bkerler / mtkclient

MTK reverse engineering and flash tool
GNU General Public License v3.0
2.71k stars 528 forks source link

Issues on FASTBOOT metamode #787

Closed lamdanAmiti closed 4 months ago

lamdanAmiti commented 1 year ago

I ran this: python mtk payload --metamode FASTBOOT

result: MTK Flash/Exploit Client V1.6.3 (c) B.Kerler 2018-2023 Preloader - Status: Waiting for PreLoader VCOM, please connect mobile Port - Hint: Power off the phone before connecting. For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb. For preloader mode, don't press any hw button and connect usb. If it is already connected and on, hold power for 10 seconds to reset. ........... Port - Device detected :) Preloader - CPU: MT6761/MT6762/MT3369/MT8766B(Helio A20/P22/A22/A25/G25) Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11002000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - CQ_DMA addr: 0x10212000 Preloader - Var1: 0x25 Preloader - Disabling Watchdog... Preloader - HW code: 0x717 Preloader - Target config: 0x0 Preloader - SBC enabled: False Preloader - SLA enabled: False Preloader - DAA enabled: False Preloader - SWJTAG enabled: False Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: False Preloader - Mem write auth: False Preloader - Cmd 0xC8 blocked: False Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xca01 Preloader - SW Ver: 0x200 Preloader - ME_ID: E3578F6C936897E4F90EC524684CADED Preloader - SOC_ID: 7B00B6D2B2E25C2A6A458598C742CC391D9581134A3FDF608948A0A9ADCA176A PLTools - Loading payload from mt6761_payload.bin, 0x264 bytes Exploitation - Kamakiri Run Exploitation - Done sending payload... PLTools - Successfully sent payload: C:\Users\lemel\mtkclient\mtkclient\payloads\mt6761_payload.bin Port - Device detected :) DeviceClass - [Errno 19] No such device (it may have been disconnected)

Any fix for this error? the regular Mtk GUI works fine, I only have this issue when trying to get the device to fastboot. I really need to get the device on fastboot using this mtk tooling because reg recovery mode is blocked due to a dm-verify bootloop

please help me!! thanks!

Arthulia42 commented 1 year ago

I'm having the exact same error with a different device and paylod:

C:\Applications\Android\mtkclient>python mtk r boot,vbmeta boot.img,vbmeta.img MTK Flash/Exploit Client V1.6.3 (c) B.Kerler 2018-2023

Preloader - Status: Waiting for PreLoader VCOM, please connect mobile

Port - Hint:

Power off the phone before connecting. For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb. For preloader mode, don't press any hw button and connect usb. If it is already connected and on, hold power for 10 seconds to reset.

........Port - Device detected :) Preloader - CPU: MT8167/MT8516/MT8362() Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11005000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - CQ_DMA addr: 0x10212c00 Preloader - Var1: 0xcc Preloader - Disabling Watchdog... Preloader - HW code: 0x8167 Preloader - Target config: 0xe5 Preloader - SBC enabled: True Preloader - SLA enabled: False Preloader - DAA enabled: True Preloader - SWJTAG enabled: True Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: True Preloader - Mem write auth: True Preloader - Cmd 0xC8 blocked: True Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xcb00 Preloader - SW Ver: 0x1 Preloader - ME_ID: FDE8DC0593DD7AB18CA7438486863B84 Preloader - SOC_ID: 0000000000000000000000000000000000000000000000000000000000000000 PLTools - Loading payload from mt8167_payload.bin, 0x264 bytes Exploitation - Kamakiri Run Exploitation - Done sending payload... PLTools - Successfully sent payload: C:\Applications\Android\mtkclient\mtkclient\payloads\mt8167_payload.bin Port - Device detected :) DA_handler - Device is protected. DA_handler - Device is in BROM mode. Trying to dump preloader. DAXFlash - Uploading xflash stage 1 from MTK_AllInOne_DA_5.2228.bin xflashext - Patching da1 ... Mtk - Patched "Patched loader msg" in preloader Mtk - Patched "hash_check" in preloader xflashext xflashext - [LIB]: ←[33mError on patching da1 version check...←[0m Mtk - Patched "Patched loader msg" in preloader Mtk - Patched "get_vfy_policy" in preloader xflashext - Patching da2 ... DAXFlash - Successfully uploaded stage 1, jumping .. Preloader - Jumping to 0x200000 Preloader - Jumping to 0x200000: ok. DAXFlash - Successfully received DA sync DAXFlash - Sending emi data ... DAXFlash - DRAM setup passed. DAXFlash - Sending emi data succeeded. DAXFlash - Uploading stage 2... DAXFlash - Upload data was accepted. Jumping to stage 2... DAXFlash - Successfully uploaded stage 2 DAXFlash - EMMC FWVer: 0x0 DAXFlash - EMMC ID: 08A391 DAXFlash - EMMC CID: d6010330384133393110c6d7e729383f DAXFlash - EMMC Boot1 Size: 0x400000 DAXFlash - EMMC Boot2 Size: 0x400000 DAXFlash - EMMC GP1 Size: 0x0 DAXFlash - EMMC GP2 Size: 0x0 DAXFlash - EMMC GP3 Size: 0x0 DAXFlash - EMMC GP4 Size: 0x0 DAXFlash - EMMC RPMB Size: 0x400000 DAXFlash - EMMC USER Size: 0x1d2000000 DAXFlash - HW-CODE : 0x8167 DAXFlash - HWSUB-CODE : 0x8A00 DAXFlash - HW-VERSION : 0xCB00 DAXFlash - SW-VERSION : 0x1 DAXFlash - CHIP-EVOLUTION : 0x0 DAXFlash - DA-VERSION : 1.0 DAXFlash - Reconnecting to stage2 with higher speed DeviceClass - [Errno 19] No such device (it may have been disconnected)

github-actions[bot] commented 4 months ago

Stale issue message