bkerler / mtkclient

MTK reverse engineering and flash tool
GNU General Public License v3.0
2.7k stars 528 forks source link

Is SLA enabled? MT6789 #889

Closed arifgore closed 10 months ago

arifgore commented 10 months ago

I have seen that mtkclient works with v6 devices unless DAA, SLA or Remote Auth are enabled. I tried with my device. In first section "SLA enabled" is false. But later, it says SLA is enabled and just hangs.

./mtk r boot,vbmeta boot.img,vbmeta.img
MTK Flash/Exploit Client Public V2.0.0 Beta (c) B.Kerler 2018-2023

Preloader - Status: Waiting for PreLoader VCOM, please reconnect mobile to brom mode

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.

...........
Port - Device detected :)
Preloader -     CPU:            MT6789(MTK Helio G99)
Preloader -     HW version:     0x0
Preloader -     WDT:            0x10007000
Preloader -     Uart:           0x11002000
Preloader -     Brom payload addr:  0x100a00
Preloader -     DA payload addr:    0x201000
Preloader -     Var1:           0xa
Preloader - Disabling Watchdog...
Preloader - HW code:            0x1208
Preloader - Target config:      0xe0
Preloader -     SBC enabled:        False
Preloader -     SLA enabled:        False
Preloader -     DAA enabled:        False
Preloader -     SWJTAG enabled:     False
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required: False
Preloader -     Mem read auth:      True
Preloader -     Mem write auth:     True
Preloader -     Cmd 0xC8 blocked:   True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:     0x8a00
Preloader -     HW Ver:         0xca00
Preloader -     SW Ver:         0x0
Preloader - ME_ID:          3BC821B1E90FD7A33D3BCF34CE822ABD
Preloader - SOC_ID:         56AB34C3D30D182B52370C994D023E4D55200F84F961DE36E57F7640BA597F84
DA_handler - Device is unprotected.
DA_handler - Device is in BROM-Mode. Bypassing security.
DA_handler
DA_handler - [LIB]: Failed to dump preloader from ram, provide a valid one via --preloader option
DAXML - Uploading xflash stage 1 from MTK_DA_V6.bin
DAXML - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXML - Stage 1 successfully loaded.
DAXML - Uploading stage 2...
Progress: |██████████████████████████████████████████████████| 100.0% Written (Sector 0x2A3 of 0x2A3, ) 4.11 MB/s
DAXML - Successfully uploaded stage 2.
DAXML - Successfully uploaded stage 2
DAXML - SLA is enabled

until I interrupt it with CTRL+C. In that case I get the following error.

DeviceClass - USBError(19, 'No such device (it may have been disconnected)')
Traceback (most recent call last):
  File "/home/arif/dev/mtk/mtkclient/./mtk", line 948, in <module>
    mtk = Main(args).run(parser)
          ^^^^^^^^^^^^^^^^^^^^^^
  File "/home/arif/dev/mtk/mtkclient/mtkclient/Library/mtk_main.py", line 652, in run
    mtk = da_handler.configure_da(mtk, preloader)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/arif/dev/mtk/mtkclient/mtkclient/Library/DA/mtk_da_handler.py", line 143, in configure_da
    if not mtk.daloader.upload_da(preloader=preloader):
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/arif/dev/mtk/mtkclient/mtkclient/Library/DA/mtk_daloader.py", line 292, in upload_da
    return self.da.upload_da()
           ^^^^^^^^^^^^^^^^^^^
  File "/home/arif/dev/mtk/mtkclient/mtkclient/Library/DA/xml/xml_lib.py", line 569, in upload_da
    self.reinit(True)
  File "/home/arif/dev/mtk/mtkclient/mtkclient/Library/DA/xml/xml_lib.py", line 932, in reinit
    if self.storage.storagetype == "EMMC":
       ^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'bool' object has no attribute 'storagetype'

At this point I am not sure if my device is supported or not.

nemand commented 10 months ago

I encountered similar problems. Reading amd writing works here but not with using the MTK_DA_V6.bin. Try some other da file from some firmware for MT6789 device if you can't find one for your exact device.

arifgore commented 10 months ago

Oh, that worked. Thanks.

ktdt00 commented 5 months ago

What DA file did you end up using? I've just been trying random files that are from MT6789 devices using --preloader={file} but it always says DAXML - Uploading xflash stage 1 from MTK_DA_V6.bin and fails.