Hovatek Forum MOBILE Android LG Stylo 6 (MT6765) SP Flash Tool successful connection
Can't login? Please, reset your password.
Hovatek is recruiting! Apply Now


LG Stylo 6 (MT6765) SP Flash Tool successful connection

LG Stylo 6 (MT6765) SP Flash Tool successful connection

Pages (2): 1 2 Next
16-07-2021, 06:03 AM
#1



Hi,
I have been collaborating with the admin of a discord server dedicated to bootloader unlocking, and rooting the stylo 6, we have been working on this since January of this year, and as of the other day, we just took our first steps towards those goals.
I was able to use MTK SEC_BOOT disable (https://www.bypassfrpfiles.com/2021/05/m...able-tool/) to crash the preloader of the stylo 6, and connect with sp flash tool.
I did this by powering off the device, then arming the program, using Force brom button and Enforce PL Crash as the crashing method.
Once the program is waiting for preloader usb device, I plugged in the stylo while it was off, not holding down any hardware buttons. Normally this action would display the charging screen, but since I had the program armed, as soon as I plugged it in it ran and crashed the preloader to the MediaTek's EDL mode. In order to get this program to connect on plug in, I had to capture the USB device in the LibUsb filter wizard, this was done by having the phone in the powered off state, and plugging it in while I have the device list in the lib usb filter displayed, a LG device will briefly appear, and I would quickly install it. This will reboot the device into the system, so I then powered off and attempted the preloader crash.
Once the preloader is crashed, I than can attempt a memory test in sp flash. The first time, I tried to flash a package that warlockguitarman sent me. The images did flash, but I discovered that the program did not bypass the mtk auth, for as when I tried to flash, it wouldn't flash the laf_a and OP_a partitions, giving me an error in sp flash that says verified boot is still enabled.
Doing this first flash, I ended up formatting the device, which now having read the guide enigma posted on here, I realize I shouldn't have done. However, the first time I flash, sp prompted me to switch to Download + Format mode, so I followed what it said and after that first flash, my device is now red screened, saying safety check has failed and all slots are unbootable.
After this happened, I now have to hold down the power, and volume down buttons to get the mtk secboot disable program to connect and crash the preloader to get back into EDL mode.
So far, I have managed to get a full 60 gig dump of the device, I did this by copying the UA size of the box in the bottom left corner that appears in sp flash when you do any kind of operation, and plugging it into the length value of the read back, and set the region to EMMC_USER.
from there, I used WwR to generate a better scatter file than what I had.
Somehow, I was able to gain access to flash a valid laf_a image, over the current laf part, but when I tried to flash a zeroed out image of the same length, sp errored out saying verified boot was still enabled. I still cannot flash OP though.
At this point, me and my collaborators are having trouble trying to get the bootloader to unlock, we've tried using the mtk exploit that was posted on github (https://github.com/MTK-bypass/bypass_utility), the sec_boot bypass, and the rev4 bypass tool, all to no avail. However, the only thing that was actually crashed the preloader has been the sec_boot disable tool. At the moment, we both have bricked, red screen status devices, and no clean images to reflash back.
I am hoping someone here has some insight on this and could definitely use help moving forward.
Im not sure what exactly what im missing, but I suspect that I need to disable the mtk auth for full access to the device in sp flash, then flash a backup of a clean stylo.
Please contact me on discord @ Mastercodeon#4497, and ill connect you to the admin of the server im helping out with.
Attached Files
.png
stylo6 exploit.png
Size: 218.18 KB / Downloads: 40
hovatek
hovatek
hovatek
Administrator
49,570
16-07-2021, 07:27 AM
#2
(16-07-2021, 06:03 AM)Mastercodeon314 ...
I am hoping someone here has some insight on this and could definitely use help moving forward.
Im not sure what exactly what im missing, but I suspect that I need to disable the mtk auth for full access to the device in sp flash, then flash a backup of a clean stylo.
Please contact me on discord @ Mastercodeon#4497, and ill connect you to the admin of the server im helping out with.

Reviving your stylo 6 is easier than you think and unlocking BL can be done with Chimera Tool. The more crucial project is getting the stylo 6 BL unlocked without using Chimera.
You can crash preloader also using https://www.hovatek.com/blog/how-to-forc...brom-mode/ then just flash the files prepared from your kdz (first doing format all + download which will fail at some point) then flashing using download only.
Untick any partition that gives you verified boot as these aren't needed to revive the phone.
If you REALLY need to go around that verified boot error then this vide should help

This post was last modified: 16-07-2021, 07:40 AM by hovatek.

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
16-07-2021, 09:06 AM
#3
(16-07-2021, 07:27 AM)hovatek
(16-07-2021, 06:03 AM)Mastercodeon314 ...
I am hoping someone here has some insight on this and could definitely use help moving forward.
Im not sure what exactly what im missing, but I suspect that I need to disable the mtk auth for full access to the device in sp flash, then flash a backup of a clean stylo.
Please contact me on discord @ Mastercodeon#4497, and ill connect you to the admin of the server im helping out with.

Reviving your stylo 6 is easier than you think and unlocking BL can be done with Chimera Tool. The more crucial project is getting the stylo 6 BL unlocked without using Chimera.
You can crash preloader also using https://www.hovatek.com/blog/how-to-forc...brom-mode/ then just flash the files prepared from your kdz (first doing format all + download which will fail at some point) then flashing using download only.
Untick any partition that gives you verified boot as these aren't needed to revive the phone.
If you REALLY need to go around that verified boot error then this vide should help



I watched the video, and thats really interesting. Does merging a protected partition into an unprotected one work for any part thats not flashable?
I think ive got how im going to revive the device. I have extracted firmware from a kdz, so im going to attempt to modify my scatter file to fit all the start and end addresses of the images, then attempt the flash. Just might build a program that will automatically edit the addresses for me based on the sizes of the files.
We are also after a non-chimera bootloader unlock. I do have a working theory that it might be possible to reverse engineer the chimera bootloader unlock, it would involve setting up a virtual pass through com port with a logger attached to it, to capture the device being bootloader unlocked live, then you could take that data and write a script to deploy it.

Would you happen to have a scatter file built to flash firmware thats been extracted from a stylo 6 kdz? i built a scatter file from my device in WwR, but its start and end addresses are different from the sizes of the images i have in the firmware extraction.
This post was last modified: 16-07-2021, 09:07 AM by Mastercodeon314.
hovatek
hovatek
hovatek
Administrator
49,570
16-07-2021, 04:09 PM
#4
(16-07-2021, 09:06 AM)Mastercodeon314 Would you happen to have a scatter file built to flash firmware thats been extracted from a stylo 6 kdz? i built a scatter file from my device in WwR, but its start and end addresses are different from the sizes of the images i have in the firmware extraction.

You can follow https://www.youtube.com/watch?v=VxNT1NnrTc0

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
16-07-2021, 09:05 PM
#5



(16-07-2021, 04:09 PM)hovatek
(16-07-2021, 09:06 AM)Mastercodeon314 Would you happen to have a scatter file built to flash firmware thats been extracted from a stylo 6 kdz? i built a scatter file from my device in WwR, but its start and end addresses are different from the sizes of the images i have in the firmware extraction.

You can follow https://www.youtube.com/watch?v=VxNT1NnrTc0

I have followed the steps to generate my scatter file, and was able to generate it. However, when i try to load the scatter in sp flash tool, i get start and end address errors as seen in the attached pic. I have determined that the first entry that has a problem with the addresses is the efuse partition, and everything below that has problems with their addresses. How would i fix this? Do i have to align each partition's start and end address to the size of the image im going to flash?
Attached Files
.png
sp flash address errors.png
Size: 258.71 KB / Downloads: 7
hovatek
hovatek
hovatek
Administrator
49,570
17-07-2021, 06:15 AM
#6
(16-07-2021, 09:05 PM)Mastercodeon314 I have followed the steps to generate my scatter file, and was able to generate it. However, when i try to load the scatter in sp flash tool, i get start and end address errors as seen in the attached pic. I have determined that the first entry that has a problem with the addresses is the efuse partition, and everything below that has problems with their addresses. How would i fix this? Do i have to align each partition's start and end address to the size of the image im going to flash?

Set efuse and spare1 to NONE and see if the scatter loads

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
thainhattam
thainhattam
thainhattam
Enthusiastic Member
10
07-10-2021, 04:04 PM
#7
My stylo 6 Q730AM device brick, it just vibrates, I can't get it to boot brom with keys, anyone have any other way, I can't bypass the auth authentication to unbrick
hovatek
hovatek
hovatek
Administrator
49,570
07-10-2021, 05:07 PM
#8
(07-10-2021, 04:04 PM)thainhattam My stylo 6 Q730AM device brick, it just vibrates, I can't get it to boot brom with keys, anyone have any other way, I can't bypass the auth authentication to unbrick

See https://www.hovatek.com/blog/my-experien...g-stylo-6/

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
thainhattam
thainhattam
thainhattam
Enthusiastic Member
10
19-10-2021, 08:30 AM
#9
not boot brom, not done
X3non
X3non
X3non
Recognized Contributor
22,062
20-10-2021, 12:24 PM
#10



(19-10-2021, 08:30 AM)thainhattam not boot brom, not done

can't understand your reply, rephrase or explain properly what you mean by this
Pages (2): 1 2 Next
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram