick state i did twrp full-backup (there was a cheris os), and i have a lot of .emmc.win, ext4.win, .ext4.win files, can i use them to restore my phone? P.S. if anyone have auth file, can u please share to telegram: @seedmonn, techo auth file would be also appreciated.

[Shakib-BD]

Hello, guys. Can you give me advice how to unbrick my Infinix Note 13 (X6833B). Phone is bootloop state, cannot access adb and fastboot to flash it. Mtkclient show this when i try to turn on phone when +lvl button is press:

================================Waiting for USB Device============================================
Preloader - [LIB]: �[31mStatus: Handshake failed, retrying...�[0m
Device detected >
>>>> CPU:         ()
>>>> HW version:      0x0
>>>> WDT:         0x10007000
>>>> Uart:            0x11002000
>>>> SBC enabled:     True
>>>> SLA enabled:     False
>>>> DAA enabled:     True
>>>> Mem read auth:       True
>>>> Mem write auth:      True
>>>> HW Ver:          0xca00
>>>> SW Ver:          0x0
>>>> Disable Auth: TypeError: 'NoneType' object is not subscriptable
TypeError: 'NoneType' object is not subscriptable

before brick state i did twrp full-backup (there was a cheris os), and i have a lot of .emmc.win, ext4.win, .ext4.win files, can i use them to restore my phone? P.S. if anyone have auth file, can u please share to telegram: @seedmonn, techo auth file would be also appreciated.

He is my telegram friend. You can pm him to get help for now. @aar1su

[drodge1]

Did you find any method to bypass authentication?

[Shakib-BD]

Did you find any method to bypass authentication?

Yes. Finally I unbricked my Redmi 11 Prime 4G (Rock-MT6789-G99)

[Shinwa69]

Did you find any method to bypass authentication?

Yes. Finally I unbricked my Redmi 11 Prime 4G (Rock-MT6789-G99)

Would you mind helping me as well?

[BorneQuantique]

Did you find any method to bypass authentication?

Yes. Finally I unbricked my Redmi 11 Prime 4G (Rock-MT6789-G99)

Hello. Does your process work for Infinix MT6789 to authenticate the flash?

[embzhezh]

Did you find any method to bypass authentication?

Yes. Finally I unbricked my Redmi 11 Prime 4G (Rock-MT6789-G99)

how did you do it? Through what program and where did you get what you were looking for? or how did you get around? I don’t particularly understand the topic of bricks, but I’m very interested in how you restored it? people can't find exploits already a year.

[seedmonn]

Did you find any method to bypass authentication?

Yes. Finally I unbricked my Redmi 11 Prime 4G (Rock-MT6789-G99)

how did you do it? Through what program and where did you get what you were looking for? or how did you get around? I don’t particularly understand the topic of bricks, but I’m very interested in how you restored it? people can't find exploits already a year.

https://androidmultitool.com/

It's paid solution. It is flashing with authfile w/ proprietary soft.

[Shakib-BD]

Did you find any method to bypass authentication?

Yes. Finally I unbricked my Redmi 11 Prime 4G (Rock-MT6789-G99)

Would you mind helping me as well?

PM at TG // @Shakib_BD

[Shakib-BD]

Did you find any method to bypass authentication?

Yes. Finally I unbricked my Redmi 11 Prime 4G (Rock-MT6789-G99)

how did you do it? Through what program and where did you get what you were looking for? or how did you get around? I don’t particularly understand the topic of bricks, but I’m very interested in how you restored it? people can't find exploits already a year.

If it's Xiaomi device, Poco M5/Redmi 11 Prime (Rock) Then PM me @Shakib_BD

[drodge1]

help me how to remove the hardbrick from the poco m5

[Shakib-BD]

help me how to remove the hardbrick from the poco m5

For now. there's no working tool (Free). Except Xiaomi authorize Flash (Paid)

[drodge1]

help me how to remove the hardbrick from the poco m5

For now. there's no working tool (Free). Except Xiaomi authorize Flash (Paid)

Which method did you use to unlock mt6789?

[Shakib-BD]

help me how to remove the hardbrick from the poco m5

For now. there's no working tool (Free). Except Xiaomi authorize Flash (Paid)

Which method did you use to unlock mt6789?

unlock bootloader? i used mi unlock tool. for unbrick mt6789 xioami. i bought mi auth to fix it.

[3shcodes]

hey @bkerler, ur doing a great work just wanted to ask if there is any updates on this if the payload will be available in any time soon i wouldnt pay for fix thanks in advance

[bkerler]

It's still being worked on. There are still issues I'm trying to figure out

[Shakib-BD]

It's still being worked on. There are still issues I'm trying to figure out

please help for fix poco m5 hard bricked

Lel. He already said that he's working on it. We can't do anything now. For now, only one way is mi auth flash.

[mkwiimaster7]

It's still being worked on. There are still issues I'm trying to figure out

Is there a discord for mtkclient development? Gonna keep my eye on this for sure

[Shakib-BD]

auth fash not working in my phone 4 time try failed … On Mon, 27 Nov 2023 at 15:58, Ackermann @.> wrote: It's still being worked on. There are still issues I'm trying to figure out Is there a discord for mtkclient development? Gonna keep my eye on this for sure — Reply to this email directly, view it on GitHub <#758 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD77YVKTKF6J4LCL5FOCAILYGUSKHAVCNFSM6AAAAAA3VDJ5A6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRYHAZDQNBUGE . You are receiving this because you commented.Message ID: @.>

There's reason of failed. Auth flash has rules while flash. Your PC+USB cable has problems.

[Shakib-BD]

no all is working other device flashing but my device not flashing ‪On Tue, 28 Nov 2023 at 17:23, ‫شَکِیْب | Shakib‬‎ @.> wrote:‬ … auth fash not working in my phone 4 time try failed … <#m-7543972966567226756> On Mon, 27 Nov 2023 at 15:58, Ackermann @.> wrote: It's still being worked on. There are still issues I'm trying to figure out Is there a discord for mtkclient development? Gonna keep my eye on this for sure — Reply to this email directly, view it on GitHub <#758 (comment) <#758 (comment)>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD77YVKTKF6J4LCL5FOCAILYGUSKHAVCNFSM6AAA AAA3VDJ5A6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRYHAZDQNBUGE https://github.com/notifications/unsubscribe-auth/BD77YVKTKF6J4LCL5FOCAILYGUSKHAVCNFSM6AAAAAA3VDJ5A6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRYHAZDQNBUGE . You are receiving this because you commented.Message ID: @.> There's reason of failed. Auth flash has rules while flash. Your PC+USB cable has problems. — Reply to this email directly, view it on GitHub <#758 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD77YVMLAZX6PXD43RPCW5DYGXEJRAVCNFSM6AAAAAA3VDJ5A6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRZGY2TCOBXGY . You are receiving this because you commented.Message ID: @.>

[BorneQuantique]

no all is working other device flashing but my device not flashing ‪On Tue, 28 Nov 2023 at 17:23, ‫شَکِیْب | Shakib‬‎ @.__> wrote:‬ … auth fash not working in my phone 4 time try failed … <#m-7543972966567226756> On Mon, 27 Nov 2023 at 15:58, Ackermann @.> wrote: It's still being worked on. There are still issues I'm trying to figure out Is there a discord for mtkclient development? Gonna keep my eye on this for sure — Reply to this email directly, view it on GitHub <#758 (comment) <#758 (comment)>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD77YVKTKF6J4LCL5FOCAILYGUSKHAVCNFSM6AAA AAA3VDJ5A6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRYHAZDQNBUGE https://github.com/notifications/unsubscribe-auth/BD77YVKTKF6J4LCL5FOCAILYGUSKHAVCNFSM6AAAAAA3VDJ5A6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRYHAZDQNBUGE . You are receiving this because you commented.Message ID: @._> There's reason of failed. Auth flash has rules while flash. Your PC+USB cable has problems. — Reply to this email directly, view it on GitHub <[#758 (comment)](#758 (comment) omment-1829651876)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD77YVMLAZX6PXD43RPCW5DYGXEJRAVCNFSM6AAAAAA3VDJ5A6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRZGY2TCOBXGY . You are receiving this because you commented.Message ID: @._**>

I still have my Infinix Note 12 Pro 4G MT6789 for more than a year without auth bypass :(

[Arsetha]

no all is working other device flashing but my device not flashing ‪On Tue, 28 Nov 2023 at 17:23, ‫شَکِیْب | Shakib‬‎ @.__> wrote:‬ … auth fash not working in my phone 4 time try failed … <#m-7543972966567226756> On Mon, 27 Nov 2023 at 15:58, Ackermann @.> wrote: It's still being worked on. There are still issues I'm trying to figure out Is there a discord for mtkclient development? Gonna keep my eye on this for sure — Reply to this email directly, view it on GitHub <#758 (comment) <#758 (comment)>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD77YVKTKF6J4LCL5FOCAILYGUSKHAVCNFSM6AAA AAA3VDJ5A6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRYHAZDQNBUGE https://github.com/notifications/unsubscribe-auth/BD77YVKTKF6J4LCL5FOCAILYGUSKHAVCNFSM6AAAAAA3VDJ5A6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRYHAZDQNBUGE . You are receiving this because you commented.Message ID: @._> There's reason of failed. Auth flash has rules while flash. Your PC+USB cable has problems. — Reply to this email directly, view it on GitHub <[#758 (comment)](#758 (comment) omment-1829651876)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD77YVMLAZX6PXD43RPCW5DYGXEJRAVCNFSM6AAAAAA3VDJ5A6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRZGY2TCOBXGY . You are receiving this because you commented.Message ID: @._**>

I still have my Infinix Note 12 Pro 4G MT6789 for more than a year without auth bypass :(

People's fault for messing with their phones🗿

[Shakib-BD]

lol. it's paid, mi auth flash. you can't do it yourself. @bikesh1122

[Shakib-BD]

You already know me. I'm Shakib. My Telegram is https://t.me/David.Nill @bikesh1122

[bkerler]

As for the current status: read/write flash is working fine with v6. currently implementing payloads for dumping ufs/rpmb. Seems carbonara got patched recently, so make sure not to update your phones (patch was distributed in october I was told).

[mkwiimaster7]

As for the current status: read/write flash is working fine with v6. currently implementing payloads for dumping ufs/rpmb. Seems carbonara got patched recently, so make sure not to update your phones (patch was distributed in october I was told).

Is there a pre-release version we could try? read/write flash is all i need 🙏🏽

[BorneQuantique]

As for the current status: read/write flash is working fine with v6. currently implementing payloads for dumping ufs/rpmb. Seems carbonara got patched recently, so make sure not to update your phones (patch was distributed in october I was told).

Hi, I want to thank you for the time you invest and for your great work and knowledge. Please could we try a preview of your work to enable MT6789 auth bypass. In order to flash the firmware on Infinix Note 12 Pro 4G MT6789.

[idanyas]

hello, I accidentally installed the old vendor_boot on my Infinix Note 12 2023 and can't access recovery or fastboot now... am I correct in understanding that if everything works out here, I will be able to unbrick it? :(

[VALERA30314]

здравствуйте, я случайно установил старую версиюvendor_boot на свой Infinix Note 12 2023 и теперь не могу получить доступ к восстановлению или быстрой загрузке... правильно ли я понимаю, что если здесь все получится, я смогу его разблокировать? :( Write to me in tg @Nyaruk0San I will help

[VALERA30314]

Что касается текущего статуса: флэш-память чтения/записи работает нормально с v6. в настоящее время реализует полезную нагрузку для дампа ufs/rpmb. Кажется, карбонара недавно была исправлена, поэтому не обновляйте свои телефоны (мне сказали, что патч был распространен в октябре).

Привет, я хочу поблагодарить вас за потраченное время, за вашу прекрасную работу и знания. Пожалуйста, не могли бы мы попробовать предварительный просмотр вашей работы, чтобы включить обход аутентификации MT6789. Для того, чтобы прошить прошивку на Infinix Note 12 Pro 4G MT6789.

Write to me in tg @Nyaruk0San I will help