[Tutorial] How to use MTK Bypass to backup or flash secure boot MTK
[Tutorial] How to use MTK Bypass to backup or flash secure boot MTK
The steps below explain how to backup / flash a Mediatek (MTK) secure boot device without using a custom download agent (DA)
pip install pyusb json5
python main.py
py -3 main.py
Traceback (most recent call last):
File "main.py", line 3, in <module>
from src.exploit import exploit
ImportError: No module named src.exploit
Quote:In this video tutorial, I'm going to be showing how to backup firmware or flash firmware to a Mediatek secure boot device without using a custom download agent. Now, for the sake of this tutorial, I'm going to be using Nokia 3. Its a secure boot device and we're also going to be making use of these tools. Actually, these tools, the download links for them will be in the description. So we're going to start off by installing python. When installing python, ensure to click Add Python to path then click Install Now. The tool we're going to be using is called MTK bypass. What you need to download is bypass utility and exploit connection. You can download python and libusb. Links will be in the description. To download from Github, just click on the item you wish to download then click Code. Download Zip. By the way, the developer and contributors to this tool, full credit goes to them. Python is still installing. Successful. You can now close. Quickly open the command prompt window. Now in command prompt, type and Enter this command. You can right-click to paste then press Enter. Ensure you have an internet connection while running this command. You should get this message; you're using PIP version 20. Once you get this message, you're good to go. You can now close. Install LIbusb, launch. Now, you need to install Mediatek drivers. I'm using a signed driver, the link is at the forum. This is the manual Mediatek signed driver. Just right-click on the inf file and install. Successful. OK. Lastly, you'll need to extract these two items, the files you downloaded from Github. Now, open exploit, copy payload folder and default config. Paste them into the MTK bypass utility folder and you should have something like this. Now, return back to libusb , install a device filter, next. At this point, what you want to do now is to connect the phone to Mediatek MTK USB Port mode. To do this, on some devices, you hold volume up. On some devices, you hold volume down. Now, in the case of Nokia 3, volume down works so I'm going to hold volume down button and connect the USB port. Now, once I do this, I'll need to quickly select Mediatek USB port and install. Lets see how it goes. Volume down button and then I connect the USB. MTK USB port. OK, it says here successful. Your phone might power on, its all good and fine. Just switch it back off it it does. Now, once that is done, you can minimize or close. Now, we need to open a command prompt window here or power shell window. You can do this by holding Shift key then right-click. Now, you need to type python main.py. Basically, we're trying to launch this file. Hit Enter. You might get an error message; python was not found. If you get this message, you need to launch python 3 launcher by typing py -3 then the file you want to run which is main.py. Now you'll get this message; waiting for bootrom. At this point, you're going to re-connect the phone using the same volume down button and connect the USB cable. Now, if successful, you should see this message; protection disabled. You can see Secure Boot device is true. Now, don't disconnect the phone, simply minimize then launch SP flash tool. Now, for the sake of this tutorial, I'm just going to be flashing boot and recovery only but of course you can backup, you can format partitions, whatever you wish to do. Now, go to options.. OK I've selected (scatter) file. I want to flash only boot and recovery so I select boot and recovery. Now, you need to configure SP flash tool connection settings. Option , Option, Connection. Set it to UART. COM port depends on what you have here; Mediatek COM port 10 and finally the speed. You can now close and click the Download button. Now, if all goes well, the device should start flashing using the default download agent. You should get a successful message once you're done. You can now disconnect the device and power it on. Basically, this is how you flash or backup firmware from a Mediatek secure boot device without using a custom Download Agent. All you just need to do is make sure that the MTK bypass has exploit for your chipset which you'll find under the payload folder. You'll find different chipsets. Right now, this is what they have as at the time of creating this guide. Thank you for watching, ensure to subscribe for more tutorials.
(30-01-2021, 02:23 PM)thabitu Can we use miracle box instead of spft?In theory, yes.
(30-01-2021, 12:59 PM)a4Abhi Will it be able to connect Meta Mode in Xiaomi Poco c3 or Redmi 9 ??
Actually Iam having Poco C3but unable to Boot it into Meta Mode even after Boot loader unlocked on MIUI 12.