MT6833 unlocking error: "Unknown seccfg partition header. Aborting unlock."

[waza-kaza]

G'day

Appreciate your work

I've got here a hardbricked (NOT bootloader unlocked) POCO M4 Pro 5G (Evergreen), I've had the chance to backup the raw partitions before I accidently hardbricked it, I wiped the preloader unfortunately.

Using your tool, I got this far:

Port - Device detected :)
Preloader -     CPU:                    MT6833(Dimensity 700 5G k6833)
Preloader -     HW version:             0x0
Preloader -     WDT:                    0x10007000
Preloader -     Uart:                   0x11002000
Preloader -     Brom payload addr:      0x100a00
Preloader -     DA payload addr:        0x201000
Preloader -     CQ_DMA addr:            0x10212000
Preloader -     Var1:                   0x73
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x989
Preloader - Target config:              0xe7
Preloader -     SBC enabled:            True
Preloader -     SLA enabled:            True
Preloader -     DAA enabled:            True
Preloader -     SWJTAG enabled:         True
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required:     False
Preloader -     Mem read auth:          True
Preloader -     Mem write auth:         True
Preloader -     Cmd 0xC8 blocked:       True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:             0x8a00
Preloader -     HW Ver:                 0xca00
Preloader -     SW Ver:                 0x0
Preloader - ME_ID:                      CC16B1EFFC8D6747A42450E01FD8A230
Preloader - SOC_ID:                     3CEAF5740B80C6B28A1341ED74B47833033DCFD5046737D27E91F7F4A41B8692
DA_handler - Device is protected.
DA_handler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6833_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: D:\mtkclient\mtkclient\payloads\mt6833_payload.bin
Port - Device detected :)
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
xflashext - Patching da1 ...
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "hash_check" in preloader
xflashext
xflashext - [LIB]: ←[33mError on patching da1 version check...←[0m
Mtk - Patched "Patched loader msg" in preloader
Mtk - Patched "get_vfy_policy" in preloader
xflashext - Patching da2 ...
xflashext - DA version anti-rollback patched
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - Sending emi data ...
DAXFlash - DRAM setup passed.
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Upload data was accepted. Jumping to stage 2...
DAXFlash - Successfully uploaded stage 2
DAXFlash - UFS Blocksize:0x1000
DAXFlash - UFS ID:       H9HQ15AECMBDAR
DAXFlash - UFS MID:      0xad
DAXFlash - UFS CID:      ad014849485131354142434d42444152
DAXFlash - UFS FWVer:    41303433
DAXFlash - UFS Serial:   332032353442384444413030
DAXFlash - UFS LU0 Size: 0x1dcb000000
DAXFlash - UFS LU1 Size: 0x400000
DAXFlash - UFS LU2 Size: 0x400000
DAXFlash - HW-CODE         : 0x989
DAXFlash - HWSUB-CODE      : 0x8A00
DAXFlash - HW-VERSION      : 0xCA00
DAXFlash - SW-VERSION      : 0x0
DAXFlash - CHIP-EVOLUTION  : 0x1
DAXFlash - DA-VERSION      : 1.0
DAXFlash - Extensions were accepted. Jumping to extensions...
DAXFlash - DA Extensions successfully added
DA_handler
DA_handler - [LIB]: ←[31mUnknown seccfg partition header. Aborting unlock.←[0m

Here's the seccfg part dump

Appreciate your assistance on this please

FYI: already tried with --preloader option (same result)

[Mavigsm]

Probably the seccfg partition has been formatted before. Complete the setup of your device. then try again

[waza-kaza]

Probably the seccfg partition has been formatted before. Complete the setup of your device. then try again

I suspected that it's empty, but don't know how to write it again, as the flash tool complains that bootloader is locked, and I don't have seccfg part of the stock ROM

[waza-kaza]

Wow! good news, I ran the tool again past the modified SP tool, and this time it went all the way with restoring the stock rom.

No longer having any issue.