search

bkerler / mtkclient

MTK reverse engineering and flash tool
GNU General Public License v3.0
2.55k stars 510 forks source link

Failing on MT6768/MT6769 #778

Closed jerinphilip closed 11 months ago

jerinphilip commented 1 year ago

Getting the following message when attempting to use mtkclient on a Tecno Pova 3 (MT6768/MT6769).

mtk printgpt ``` Port - Hint: Power off the phone before connecting. For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb. For preloader mode, don't press any hw button and connect usb. If it is already connected and on, hold power for 10 seconds to reset. ......Port - Device detected :) Preloader - CPU: MT6768/MT6769(Helio P65/G85 k68v1) Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11002000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - CQ_DMA addr: 0x10212000 Preloader - Var1: 0x25 Preloader - Disabling Watchdog... Preloader - HW code: 0x707 Preloader - Target config: 0x5 Preloader - SBC enabled: True Preloader - SLA enabled: False Preloader - DAA enabled: True Preloader - SWJTAG enabled: True Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: False Preloader - Mem write auth: False Preloader - Cmd 0xC8 blocked: False Preloader - Get Target info Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xca00 Preloader - SW Ver: 0x0 Mtk - We're not in bootrom, trying to crash da... Exploitation - Crashing da... Preloader Preloader - [LIB]: upload_data failed with error: DAA_SIG_VERIFY_FAILED (0x7024) Preloader Preloader - [LIB]: Error on uploading da data Preloader - Jumping to 0x0 Preloader - Status: Waiting for PreLoader VCOM, please connect mobile Port - Hint: Power off the phone before connecting. For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb. For preloader mode, don't press any hw button and connect usb. If it is already connected and on, hold power for 10 seconds to reset. ..........Preloader Preloader - [LIB]: Status: Handshake failed, retrying... ```

I've also tried dumpbrom with --debugmode, find detailed logs at: https://gist.github.com/jerinphilip/85a05b75c882ce5963c2294bcf63ba41

I've read https://github.com/bkerler/mtkclient/issues/518, https://github.com/bkerler/mtkclient/issues/676. Tried a bunch of combinations, none seem to be working out. Am I doing something incorrect here?

jefferson018200306 commented 1 year ago

i have the same issue, need help

jerinphilip commented 1 year ago

So I've tried several ways so far to enter bootrom, the following works on my device enough that mtkclient detects something:

https://forum.gsmhosting.com/vbb/f296/tecno-ac8-brom-mode-3097918/

  1. 3-button long-press (even when on)
  2. Turn off, wait a while, then simply plug USB cable.
  3. Volume combinations also work, at least until detection.

Further I have also tried via adb reboot to get similar output.

$ adb reboot edl

In all cases, I cannot issue any command successfully.

forforksake commented 1 year ago

mtk payload --crash CRASH Enforce crash if device is in pl mode to enter brom mode

forforksake commented 1 year ago

MT6768/MT6769 here too.. Samsung A14, I cannot printgpt so options using partionname do not work, however - it does allow a full flash read / write and also writing to specific sectors

bkerler commented 11 months ago

Samsung has a secure gpt, that's why. Some mt676x devices need special da and also using test points to make it work. For some, brom and preloader are disabled by efuse.