[Tutorial] How to use MTK Client to back up Mediatek firmware
[Tutorial] How to use MTK Client to back up Mediatek firmware
(05-10-2022, 06:39 AM)Gargoyle Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
(05-10-2022, 08:20 AM)hovatek(05-10-2022, 06:39 AM)Gargoyle Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
What of py -3 mtk r cache cache.bin --preloader=preloader.bin
where preloader.bin is the preloader file from the firmware
C:\mtkclient-gui\mtkclient>py -3 mtk r cache cache.bin --preloader=preloader_x676b_h891.bin
MTK Flash/Exploit Client V1.54 (c) B.Kerler 2018-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
...........
Port - Device detected :)
Preloader - CPU: ()
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x200000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x1208
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: 254FAD98C7C1725F35170161C8855887
PLTools - Loading payload from generic_patcher_payload.bin, 0x56c bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Traceback (most recent call last):
File "C:\mtkclient-gui\mtkclient\mtk", line 695, in <module>
mtk = Main(args).run()
File "C:\mtkclient-gui\mtkclient\mtkclient\Library\mtk_main.py", line 514, in run
mtk = da_handler.configure_da(mtk, preloader)
File "C:\mtkclient-gui\mtkclient\mtkclient\Library\mtk_da_cmd.py", line 82, in configure_da
mtk = mtk.bypass_security()
File "C:\mtkclient-gui\mtkclient\mtkclient\Library\mtk.py", line 146, in bypass_security
if plt.runpayload(filename=self.config.payloadfile):
File "C:\mtkclient-gui\mtkclient\mtkclient\Library\pltools.py", line 100, in runpayload
if self.kama.payload(payload, addr, True, exploittype):
File "C:\mtkclient-gui\mtkclient\mtkclient\Library\kamakiri.py", line 135, in payload
if self.exploit2(payload, addr):
File "C:\mtkclient-gui\mtkclient\mtkclient\Library\kamakiri.py", line 113, in exploit2
ptr_send = unpack("<I", self.da_read(self.mtk.config.chipconfig.send_ptr[0][1], 4))[0] + 8
TypeError: 'NoneType' object is not subscriptable
C:\mtkclient-gui\mtkclient>py -3 mtk r cache cache.bin --preloader=preloader_x676b_h891.bin
MTK Flash/Exploit Client V1.54 (c) B.Kerler 2018-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
...........
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
.Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
(05-10-2022, 08:31 AM)Gargoyle .Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
[/code]
(05-10-2022, 09:19 AM)hovatek(05-10-2022, 08:31 AM)Gargoyle .Preloader
Preloader - [LIB]: Status: Handshake failed, retrying...
[/code]
It seems MT6789 isn't supported ATM.
Raise an issue on github and send the link so we follow
(18-11-2021, 01:11 PM)hovatek This guide will explain how to backup or dump a Mediatek Android device's firmware using MTK Client. This will come in very handy for those with ..
(04-03-2023, 02:40 PM)mikozichipoya@gmail.com help can't work for my window 8
(01-10-2022, 02:58 PM)mencoronaldo This method works for my phone, but I can neither find system nor recovery partitions. I want to root my device, but I can't do that without having a backup of the system and recovery.
Tecno Camon 18i CG6 running on Android 12(updated)
So what is your BROM button I want to backup same device ROM and does it require active internet for the process to be successful or it can be done offline?
Quote:Port - Device detected
Preloader - CPU: MT6789(MTK Helio G99)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x1208
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: 1E4359799C03A3725EE254665AA7E01B
PLTools - Loading payload from generic_patcher_payload.bin, 0x56c bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Traceback (most recent call last):
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtk", line 855, in <module>
mtk = Main(args).run(parser)
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\mtk_main.py", line 631, in run
mtk = da_handler.configure_da(mtk, preloader)
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\mtk_da_cmd.py", line 87, in configure_da
mtk = mtk.bypass_security()
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\mtk_class.py", line 190, in bypass_security
if plt.runpayload(filename=self.config.payloadfile):
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\pltools.py", line 102, in runpayload
if self.kama.payload(payload, addr, True, exploittype):
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\kamakiri.py", line 139, in payload
if self.exploit2(payload, addr):
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\kamakiri.py", line 117, in exploit2
ptr_send = unpack("<I", self.da_read(self.mtk.config.chipconfig.send_ptr[0][1], 4))[0] + 8
TypeError: 'NoneType' object is not subscriptable
(17-06-2023, 12:49 PM)RDT my phone Oukitel iiiF150 Air1 Ultra+
Quote:Port - Device detected
Preloader - CPU: MT6789(MTK Helio G99)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x1208
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - Get Target info
Preloader - BROM mode detected.
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xca00
Preloader - SW Ver: 0x0
Preloader - ME_ID: 1E4359799C03A3725EE254665AA7E01B
PLTools - Loading payload from generic_patcher_payload.bin, 0x56c bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Traceback (most recent call last):
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtk", line 855, in <module>
mtk = Main(args).run(parser)
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\mtk_main.py", line 631, in run
mtk = da_handler.configure_da(mtk, preloader)
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\mtk_da_cmd.py", line 87, in configure_da
mtk = mtk.bypass_security()
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\mtk_class.py", line 190, in bypass_security
if plt.runpayload(filename=self.config.payloadfile):
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\pltools.py", line 102, in runpayload
if self.kama.payload(payload, addr, True, exploittype):
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\kamakiri.py", line 139, in payload
if self.exploit2(payload, addr):
File "C:\Users\r\AppData\Local\Programs\Python\Python39\mtkclient-main\mtkclient\Library\kamakiri.py", line 117, in exploit2
ptr_send = unpack("<I", self.da_read(self.mtk.config.chipconfig.send_ptr[0][1], 4))[0] + 8
TypeError: 'NoneType' object is not subscriptable