Closed mouzei closed 6 months ago
try to run with --noreconnect. However mt65xx aren't officially supported as I only have mt6580 devices but not older ones.
I tried --noreconnect but "Error reading gpt".
Port - Device detected :) Preloader - CPU: MT6582/MT6574/MT8382() Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11002000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - Var1: 0xa Preloader - Disabling Watchdog... Preloader - HW code: 0x6582 Preloader - Target config: 0x0 Preloader - SBC enabled: False Preloader - SLA enabled: False Preloader - DAA enabled: False Preloader - SWJTAG enabled: False Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: False Preloader - Mem write auth: False Preloader - Cmd 0xC8 blocked: False Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xca01 Preloader - SW Ver: 0x1 Preloader - ME_ID: xxxx DA_handler - Device is unprotected. DA_handler - Device is in BROM-Mode. Bypassing security. PLTools - Loading payload from mt6582_payload.bin, 0x258 bytes Exploitation - Kamakiri Run Exploitation - Done sending payload... PLTools - Successfully sent payload: D:\xxx\mtkclient\payloads\mt6582_payload.bin Port - Device detected :) DA_handler DA_handler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram. DALegacy - Uploading legacy da... DALegacy - Uploading legacy stage 1 from MTK_DA_V5.bin legacyext legacyext - [LIB]: Legacy address check not patched. legacyext legacyext - [LIB]: Legacy DA2 CMD F0 not patched. Preloader - Jumping to 0x200000 Preloader - Jumping to 0x200000: ok. DALegacy - Got loader sync ! DALegacy - Reading nand info DALegacy - Reading emmc info DALegacy - ACK: 040287 DALegacy - Setting stage 2 config ... DALegacy - DRAM config needed for : 90014a4834473164048602a20f00901b DALegacy - Reading dram nand info ... DALegacy - Sending dram info ... DALegacy - RAM-Length: 0xbc DALegacy - Checksum: 13DF DALegacy - M_EXT_RAM_RET : 0 DALegacy - M_EXT_RAM_TYPE : 0x2 DALegacy - M_EXT_RAM_CHIP_SELECT : 0x0 DALegacy - M_EXT_RAM_SIZE : 0x20000000 DALegacy - Uploading stage 2... DALegacy - Successfully uploaded stage 2 DALegacy - Connected to stage2 DALegacy - m_int_sram_ret = 0x0 m_int_sram_size = 0x20000 m_ext_ram_ret = 0x0 m_ext_ram_type = 0x2 m_ext_ram_chip_select = 0x0 m_int_sram_ret = 0x0 m_ext_ram_size = 0x20000000 randomid = 0xC339FF05C84EFCC5885F90A5D3ABF35
m_emmc_ret = 0x0 m_emmc_boot1_size = 0x200000 m_emmc_boot2_size = 0x200000 m_emmc_rpmb_size = 0x200000 m_emmc_gp_size[0] = 0x0 m_emmc_gp_size[1] = 0x0 m_emmc_gp_size[2] = 0x0 m_emmc_gp_size[3] = 0x0 m_emmc_ua_size = 0xe7000000 m_emmc_cid = 3447316490014a480f00901b048602a2 m_emmc_fwver = 8600000000000000
DA_handler DA_handler - [LIB]: Error reading gpt, please read whole flash using "mtk rf flash.bin".
I'm dumping flash.
yes, the older devices have no gpt but hardcoded partition table, sometimes PMT table, so only "mtk rf flash.bin" possible
yes, the older devices have no gpt but hardcoded partition table, sometimes PMT table, so only "mtk rf flash.bin" possible
How should I split out system.img, boot.img and other files from the full backup and calculate the corresponding addresses?
...Port - Device detected :) Preloader - CPU: MT6582/MT6574/MT8382() Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11002000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - Var1: 0xa Preloader - Disabling Watchdog... Preloader - HW code: 0x6582 Preloader - Target config: 0x0 Preloader - SBC enabled: False Preloader - SLA enabled: False Preloader - DAA enabled: False Preloader - SWJTAG enabled: False Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: False Preloader - Mem write auth: False Preloader - Cmd 0xC8 blocked: False Preloader - Get Target info Preloader - BROM mode detected. Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xca01 Preloader - SW Ver: 0x1 Preloader - ME_ID: xxx DA_handler - Device is unprotected. DA_handler - Device is in BROM-Mode. Bypassing security. PLTools - Loading payload from mt6582_payload.bin, 0x258 bytes Exploitation - Kamakiri Run Exploitation - Done sending payload... PLTools - Successfully sent payload: D:\xxx\mtkclient\mtkclient\payloads\mt6582_payload.bin Port - Device detected :) DA_handler DA_handler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram. DALegacy - Uploading legacy da... DALegacy - Uploading legacy stage 1 from MTK_DA_V5.bin legacyext legacyext - [LIB]: Legacy address check not patched. legacyext legacyext - [LIB]: Legacy DA2 CMD F0 not patched. Preloader - Jumping to 0x200000 Preloader - Jumping to 0x200000: ok. DALegacy - Got loader sync ! DALegacy - Reading nand info DALegacy - Reading emmc info DALegacy - ACK: 040287 DALegacy - Setting stage 2 config ... DALegacy - DRAM config needed for : 90014a4834473164048602a20f00901b DALegacy - Reading dram nand info ... DALegacy - Sending dram info ... DALegacy - RAM-Length: 0xbc DALegacy - Checksum: 13DF DALegacy - M_EXT_RAM_RET : 0 DALegacy - M_EXT_RAM_TYPE : 0x2 DALegacy - M_EXT_RAM_CHIP_SELECT : 0x0 DALegacy - M_EXT_RAM_SIZE : 0x20000000 DALegacy - Uploading stage 2... DALegacy - Successfully uploaded stage 2 DALegacy - Connected to stage2 DALegacy - Reconnecting to stage2 with higher speed
Then device reconnect , program exit without gpt output.