bkerler / mtkclient Goto Github PK

File "d:\Tools\PortableGit\mtkclient\stage2", line 637, in
main()
File "d:\Tools\PortableGit\mtkclient\stage2", line 627, in main
data = seccfg_data + enc_hash
TypeError: can't concat list to bytes

D:\Github\mtkclient-1.4>python stage2 rpmb
Traceback (most recent call last):
File "D:\Github\mtkclient-1.4\stage2", line 567, in
main()
File "D:\Github\mtkclient-1.4\stage2", line 503, in main
st2.rpmb(start, length, filename, args.reverse)
File "D:\Github\mtkclient-1.4\stage2", line 304, in rpmb
self.init_emmc()
File "D:\Github\mtkclient-1.4\stage2", line 70, in init_emmc
if unpack("<I", self.cdc.usbread(4))[0] == 0xD1D1D1D1:
struct.error: unpack requires a buffer of 4 bytes

seccfg wrote successfull but not bootloader unlock my xiaomi phone

python mtk stage

Preloader - Waiting PreLoader VCOM
............
............
Port - Device detected :)
Preloader - CPU: MT6765(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - ME_ID: 4FD38FC3D325E9352E9387CF1050E00C
Preloader - SOC_ID: 94FD535E13F3BDA8F51960A06671C0863DF00DD61777B264E4511893086980FF
Main - Uploading stage 1
PLTools - Loading payload from C:\Dongle\PayLoads\MtkClientDebug\ref\mtkclient\payloads\generic_stage1_payload.bin, 0x3ec bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: C:\Dongle\PayLoads\MtkClientDebug\ref\mtkclient\payloads\generic_stage1_payload.bin
Main - Successfully uploaded stage 1, sending stage 2
Main - Done sending stage2, size 0x4000.
Main - Done jumping stage2 at 00201000
Traceback (most recent call last):
File "C:\Dongle\PayLoads\MtkClientDebug\ref\mtk", line 1524, in
mtk = Main(args).run()
File "C:\Dongle\PayLoads\MtkClientDebug\ref\mtk", line 578, in run
ack = unpack(">I", mtk.port.read(4))[0]
AttributeError: 'Port' object has no attribute 'read'

python mtk r boot boot.bin

Progress: |--------------------------------------------------| 0.6% Read (Addr 0x30000 of 0x2000000) 4.01 MB/sDAXFlash
DAXFlash - [LIB]: �[31mCouldn't write to boot.bin. Error: float division by zero�[0m
Dumped sector 1310720 with sector count 65536 as boot.bin

preloader

https://github.com/soralis0912/xiaomi_preloader_collection/blob/main/preloader_begonia.bin

PS C:\Users\jones\Downloads\bkerler tools\mtkclient-main> python mtk wl out
MTK Flash/Exploit Client V1.42 (c) B.Kerler 2020-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
...........
...........
...........
...........
...........
...........
...........
...........
...........
...........
...........
...........
Port - Device detected :)
Preloader - CPU: MT6765(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - BROM mode detected.
Preloader - ME_ID: D1E45734B0EB811436A67C6ADF11ADFA
Preloader - SOC_ID: DE91A16E54BED29D88A779A2E68E4F3A9AE28137C20AC5EE42626FDCE85A293F
PLTools - Loading payload from C:\Users\jones\Downloads\bkerler tools\mtkclient-main\mtkclient\config..\payloads\mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: C:\Users\jones\Downloads\bkerler tools\mtkclient-main\mtkclient\config..\payloads\mt6765_payload.bin
Port - Device detected :)
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading stage 1...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
DAXFlash - Successfully received DA sync
DAXFlash - Uploading stage 2...
DAXFlash - Successfully uploaded stage 2
DAXFlash - EMMC FWVer: 0x0
DAXFlash - EMMC CID: 15010047583642414209a506d454974f
DAXFlash - EMMC Boot1 Size: 0x400000
DAXFlash - EMMC Boot2 Size: 0x400000
DAXFlash - EMMC GP1 Size: 0x0
DAXFlash - EMMC GP2 Size: 0x0
DAXFlash - EMMC GP3 Size: 0x0
DAXFlash - EMMC GP4 Size: 0x0
DAXFlash - EMMC RPMB Size: 0x400000
DAXFlash - EMMC USER Size: 0x747c00000
DAXFlash - DA-CODE : 0x666D0
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\carrier
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\els
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\eri
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\expdb
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\md_udc
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\mpt
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\nvcfg
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\nvdata
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\operatorlogging
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\para
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\persist
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\persist_lg
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\power
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\p_persist_lg
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\seccfg
, skipping←[0m
Main
Main - [LIB]: ←[31mError: Couldn't detect partition: out\srtc
, skipping←[0m

also this is the K51 a MT6762 P22

Is there any problem when this application is run on 32 bit?

USBError(5, 'Input/Output Error') <class 'usb.core.USBError'> 5

C:\Users\ChoiMobile\Desktop\mtkclient-main>python mtk payload
Traceback (most recent call last):
File "C:\Users\ChoiMobile\Desktop\mtkclient-main\mtk", line 15, in
from mtkclient.Library.mtk_daloader import DAloader
File "C:\Users\ChoiMobile\Desktop\mtkclient-main\mtkclient\Library\mtk_daloader.py", line 9, in
from mtkclient.Library.mtk_daxflash import DAXFlash
File "C:\Users\ChoiMobile\Desktop\mtkclient-main\mtkclient\Library\mtk_daxflash.py", line 14, in
from mtkclient.Library.rw_patch import write32, read32
ModuleNotFoundError: No module named 'mtkclient.Library.rw_patch'

C:\Users\ChoiMobile\Desktop\mtkclient-main>python mtk e frp
Traceback (most recent call last):
File "C:\Users\ChoiMobile\Desktop\mtkclient-main\mtk", line 15, in
from mtkclient.Library.mtk_daloader import DAloader
File "C:\Users\ChoiMobile\Desktop\mtkclient-main\mtkclient\Library\mtk_daloader.py", line 9, in
from mtkclient.Library.mtk_daxflash import DAXFlash
File "C:\Users\ChoiMobile\Desktop\mtkclient-main\mtkclient\Library\mtk_daxflash.py", line 14, in
from mtkclient.Library.rw_patch import write32, read32
ModuleNotFoundError: No module named 'mtkclient.Library.rw_patch'

C:\Users\ChoiMobile\Desktop\mtkclient-main>python mtk stage
Traceback (most recent call last):
File "C:\Users\ChoiMobile\Desktop\mtkclient-main\mtk", line 15, in
from mtkclient.Library.mtk_daloader import DAloader
File "C:\Users\ChoiMobile\Desktop\mtkclient-main\mtkclient\Library\mtk_daloader.py", line 9, in
from mtkclient.Library.mtk_daxflash import DAXFlash
File "C:\Users\ChoiMobile\Desktop\mtkclient-main\mtkclient\Library\mtk_daxflash.py", line 14, in
from mtkclient.Library.rw_patch import write32, read32
ModuleNotFoundError: No module named 'mtkclient.Library.rw_patch'

C:\Users\ChoiMobile\Desktop\mtkclient-main>

Hi

I need read recovery partition and after make erase flash samples below: But wihout reconnect it.

py mtk r recovery recovery.bin
py mtk e FRP

C:\xxxxxxxxxxxxxxxxxxxxxxxxxxx\mtkclient-1.4>python mtk r boot boot.bin
Capstone library is missing (optional).
Keystone library is missing (optional).
MTK Flash/Exploit Client V1.4 (c) B.Kerler 2020-2021
Traceback (most recent call last):
File "mtk", line 932, in
mtk = Main().run()
File "mtk", line 297, in run
args=self.args)
File "mtk", line 136, in init
self.init()
File "mtk", line 157, in init
self.port = Port(self, portconfig, self.__logger.level)
File "C:\xxxxxxxxxxxxxxxxxxxxxxxxx\mtkclient-1.4\mtkclient\Library\Port.py", li
ne 26, in init
self.cdc = usb_class(portconfig=portconfig, loglevel=loglevel, devclass=10)
File "C:\xxxxxxxxxxxxxxxxxxxxxxxxx\mtkclient-1.4\mtkclient\Library\usblib.py",
line 108, in init
self.backend.lib.libusb_set_option(self.backend.ctx, 1)
ValueError: Procedure probably called with too many arguments (8 bytes in excess
)

C:\Users\Administrateur\Desktop\mtkclient--1.42>python mtk printgpt --preloader=preloader_oppo6765.bin

Preloader - Status: Waiting for PreLoader VCOM, please connect mobile

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

...........

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

...........

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

...........

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

...........

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

..Port - Device detected :)
Preloader - CPU: MT6765(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - ME_ID: 0E7222F1FE852E5909CD57027BFB3120
Preloader - SOC_ID: 1C79ADE6F3FCFB84A4A6C82BA846E379AD40CD11830AE83C7E9E97680AE52B6E
PLTools - Loading payload from C:\Users\Administrateur\Desktop\mtkclient--1.42\mtkclient\payloads\mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: C:\Users\Administrateur\Desktop\mtkclient--1.42\mtkclient\payloads\mt6765_payload.bin
Port - Device detected :)
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading stage 1...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - DRAM config needed for : 13014e47314a3953
Traceback (most recent call last):
File "C:\Users\Administrateur\Desktop\mtkclient--1.42\mtk", line 1569, in
mtk = Main(args).run()
File "C:\Users\Administrateur\Desktop\mtkclient--1.42\mtk", line 673, in run
if not mtk.daloader.upload_da(preloader=preloader):
File "C:\Users\Administrateur\Desktop\mtkclient--1.42\mtkclient\Library\mtk_daloader.py", line 87, in upload_da
return self.da.upload_da()
File "C:\Users\Administrateur\Desktop\mtkclient--1.42\mtkclient\Library\mtk_daxflash.py", line 991, in upload_da
if not self.send_emi(self.daconfig.emi):
File "C:\Users\Administrateur\Desktop\mtkclient--1.42\mtkclient\Library\mtk_daxflash.py", line 304, in send_emi
return self.send_param([emi])
File "C:\Users\Administrateur\Desktop\mtkclient--1.42\mtkclient\Library\mtk_daxflash.py", line 259, in send_param
status = self.status()
File "C:\Users\Administrateur\Desktop\mtkclient--1.42\mtkclient\Library\mtk_daxflash.py", line 227, in status
magic, datatype, length = unpack("<III", hdr)
struct.error: unpack requires a buffer of 12 bytes

DEBUG_LOG
log.zip

How to delete 2 partitions at once . For example python mtk e userdata frp

cmd == "seccfg":
with open("seccfg.bin", "wb") as wf:
seccfg_ver = 4
seccfg_size = 0x3C
lock_state = 3
"""
LKS_DEFAULT = 0x01
LKS_MP_DEFAULT = 0x02
LKS_UNLOCK = 0x03
LKS_LOCK = 0x04
LKS_VERIFIED = 0x05
LKS_CUSTOM = 0x06
"""
critical_lock_state = 1
"""
LKCS_UNLOCK = 0x01
LKCS_LOCK = 0x02
"""
sboot_runtime = 0
"""
SBOOT_RUNTIME_OFF = 0
SBOOT_RUNTIME_ON = 1
"""
seccfg_data = pack("<IIIIIII", 0x4D4D4D4D, seccfg_ver, seccfg_size, lock_state,
critical_lock_state, sboot_runtime, 0x45454545)
dec_hash = hashlib.sha256(seccfg_data).digest()
enc_hash = st2.keys(data=dec_hash, mode="sej_aes_encrypt")
data = seccfg_data + enc_hash
data += b"\x00" * (0x200 - len(data))
wf.write(data)
print("Successfully wrote seccfg.")
st2.close()

st2.close()

if name == "main":
main()

Capstone library is missing (optional).
Keystone library is missing (optional).
MTK Flash/Exploit Client V1.41 (c) B.Kerler 2018-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Preloader
Preloader - [LIB]: �[31mStatus: Handshake failed, please retry�[0m
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
......Port - Device detected :)
Preloader - CPU: MT6765(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe7
Preloader - SBC enabled: True
Preloader - SLA enabled: True
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - ME_ID: B4FD7FAA01E367EAF68C1B76393EF17D
Preloader - SOC_ID: 08F3DD3663A645FDD0FDEDF058241653134C146F32C21D89993F57619BF27C96
PLTools - Loading payload from D:\Desenvolvimento 2019\Android Tool By LigtelGSM\AndroidTool 30-08-2019 as 17_31\AndroidTool\AndroidTool\bin\Debug\mtkclient-main\mtkclient\payloads\mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: D:\Desenvolvimento 2019\Android Tool By LigtelGSM\AndroidTool 30-08-2019 as 17_31\AndroidTool\AndroidTool\bin\Debug\mtkclient-main\mtkclient\payloads\mt6765_payload.bin
Port - Device detected :)
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading stage 1...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
DAXFlash - Successfully received DA sync
DAXFlash - DRAM config needed for : 90014a6843386150
DAXFlash - Uploading stage 2...
DAXFlash - Successfully uploaded stage 2
DAXFlash - EMMC FWVer: 0x0
DAXFlash - EMMC CID: 90014a68433861503e03485554372661
DAXFlash - EMMC Boot1 Size: 0x400000
DAXFlash - EMMC Boot2 Size: 0x400000
DAXFlash - EMMC GP1 Size: 0x0
DAXFlash - EMMC GP2 Size: 0x0
DAXFlash - EMMC GP3 Size: 0x0
DAXFlash - EMMC GP4 Size: 0x0
DAXFlash - EMMC RPMB Size: 0x1000000
DAXFlash - EMMC USER Size: 0xe8f800000
DAXFlash - DA-CODE : 0x666D0
Main - Requesting available partitions ....
Main - Dumping partition recovery
Progress: |--------------------------------------------------| 0.2% Read (Sector 128 of 65536) 0.00 MB/s
Progress: |--------------------------------------------------| 0.4% Read (Sector 256 of 65536) 7.39 MB/s
Progress: |--------------------------------------------------| 0.6% Read (Sector 384 of 65536) 6.92 MB/s
Progress: |--------------------------------------------------| 0.8% Read (Sector 512 of 65536) 7.14 MB/s
Progress: |--------------------------------------------------| 1.0% Read (Sector 640 of 65536) 7.14 MB/sDAXFlash
DAXFlash - [LIB]: �[31mCouldn't write to recovery.bin. Error: 'charmap' codec can't encode character '\u2588' in position 12: character maps to �[0m
Main - Failed to dump sector 2112 with sector count 65536 as recovery.bin.
DAXFlash
DAXFlash - [LIB]: �[31mError on sending shutdown: Unknown: 0x42a229d5�[0m

How to write RPMB..?

error: file '/home/satoshi/Software/mtkclient/mtkclient/Tools/brom_to_offs' does not exist

python mtk stage
python stage2 seccfg

Port - Device detected :)
Preloader - CPU: MT6765(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - ME_ID: 4FD38FC3D325E9352E9387CF1050E00C
Preloader - SOC_ID: 94FD535E13F3BDA8F51960A06671C0863DF00DD61777B264E4511893086980FF
Main - Uploading stage 1
PLTools - Loading payload from C:\Dongle\PayLoads\MtkClientDebug\ref\mtkclient\payloads\generic_stage1_payload.bin, 0x3ec bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: C:\Dongle\PayLoads\MtkClientDebug\ref\mtkclient\payloads\generic_stage1_payload.bin
Main - Successfully uploaded stage 1, sending stage 2
Main - Done sending stage2, size 0x4000.
Main - Done jumping stage2 at 00201000
Main - Successfully loaded stage2
Traceback (most recent call last):
File "C:\Dongle\PayLoads\MtkClientDebug\ref\stage2", line 637, in
main()
File "C:\Dongle\PayLoads\MtkClientDebug\ref\stage2", line 627, in main
data = seccfg_data + enc_hash
TypeError: can't concat list to bytes

When I run mtk payload --debugmode, error occurs:

MTK Flash/Exploit Client V1.4 (c) B.Kerler 2020-2021
Traceback (most recent call last):
  File "C:\Users\86186\mtkclient\mtk", line 932, in <module>
    mtk = Main().run()
  File "C:\Users\86186\mtkclient\mtk", line 296, in run
    mtk = Mtk(loader=self.args["--loader"], loglevel=self.__logger.level, vid=vid, pid=pid, interface=interface,
  File "C:\Users\86186\mtkclient\mtk", line 107, in __init__
    self.config = Mtk_Config(loglevel=loglevel)
  File "C:\Users\86186\mtkclient\mtkclient\config\brom_config.py", line 1308, in __init__
    os.remove(logfilename)
PermissionError: [WinError 32] 另一个程序正在使用此文件，进程无法访问。: 'logs\\log.txt'

It says "Another program is using the file", I remove these two lines and it worked: https://github.com/bkerler/mtkclient/blob/main/mtkclient/config/brom_config.py#L1308

Kamakiri - Done sending payload...
USBError(5, 'Input/Output Error') <class 'usb.core.USBError'> 5

mtk payload or mtk e frp Not Working

Hi, when I connect my T-Mobile LG Velvet 5G (it has a Dimensity 1000C instead of a Snapdragon 765G) to the MTK tool, it incorrectly identifies it as a MT6885 instead of a MT6883Z/CZA since the tool attempts to use the MT6885 payload to bypass security, as seen in the screenshot below.

I was able to extract my device's bootrom, here is the link: https://drive.google.com/file/d/1vL_DS6lVopovfS6Fx4LlvyQeOYoprYmL/view?usp=sharing

DAconfig
DAconfig - [LIB]: ←[31mNo da config set up←[0m
DALegacy - Uploading da...
DALegacy
DALegacy - [LIB]: ←[31mNo valid da loader found... aborting.←[0m
Main
Main - [LIB]: ←[31mError uploading da←[0m

MTK_AllInOne_DA_5.1420.bin
MTK_AllInOne_DA_5.1824.bin
MTK_AllInOne_DA_5.2124.bin

All tested not working manual select.

Hi
Please check attached file

mtk_auth_error.txt

python mtk e userdata

MTK Flash/Exploit Client V1.41 (c) B.Kerler 2018-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

...........

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

Port - Device detected :)
Preloader - CPU: MT6785(Helio G90)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0xa
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x813
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - BROM mode detected.
Preloader - ME_ID: A928CACBC2DA6266FC23A7ECAB150B72
Preloader - SOC_ID: 350EF4B1E04CD32CCCB93A858B0947B237109FB1F1B926560768BB5EEAF7493E
PLTools - Loading payload from C:\mtkclient\mtkclient\payloads\mt6785_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: C:\mtkclient\mtkclient\payloads\mt6785_payload.bin
Port - Device detected :)
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading stage 1...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
DAXFlash - Successfully received DA sync
DAXFlash - DRAM config needed for : 0000000000000000
DAXFlash - Uploading stage 2...
DAXFlash - Successfully uploaded stage 2
DAXFlash - UFS FWVer: 0x33
DAXFlash - UFS Blocksize:0x1000
DAXFlash - UFS CID: ce014b4d3856383030314a4d2d423831
DAXFlash - UFS LU0 Size: 0x1dcb000000
DAXFlash - UFS LU1 Size: 0x400000
DAXFlash - UFS LU2 Size: 0x400000
DAXFlash - DA-CODE : 0x131B0
DAXFlash
DAXFlash - [LIB]: ←[31mError on sending parameter: Exceed available range←[0m
DAXFlash
DAXFlash - [LIB]: ←[31mError on sending formatting: Invalid parameters←[0m
Failed to format sector 2332672 with sector count 28903416.

My phone's chip is mt6750. I use Re LiveDVD V2. When I input python mtk plstage, it show below.Other command such as python mtk payload、python mtk stage is ok. I uploaded the log in debugmode.

livedvd@host: /opt/mtkclient$ python mtk plstage
MTK Flash/Exploit Client V1.41 (c) B.Kerler 2020-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
...........
Port - Device detected :)
Preloader - CPU: MT6755/MT6750/M/T/S(Helio P10/P15/P18)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212c00
Preloader - Var1: 0xa
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xcb00
Preloader - SW Ver: 0x1
Preloader - Disabling Watchdog...
Preloader - HW code: 0x326
Preloader - Target config: 0x1
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: False
Preloader - SWJTAG enabled: False
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - BROM mode detected.
Preloader - ME_ID: 5636FD6EB5F5D5C8723BEC0713B26A3B
Main - Sent da to 0x40200000, length 0x4440
Preloader - Jumping to 0x40200000
Main - Jumped to 0x40200000.
Traceback (most recent call last):
File "mtk", line 938, in
mtk = Main().run()
File "mtk", line 434, in run
ack = unpack(">I", mtk.port.usbread(4))[0]
struct.error: unpack requires a buffer of 4 bytes
livedvd@host: /opt/mtkclient$

log.txt

C:\Yeni klasör\mtkclient-main>python mtk reset

Traceback (most recent call last):
File "mtk", line 1529, in
mtk = Main(args).run()
File "mtk", line 624, in run
info=mtk.daloader.reinit()
File "C:\Yeni klasör\mtkclient-main\mtkclient\Library\mtk_daloader.py", line 55, in reinit
self.da.reinit()
File "C:\Yeni klasör\mtkclient-main\mtkclient\Library\mtk_daxflash.py", line 960, in reinit
self.sram, self.dram = self.get_ram_info()
File "C:\Yeni klasör\mtkclient-main\mtkclient\Library\mtk_daxflash.py", line 540, in get_ram_info
resp = self.send_devctrl(self.Cmd.GET_RAM_INFO)
File "C:\Yeni klasör\mtkclient-main\mtkclient\Library\mtk_daxflash.py", line 271, in send_devctrl
status[0] = self.status()
File "C:\Yeni klasör\mtkclient-main\mtkclient\Library\mtk_daxflash.py", line 226, in status
magic, datatype, length = unpack("<III", hdr)
struct.error: unpack requires a buffer of 12 bytes

c:\xxxx\pytyon mtk w seccfg seccfg.bin

...........

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

........Port - Device detected :)
Preloader - CPU: MT6765(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - ME_ID: D1F5E12C4125DBD34CB67347674A7FA5
Preloader - SOC_ID: AB2B5E1F5E7CAA11581E62B5A68C824FB7CABF275DDED1F1259C4771959FA560
PLTools - Loading payload from D:\Tools\PortableGit\mtkclient\mtkclient\payloads\mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: D:\Tools\PortableGit\mtkclient\mtkclient\payloads\mt6765_payload.bin
Port - Device detected :)
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading stage 1...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - DRAM config needed for : 1501004448364441
DAXFlash - Uploading stage 2...
DAXFlash - Successfully uploaded stage 2
DAXFlash - EMMC FWVer: 0x0
DAXFlash - EMMC CID: 1501004448364441420891f5ceb928b3
DAXFlash - EMMC Boot1 Size: 0x400000
DAXFlash - EMMC Boot2 Size: 0x400000
DAXFlash - EMMC GP1 Size: 0x0
DAXFlash - EMMC GP2 Size: 0x0
DAXFlash - EMMC GP3 Size: 0x0
DAXFlash - EMMC GP4 Size: 0x0
DAXFlash - EMMC RPMB Size: 0x1000000
DAXFlash - EMMC USER Size: 0xe8f800000
DAXFlash - DA-CODE : 0x666D0
Progress: |--------------------------------------------------| 0.0% Write (Sector 0 of 16384) 0.00 MProgress: |████████████--------------------------------------| 25.0% Write (Sector 4096 Progress: |█████████████████████████-------------------------| 50.0% Write Progress: |██████████████████████████████████████------------| 75.0% Write (Sector 12288 of 16384) 1999.67 MB/sDAXFlash
DAXFlash - [LIB]: �[31munpack requires a buffer of 12 bytes�[0m
Failed to write seccfg.bin to sector 1048576 with sector count 16384.
Traceback (most recent call last):
File "D:\Tools\PortableGit\mtkclient\mtk", line 1528, in
mtk = Main(args).run()
File "D:\Tools\PortableGit\mtkclient\mtk", line 882, in run
mtk.daloader.close()
File "D:\Tools\PortableGit\mtkclient\mtkclient\Library\mtk_daloader.py", line 80, in close
return self.da.close()
File "D:\Tools\PortableGit\mtkclient\mtkclient\Library\mtk_daxflash.py", line 834, in close
status=self.status()
File "D:\Tools\PortableGit\mtkclient\mtkclient\Library\mtk_daxflash.py", line 228, in status
magic, datatype, length = unpack("<III", hdr)
struct.error: unpack requires a buffer of 12 bytes

oppo A35 which bootloader is unlocked，I read the seccfg partition，which is "4D4D4D4D040000003C000000030000000000000000000000454545459CD472D7DEEF768CEDA24A30FF7217BF180EFBD6141155618BB5059DFADE7D00"

and I calculate the "seccfg.bin" with the same mobile, which is "4D4D4D4D040000003C0000000300000000000000000000004545454550FA285CB6D5B97A469118D07133D41F8A01B289CC322E9F60948B0F2BFB7757"

I think the "enc_hash" value is wrong!!

This is a tough one, i have to run the bypass utility
https://github.com/MTK-bypass/bypass_utility
while having sp flash tool open and with download clicked waiting for the stylo6 to be connected with volume down and google assist button pushed along with the battery disconnected... with all those steps met the mtkclient tool finally connects, otherwise handshake failed everytime with everything i try. The K51 must not have the extra security the stylo6 has, because thats the same way i gotta get the 6 to connect to chimera. but ive yet to get any function to work on the 6.

PS C:\Users\jones\Downloads\bkerler tools\mtkclient-main> python mtk rl out
MTK Flash/Exploit Client V1.42 (c) B.Kerler 2020-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Device detected :)
Preloader - CPU: MT6765(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0x0
Preloader - SBC enabled: False
Preloader - SLA enabled: False
Preloader - DAA enabled: False
Preloader - SWJTAG enabled: False
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - BROM mode detected.
Preloader - ME_ID: AFD69995C21E2DD1A6832B623E1429AD
Preloader - SOC_ID: F5FD7D41CC5CBF33156EF4D346EC77B685D88072FF63629C8640C4AFFFF493E0
Main - Device is unprotected.
Main - Device is in BROM mode. Trying to dump preloader.
PLTools - Loading payload from C:\Users\jones\Downloads\bkerler tools\mtkclient-main\mtkclient\config..\payloads\mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Error, payload answered instead:
Mtk
Mtk - [LIB]: ←[31mError on running kamakiri payload←[0m
DAXFlash - Uploading stage 1...
Preloader
Preloader - [LIB]: ←[31mError on DA_Send cmd←[0m
DAXFlash
DAXFlash - [LIB]: ←[31mError on sending DA.←[0m
Main
Main - [LIB]: ←[31mError uploading da←[0m
PS C:\Users\jones\Downloads\bkerler tools\mtkclient-main>

There are many errors every time you update
Please solve bug error bro

I want to downgrade my ROM, so I run mtk payload first, but it failed:

USBError(5, 'Input/Output Error') <class 'usb.core.USBError'> 5

then I run with debugmode, here is the log:

log.txt

Microsoft Windows [versão 10.0.19042.1052]
(c) Microsoft Corporation. Todos os direitos reservados.

C:\Users\Mcdiniz>cd..

C:\Users>cd..

C:>cd mtkclient-main

C:\mtkclient-main>py mtk printgpt
Capstone library is missing (optional).
Keystone library is missing (optional).
MTK Flash/Exploit Client V1.41 (c) B.Kerler 2018-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Preloader
Preloader - [LIB]: ←[31mStatus: Handshake failed, please retry←[0m

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

...Preloader
Preloader - [LIB]: ←[31mStatus: Handshake failed, please retry←[0m
Preloader
Preloader - [LIB]: ←[31mStatus: Handshake failed, please retry←[0m

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

...........
Port - Device detected :)
Preloader - CPU: MT6739/MT6731()
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0xb4
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xcb00
Preloader - SW Ver: 0x2
Preloader - Disabling Watchdog...
Preloader - HW code: 0x699
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - ME_ID: 18B4C2D22A72052A1E0CFE67A32C8CB3
Preloader - SOC_ID: 2B86505243A63FB955E98AD4193B2BC84D86A0590B5C7D50DDDB8AA9C3F7B534
PLTools - Loading payload from C:\mtkclient-main\mtkclient\payloads\mt6739_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: C:\mtkclient-main\mtkclient\payloads\mt6739_payload.bin
Port - Device detected :)
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading stage 1...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
DAXFlash - Successfully received DA sync
Traceback (most recent call last):
File "C:\mtkclient-main\mtk", line 1034, in
mtk = Main().run()
File "C:\mtkclient-main\mtk", line 667, in run
if not mtk.daloader.upload_da(preloader=preloader):
File "C:\mtkclient-main\mtkclient\Library\mtk_daloader.py", line 87, in upload_da
return self.da.upload_da()
File "C:\mtkclient-main\mtkclient\Library\mtk_daxflash.py", line 961, in upload_da
emmc_info=self.get_emmc_info(False)
File "C:\mtkclient-main\mtkclient\Library\mtk_daxflash.py", line 563, in get_emmc_info
status=self.status()
File "C:\mtkclient-main\mtkclient\Library\mtk_daxflash.py", line 226, in status
magic, datatype, length = unpack("<III", hdr)
struct.error: unpack requires a buffer of 12 bytes

C:\mtkclient-main>

Hi
I got this error below to try dump preloader using stage2.
if i use command python stage2 memread 0x0 0x4000
it working good.

C:\mtkclient-main>py```` mtk stage

Capstone library is missing (optional).
Keystone library is missing (optional).
MTK Flash/Exploit Client V1.41 (c) B.Kerler 2018-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile

...Port - Device detected :)
Preloader -     CPU:                    MT6765(Helio P35/G35)
Preloader -     HW version:             0x0
Preloader -     WDT:                    0x10007000
Preloader -     Uart:                   0x11002000
Preloader -     Brom payload addr:      0x100a00
Preloader -     DA payload addr:        0x201000
Preloader -     CQ_DMA addr:            0x10212000
Preloader -     Var1:                   0x25
Preloader -     HW subcode:             0x8a00
Preloader -     HW Ver:                 0xca00
Preloader -     SW Ver:                 0x0
Preloader - Disabling Watchdog...
Preloader - HW code:                    0x766
Preloader - Target config:              0xe7
Preloader -     SBC enabled:            True
Preloader -     SLA enabled:            True
Preloader -     DAA enabled:            True
Preloader -     SWJTAG enabled:         True
Preloader -     EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT:  False
Preloader -     Root cert required:     False
Preloader -     Mem read auth:          True
Preloader -     Mem write auth:         True
Preloader -     Cmd 0xC8 blocked:       True
Preloader - ME_ID:                      B4FD7FAA01E367EAF68C1B76393EF17D
Preloader - SOC_ID:                     08F3DD3663A645FDD0FDEDF058241653134C146F32C21D89993F57619BF27C96
Main - Uploading stage 1
PLTools - Loading payload from C:\mtkclient-main\mtkclient\payloads\generic_stage1_payload.bin, 0x3ec bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: C:\mtkclient-main\mtkclient\payloads\generic_stage1_payload.bin
Main - Successfully uploaded stage 1, sending stage 2
Main - Done sending stage2, size 0x4000.
Main - Done jumping stage2 at 00201000
Main - Successfully loaded stage2

C:\mtkclient-main>py stage2 preloader
Capstone library is missing (optional).
Keystone library is missing (optional).
Stage2 - Reading preloader...
Stage2
Stage2 - [LIB]: ←[31mError on getting data←[0m
Traceback (most recent call last):
  File "C:\mtkclient-main\stage2", line 615, in <module>
    main()
  File "C:\mtkclient-main\stage2", line 515, in main
    st2.preloader(start, length, filename=filename)
  File "C:\mtkclient-main\stage2", line 195, in preloader
    if len(buffer) != 0x4000:
TypeError: object of type 'NoneType' has no len()

C:\mtkclient-main>

Sorry, no new issues, just checking everyday for that next big update, waiting with great anticipation, hoping things are going good and hoping that it will be compatible with these LG's. I've got many people that I've taught how to use this tool so they can unlock their bootloaders once it is finally compatible with their stylo 6 or K model phones.

brom_959.zip
Dimensity 900 MT6877 Brom,If you can, please add it!

I have everything you need to build an unlocking tool if I could get your email I'll add you and only you to be able to download all the data you need to build it

Hi, as you can read from the title, when I try to modify seccfg with stage2, it freezes without giving any output and the only way to unfreeze is to stop python or unplug the device, I have tried with both Windows 11 and Arch Linux.
I attach the terminal output, even with the debug option:

python stage2 seccfg unlock sej - HACC init

python stage2 seccfg unlock --debugmode usage: stage2 [-h] {rpmb,preloader,boot2,memread,memwrite,reboot,seccfg,keys} ... stage2: error: unrecognized arguments: --debugmode

Can you guide how to backup partion in windows

Even I use below commands not work

Python mtk.py r boot boot.bin

OR

Python mtk.py r boot boot.bin [--preloader=Loader/Preloader/your_device_preloader.bin]

Help please

On MT6853 Redmi note 9T after all the partitions were deleted, I tried to flash my backup with :
./mtk wf flash.bin --preloader_cannong.bin

It throws this error DAXFlash - [LIB]: Error on sending parameter : Read parttbl failed (0xc0040007)
I think DAXFlash tries to read the gpt partition but can't find it right ?
Do you think my phone is dead forever ?

c:\xxxx\pytyon mtk w seccfg seccfg.bin

...........

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

........Port - Device detected :)
Preloader - CPU: MT6765(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - ME_ID: D1F5E12C4125DBD34CB67347674A7FA5
Preloader - SOC_ID: AB2B5E1F5E7CAA11581E62B5A68C824FB7CABF275DDED1F1259C4771959FA560
PLTools - Loading payload from D:\Tools\PortableGit\mtkclient\mtkclient\payloads\mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: D:\Tools\PortableGit\mtkclient\mtkclient\payloads\mt6765_payload.bin
Port - Device detected :)
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading stage 1...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - DRAM config needed for : 1501004448364441
DAXFlash - Uploading stage 2...
DAXFlash - Successfully uploaded stage 2
DAXFlash - EMMC FWVer: 0x0
DAXFlash - EMMC CID: 1501004448364441420891f5ceb928b3
DAXFlash - EMMC Boot1 Size: 0x400000
DAXFlash - EMMC Boot2 Size: 0x400000
DAXFlash - EMMC GP1 Size: 0x0
DAXFlash - EMMC GP2 Size: 0x0
DAXFlash - EMMC GP3 Size: 0x0
DAXFlash - EMMC GP4 Size: 0x0
DAXFlash - EMMC RPMB Size: 0x1000000
DAXFlash - EMMC USER Size: 0xe8f800000
DAXFlash - DA-CODE : 0x666D0
Progress: |--------------------------------------------------| 0.0% Write (Sector 0 of 16384) 0.00 MProgress: |████████████--------------------------------------| 25.0% Write (Sector 4096 Progress: |█████████████████████████-------------------------| 50.0% Write Progress: |██████████████████████████████████████------------| 75.0% Write (Sector 12288 of 16384) 1999.67 MB/sDAXFlash
DAXFlash - [LIB]: �[31munpack requires a buffer of 12 bytes�[0m
Failed to write seccfg.bin to sector 1048576 with sector count 16384.
Traceback (most recent call last):
File "D:\Tools\PortableGit\mtkclient\mtk", line 1528, in
mtk = Main(args).run()
File "D:\Tools\PortableGit\mtkclient\mtk", line 882, in run
mtk.daloader.close()
File "D:\Tools\PortableGit\mtkclient\mtkclient\Library\mtk_daloader.py", line 80, in close
return self.da.close()
File "D:\Tools\PortableGit\mtkclient\mtkclient\Library\mtk_daxflash.py", line 834, in close
status=self.status()
File "D:\Tools\PortableGit\mtkclient\mtkclient\Library\mtk_daxflash.py", line 228, in status
magic, datatype, length = unpack("<III", hdr)
struct.error: unpack requires a buffer of 12 bytes

Originally posted by @330wang in #32 (comment)

DAXFlash - [LIB]: �[31mError on sending parameter, status 0xc002000c.�[0m
Wrote oppo_custom.bin to sector 412736 with sector count 2048.

It is scanning preloader VCOM, but it cannot recognize BOOTROM!

Program comes with error "USB OverFlow" when writing boot python3 mtk w boot boot.img

I used chimera to unlock the bootloader on my k61 but I backed up the seccfg.bin before I did it, I successfully relocked the bootloader by flashing the stock one back to it, but when i tried to flash the one from it when it was unlocked it would not flash successfully.

PS C:\Users\jones\Downloads\mtkclient-main\mtkclient-main> python mtk w seccfg seccfg.bin

Preloader - Status: Waiting for PreLoader VCOM, please connect mobile

Port - Hint:

Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.

.......Port - Device detected :)
Preloader - CPU: MT6765(Helio P35/G35)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0x25
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - Disabling Watchdog...
Preloader - HW code: 0x766
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - ME_ID: 0E2BA12FFA7E848DE6D3275850FAC4A5
Preloader - SOC_ID: 0D32C53FC55CE1CC7973A954A700F7C9D39691BEF06CF7BD11C1CBA395E20525
PLTools - Loading payload from C:\Users\jones\Downloads\mtkclient-main\mtkclient-main\mtkclient\payloads\mt6765_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: C:\Users\jones\Downloads\mtkclient-main\mtkclient-main\mtkclient\payloads\mt6765_payload.bin
Port - Device detected :)
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading stage 1...
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - DRAM config needed for : 150100445636444d
DAXFlash - Uploading stage 2...
DAXFlash - Successfully uploaded stage 2
DAXFlash - EMMC FWVer: 0x0
DAXFlash - EMMC CID: 150100445636444d4203f12e6879478f
DAXFlash - EMMC Boot1 Size: 0x400000
DAXFlash - EMMC Boot2 Size: 0x400000
DAXFlash - EMMC GP1 Size: 0x0
DAXFlash - EMMC GP2 Size: 0x0
DAXFlash - EMMC GP3 Size: 0x0
DAXFlash - EMMC GP4 Size: 0x0
DAXFlash - EMMC RPMB Size: 0x1000000
DAXFlash - EMMC USER Size: 0x1d1ec00000
DAXFlash - DA-CODE : 0x666D0
DAXFlash
DAXFlash - [LIB]: ←[31mError on sending parameter: Write data not allowed (0xc002000c)←[0m
Failed to write seccfg.bin to sector 557056 with sector count 16384.
PS C:\Users\jones\Downloads\mtkclient-main\mtkclient-main>

i'm trying to reverse engineer my mtk bootloader unlocks, i have some LG stylo6's and K51's that i unlocked the bootloaders on and i did the full read then relocked the bootloader and tried to flash the flash.bin back to get the bootloader to unlock again with no success
DAXFlash - [LIB]: ←[31mError on sending parameter, status 0xc002000c.←[0m
Wrote flash.bin to sector 0 with sector count 61071360.
Thats what i get, any ideas?

in folder preloader its file to unlock bootloader unofficialy? or not ?

Btw Thanks for ur works . Best

python mtk stage
python stage2 seccfg unlock
python stage2 memwrite 0x18000000 seccfg.bin

Main - Successfully uploaded stage 1, sending stage 2
Main - Done sending stage2, size 0x4000.
Main - Done jumping stage2 at 00201000
Main - Successfully loaded stage2
sej - HACC init
sej - HACC run
sej - HACC terminate
Successfully wrote seccfg to seccfg.bin. You need to write seccfg.bin to partition seccfg.
Successfully wrote data to 0x18000000

but after memwrite file seccfg.bin phone still lockbootloader "Note that the file Unlock Bootloader has been verified using another tool written in"

stage2 Line:389 Line:395 all are False

if mode == "sej_aes_decrypt":
dec_data = self.hwcrypto.aes_hwcrypt(mode="cbc", data=data, btype="sej", encrypt=False)
keyinfo+="\n"
keyinfo+="Data: " + hexlify(dec_data).decode('utf-8')
keyinfo+="\n"
return dec_data, keyinfo
elif mode == "sej_aes_encrypt":
enc_data = self.hwcrypto.aes_hwcrypt(mode="cbc", data=data, btype="sej", encrypt=False)
keyinfo+="\n"
keyinfo+="Data: " + hexlify(enc_data).decode('utf-8')
keyinfo+="\n"
return enc_data, keyinfo