Comments (11)
Just read the code.... or wait for an automated solution.
from mtkclient.
Feel free to improve my script to add unlocking :)
from mtkclient.
How to use this seccfg cmd for unlocking
cmd == "seccfg":
with open("seccfg.bin", "wb") as wf:
seccfg_ver = 4
seccfg_size = 0x3C
lock_state = 3
"""
LKS_DEFAULT = 0x01
LKS_MP_DEFAULT = 0x02
LKS_UNLOCK = 0x03
LKS_LOCK = 0x04
LKS_VERIFIED = 0x05
LKS_CUSTOM = 0x06
"""
critical_lock_state = 1
"""
LKCS_UNLOCK = 0x01
LKCS_LOCK = 0x02
"""
sboot_runtime = 0
"""
SBOOT_RUNTIME_OFF = 0
SBOOT_RUNTIME_ON = 1
"""
seccfg_data = pack("<IIIIIII", 0x4D4D4D4D, seccfg_ver, seccfg_size, lock_state,
critical_lock_state, sboot_runtime, 0x45454545)
dec_hash = hashlib.sha256(seccfg_data).digest()
enc_hash = st2.keys(data=dec_hash, mode="sej_aes_encrypt")
data = seccfg_data + enc_hash
data += b"\x00" * (0x200 - len(data))
wf.write(data)
print("Successfully wrote seccfg.")
st2.close()
st2.close()
if name == "main":
main()
from mtkclient.
How to use this seccfg cmd for unlocking
cmd == "seccfg":
with open("seccfg.bin", "wb") as wf:
seccfg_ver = 4
seccfg_size = 0x3C
lock_state = 3
"""
LKS_DEFAULT = 0x01
LKS_MP_DEFAULT = 0x02
LKS_UNLOCK = 0x03
LKS_LOCK = 0x04
LKS_VERIFIED = 0x05
LKS_CUSTOM = 0x06
"""
critical_lock_state = 1
"""
LKCS_UNLOCK = 0x01
LKCS_LOCK = 0x02
"""
sboot_runtime = 0
"""
SBOOT_RUNTIME_OFF = 0
SBOOT_RUNTIME_ON = 1
"""
seccfg_data = pack("<IIIIIII", 0x4D4D4D4D, seccfg_ver, seccfg_size, lock_state,
critical_lock_state, sboot_runtime, 0x45454545)
dec_hash = hashlib.sha256(seccfg_data).digest()
enc_hash = st2.keys(data=dec_hash, mode="sej_aes_encrypt")
data = seccfg_data + enc_hash
data += b"\x00" * (0x200 - len(data))
wf.write(data)
print("Successfully wrote seccfg.")
st2.close()st2.close()
if name == "main":
main()
Looks like you found some secret gem. Read the code and it should be perfectly clear how to use ;)
from mtkclient.
I'm not advanced enough in writing script to do that, but I will ask a few for help to do so as I don't want to release this data to just anyone that's why I don't post it here, if you would like to chat personally you might be able to help me if you aren't too busy
from mtkclient.
How to generate unlock config sir
sent me need data and solution please
this mail address [email protected]
from mtkclient.
Can you explain in detail?
from mtkclient.
Just read the code.... or wait for an automated solution.
Ok Thank You Waiting for you this solution šš
from mtkclient.
C:\mtkclient-main>python stage2 seccfg
Capstone library is missing (optional).
Keystone library is missing (optional).
sej - HACC init
sej - HACC run
sej - HACC terminate
Traceback (most recent call last):
File "C:\mtkclient-main\stage2", line 616, in
main()
File "C:\mtkclient-main\stage2", line 606, in main
data = seccfg_data + enc_hash
TypeError: can't concat str to bytes
C:\mtkclient-main>
from mtkclient.
Closing now, as this feature is now implemented and will be enhanced soon.
from mtkclient.
I am not phone dev so I have only a little bit of understanding what is happening.
But if may I ask about something cause I have no idea how to bypass time waiting for my xiaomi redmi note 12 pro...
of course I can just wait... but why? :D
seccfg_ver = 4
how exactly i can know what version i've got?
seccfg_size = 0x3C
just size .. i've got it
lock_state = 3
how to understand other states? how you know what it shoud be?
LKS_DEFAULT = 0x01
LKS_MP_DEFAULT = 0x02
LKS_UNLOCK = 0x03
LKS_LOCK = 0x04
LKS_VERIFIED = 0x05
LKS_CUSTOM = 0x06
what is that?
critical_lock_state = 1
what is that? :D
LKCS_UNLOCK = 0x01
LKCS_LOCK = 0x02
understand that they're switches
sboot_runtime = 0
what is that?
SBOOT_RUNTIME_OFF = 0
SBOOT_RUNTIME_ON = 1
is it about when is it fired up?
seccfg_data = pack("<IIIIIII", 0x4D4D4D4D, seccfg_ver, seccfg_size, lock_state, critical_lock_state, sboot_runtime, 0x45454545)
packing that combo in hex
dec_hash = hashlib.sha256(seccfg_data).digest()
bytes from hash from combo
enc_hash = st2.keys(data=dec_hash, mode="sej_aes_encrypt")
not sure how this kv pairs work...
data = seccfg_data + enc_hash
something like salting data?? or wtf?
data += b"\x00" * (0x200 - len(data))
filling rest of 512 values by zeroes
so why you name value seccfg_size why is 60?
how to interpret my seccfg?
4D 4D 4D 4D 04 00 00 00 3C 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 45 45 45 45 1E 09 9F 5B FF A7 C3 8D 2D 89 F2 BE FB E8 5F DC E6 FD 08 0D E9 A8 3F B5 CC 7F 91 E8 5F 42 E7 CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 79 09 22 00 00 00 01
why rest of file is enormously lot of x00
from mtkclient.
Related Issues (20)
- mtk client failing to read from BV A90 HOT 1
- USB Device Not Detected on MacOS M1 MBP HOT 2
- Extensions were accepted. Jumping to extensions... bug HOT 3
- Damaged Partition? Any solution? HOT 1
- DAA_SIG_VERIFY_FAILED (0x7024) on MT6765/MT8768t(Helio P35/G35) HOT 1
- Error writing user.bin Any solution?
- Filename doesn't exists: boot.patched, aborting flash write
- ask question @bkerler's
- Just a question about booting firmware...
- Preloader mode terminating unexpectedly
- MTKClient crashed when trying to unlock bootloader. HOT 10
- Mtk Oppo a16s HOT 9
- Error creating backup in linux
- mt 6886 problem redmi note 13 pro plus HOT 1
- Oppo A16S (CPH2271) - MTK MT6765 - DAA_SIG_VERIFY_FAILED (0x7024) HOT 2
- I need an urgent Help to resolve this problem am dealing with for couple of months! Iām trying to unbrick my unlocked bootloader Tecno Camon 19 pro 4g MT6781 bricked through flashing a magisk patched boot.img and Iām trying to flash a custom Vbmeta,boot.img to get the phone to boot to its original state gives error on MTKclient HOT 17
- Dmverity Error
- "python mtk.py da vbmeta 3" didn't work HOT 1
- "[LIB]: Device disconnected" Automatically and Status shows Waiting for connection
- vortex 55hd pro HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mtkclient.