bkerler
commented
5 months ago That is happening because the offset it's sending more data than it expects. It should read and not send da or d1 commands.
Closed flycrane closed 3 months ago
bkerler
commented
5 months ago That is happening because the offset it's sending more data than it expects. It should read and not send da or d1 commands.
python3 mtk dumpbrom --debugmode
Port - Device detected :) DeviceClass DeviceClass - [LIB]: TX:fd DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:fd DeviceClass DeviceClass - [LIB]: rdword:0x4 DeviceClass DeviceClass - [LIB]: RX:81670000 Preloader - CPU: MT8167/MT8516/MT8362() Preloader - HW version: 0x0 Preloader - WDT: 0x10007000 Preloader - Uart: 0x11005000 Preloader - Brom payload addr: 0x100a00 Preloader - DA payload addr: 0x201000 Preloader - CQ_DMA addr: 0x10212c00 Preloader - Var1: 0xcc Preloader - Disabling Watchdog... DeviceClass DeviceClass - [LIB]: TX:d4 DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:d4 DeviceClass DeviceClass - [LIB]: TX:10007000 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:10007000 DeviceClass DeviceClass - [LIB]: TX:00000001 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000001 DeviceClass DeviceClass - [LIB]: rword:0x2 DeviceClass DeviceClass - [LIB]: RX:0001 DeviceClass DeviceClass - [LIB]: TX:22000064 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:22000064 DeviceClass DeviceClass - [LIB]: rword:0x2 DeviceClass DeviceClass - [LIB]: RX:0001 Preloader - HW code: 0x8167 DeviceClass DeviceClass - [LIB]: TX:d8 DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:d8 DeviceClass DeviceClass - [LIB]: rbyte:0x6 DeviceClass DeviceClass - [LIB]: RX:000000e50000 Preloader - Target config: 0xe5 Preloader - SBC enabled: True Preloader - SLA enabled: False Preloader - DAA enabled: True Preloader - SWJTAG enabled: True Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False Preloader - Root cert required: False Preloader - Mem read auth: True Preloader - Mem write auth: True Preloader - Cmd 0xC8 blocked: True Preloader - Get Target info DeviceClass DeviceClass - [LIB]: TX:fe DeviceClass DeviceClass - [LIB]: get_blver:0x1 DeviceClass DeviceClass - [LIB]: RX:fe Preloader - BROM mode detected. DeviceClass DeviceClass - [LIB]: TX:ff DeviceClass DeviceClass - [LIB]: get_bromver:0x1 DeviceClass DeviceClass - [LIB]: RX:05 DeviceClass DeviceClass - [LIB]: TX:fc DeviceClass DeviceClass - [LIB]: mtk_cmd:0x1 DeviceClass DeviceClass - [LIB]: RX:fc DeviceClass DeviceClass - [LIB]: mtk_cmd:0x8 DeviceClass DeviceClass - [LIB]: RX:8a00cb0000010000 Preloader - HW subcode: 0x8a00 Preloader - HW Ver: 0xcb00 Preloader - SW Ver: 0x1 DeviceClass DeviceClass - [LIB]: TX:fe DeviceClass DeviceClass - [LIB]: get_meid:0x1 DeviceClass DeviceClass - [LIB]: RX:fe DeviceClass DeviceClass - [LIB]: TX:e1 DeviceClass DeviceClass - [LIB]: get_meid:0x1 DeviceClass DeviceClass - [LIB]: RX:e1 DeviceClass DeviceClass - [LIB]: get_meid:0x4 DeviceClass DeviceClass - [LIB]: RX:00000010 DeviceClass DeviceClass - [LIB]: get_meid:0x10 DeviceClass DeviceClass - [LIB]: RX:750eeea99a52af48df83f5057c226389 DeviceClass DeviceClass - [LIB]: get_meid:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 Preloader - ME_ID: 750EEEA99A52AF48DF83F5057C226389 DeviceClass DeviceClass - [LIB]: TX:fe DeviceClass DeviceClass - [LIB]: get_socid:0x1 DeviceClass DeviceClass - [LIB]: RX:fe DeviceClass DeviceClass - [LIB]: TX:e7 DeviceClass DeviceClass - [LIB]: get_socid:0x1 DeviceClass DeviceClass - [LIB]: RX:e7 DeviceClass DeviceClass - [LIB]: get_socid:0x4 DeviceClass DeviceClass - [LIB]: RX:00000020 DeviceClass DeviceClass - [LIB]: get_socid:0x20 DeviceClass DeviceClass - [LIB]: RX:0000000000000000000000000000000000000000000000000000000000000000 DeviceClass DeviceClass - [LIB]: get_socid:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 Preloader - SOC_ID: 0000000000000000000000000000000000000000000000000000000000000000 PLTools - Kamakiri / DA Run PLTools - Loading payload from generic_dump_payload.bin, 0xf4 bytes Exploitation - Kamakiri Run DeviceClass DeviceClass - [LIB]: TX:da DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:da DeviceClass DeviceClass - [LIB]: TX:00000000 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000000 DeviceClass DeviceClass - [LIB]: TX:00000000 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000000 DeviceClass DeviceClass - [LIB]: TX:00000001 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000001 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: brom_register_access:0x1 DeviceClass DeviceClass - [LIB]: RX:00 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: TX:d1 DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:d1 DeviceClass DeviceClass - [LIB]: TX:10007050 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:10007050 DeviceClass DeviceClass - [LIB]: TX:00000001 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000001 DeviceClass DeviceClass - [LIB]: rword:0x2 DeviceClass DeviceClass - [LIB]: RX:0003 DeviceClass DeviceClass - [LIB]: rdword:0x4 DeviceClass DeviceClass - [LIB]: RX:00000000 DeviceClass DeviceClass - [LIB]: read:0x2 DeviceClass DeviceClass - [LIB]: RX:0003 DeviceClass DeviceClass - [LIB]: TX:da DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:da DeviceClass DeviceClass - [LIB]: TX:00000000 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000000 DeviceClass DeviceClass - [LIB]: TX:0000d2a4 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:0000d2a4 DeviceClass DeviceClass - [LIB]: TX:00000004 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000004 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: brom_register_access:0x4 DeviceClass DeviceClass - [LIB]: RX:a4291000 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: TX:da DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:da DeviceClass DeviceClass - [LIB]: TX:00000000 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000000 DeviceClass DeviceClass - [LIB]: TX:00000000 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000000 DeviceClass DeviceClass - [LIB]: TX:00000001 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000001 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: brom_register_access:0x1 DeviceClass DeviceClass - [LIB]: RX:00 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: TX:d1 DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:d1 DeviceClass DeviceClass - [LIB]: TX:10007050 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:10007050 DeviceClass DeviceClass - [LIB]: TX:00000001 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000001 DeviceClass DeviceClass - [LIB]: rword:0x2 DeviceClass DeviceClass - [LIB]: RX:0003 DeviceClass DeviceClass - [LIB]: rdword:0x4 DeviceClass DeviceClass - [LIB]: RX:00000000 DeviceClass DeviceClass - [LIB]: read:0x2 DeviceClass DeviceClass - [LIB]: RX:0003 DeviceClass DeviceClass - [LIB]: TX:da DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:da DeviceClass DeviceClass - [LIB]: TX:00000001 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000001 DeviceClass DeviceClass - [LIB]: TX:001009c0 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:001009c0 DeviceClass DeviceClass - [LIB]: TX:000000f4 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:000000f4 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: TX:01308fe213ff2fe130b5002385b00193019b1a68224b9a4202bf019b5b6801930198019900f5805001f5003100f042f840b350f81c3c04251c4c43f001037c44236050f80c2c13f8070f42f0010223f003036260043315fb003302a819689b688b6029460f4b029390474ff400732946039303a86368984703990198636809ba039198470a4b41f671117b441a6891600549116041f209221b685a61fee700bf04f01fe5c1c2c3c414000022b200000062000000074a10b5884201d3002010bd034653f8044b944202d14468ff2cf6d91846f1e7a00a5005cbb212b1c1f30221117020f00300043000eb8300704700bf00700010 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: TX:da DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:da DeviceClass DeviceClass - [LIB]: TX:00000000 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000000 DeviceClass DeviceClass - [LIB]: TX:00000000 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000000 DeviceClass DeviceClass - [LIB]: TX:00000001 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000001 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: brom_register_access:0x1 DeviceClass DeviceClass - [LIB]: RX:00 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: TX:d1 DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:d1 DeviceClass DeviceClass - [LIB]: TX:10007050 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:10007050 DeviceClass DeviceClass - [LIB]: TX:00000001 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000001 DeviceClass DeviceClass - [LIB]: rword:0x2 DeviceClass DeviceClass - [LIB]: RX:0003 DeviceClass DeviceClass - [LIB]: rdword:0x4 DeviceClass DeviceClass - [LIB]: RX:00000000 DeviceClass DeviceClass - [LIB]: read:0x2 DeviceClass DeviceClass - [LIB]: RX:0003 DeviceClass DeviceClass - [LIB]: TX:da DeviceClass DeviceClass - [LIB]: echo:0x1 DeviceClass DeviceClass - [LIB]: RX:da DeviceClass DeviceClass - [LIB]: TX:00000001 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000001 DeviceClass DeviceClass - [LIB]: TX:0010296c DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:0010296c DeviceClass DeviceClass - [LIB]: TX:00000004 DeviceClass DeviceClass - [LIB]: echo:0x4 DeviceClass DeviceClass - [LIB]: RX:00000004 DeviceClass DeviceClass - [LIB]: brom_register_access:0x2 DeviceClass DeviceClass - [LIB]: RX:0000 DeviceClass DeviceClass - [LIB]: TX:000a1000 Exploitation - Done sending payload... DeviceClass DeviceClass - [LIB]: runpayload:0x4 DeviceClass DeviceClass - [LIB]: RX:c1c2c3c4 PLTools - Successfully sent payload: /home/xxx/mtkclient/mtkclient/payloads/generic_dump_payload.bin DeviceClass DeviceClass - [LIB]: TX:da DeviceClass DeviceClass - [LIB]: USB Overflow DeviceClass DeviceClass - [LIB]: TX:d1 DeviceClass DeviceClass - [LIB]: USB Overflow Exploitation Exploitation - [LIB]: Error on opening brom_MT8167_MT8516_MT8362_8167.bin for writing: unsupported operand type(s) for -: 'NoneType' and 'int'