Closed deyvs02 closed 8 months ago
Port - Device detected :) Preloader - CPU: MT6768/MT6769(Helio P65/G85 k68v1) Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11002000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - CQ_DMA addr: 0x10212000 Preloader - Var1: 0x25 Preloader - Disabling Watchdog... Preloader - HW code: 0x707 Preloader - Target config: 0xe7 Preloader - SBC enabled: True Preloader - SLA enabled: True Preloader - DAA enabled: True Preloader - SWJTAG enabled: True Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: True Preloader - Mem write auth: True Preloader - Cmd 0xC8 blocked: True Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xca00 Preloader - SW Ver: 0x0 Preloader - ME_ID: 1D63E375F30F607EFEB40793BEA7C025 Preloader - SOC_ID: 5C33C33187BEE4723020BDA717C439DF5924057883D10B1B748D506FD3D2E302 DA_handler - Device is unprotected. DA_handler - Device is in BROM-Mode. Bypassing security. PLTools - Loading payload from mt6768_payload.bin, 0x264 bytes Exploitation - Kamakiri Run Exploitation - Done sending payload... PLTools - Successfully sent payload: C:..\mtkclient\payloads\mt6768_payload.bin Port - Device detected :) DA_handler DA_handler - [LIB]: [33mDevice is in BROM mode. No preloader given, trying to dump preloader from ram.[0m DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin xflashext - Patching da1 ... Mtk - Patched "Patched loader msg" in preloader Mtk - Patched "hash_check" in preloader xflashext xflashext - [LIB]: [33mError on patching da1 version check...[0m Mtk - Patched "Patched loader msg" in preloader Mtk - Patched "get_vfy_policy" in preloader xflashext - Patching da2 ... xflashext - DA version anti-rollback patched DAXFlash - Successfully uploaded stage 1, jumping .. Preloader - Jumping to 0x200000 Preloader - Jumping to 0x200000: ok. DAXFlash - Successfully received DA sync DAXFlash - Sending emi data ... DAXFlash - DRAM setup passed. DAXFlash - Sending emi data succeeded. DAXFlash - Uploading stage 2... DAXFlash - Upload data was accepted. Jumping to stage 2... DAXFlash - Successfully uploaded stage 2 DAXFlash - EMMC FWVer: 0x0 DAXFlash - EMMC ID: G1J9S9 DAXFlash - EMMC CID: 13014e47314a395339100669f7e95765 DAXFlash - EMMC Boot1 Size: 0x400000 DAXFlash - EMMC Boot2 Size: 0x400000 DAXFlash - EMMC GP1 Size: 0x0 DAXFlash - EMMC GP2 Size: 0x0 DAXFlash - EMMC GP3 Size: 0x0 DAXFlash - EMMC GP4 Size: 0x0 DAXFlash - EMMC RPMB Size: 0x1000000 DAXFlash - EMMC USER Size: 0x1d1f000000 DAXFlash - HW-CODE : 0x707 DAXFlash - HWSUB-CODE : 0x8A00 DAXFlash - HW-VERSION : 0xCA00 DAXFlash - SW-VERSION : 0x0 DAXFlash - CHIP-EVOLUTION : 0x1 DAXFlash - DA-VERSION : 1.0 DAXFlash - Extensions were accepted. Jumping to extensions... DAXFlash - DA Extensions successfully added
It's nothing more than that
Port - Device detected :) Preloader - CPU: MT6768/MT6769(Helio P65/G85 k68v1) Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11002000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - CQ_DMA addr: 0x10212000 Preloader - Var1: 0x25 Preloader - Disabling Watchdog... Preloader - HW code: 0x707 Preloader - Target config: 0xe7 Preloader - SBC enabled: True Preloader - SLA enabled: True Preloader - DAA enabled: True Preloader - SWJTAG enabled: True Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: True Preloader - Mem write auth: True Preloader - Cmd 0xC8 blocked: True Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xca00 Preloader - SW Ver: 0x0 Preloader - ME_ID: 1D63E375F30F607EFEB40793BEA7C025 Preloader - SOC_ID: 5C33C33187BEE4723020BDA717C439DF5924057883D10B1B748D506FD3D2E302 DA_handler - Device is unprotected. DA_handler - Device is in BROM-Mode. Bypassing security. PLTools - Loading payload from mt6768_payload.bin, 0x264 bytes Exploitation - Kamakiri Run Exploitation - Done sending payload... PLTools - Successfully sent payload: C:..\mtkclient\payloads\mt6768_payload.bin Port - Device detected :) DA_handler DA_handler - [LIB]: [33mDevice is in BROM mode. No preloader given, trying to dump preloader from ram.[0m DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin xflashext - Patching da1 ... Mtk - Patched "Patched loader msg" in preloader Mtk - Patched "hash_check" in preloader xflashext xflashext - [LIB]: [33mError on patching da1 version check...[0m Mtk - Patched "Patched loader msg" in preloader Mtk - Patched "get_vfy_policy" in preloader xflashext - Patching da2 ... xflashext - DA version anti-rollback patched DAXFlash - Successfully uploaded stage 1, jumping .. Preloader - Jumping to 0x200000 Preloader - Jumping to 0x200000: ok. DAXFlash - Successfully received DA sync DAXFlash - Sending emi data ... DAXFlash - DRAM setup passed. DAXFlash - Sending emi data succeeded. DAXFlash - Uploading stage 2... DAXFlash - Upload data was accepted. Jumping to stage 2... DAXFlash - Successfully uploaded stage 2 DAXFlash - EMMC FWVer: 0x0 DAXFlash - EMMC ID: G1J9S9 DAXFlash - EMMC CID: 13014e47314a395339100669f7e95765 DAXFlash - EMMC Boot1 Size: 0x400000 DAXFlash - EMMC Boot2 Size: 0x400000 DAXFlash - EMMC GP1 Size: 0x0 DAXFlash - EMMC GP2 Size: 0x0 DAXFlash - EMMC GP3 Size: 0x0 DAXFlash - EMMC GP4 Size: 0x0 DAXFlash - EMMC RPMB Size: 0x1000000 DAXFlash - EMMC USER Size: 0x1d1f000000 DAXFlash - HW-CODE : 0x707 DAXFlash - HWSUB-CODE : 0x8A00 DAXFlash - HW-VERSION : 0xCA00 DAXFlash - SW-VERSION : 0x0 DAXFlash - CHIP-EVOLUTION : 0x1 DAXFlash - DA-VERSION : 1.0 DAXFlash - Extensions were accepted. Jumping to extensions... DAXFlash - DA Extensions successfully added
It's nothing more than that