search

bkerler / mtkclient

MTK reverse engineering and flash tool
GNU General Public License v3.0
2.7k stars 528 forks source link

Bootloader unlock failed on JAT-LX3 mt6765 #979

Closed Anonymous-cat1 closed 5 months ago

Anonymous-cat1 commented 6 months ago 
C:\Users\Administrator\Downloads\mtkclient-main>python mtk da seccfg unlock
...........

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
If it is already connected and on, hold power for 10 seconds to reset.

Port - Device detected :)
Preloader -     CPU:                    MT6765/MT8768t(Helio P35/G35)
Preloader -     HW version:             0x0
Preloader -     WDT:                    0x10007000
Preloader -     Uart:                   0x11002000
Preloader -     Brom payload addr:      0x100a00
Preloader -     DA payload addr:        0x201000
Preloader -     CQ_DMA addr:            0x10212000
Preloader -     Var1:                   0x25
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe5
Preloader -     SBC enabled:            True
Preloader -     SLA enabled:            False
Preloader -     DAA enabled:            True
Preloader -     SWJTAG enabled:         True
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required:     False
Preloader -     Mem read auth:          True
Preloader -     Mem write auth:         True
Preloader -     Cmd 0xC8 blocked:       True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader -     HW subcode:             0x8a00
Preloader -     HW Ver:                 0xca00
Preloader -     SW Ver:                 0x0
Preloader - ME_ID:                      54794EC541E818CC47153334E389F42A
Preloader - SOC_ID:                     2DDD99429D0BC98F141B9397D99EA8AEA0BCDB5F38BEA691449C4B9095232C39
DA_handler - Device is protected.
DA_handler - Device is in BROM-Mode. Bypassing security.
PLTools - Loading payload from mt6765_payload.bin, 0x264 bytes
Exploitation - Kamakiri Run
Exploitation - Done sending payload...
PLTools - Successfully sent payload: C:\Users\Administrator\Downloads\mtkclient-main\mtkclient\payloads\mt6765_payload.bin
Port - Device detected :)
DA_handler
DA_handler - [LIB]: Device is in BROM mode. No preloader given, trying to dump preloader from ram.
DeviceClass - USBError(5, 'Input/Output Error')
DA_handler
DA_handler - [LIB]: unpack requires a buffer of 65536 bytes
DA_handler
DA_handler - [LIB]: Failed to dump preloader from ram, provide a valid one via --preloader option
DAXFlash - Uploading xflash stage 1 from MTK_DA_V5.bin
DeviceClass - USBError(5, 'Input/Output Error')
Preloader
Preloader - [LIB]: Error on DA_Send cmd
DAXFlash
DAXFlash - [LIB]: Error on sending DA.
mouzei commented 5 months ago

try to get a preloader file in other ways (spflash readback, official rom, AndroidUtility, UnlockTool, etc), then use command like "python mtk da seccfg unlock --preloader=YOUR PRELOADER FILE PATH" to unlock. Good luck!